Closed
Bug 1033293
Opened 11 years ago
Closed 11 years ago
Segfault in mozilla::layers::CanvasClientSurfaceStream::Update
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
mozilla33
People
(Reporter: tzimmermann, Assigned: sotaro)
References
Details
Attachments
(1 file)
|
1.84 KB,
patch
|
jgilbert
:
review+
|
Details | Diff | Splinter Review |
Since yesterday, on the Nexus 4, I constantly get the error below with trunk. I haven't updated for a few days, so the bug might be older.
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xb47c7f1e in mozilla::layers::CanvasClientSurfaceStream::Update (this=0xac077f20, aSize=..., aLayer=0xadfc1b20)
at ../../../../mozilla-central/gfx/layers/client/CanvasClient.cpp:167
167 MOZ_ASSERT(false);
(gdb) bt
#0 0xb47c7f1e in mozilla::layers::CanvasClientSurfaceStream::Update (this=0xac077f20, aSize=..., aLayer=0xadfc1b20)
at ../../../../mozilla-central/gfx/layers/client/CanvasClient.cpp:167
#1 0xb47d2bd0 in mozilla::layers::ClientCanvasLayer::RenderLayer (this=0xadfc1b20) at ../../../../mozilla-central/gfx/layers/client/ClientCanvasLayer.cpp:192
#2 0xb47d4460 in mozilla::layers::ClientContainerLayer::RenderLayer (this=0xb0607000) at ../../../../mozilla-central/gfx/layers/client/ClientContainerLayer.h:61
#3 0xb47d4460 in mozilla::layers::ClientContainerLayer::RenderLayer (this=0xb0606800) at ../../../../mozilla-central/gfx/layers/client/ClientContainerLayer.h:61
#4 0xb47d4460 in mozilla::layers::ClientContainerLayer::RenderLayer (this=0xb0606400) at ../../../../mozilla-central/gfx/layers/client/ClientContainerLayer.h:61
#5 0xb47cc6b0 in mozilla::layers::ClientLayerManager::EndTransactionInternal (this=0xae0e2e00, aCallback=
0xb5125f41 <mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*)>, aCallbackData=<optimized out>) at ../../../../mozilla-central/gfx/layers/client/ClientLayerManager.cpp:211
#6 0xb47d425c in mozilla::layers::ClientLayerManager::EndTransaction (this=0xae0e2e00,
aCallback=0xb5125f41 <mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*)>, aCallbackData=0xbec24120, aFlags=mozilla::layers::LayerManager::END_DEFAULT) at ../../../../mozilla-central/gfx/layers/client/ClientLayerManager.cpp:237
#7 0xb5164f64 in nsDisplayList::PaintForFrame (this=0xbec24048, aBuilder=0xbec24120, aCtx=<optimized out>, aForFrame=<optimized out>, aFlags=13)
at ../../../../mozilla-central/layout/base/nsDisplayList.cpp:1393
#8 0xb5165174 in nsDisplayList::PaintRoot (this=0xbec24048, aBuilder=0xbec24120, aCtx=0x0, aFlags=13) at ../../../../mozilla-central/layout/base/nsDisplayList.cpp:1232
#9 0xb5166ac4 in nsLayoutUtils::PaintFrame (aRenderingContext=0x0, aFrame=0xb05da2b8, aDirtyRegion=<optimized out>, aBackstop=4294967295, aFlags=772)
at ../../../../mozilla-central/layout/base/nsLayoutUtils.cpp:2959
#10 0xb51108aa in PresShell::Paint (this=0xb206c2c0, aViewToPaint=0xb05c3dd0, aDirtyRegion=..., aFlags=1) at ../../../../mozilla-central/layout/base/nsPresShell.cpp:6222
#11 0xb4de7c50 in nsViewManager::ProcessPendingUpdatesPaint (this=0xb05c8970, aWidget=0xb06d62e0) at ../../../../mozilla-central/view/src/nsViewManager.cpp:443
#12 0xb4de7fa8 in nsViewManager::ProcessPendingUpdatesForView (this=<optimized out>, aView=<optimized out>, aFlushDirtyRegion=<optimized out>)
at ../../../../mozilla-central/view/src/nsViewManager.cpp:384
#13 0xb5118748 in nsRefreshDriver::Tick (this=0xb6ac2120, aNowEpoch=<optimized out>, aNowTime=...) at ../../../../mozilla-central/layout/base/nsRefreshDriver.cpp:1278
#14 0xb5118db8 in mozilla::RefreshDriverTimer::Tick (this=0xb190f100) at ../../../../mozilla-central/layout/base/nsRefreshDriver.cpp:162
#15 0xb43518ba in nsTimerImpl::Fire (this=0xb053d6a0) at ../../../../mozilla-central/xpcom/threads/nsTimerImpl.cpp:618
#16 0xb4351a3e in nsTimerEvent::Run (this=0xb0560150) at ../../../../mozilla-central/xpcom/threads/nsTimerImpl.cpp:711
#17 0xb434f426 in ProcessNextEvent (aResult=0xbec247f7, aMayWait=false, this=0xb6a4d700) at ../../../../mozilla-central/xpcom/threads/nsThread.cpp:766
#18 nsThread::ProcessNextEvent (this=0xb6a4d700, aMayWait=<optimized out>, aResult=0xbec247f7) at ../../../../mozilla-central/xpcom/threads/nsThread.cpp:685
#19 0xb4308de6 in NS_ProcessNextEvent (aThread=0xb6a4d700, aMayWait=<optimized out>) at /home/mozilla/Projects/mozilla/src/mozilla-central/xpcom/glue/nsThreadUtils.cpp:284
#20 0xb45040b4 in mozilla::ipc::MessagePump::Run (this=0xb6a01e20, aDelegate=0xb6a701a0) at ../../../../mozilla-central/ipc/glue/MessagePump.cpp:102
#21 0xb44f26ae in MessageLoop::RunInternal (this=0xb6a701a0) at ../../../../mozilla-central/ipc/chromium/src/base/message_loop.cc:229
#22 0xb44f26c6 in RunHandler (this=0xb6a701a0) at ../../../../mozilla-central/ipc/chromium/src/base/message_loop.cc:222
#23 MessageLoop::Run (this=0xb6a701a0) at ../../../../mozilla-central/ipc/chromium/src/base/message_loop.cc:196
#24 0xb4b3ae52 in nsBaseAppShell::Run (this=0xb204f100) at ../../../../mozilla-central/widget/xpwidgets/nsBaseAppShell.cpp:164
#25 0xb53f2a4e in nsAppStartup::Run (this=0xb2052dc0) at ../../../../../mozilla-central/toolkit/components/startup/nsAppStartup.cpp:278
#26 0xb53d947a in XREMain::XRE_mainRun (this=0xbec2498c) at ../../../../mozilla-central/toolkit/xre/nsAppRunner.cpp:4013
#27 0xb53d9666 in XREMain::XRE_main (this=0xbec2498c, argc=<optimized out>, argv=<optimized out>, aAppData=<optimized out>)
at ../../../../mozilla-central/toolkit/xre/nsAppRunner.cpp:4084
#28 0xb53d97c0 in XRE_main (argc=1, argv=0xbec26b44, aAppData=0x24938, aFlags=<optimized out>) at ../../../../mozilla-central/toolkit/xre/nsAppRunner.cpp:4298
#29 0x0000ae9c in do_main (argv=0xbec26b44, argc=1) at ../../../../mozilla-central/b2g/app/nsBrowserApp.cpp:163
#30 main (argc=<optimized out>, argv=<optimized out>) at ../../../../mozilla-central/b2g/app/nsBrowserApp.cpp:256
(gdb)
|
||
Comment 1•11 years ago
|
||
This should never happen. What's your about:support look like?
|
|
||
Updated•11 years ago
|
Flags: needinfo?(tzimmermann)
|
||
Updated•11 years ago
|
Assignee: nobody → jgilbert
|
Reporter | |
Comment 3•11 years ago
|
||
The returned surface is of type no 3, which seems to be 'EGLSurfaceANGLE'.
How do I open 'about:support' on b2g? Opening the Browser app and using in the URL bar doesn't work.
Flags: needinfo?(tzimmermann) → needinfo?(jgilbert)
|
Assignee | |
Comment 4•11 years ago
|
||
It seems like regression of Bug 1000640. The following code seems to have a problem. On gonk, SurfaceFactory_Gralloc is always expected for SurfaceStream, but SurfaceFactory_EGLImage::Create() is called on in inter thread-ipc case.
http://mxr.mozilla.org/mozilla-central/source/gfx/layers/client/ClientCanvasLayer.cpp#83
|
|
Reporter | |
Comment 5•11 years ago
|
||
(In reply to Sotaro Ikeda [:sotaro] from comment #4)
> It seems like regression of Bug 1000640.
Right. The problem is not present if I revert to an earlier revision. Currently, b2g doesn't even boot.
|
||
Comment 6•11 years ago
|
||
(In reply to Thomas Zimmermann [:tzimmermann] [:tdz] from comment #5)
> (In reply to Sotaro Ikeda [:sotaro] from comment #4)
> > It seems like regression of Bug 1000640.
>
> Right. The problem is not present if I revert to an earlier revision.
> Currently, b2g doesn't even boot.
Yeah debug mode is completely broken. We need a fix here rather sooner than later or back out the patch that cause this.
|
|
||
Comment 7•11 years ago
|
||
It is going to be difficult to get QA for regression range because this is unsupported phone. Jeff, if you have a candidate for what broke this, and send me a patch, I can build and test on Nexus 4.
|
|
Assignee | |
Comment 8•11 years ago
|
||
The patch fixed the problem on master flame.
|
|
Assignee | |
Comment 9•11 years ago
|
||
Comment on attachment 8450297 [details] [diff] [review]
patch - Always use SurfaceFactory_Gralloc for SurfaceStream on gonk
jgilbert, can you review the patch soon? Thanks.
Attachment #8450297 -
Flags: review?(jgilbert)
|
|
||
Comment 10•11 years ago
|
||
Thomas, you can use the patch to unblock your work while it's getting reviewed?
Flags: needinfo?(tzimmermann)
|
|
||
Comment 11•11 years ago
|
||
It boots again with this patch \o/
|
|
||
Updated•11 years ago
|
Attachment #8450297 -
Flags: review?(jgilbert) → review+
|
|
Reporter | |
Comment 12•11 years ago
|
||
(In reply to Milan Sreckovic [:milan] from comment #10)
> Thomas, you can use the patch to unblock your work while it's getting
> reviewed?
It works again. Thanks a lot!
Flags: needinfo?(tzimmermann)
|
|
Assignee | |
Comment 13•11 years ago
|
||
|
|
Assignee | |
Updated•11 years ago
|
Assignee: jgilbert → sotaro.ikeda.g
|
|
||
Comment 14•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla33
|
|
Reporter | |
Updated•11 years ago
|
Flags: needinfo?(jgilbert)
You need to log in
before you can comment on or make changes to this bug.
Description
•