Crash in [@ mozilla::widget::WindowSurfaceWayland::DelayedCommitHandler]
Categories
(Core :: Widget: Gtk, defect, P2)
Tracking
()
People
(Reporter: matt.fagnani, Assigned: stransky)
References
(Blocks 1 open bug)
Details
Crash Data
Attachments
(2 files)
This bug is for crash report bp-0fc94f9c-f27f-42bc-94f0-ccbee0200802.
Top 10 frames of crashing thread:
0 libxul.so mozilla::widget::WindowSurfaceWayland::DelayedCommitHandler widget/gtk/WindowSurfaceWayland.cpp:1189
1 libxul.so RunnableFunction<void ipc/chromium/src/base/task.h:324
2 libxul.so {virtual override thunk}
3 libxul.so nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:565
4 libxul.so nsTimerEvent::Run xpcom/threads/TimerThread.cpp:251
5 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1234
6 libxul.so mozilla::ipc::MessagePumpForNonMainThreads::Run ipc/glue/MessagePump.cpp:332
7 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:309
8 libxul.so nsThread::ThreadFunc xpcom/threads/nsThread.cpp:447
9 libnspr4.so _pt_root nsprpub/pr/src/pthreads/ptthread.c:201
I was using Firefox Nightly 81.0a1 (2020-8-1) on Wayland in Plasma 5.19.4 in Fedora Rawhide. I clicked on Help > About Nightly. An update to the second build of 81.0a1 (2020-8-1) was downloaded. I clicked on Restart. Firefox had a segmentation fault in mozilla::widget::WindowSurfaceWayland::DelayedCommitHandler at widget/gtk/WindowSurfaceWayland.cpp:1189 which was *mDelayedCommitHandle = nullptr;
The crash address was 0x0, so a null pointer dereference might have happened there.
This crash doesn't usually happen when I update Nightly as above, but I have seen crashes with this trace infrequently.
Updated•3 years ago
|
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 1•3 years ago
|
||
Assignee | ||
Comment 2•3 years ago
|
||
Looks like we need to add more thread safe checks there.
Pushed by btara@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1d7a48a5e3fb [Wayland] Check mDelayedCommitHandle before we use it, r=jhorak
Comment 4•3 years ago
|
||
bugherder |
Reporter | ||
Comment 5•3 years ago
|
||
I've seen two crashes with this trace when closing Nightly 81.0a1 (2020-8-12 and 2020-8-15) on Wayland in Plasma 5.19.4. https://crash-stats.mozilla.org/report/index/2dfb8545-00a0-4534-a8b9-307230200813 https://crash-stats.mozilla.org/report/index/860c75e5-9790-4b5e-ab0e-86e4d0200815 Those builds appeared to have the patch in comment 1 by Martin which looked like it should've avoided the null pointer dereference in mozilla::widget::WindowSurfaceWayland::DelayedCommitHandler. These crashes happened less than 10% of the time when closing Nightly on Wayland.
Reporter | ||
Comment 6•3 years ago
|
||
I had four tabs open in Nightly 83.0a1 (2020-9-25) on Wayland with WebRender compositing enabled in Plasma 5.19.5 in Fedora 33. When I closed one of the tabs, a segmentation fault occurred in mozilla::widget::WindowSurfaceWayland::DelayedCommitHandler with a trace like those I reported here https://crash-stats.mozilla.org/report/index/469200fd-119c-47ba-a078-3bcfd0200926 This problem might not be fixed. There are 27 reports with this signature from 82.0a1 and 3 from 83.0a1 https://crash-stats.mozilla.org/signature/?signature=mozilla%3A%3Awidget%3A%3AWindowSurfaceWayland%3A%3ADelayedCommitHandler&date=%3E%3D2020-03-26T07%3A19%3A00.000Z&date=%3C2020-09-26T07%3A19%3A00.000Z
Assignee | ||
Comment 7•3 years ago
|
||
The bug is still here.
Assignee | ||
Comment 8•3 years ago
|
||
Track delayed commits in a global list and don't store them in actual wayland surfaces.
When a delayed commit is called, check that the associated wayland surface is still valid.
Assignee | ||
Comment 9•3 years ago
|
||
(In reply to Martin Stránský [:stransky] from comment #8)
Created attachment 9179589 [details]
Bug 1656727 [Wayland] Track delayed commits globally, r?jhorakTrack delayed commits in a global list and don't store them in actual wayland surfaces.
When a delayed commit is called, check that the associated wayland surface is still valid.
This patch causes a popup regression - https://bugzilla.redhat.com/show_bug.cgi?id=1886243
Assignee | ||
Comment 10•3 years ago
|
||
Updated with the regression fixed.
Comment 11•3 years ago
|
||
Pushed by abutkovits@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/f565fc1e59ad [Wayland] Track delayed commits globally, r=jhorak
Comment 12•3 years ago
|
||
bugherder |
Updated•3 years ago
|
Updated•3 years ago
|
Description
•