1025781 - B2G gaia unit test crash: application crashed [@ mozilla::gfx::ConvertYCbCrToRGB(mozilla::layers::PlanarYCbCrData const&,

Status: RESOLVED FIXED

(Core :: Graphics, defect)

Description

[Gregor Wagner [:gwagner]]

Constant Gaia unit test failure on B2G Desktop Linux x64 Debug.

https://tbpl.mozilla.org/php/getParsedLog.php?id=41774601&tree=B2g-Inbound&full=1#error0

23:59:04     INFO -  TEST-START test_ftu_with_tour.py
23:59:49    ERROR -  test_ftu_with_tour (test_ftu_with_tour.TestFtu) ... PROCESS-CRASH | base.py | application crashed [@ mozilla::gfx::ConvertYCbCrToRGB(mozilla::layers::PlanarYCbCrData const&, mozilla::gfx::SurfaceFormat const&, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, unsigned char*, int)]
23:59:49     INFO -  Crash dump filename: /tmp/tmpjkoy0l/minidumps/14776dad-9696-f8fd-34b4d4fd-688d01ad.dmp
23:59:49     INFO -  Operating system: Linux
23:59:49     INFO -                    0.0.0 Linux 3.2.0-23-generic #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012 x86_64
23:59:49     INFO -  CPU: amd64
23:59:49     INFO -       family 6 model 44 stepping 2
23:59:49     INFO -       1 CPU
23:59:49     INFO -  Crash reason:  SIGSEGV
23:59:49     INFO -  Crash address: 0x0
23:59:49     INFO -  Thread 0 (crashed)
23:59:49     INFO -   0  libxul.so!mozilla::gfx::ConvertYCbCrToRGB(mozilla::layers::PlanarYCbCrData const&, mozilla::gfx::SurfaceFormat const&, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, unsigned char*, int) [YCbCrUtils.cpp:7265bb0c053d : 78 + 0x18]
23:59:49     INFO -      rbx = 0x00007f62166301d0   r12 = 0x00007fff8b85a5b8
23:59:49     INFO -      r13 = 0x00007f621b158000   r14 = 0x0000000000000330
23:59:49     INFO -      r15 = 0x0000000000000000   rip = 0x00007f623ecef00f
23:59:49     INFO -      rsp = 0x00007fff8b85a560   rbp = 0x00007fff8b85a580
23:59:49     INFO -      Found by: given as instruction pointer in context
23:59:49     INFO -   1  libxul.so!mozilla::layers::PlanarYCbCrImage::GetAsSourceSurface() [ImageContainer.cpp:7265bb0c053d : 579 + 0x31]
23:59:49     INFO -      rbx = 0x00007f6216630160   r12 = 0x00007f621b561240
23:59:49     INFO -      r13 = 0x00007fff8b85a630   r14 = 0x00007f62166301d0
23:59:49     INFO -      r15 = 0x0000000000000000   rip = 0x00007f623ed67899
23:59:49     INFO -      rsp = 0x00007fff8b85a590   rbp = 0x00007fff8b85a5e0
23:59:49     INFO -      Found by: call frame info
23:59:49     INFO -   2  libxul.so!mozilla::layers::ImageContainer::LockCurrentAsSourceSurface(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits>*, mozilla::layers::Image**) [ImageContainer.cpp:7265bb0c053d : 326 + 0x10]
23:59:49     INFO -      rbx = 0x00007f6219e98730   r12 = 0x00007fff8b85a630
23:59:49     INFO -      r13 = 0x00007fff8b85a640   r14 = 0x00007fff8b85a648
23:59:49     INFO -      r15 = 0x0000000000000000   rip = 0x00007f623ed670ff
23:59:49     INFO -      rsp = 0x00007fff8b85a5f0   rbp = 0x00007fff8b85a620
23:59:49     INFO -      Found by: call frame info
23:59:49     INFO -   3  libxul.so!mozilla::layers::ClientImageLayer::RenderLayer() [ImageContainer.h:7265bb0c053d : 666 + 0x4]
23:59:49     INFO -      rbx = 0x00007f621a4eae00   r12 = 0x0000000000000000
23:59:49     INFO -      r13 = 0x00007f622c2de000   r14 = 0x00007fff8b85ac60
23:59:49     INFO -      r15 = 0x0000000000000000   rip = 0x00007f623ed95506
23:59:49     INFO -      rsp = 0x00007fff8b85a630   rbp = 0x00007fff8b85a670
23:59:49     INFO -      Found by: call frame info
23:59:49     INFO -   4  libxul.so!mozilla::layers::ClientContainerLayer::RenderLayer() [ClientContainerLayer.h:7265bb0c053d : 61 + 0x5]
23:59:49     INFO -      rbx = 0x00007f621a4eae00   r12 = 0x0000000000000001
23:59:49     INFO -      r13 = 0x00007f622c2de000   r14 = 0x00007fff8b85ac60
23:59:49     INFO -      r15 = 0x0000000000000000   rip = 0x00007f623ed94e42
23:59:49     INFO -      rsp = 0x00007fff8b85a680   rbp = 0x00007fff8b85a710
23:59:49     INFO -      Found by: call frame info
23:59:49     INFO -   5  libxul.so!mozilla::layers::ClientContainerLayer::RenderLayer() [ClientContainerLayer.h:7265bb0c053d : 61 + 0x5]
23:59:49     INFO -      rbx = 0x00007f622c2de000   r12 = 0x0000000000000000
23:59:49     INFO -      r13 = 0x00007f622c2dd000   r14 = 0x00007fff8b85ac60
23:59:49     INFO -      r15 = 0x0000000000000000   rip = 0x00007f623ed94e42
23:59:49     INFO -      rsp = 0x00007fff8b85a720   rbp = 0x00007fff8b85a7b0
23:59:49     INFO -      Found by: call frame info
23:59:49     INFO -   6  libxul.so!mozilla::layers::ClientContainerLayer::RenderLayer() [ClientContainerLayer.h:7265bb0c053d : 61 + 0x5]
23:59:49     INFO -      rbx = 0x00007f622c2dd000   r12 = 0x0000000000000003
23:59:49     INFO -      r13 = 0x00007f62241f2800   r14 = 0x00007fff8b85ac60
23:59:49     INFO -      r15 = 0x0000000000000000   rip = 0x00007f623ed94e42
23:59:49     INFO -      rsp = 0x00007fff8b85a7c0   rbp = 0x00007fff8b85a850
23:59:49     INFO -      Found by: call frame info
23:59:49     INFO -   7  libxul.so!mozilla::layers::ClientContainerLayer::RenderLayer() [ClientContainerLayer.h:7265bb0c053d : 61 + 0x5]
23:59:49     INFO -      rbx = 0x00007f62241f2800   r12 = 0x0000000000000002
23:59:49     INFO -      r13 = 0x00007f6226fd6000   r14 = 0x00007fff8b85ac60
23:59:49     INFO -      r15 = 0x0000000000000000   rip = 0x00007f623ed94e42
23:59:49     INFO -      rsp = 0x00007fff8b85a860   rbp = 0x00007fff8b85a8f0
23:59:49     INFO -      Found by: call frame info
23:59:49     INFO -   8  libxul.so!mozilla::layers::ClientLayerManager::EndTransactionInternal(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) [ClientLayerManager.cpp:7265bb0c053d : 211 + 0x9]
23:59:49     INFO -      rbx = 0x00007f6226ff1080   r12 = 0x00007f623faeb3de
23:59:49     INFO -      r13 = 0x00007f6226fd62d8   r14 = 0x00007fff8b85ac60
23:59:49     INFO -      r15 = 0x0000000000000000   rip = 0x00007f623ed95d72
23:59:49     INFO -      rsp = 0x00007fff8b85a900   rbp = 0x00007fff8b85a970
23:59:49     INFO -      Found by: call frame info
23:59:49     INFO -   9  libxul.so!mozilla::layers::ClientLayerManager::EndTransaction(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) [ClientLayerManager.cpp:7265bb0c053d : 237 + 0x10]
23:59:49     INFO -      rbx = 0x00007f6226ff1080   r12 = 0x0000000000000000
23:59:49     INFO -      r13 = 0x00007f623faeb3de   r14 = 0x00007fff8b85ac60
23:59:49     INFO -      r15 = 0x0000000000000000   rip = 0x00007f623ed96f2b
23:59:49     INFO -      rsp = 0x00007fff8b85a980   rbp = 0x00007fff8b85a9a0

Comment 1

[Sotaro Ikeda [:sotaro]]

PlanarYCbCrImage::GetAsSourceSurface() does not care about Factory::CreateDataSourceSurface() failure. It might cause the crash.

Comment 2

[Sotaro Ikeda [:sotaro]]

Attachment: patch - Add CreateDataSourceSurface() failure checks

Comment 3

[Sotaro Ikeda [:sotaro]]

 https://tbpl.mozilla.org/?tree=Try&rev=c2ff98daeb06

Comment 4

[Sotaro Ikeda [:sotaro]]

 https://hg.mozilla.org/integration/mozilla-inbound/rev/de3ebc1548a3

Comment 5

[Gregor Wagner [:gwagner]]

It didn't fix the crash for B2G Desktop Linux x64 Debug :( Look at the orange Gu
https://tbpl.mozilla.org/?showall=1&tree=Mozilla-Inbound&rev=de3ebc1548a3

Comment 6

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/de3ebc1548a3

Comment 7

[Sotaro Ikeda [:sotaro]]

(In reply to Gregor Wagner [:gwagner] from comment #5)
> It didn't fix the crash for B2G Desktop Linux x64 Debug :( Look at the
> orange Gu
> https://tbpl.mozilla.org/?showall=1&tree=Mozilla-Inbound&rev=de3ebc1548a3

Hmm, I am going to investigate about it more.

Comment 8

[Milan Sreckovic [:milan] (needinfo for best results)]

Comment on attachment 8440731 [details] [diff] [review]
patch - Add CreateDataSourceSurface() failure checks

Review of attachment 8440731 [details] [diff] [review]:
-----------------------------------------------------------------

::: gfx/layers/ImageContainer.cpp
@@ +570,1 @@
>    gfx::GetYCbCrToRGBDestFormatAndSize(mData, format, size);

This was already like this from the initial version, but I just want to double check that we want to be doing the mSize test against MAX_DIMENSION just below?  Were we intending to be doing size test (size started as mSize but may have been modified by the function above) instead?

Comment 9

[Sotaro Ikeda [:sotaro]]

In the log, there is the following log.

> 23:59:51     INFO -  Assertion failure: (aData.mCbCrSize.width == aData.mYSize.width || aData.mCbCrSize.width == (aData.mYSize.width + 1) >> 1) && (aData.mCbCrSize.height == aData.mYSize.height || aData.mCbCrSize.height == (aData.mYSize.height + 1) >> 1), at /builds/slave/b2g-in-l64_g-d-000000000000000/build/gfx/ycbcr/YCbCrUtils.cpp:81

Comment 10

[Sotaro Ikeda [:sotaro]]

Bug 1020114 seems similar bug.

Comment 11

[Sotaro Ikeda [:sotaro]]

ClientImageLayer::RenderLayer() calls LockCurrentAsSourceSurface(). It seems to come from "AutoLockImage autoLock(mContainer, &surface);" in ClientImageLayer::GetImageClientType(). gfx::SourceSurface is requested as argument. But "surface" is not used. gfx::SourceSurface seems not necessary in this function.

If we can remove it, we can by pass the crash in this use case.

Comment 12

[Sotaro Ikeda [:sotaro]]

If gfx::SourceSurface is not necessary here, requesting it is just wast of cpu time and memory.

Comment 13

[Sotaro Ikeda [:sotaro]]

Attachment: patch - Remove unnecessary gfx::SourceSurface

Comment 14

[Sotaro Ikeda [:sotaro]]

https://tbpl.mozilla.org/?tree=Try&rev=6c95cd23eba3

Comment 15

[Sotaro Ikeda [:sotaro]]

 https://hg.mozilla.org/integration/mozilla-inbound/rev/c1ede3f05ea7

Comment 16

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/mozilla-central/rev/c1ede3f05ea7