Closed Bug 1855289 Opened 2 years ago Closed 2 years ago

Crash in [@ mozilla::layers::DelayedClearElementActivation::StartTimer]

Categories

(Core :: Panning and Zooming, defect)

Product:
Core
Component:
Panning and Zooming
Platform:
Unspecified
Android
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
120 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox118 --- unaffected
firefox119 --- unaffected
firefox120 + fixed

People

(Reporter: cpeterson, Assigned: dlrobertson)

References

(Regression)

Details

(Keywords: crash, regression, topcrash)

Crash Data

Attachments

(1 file)

Bug 1855289 - Do not start delayed clear active state timer if it is null. r=botond
48 bytes, text/x-phabricator-request
Details | Review

@ Dan, do you think this new crash in Android Fx 120 is a regression from your fix for bug 1816473?

Crash report: https://crash-stats.mozilla.org/report/index/26d08efa-2ce7-4e99-9e74-28cd90230926

Reason: SIGSEGV / SEGV_MAPERR

Top 10 frames of crashing thread:

0  libxul.so  mozilla::layers::DelayedClearElementActivation::StartTimer  gfx/layers/apz/util/ActiveElementManager.cpp:110
1  libxul.so  mozilla::layers::ActiveElementManager::ProcessSingleTap  gfx/layers/apz/util/ActiveElementManager.cpp:256
1  libxul.so  mozilla::layers::APZEventState::ProcessSingleTap  gfx/layers/apz/util/APZEventState.cpp:145
2  libxul.so  mozilla::dom::BrowserChild::RecvHandleTap  dom/ipc/BrowserChild.cpp
3  libxul.so  mozilla::dom::PBrowserChild::OnMessageReceived  ipc/ipdl/PBrowserChild.cpp:6223
4  libxul.so  mozilla::dom::PContentChild::OnMessageReceived  ipc/ipdl/PContentChild.cpp:8654
5  libxul.so  mozilla::ipc::MessageChannel::DispatchAsyncMessage  ipc/glue/MessageChannel.cpp:1800
5  libxul.so  mozilla::ipc::MessageChannel::DispatchMessage  ipc/glue/MessageChannel.cpp:1725
5  libxul.so  mozilla::ipc::MessageChannel::RunMessage  ipc/glue/MessageChannel.cpp:1525
5  libxul.so  mozilla::ipc::MessageChannel::MessageTask::Run  ipc/glue/MessageChannel.cpp:1623
Flags: needinfo?(drobertson)

Thanks for the ping! Looking into it.

Flags: needinfo?(drobertson)
No longer blocks: 1816473
Regressed by: 1816473
Component: Graphics → Panning and Zooming

(The function is newly added in bug 1816473, so it's got to be the regressor.)

Keywords: regressionwindow-wanted

I was able to reproduce this crash on today's Nightly 120.0a1 from 9/27.
Here are the crash-stats: https://crash-stats.mozilla.org/report/index/8d4f8622-3fc3-468a-b030-0e9410230927#tab-details

The bug is linked to a topcrash signature, which matches the following criterion:

  • Top 10 AArch64 and ARM crashes on nightly

For more information, please visit BugBot documentation.

Keywords: topcrash

If the delayed clear active state timer is null, do not attempt to start
the timer. In the case that the delayed clear active state timer is
null, the active state should be cleared on ProcessSingleTap().

Assignee: nobody → drobertson
Status: NEW → ASSIGNED

(In reply to miralobontiu from comment #3)

I was able to reproduce this crash on today's Nightly 120.0a1 from 9/27.
Here are the crash-stats: https://crash-stats.mozilla.org/report/index/8d4f8622-3fc3-468a-b030-0e9410230927#tab-details

Do you you happen to have an STR to trigger the issue?

Flags: needinfo?(mlobontiuroman)
Pushed by drobertson@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/7f6e3a882896 Do not start delayed clear active state timer if it is null. r=botond

https://hg.mozilla.org/mozilla-central/rev/7f6e3a882896

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox120: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 120 Branch

No, unfortunately, I do not have STR. I had a few tabs opened, was signed in, didn't had any add-on installed.

Flags: needinfo?(mlobontiuroman)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: