Crash in [@ mozilla::ClientWebGLContext::CreateHostContext] with OffscreenCanvas
Categories
(Core :: Graphics: CanvasWebGL, defect, P5)
Tracking
()
People
(Reporter: sg, Assigned: aosmond)
References
(Blocks 1 open bug)
Details
(Keywords: crash)
Crash Data
Attachments
(2 files)
This bug is for crash report bp-68c1f19f-baf1-4867-8484-389150200805.
Top 10 frames of crashing thread:
0 xul.dll mozilla::ClientWebGLContext::CreateHostContext dom/canvas/ClientWebGLContext.cpp:628
1 xul.dll mozilla::ClientWebGLContext::SetDimensions dom/canvas/ClientWebGLContext.cpp:618
2 xul.dll mozilla::dom::CanvasRenderingContextHelper::UpdateContext dom/canvas/CanvasRenderingContextHelper.cpp:240
3 xul.dll mozilla::dom::CanvasRenderingContextHelper::GetContext dom/canvas/CanvasRenderingContextHelper.cpp:192
4 xul.dll mozilla::dom::OffscreenCanvas::GetContext dom/canvas/OffscreenCanvas.cpp:111
5 xul.dll mozilla::dom::OffscreenCanvas_Binding::getContext dom/bindings/OffscreenCanvasBinding.cpp:208
6 xul.dll mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions> dom/bindings/BindingUtils.cpp:3219
7 xul.dll js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:576
8 xul.dll Interpret js/src/vm/Interpreter.cpp:3298
9 xul.dll js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:611
The crash reports indicate a nullptr access. At least in one crash I inspected with Visual Studio, the specific reason was: this->mCanvasElement.mRawPtr was nullptr.
Reporter | ||
Updated•4 years ago
|
Reporter | ||
Comment 1•4 years ago
|
||
Comment 2•4 years ago
|
||
The severity field is not set for this bug.
:jgilbert, could you have a look please?
For more information, please visit auto_nag documentation.
Updated•4 years ago
|
Updated•4 years ago
|
Comment 3•3 years ago
|
||
We have a customer that's hitting this a lot on the ESR.
Do we know how common this is? Or any idea what's causing it?
These seem to be different machines.
https://crash-stats.mozilla.org/report/index/163bec33-c9f0-491a-9d63-0694b0210527
https://crash-stats.mozilla.org/report/index/c4441662-be9d-45cd-9cd8-0f00d0210527
https://crash-stats.mozilla.org/report/index/af9b1d10-cdfc-4fdc-b9dd-b035f0210527
https://crash-stats.mozilla.org/report/index/db2962fc-6eac-44ac-8ce9-d547c0210527
https://crash-stats.mozilla.org/report/index/8a77bd9f-fcbd-4720-9646-351050210527
https://crash-stats.mozilla.org/report/index/ed92e1b0-9e85-4c22-b5d8-075630210527
https://crash-stats.mozilla.org/report/index/acbd34a9-9312-4d63-bf0c-ec2e50210527
https://crash-stats.mozilla.org/report/index/75932ae8-be42-423c-9214-435550210527
https://crash-stats.mozilla.org/report/index/547c9e40-cd4e-4234-85b2-af0db0210527
https://crash-stats.mozilla.org/report/index/1804aa82-d9c0-4303-8bae-7aaba0210527
Comment 4•3 years ago
|
||
That looks like a different issue. Can you file a new bug? I would like a repro case to debug it.
Comment 5•3 years ago
|
||
That looks like a different issue. Can you file a new bug? I would like a repro case to debug it.
I'll see if they have more information. Most of their crashes have just been random in their environment.
Comment 6•3 years ago
|
||
I have filed https://bugzilla.mozilla.org/show_bug.cgi?id=1716634 for this.
Comment 7•3 years ago
|
||
Seems like there is a bug report for a problem I'm hitting.
I'm trying to visit fiverr.com to diagnose a bug with my extension. But upon loading it will give me these exact crashes.
I first thought it was due to me already opening the dev tools before the site could be loaded. But just opening fiverr.com is enough to hit this bug after ~10 seconds of hovering over the nav buttons and scrolling trough the site. I will attach my about:support data, if it might help.
Relevant crash reports:
https://crash-stats.mozilla.org/report/index/f77a8a35-216e-46cc-93bc-82daf0210925
https://crash-stats.mozilla.org/report/index/03152cd6-a363-46fc-a67b-b7ae90210925
https://crash-stats.mozilla.org/report/index/0fd35db7-eab0-4c38-947e-ad2750210925
https://crash-stats.mozilla.org/report/index/84950fd9-5eb1-488e-afc5-534710210925
https://crash-stats.mozilla.org/report/index/3db569c6-ac75-4c9e-b009-cb2450210925
https://crash-stats.mozilla.org/report/index/d28cc091-ae70-4088-8b5e-b1b980210925
Comment 8•3 years ago
|
||
Assignee | ||
Comment 9•3 years ago
|
||
We cannot access ClientWebGLContext::mCanvasElement or its associated
nsIPrincipal off the main thread. We use the hash value of the principal
to limit how many WebGL contexts a single domain can create. We can
compute this when the worker is initialized for OffscreenCanvas worker
instances.
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Updated•3 years ago
|
Updated•3 years ago
|
Comment 10•3 years ago
|
||
Pushed by aosmond@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d9efa80409ee Cache the principal hash value for OffscreenCanvas on worker threads. r=dom-worker-reviewers,asuth,smaug
Comment 11•3 years ago
|
||
bugherder |
Updated•3 years ago
|
Description
•