Closed
Bug 1370089
Opened 7 years ago
Closed 7 years ago
MOZ_RELEASE_ASSERT(mCompositorOptions) Crash in mozilla::dom::TabChild::AsyncPanZoomEnabled
Categories
(Core :: DOM: Content Processes, defect)
Tracking
()
RESOLVED
FIXED
mozilla56
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox53 | --- | wontfix |
firefox54 | --- | wontfix |
firefox55 | --- | fixed |
firefox56 | --- | verified |
People
(Reporter: philipp, Assigned: kats)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(2 files)
(deleted),
text/plain
|
Details | |
(deleted),
text/x-review-board-request
|
dvander
:
review+
jcristau
:
approval-mozilla-beta+
|
Details |
This bug was filed from the Socorro interface and is
report bp-4e5a9694-f5cc-413e-a2fc-3b9550170601.
=============================================================
Crashing Thread (0)
Frame Module Signature Source
0 libxul.so mozilla::dom::TabChild::AsyncPanZoomEnabled dom/ipc/TabChild.cpp:450
1 libxul.so libxul.so@0x17afe1e
2 libxul.so libxul.so@0x1d9de39
3 libxul.so nsDocument::CreateShell(nsPresContext*, nsViewManager*, mozilla::StyleSetHandle)
4 libxul.so nsDocumentViewer::InitPresentationStuff(bool)
5 libxul.so nsDocumentViewer::InitInternal(nsIWidget*, nsISupports*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, bool, bool, bool)
6 libxul.so nsDocumentViewer::Init layout/base/nsDocumentViewer.cpp:690
7 libxul.so nsDocShell::SetupNewViewer(nsIContentViewer*)
8 libxul.so nsDocShell::Embed(nsIContentViewer*, char const*, nsISupports*)
9 libxul.so nsDocShell::CreateAboutBlankContentViewer(nsIPrincipal*, nsIURI*, bool, bool)
10 libxul.so nsDocShell::GetDocument()
11 libxul.so nsPIDOMWindow<mozIDOMWindowProxy>::MaybeCreateDoc dom/base/nsGlobalWindow.cpp:4132
12 libxul.so nsGlobalWindow::WrapObject dom/base/nsPIDOMWindow.h:216
13 libxul.so XPCConvert::NativeInterface2JSObject(JS::MutableHandle<JS::Value>, nsIXPConnectJSObjectHolder**, xpcObjectHelper&, nsID const*, bool, nsresult*)
14 libxul.so XPCConvert::NativeData2JS(JS::MutableHandle<JS::Value>, void const*, nsXPTType const&, nsID const*, nsresult*)
15 libxul.so XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode)
16 libxul.so XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*)
17 libxul.so js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct)
18 libxul.so Interpret(JSContext*, js::RunState&)
19 libxul.so js::RunScript(JSContext*, js::RunState&)
20 libxul.so js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct)
21 libxul.so Interpret(JSContext*, js::RunState&)
22 libxul.so js::RunScript(JSContext*, js::RunState&)
23 libxul.so js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct)
24 libxul.so Interpret(JSContext*, js::RunState&)
25 libxul.so js::RunScript(JSContext*, js::RunState&)
26 libxul.so js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct)
27 libxul.so Interpret(JSContext*, js::RunState&)
28 libxul.so js::RunScript(JSContext*, js::RunState&)
29 libxul.so js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>)
30 libxul.so JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>)
31 libxul.so nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS*, unsigned short, XPTMethodDescriptor const*, nsXPTCMiniVariant*)
32 libxul.so PrepareAndDispatch xpcom/reflect/xptcall/md/unix/xptcstubs_x86_64_linux.cpp:120
33 libxul.so SharedStub
34 libxul.so nsObserverService::NotifyObservers(nsISupports*, char const*, char16_t const*)
35 libxul.so nsDocShell::Destroy()
36 libxul.so nsWebBrowser::SetDocShell toolkit/components/browser/nsWebBrowser.cpp:1705
37 libxul.so nsWebBrowser::InternalDestroy toolkit/components/browser/nsWebBrowser.cpp:95
38 libxul.so nsWebBrowser::Destroy toolkit/components/browser/nsWebBrowser.cpp:1298
39 libxul.so mozilla::dom::TabChild::DestroyWindow dom/ipc/TabChild.cpp:1089
40 libxul.so mozilla::dom::TabChild::RecvDestroy dom/ipc/TabChild.cpp:2460
41 libxul.so mozilla::dom::PBrowserChild::OnMessageReceived obj-firefox/ipc/ipdl/PBrowserChild.cpp:4345
42 libxul.so mozilla::dom::PContentChild::OnMessageReceived obj-firefox/ipc/ipdl/PContentChild.cpp:5630
43 libxul.so mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&)
44 libxul.so libxul.so@0xc4ef28
45 libxul.so mozilla::ipc::MessageChannel::MessageTask::Run()
46 libxul.so mozilla::SchedulerGroup::Runnable::Run xpcom/threads/SchedulerGroup.cpp:365
47 libxul.so nsThread::ProcessNextEvent(bool, bool*)
48 libxul.so NS_ProcessNextEvent(nsIThread*, bool)
49 libxul.so mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)
50 libxul.so MessageLoop::Run()
51 libxul.so nsBaseAppShell::Run widget/nsBaseAppShell.cpp:156
52 libxul.so XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp:893
53 libxul.so MessageLoop::Run()
54 libxul.so XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp:709
55 firefox content_process_main ipc/contentproc/plugin-container.cpp:64
56 firefox _init
Ø 57 libc-2.19.so libc-2.19.so@0x21b44
58 firefox firefox@0x11c1f
59 firefox firefox@0x1b5bf
60 firefox __libc_csu_fini
61 firefox firefox@0x1b5bf
62 firefox _start
reports with this signature are regressing from linux installations in firefox 55.0a1. crashes occur with "MOZ_RELEASE_ASSERT(mCompositorOptions)" that got added in bug 1331509.
Assignee | ||
Comment 1•7 years ago
|
||
https://crash-stats.mozilla.com/report/index/c1639279-2640-495c-a93f-0c8060170531 is a better report, has a fully symbolicated stack. Also this is pretty low-volume, but seems to happen more in 55 than it did in 53 or 54.
Assignee: nobody → bugmail
Has Regression Range: --- → irrelevant
Has STR: --- → no
status-firefox53:
--- → wontfix
status-firefox54:
--- → fix-optional
Comment 2•7 years ago
|
||
I'm hitting this consistently on a release build using current trunk with the following STR:
1. ./mach run (*don't* disable e10s)
2. Type 'gecko profiler' in the search box
3. Click the first result
A new tab opens and then crashes.
I'll attach the stack since it's a little different to comment 0.
Comment 3•7 years ago
|
||
Comment 4•7 years ago
|
||
Another STR on latest Nightly:
Go to https://treeherder.mozilla.org/#/jobs?repo=try&revision=176255357daf878ec9acbd66c7a4ef4aeb497aa2&selectedJob=110281475
Click on the orange TC-9 job under Linux x64 asan.
Click the "Open the Raw Log in a New Window"
https://crash-stats.mozilla.com/report/index/2518f340-6e8d-45d6-b430-35ad10170630
https://crash-stats.mozilla.com/report/index/b553a4c0-1a6d-4033-aa0c-2b90d0170630
Updated•7 years ago
|
Summary: Crash in mozilla::dom::TabChild::AsyncPanZoomEnabled → MOZ_RELEASE_ASSERT(mCompositorOptions) Crash in mozilla::dom::TabChild::AsyncPanZoomEnabled
Comment 5•7 years ago
|
||
I also hit this every time I click a link in a pinned GMail tab. The link gets opened in a new tab and immediately crashes.
https://crash-stats.mozilla.com/report/index/cff7b8b9-06c7-4c19-9b20-8042e0170630
https://crash-stats.mozilla.com/report/index/060933b9-bc42-4228-a6fa-e2d300170630
https://crash-stats.mozilla.com/report/index/5f233367-2b3e-4c7e-9249-575120170630
https://crash-stats.mozilla.com/report/index/ea82c8a3-245a-4e81-8a7d-7e5390170630
https://crash-stats.mozilla.com/report/index/2d9625e7-ba38-4705-b425-f49c40170630
Comment 6•7 years ago
|
||
Similar, I get this when opening a Bugzilla bug in a new tab from a pinned dashboard tab.
I've backed out the patch from bug 1374548 after ehsan pointed to it via mozregression. I'll respin nightlies in a bit.
Assignee | ||
Comment 8•7 years ago
|
||
For those who are running into this, a workaround for now is to set dom.w3c_touch_events.enabled to 0 and restart. This bug should be affecting devices with touchscreens.
Comment hidden (mozreview-request) |
Comment 10•7 years ago
|
||
mozreview-review |
Comment on attachment 8882633 [details]
Bug 1370089 - Assume APZ is enabled in TabChild if we are queried before we have the compositor options.
https://reviewboard.mozilla.org/r/153716/#review158898
Attachment #8882633 -
Flags: review?(dvander) → review+
Comment 11•7 years ago
|
||
Pushed by kgupta@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4ded92f42403
Assume APZ is enabled in TabChild if we are queried before we have the compositor options. r=dvander
Comment 12•7 years ago
|
||
Pushed by kwierso@gmail.com:
https://hg.mozilla.org/mozilla-central/rev/7cc250ff4f6e
Assume APZ is enabled in TabChild if we are queried before we have the compositor options. r=dvander a=bustage
Grafted this over to m-c so we can spin nightlies later today. Would be nice if people can confirm the crash has stopped with this.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
Comment 14•7 years ago
|
||
(In reply to Wes Kocher (:KWierso) from comment #13)
> Grafted this over to m-c so we can spin nightlies later today. Would be nice
> if people can confirm the crash has stopped with this.
I redid my own build (which is where I first saw the issue) including this patch and I can verify that it fixes my issue.
Comment 15•7 years ago
|
||
(In reply to Wes Kocher (:KWierso) from comment #13)
> Grafted this over to m-c so we can spin nightlies later today. Would be nice
> if people can confirm the crash has stopped with this.
Fixed on 56.0a1 (2017-07-01) (64-bit)
status-firefox56:
--- → verified
Comment 16•7 years ago
|
||
bugherder |
Assignee | ||
Comment 18•7 years ago
|
||
I think Wes incorrectly marked status-firefox55 as fixed instead of status-firefox56 back in comment 13.
Assignee | ||
Comment 19•7 years ago
|
||
Comment on attachment 8882633 [details]
Bug 1370089 - Assume APZ is enabled in TabChild if we are queried before we have the compositor options.
Approval Request Comment
[Feature/Bug causing the regression]: bug 1331509
[User impact if declined]: intermittent crashes on touchscreen devices when new tabs are opened. the crashes became much more frequent due to some other changes in m-c recently.
[Is this code covered by automated tests?]: yes
[Has the fix been verified in Nightly?]: yes
[Needs manual test from QE? If yes, steps to reproduce]: no
[List of other uplifts needed for the feature/fix]: none
[Is the change risky?]: not really
[Why is the change risky/not risky?]: small change, just adds a fallback path where before we were doing a release assert
[String changes made/needed]: none
Attachment #8882633 -
Flags: approval-mozilla-beta?
Comment 21•7 years ago
|
||
Comment on attachment 8882633 [details]
Bug 1370089 - Assume APZ is enabled in TabChild if we are queried before we have the compositor options.
prevent crash in apz, beta55+
Attachment #8882633 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Comment 22•7 years ago
|
||
bugherder uplift |
Updated•7 years ago
|
status-firefox-esr52:
--- → unaffected
Version: 55 Branch → 53 Branch
Comment 23•7 years ago
|
||
(In reply to Kartikaya Gupta (email:kats@mozilla.com) from comment #19)
> [Is this code covered by automated tests?]: yes
> [Has the fix been verified in Nightly?]: yes
> [Needs manual test from QE? If yes, steps to reproduce]: no
Setting qe-verify- based on Kartikaya's assessment on manual testing needs and the fact that this fix has automated coverage.
Flags: qe-verify-
You need to log in
before you can comment on or make changes to this bug.
Description
•