Open
Bug 1610395
Opened 5 years ago
Updated 2 years ago
Hit MOZ_CRASH(GFX: ToSurfaceDescriptor) at /src/gfx/gl/SharedSurfaceGL.h:69
Categories
(Core :: Graphics: CanvasWebGL, defect, P3)
Core
Graphics: CanvasWebGL
Tracking
()
NEW
Tracking | Status | |
---|---|---|
firefox74 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, crash)
Attachments
(2 files)
Report from m-c 20200120-59873ee30955
The test case is currently being reduced and will be attached once complete.
Hit MOZ_CRASH(GFX: ToSurfaceDescriptor) at /src/gfx/gl/SharedSurfaceGL.h:69
#0 mozilla::gl::SharedSurface_Basic::ToSurfaceDescriptor(mozilla::layers::SurfaceDescriptor*) /src/gfx/gl/SharedSurfaceGL.h:69:5
#1 mozilla::WebGLContext::Present() /src/dom/canvas/WebGLContext.cpp:1119:28
#2 FirePreTransactionCallback /src/gfx/layers/CanvasRenderer.h:130:7
#3 mozilla::layers::ShareableCanvasRenderer::UpdateCompositableClient(mozilla::wr::RenderRoot) /src/gfx/layers/ShareableCanvasRenderer.cpp:202:3
#4 mozilla::layers::ClientCanvasLayer::RenderLayer() /src/gfx/layers/client/ClientCanvasLayer.cpp:25:19
#5 mozilla::layers::ClientContainerLayer::RenderLayer() /src/gfx/layers/client/ClientContainerLayer.h:53:29
#6 mozilla::layers::ClientContainerLayer::RenderLayer() /src/gfx/layers/client/ClientContainerLayer.h:53:29
#7 mozilla::layers::ClientLayerManager::EndTransactionInternal(void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) /src/gfx/layers/client/ClientLayerManager.cpp:352:13
#8 mozilla::layers::ClientLayerManager::EndTransaction(void (*)(mozilla::layers::PaintedLayer*, gfxContext*, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, mozilla::layers::DrawRegionClip, mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) /src/gfx/layers/client/ClientLayerManager.cpp:415:3
#9 nsDisplayList::PaintRoot(nsDisplayListBuilder*, gfxContext*, unsigned int) /src/layout/painting/nsDisplayList.cpp:3291:19
#10 nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) /src/layout/base/nsLayoutUtils.cpp:4133:13
#11 mozilla::PresShell::Paint(nsView*, nsRegion const&, mozilla::PaintFlags) /src/layout/base/PresShell.cpp:6052:5
#12 nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) /src/view/nsViewManager.cpp:461:18
#13 nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) /src/view/nsViewManager.cpp:396:22
#14 nsViewManager::ProcessPendingUpdates() /src/view/nsViewManager.cpp:1019:5
#15 nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /src/layout/base/nsRefreshDriver.cpp:2178:11
#16 TickDriver /src/layout/base/nsRefreshDriver.cpp:374:13
#17 mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /src/layout/base/nsRefreshDriver.cpp:351:7
#18 mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /src/layout/base/nsRefreshDriver.cpp:368:5
#19 RunRefreshDrivers /src/layout/base/nsRefreshDriver.cpp:820:5
#20 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /src/layout/base/nsRefreshDriver.cpp:740:16
#21 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run() /src/layout/base/nsRefreshDriver.cpp:538:20
#22 nsThread::ProcessNextEvent(bool, bool*) /src/xpcom/threads/nsThread.cpp:1220:14
#23 NS_ProcessNextEvent(nsIThread*, bool) /src/xpcom/threads/nsThreadUtils.cpp:486:10
#24 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /src/ipc/glue/MessagePump.cpp:87:21
#25 RunInternal /src/ipc/chromium/src/base/message_loop.cc:315:10
#26 RunHandler /src/ipc/chromium/src/base/message_loop.cc:308:3
#27 MessageLoop::Run() /src/ipc/chromium/src/base/message_loop.cc:290:3
#28 nsBaseAppShell::Run() /src/widget/nsBaseAppShell.cpp:137:27
#29 nsAppStartup::Run() /src/toolkit/components/startup/nsAppStartup.cpp:272:30
#30 XREMain::XRE_mainRun() /src/toolkit/xre/nsAppRunner.cpp:4603:22
#31 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /src/toolkit/xre/nsAppRunner.cpp:4740:8
#32 XRE_main(int, char**, mozilla::BootstrapConfig const&) /src/toolkit/xre/nsAppRunner.cpp:4821:21
#33 do_main /src/browser/app/nsBrowserApp.cpp:217:22
#34 main /src/browser/app/nsBrowserApp.cpp:339:16
Reporter | ||
Comment 1•5 years ago
|
||
Reporter | ||
Comment 2•5 years ago
•
|
||
The test case seems to require this prefs.js
file. Since that test is very simple maybe there is something that should be set while fuzzing?
Comment 3•5 years ago
|
||
Could you reduce the number of modified prefs? The testcase is basically "basic webgl creation crashes", so the pref list is suspect. (but long, and it looks like even has no-longer-existent prefs)
Flags: needinfo?(twsmith)
Updated•5 years ago
|
Priority: -- → P3
Reporter | ||
Comment 4•5 years ago
|
||
Looks like the culprit is browser.tabs.remote.autostart=false
Flags: needinfo?(twsmith)
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•