Closed Bug 1164513 Opened 9 years ago Closed 9 years ago

Crash in GetGraphicBuffer while stability testing

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla41
Project Flags:
blocking-b2g 2.2+
Tracking Flags:
Tracking Status
firefox39 --- wontfix
firefox40 --- wontfix
firefox41 --- fixed
b2g-v2.2 --- fixed
b2g-master --- fixed

People

(Reporter: ggrisco, Assigned: sotaro)

References

Details

(Keywords: crash, Whiteboard: [b2g-crash][caf-crash 505][caf priority: p1][CR 837243])

Crash Data

Attachments

(5 files, 1 obsolete file)

EXTRA file attachment -
141.70 KB, text/plain
Details
decoded minidump -
484.59 KB, text/plain
Details
EXTRA file attachment - AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.154
140.86 KB, text/plain
Details
decoded minidump - AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.154
498.58 KB, text/plain
Details
patch - Add nullptr check
2.03 KB, patch
sotaro
: review+
jocheng
: approval-mozilla-b2g37+
Details | Diff | Splinter Review 
Saw this crash signature a couple of times on latest build:

[@ mozilla::OffTheBooksMutex::Lock | mozilla::layers::SharedBufferManagerParent::GetGraphicBuffer | mozilla::layers::SharedBufferManagerParent::GetGraphicBuffer | mozilla::layers::GetGraphicBufferFrom ]

In both instances of this crash, seeing this at the end of the log:

05-12 21:24:54.614   268  2812 E HWComposer: Non-uniform vsync interval: 650007031

cafbot will upload minidump and extra file (with logs).
(In reply to Greg Grisco from comment #0)
> In both instances of this crash, seeing this at the end of the log:
> 
> 05-12 21:24:54.614   268  2812 E HWComposer: Non-uniform vsync interval:
> 650007031
> 
> cafbot will upload minidump and extra file (with logs).

The following log exits before the above log. It seems to related to the problem.

> [Parent 264] WARNING: pipe error (279): Connection reset by peer:
Implementation of SharedBufferManagerParent::GetGraphicBuffer() seems to have a problem.
It does not handle a case that SharedBufferManagerParent of mOwner is already destroyed.
Assignee: nobody → sotaro.ikeda.g
Attached patch patch - Add nullptr check (obsolete) — Splinter Review 

    
  

        Attachment #8605408 -
        Flags: review?(nical.bugzilla)

    
    

    
  
(In reply to Sotaro Ikeda [:sotaro] from comment #3)
> 
> The following log exits before the above log. It seems to related to the
> problem.
> 
> > [Parent 264] WARNING: pipe error (279): Connection reset by peer:

It means, parent side detect IPC connection problem and the connection is disconnected. It typically happens when child process freeze or crash.
Whiteboard: [CR 837243] → [caf priority: p1][CR 837243]
Whiteboard: [caf priority: p1][CR 837243] → [b2g-crash][caf-crash 505][caf priority: p1][CR 837243]
Keywords: crash

    
    

    
  
Triage:blocking
blocking-b2g: 2.2? → 2.2+

    
    

    
  
Comment on attachment 8605408 [details] [diff] [review]
patch - Add nullptr check

Milan, can you review the patch? It is easy fix. And nical is PTO until next Tuesday.

        Attachment #8605408 -
        Flags: review?(nical.bugzilla) → review?(milan)

    
    

    
  
Comment on attachment 8605408 [details] [diff] [review]
patch - Add nullptr check

Review of attachment 8605408 [details] [diff] [review]:
-----------------------------------------------------------------

::: gfx/layers/ipc/SharedBufferManagerParent.cpp
@@ +363,5 @@
>  android::sp<android::GraphicBuffer>
>  SharedBufferManagerParent::GetGraphicBuffer(GrallocBufferRef aRef)
>  {
>    MonitorAutoLock lock(*sManagerMonitor.get());
> +  if (!GetInstance(aRef.mOwner)) {

This would certainly fix the crash in this code.  I'm assuming calling GetInstance twice (when we succeed) is OK, and there are no performance implications.  Are the callers ready for nullptr?  Just to make sure we don't crash in the caller instead.

        Attachment #8605408 -
        Flags: review?(milan) → review+

    
    

    
  
> Are the callers ready for nullptr?

I re-checked the code, there is a one place that nullptr check is not exist. The code is used only by layer scope now.

    
    

    
  


  
Apply the comment. Carry "r=milan".

        Attachment #8605408 -
        Attachment is obsolete: true

        Attachment #8605932 -
        Flags: review+

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/16767d529dfe
Status: NEW → RESOLVED
Closed: 9 years ago

          status-firefox41:
          --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla41

    
  

          status-b2g-v2.2:
          --- → affected

    
    

    
  
Comment on attachment 8605932 [details] [diff] [review]
patch - Add nullptr check

NOTE: Please see https://wiki.mozilla.org/Release_Management/B2G_Landing to better understand the B2G approval process and landings.

[Approval Request Comment]
Bug caused by (feature/regressing bug #): Bug 959089
User impact if declined: system boot could happen in some cases. 
Testing completed: locally tested.
Risk to taking this patch (and alternatives if risky): low.
String or UUID changes made by this patch: none.

        Attachment #8605932 -
        Flags: approval-mozilla-b2g37?

    
    

    
  
I applied the patch internally and it will be built into AU 157+, thanks.

    
  

        Attachment #8605932 -
        Flags: approval-mozilla-b2g37? → approval-mozilla-b2g37+

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: