This crash keeps haunting people both on mozilla-central and on the graphics branch --- so it's probably not specific to the graphics branch. Here's what I get with the graphics branch (see attached GDB session) plus the attached working patch as we;ve been toying with various gfx/layers/ipc changes (credit mostly goes to jrmuizel btw). Inside of PCompositorParent::DeallocSubtree, where we delete PLayers kids, we first call DeallocSubtree on kids, which deletes a PGrallocBufferParent (through PLayers), and then we call DeallocPLayers which goes through a long chain of destructors calling destructors and eventually, in the case of the graphics branch, we're in ~TextureHost() and that tries to Send__delete__ a PGrallocBufferParent that was destroyed above. Not sure how the crash would look like on mozilla-central but people (snorp) have definitely reported similar issues there (bug 829747). Note that everytime we've reproduced, PCompositorParent::DeallocSubtree was being called by OnChannelError. At the moment on B2G+graphics branch the quickest way to reproduce is to launch the camera app.

Thanks again to Jeff who came up with this idea: that the crash is apparently caused by us failing to clean up earlier and that can be fixed by implementing ClearCachedResources. This allows to get a bit further but we still crash: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1837.1863] 0x41f4c860 in ~ImageLayerComposite (this=0x46db8c00, __in_chrg=<value optimized out>) at /hack/mozilla-graphics/gfx/layers/composite/ImageLayerComposite.cpp:36 36 MOZ_ASSERT(mDestroyed); (gdb) bt #0 0x41f4c860 in ~ImageLayerComposite (this=0x46db8c00, __in_chrg=<value optimized out>) at /hack/mozilla-graphics/gfx/layers/composite/ImageLayerComposite.cpp:36 #1 0x41f4c8e6 in ~ImageLayerComposite (this=0x46db8c00, __in_chrg=<value optimized out>) at /hack/mozilla-graphics/gfx/layers/composite/ImageLayerComposite.cpp:37 #2 0x40f4afce in mozilla::layers::Layer::Release (this=0x46db8c90) at ../../dist/include/Layers.h:588 #3 0x41f4aa54 in mozilla::layers::ContainerLayerComposite::RemoveChild (this=0x44d0dc00, aChild=0x46db8c90) at /hack/mozilla-graphics/gfx/layers/composite/ContainerLayerComposite.cpp:249 #4 0x41f4a6b0 in ~ContainerLayerComposite (this=0x44d0dc00, __in_chrg=<value optimized out>) at /hack/mozilla-graphics/gfx/layers/composite/ContainerLayerComposite.cpp:179 #5 0x41f4a726 in ~ContainerLayerComposite (this=0x44d0dc00, __in_chrg=<value optimized out>) at /hack/mozilla-graphics/gfx/layers/composite/ContainerLayerComposite.cpp:181 #6 0x40f4afce in mozilla::layers::Layer::Release (this=0x44d0dc90) at ../../dist/include/Layers.h:588 #7 0x41f4aa54 in mozilla::layers::ContainerLayerComposite::RemoveChild (this=0x44d0e800, aChild=0x44d0dc90) at /hack/mozilla-graphics/gfx/layers/composite/ContainerLayerComposite.cpp:249 #8 0x41f4a6b0 in ~ContainerLayerComposite (this=0x44d0e800, __in_chrg=<value optimized out>) at /hack/mozilla-graphics/gfx/layers/composite/ContainerLayerComposite.cpp:179 #9 0x41f4a726 in ~ContainerLayerComposite (this=0x44d0e800, __in_chrg=<value optimized out>) at /hack/mozilla-graphics/gfx/layers/composite/ContainerLayerComposite.cpp:181 #10 0x40f4afce in mozilla::layers::Layer::Release (this=0x44d0e890) at ../../dist/include/Layers.h:588 #11 0x41f1990e in ~nsRefPtr (this=0x47c98270, __in_chrg=<value optimized out>) at ../../dist/include/nsAutoPtr.h:880 #12 0x41f8793c in ~ShadowLayersParent (this=0x47c98240, __in_chrg=<value optimized out>) at /hack/mozilla-graphics/gfx/layers/ipc/ShadowLayersParent.cpp:150 #13 0x41f8799a in ~ShadowLayersParent (this=0x47c98240, __in_chrg=<value optimized out>) at /hack/mozilla-graphics/gfx/layers/ipc/ShadowLayersParent.cpp:150 #14 0x41f6ae28 in mozilla::layers::CrossProcessCompositorParent::DeallocPLayers (this=0x487d0b20, aLayers=0x47c98240) at /hack/mozilla-graphics/gfx/layers/ipc/CompositorParent.cpp:1467 #15 0x41b53a66 in mozilla::layers::PCompositorParent::DeallocSubtree (this=0x487d0b20) at /hack/b2g/B2G/objdir-gecko/ipc/ipdl/PCompositorParent.cpp:837 #16 0x41b53c6e in mozilla::layers::PCompositorParent::OnChannelError (this=0x487d0b20) at /hack/b2g/B2G/objdir-gecko/ipc/ipdl/PCompositorParent.cpp:675 Apparently the reason why mDestroyed is false is Disconnect() or Destroy() were never called. How to fix that?

Mass closing as we are no longer working on b2g/firefox os.

Mass closing as we are no longer working on b2g/firefox os.