Closed Bug 1707464 Opened 4 years ago Closed 4 years ago

Crash in [@ mozilla::wr::TransactionBuilder::TransactionBuilder]

Categories

(Core :: Graphics: WebRender, defect)

Product:
Core
Component:
Graphics: WebRender
Platform:
Unspecified
macOS
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
90 Branch
Tracking Flags:
Tracking Status
firefox-esr78 --- unaffected

People

(Reporter: gsvelto, Unassigned)

References

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/a16c319e-98db-4834-83b6-449440210425

Reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS

Top 10 frames of crashing thread:

0 XUL mozilla::wr::TransactionBuilder::TransactionBuilder gfx/webrender_bindings/WebRenderAPI.cpp:241
1 XUL mozilla::layers::AsyncImagePipelineManager::ApplyAsyncImageForPipeline gfx/layers/wr/AsyncImagePipelineManager.cpp:477
2 XUL mozilla::layers::WebRenderBridgeParent::ProcessWebRenderParentCommands gfx/layers/wr/WebRenderBridgeParent.cpp:1479
3 XUL mozilla::layers::WebRenderBridgeParent::RecvSetDisplayList gfx/layers/wr/WebRenderBridgeParent.cpp:1224
4 XUL mozilla::layers::PWebRenderBridgeParent::OnMessageReceived ipc/ipdl/PWebRenderBridgeParent.cpp:403
5 XUL mozilla::layers::PCompositorManagerParent::OnMessageReceived ipc/ipdl/PCompositorManagerParent.cpp:200
6 XUL mozilla::ipc::MessageChannel::DispatchMessage ipc/glue/MessageChannel.cpp:2076
7 XUL mozilla::ipc::MessageChannel::MessageTask::Run ipc/glue/MessageChannel.cpp:1955
8 XUL nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1153
9 XUL mozilla::ipc::MessagePumpForNonMainThreads::Run ipc/glue/MessagePump.cpp:300

macOS-specific NULL pointer dereference. It seems that aApi here is NULL.

Appears similar to bug 1701587
Andrew, any idea why the API would be NULL for the ApplyAsyncImageForPipeline?
Marking S3 because of the crash volume, but adding to gfx-triage to see if it rings any bells, and maybe we can find somebody to look at it.

Blocks: gfx-triage
Severity: -- → S3
See Also: → 1701587
No longer blocks: gfx-triage
Flags: needinfo?(aosmond)
Flags: needinfo?(sotaro.ikeda.g)

deleted

One possibility could be EraseLayerState() call from CompositorBridgeParent::DeallocateLayerTreeId().

Bug 1710347 is created for comment 3.

Flags: needinfo?(sotaro.ikeda.g)
Depends on: 1710347

Sotaro, should we mark it as solved by your patch?

Flags: needinfo?(aosmond) → needinfo?(sotaro.ikeda.g)

Yes!

Status: NEW → RESOLVED
Closed: 4 years ago
Flags: needinfo?(sotaro.ikeda.g)
Resolution: --- → FIXED
status-firefox-esr78: --- → unaffected
Flags: needinfo?(jmathies)
Target Milestone: --- → 90 Branch
You need to log in before you can comment on or make changes to this bug.