Open Bug 1690819 Opened 4 years ago Updated 2 years ago

Assertion failure: result.mScrollId == ScrollableLayerGuid::NULL_SCROLL_ID, at /builds/worker/checkouts/gecko/gfx/layers/apz/src/APZCTreeManager.cpp:2818

Categories

(Core :: Panning and Zooming, defect, P3)

defect

Tracking

()

Tracking Status
firefox87 --- affected

People

(Reporter: jkratzer, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: testcase, Whiteboard: [bugmon:confirm])

Attachments

(1 file)

Attached file testcase.zip

Testcase found while fuzzing mozilla-central rev 32690d048b75 (built with --enable-debug).

Assertion failure: result.mScrollId == ScrollableLayerGuid::NULL_SCROLL_ID, at /builds/worker/checkouts/gecko/gfx/layers/apz/src/APZCTreeManager.cpp:2818

    #0 0x7f37df044d62 in mozilla::layers::APZCTreeManager::GetAPZCAtPointWR(mozilla::gfx::PointTyped<mozilla::ScreenPixel, float> const&, mozilla::RecursiveMutexAutoLock const&) /builds/worker/checkouts/gecko/gfx/layers/apz/src/APZCTreeManager.cpp:2818:7
    #1 0x7f37df03eb4b in GetTargetAPZC /builds/worker/checkouts/gecko/gfx/layers/apz/src/APZCTreeManager.cpp:2770:12
    #2 0x7f37df03eb4b in mozilla::layers::APZCTreeManager::ProcessUnhandledEvent(mozilla::gfx::IntPointTyped<mozilla::LayoutDevicePixel>*, mozilla::layers::ScrollableLayerGuid*, unsigned long*, mozilla::layers::LayersId*) /builds/worker/checkouts/gecko/gfx/layers/apz/src/APZCTreeManager.cpp:2329:23
    #3 0x7f37df04ba80 in mozilla::layers::APZInputBridge::ReceiveInputEvent(mozilla::WidgetInputEvent&) /builds/worker/checkouts/gecko/gfx/layers/apz/src/APZInputBridge.cpp:78:7
    #4 0x7f37e20a6b0d in nsBaseWidget::DispatchInputEvent(mozilla::WidgetInputEvent*) /builds/worker/checkouts/gecko/widget/nsBaseWidget.cpp:1129:53
    #5 0x7f37e212026c in nsWindow::OnEnterNotifyEvent(_GdkEventCrossing*) /builds/worker/checkouts/gecko/widget/gtk/nsWindow.cpp:3272:3
    #6 0x7f37e2127770 in enter_notify_event_cb(_GtkWidget*, _GdkEventCrossing*) /builds/worker/checkouts/gecko/widget/gtk/nsWindow.cpp:6817:11
    #7 0x7f37f37725ee  (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x3e75ee)
    #8 0x7f37f2b7aa55  (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x14a55)
    #9 0x7f37f2b98dd0 in g_signal_emit_valist (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x32dd0)
    #10 0x7f37f2b9a0d2 in g_signal_emit (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x340d2)
    #11 0x7f37f371cc22  (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x391c22)
    #12 0x7f37f35da2d9 in gtk_main_do_event (/usr/lib/x86_64-linux-gnu/libgtk-3.so.0+0x24f2d9)
    #13 0x7f37f32c2f78  (/usr/lib/x86_64-linux-gnu/libgdk-3.so.0+0x3cf78)
    #14 0x7f37f32f6105  (/usr/lib/x86_64-linux-gnu/libgdk-3.so.0+0x70105)
    #15 0x7f37f2a8ef9c in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51f9c)
    #16 0x7f37f2a8f21f  (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5221f)
    #17 0x7f37f2a8f2c2 in g_main_context_iteration (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x522c2)
    #18 0x7f37e215b18f in nsAppShell::ProcessNextNativeEvent(bool) /builds/worker/checkouts/gecko/widget/gtk/nsAppShell.cpp:248:14
    #19 0x7f37e20e0cd2 in DoProcessNextNativeEvent /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:120:17
    #20 0x7f37e20e0cd2 in nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal*, bool) /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:248:7
    #21 0x7f37e20e0e8c in non-virtual thunk to nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal*, bool) /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp
    #22 0x7f37dd9eac8a in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1074:10
    #23 0x7f37dd9f15ca in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:548:10
    #24 0x7f37de3075f6 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:87:21
    #25 0x7f37de273003 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:335:10
    #26 0x7f37de272f1d in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:328:3
    #27 0x7f37de272f1d in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:310:3
    #28 0x7f37e20e09d8 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27
    #29 0x7f37e38187d6 in nsAppStartup::Run() /builds/worker/checkouts/gecko/toolkit/components/startup/nsAppStartup.cpp:271:30
    #30 0x7f37e3926dcd in XREMain::XRE_mainRun() /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5246:22
    #31 0x7f37e39284ea in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5438:8
    #32 0x7f37e3928e30 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5501:21
    #33 0x5605c7364ea0 in do_main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:220:22
    #34 0x5605c7364ea0 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:344:16
    #35 0x7f37f493d0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
Flags: in-testsuite?

cc'ing some WebRender folks for visibility. Instances of this assertion are usually an issue with WebRender hit-testing, or otherwise at the intersection of APZ and WebRender.

Severity: -- → S3
Priority: -- → P3

Bugmon Analysis
Unable to reproduce bug using build mozilla-central 20210204093834-32690d048b75. Without a baseline, bugmon is unable to analyze this bug.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.

Keywords: bugmon
See Also: → 1726949
No longer blocks: domino
Depends on: domino
Blocks: domino
No longer depends on: domino
See Also: → 1737809
See Also: → 1749109
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: