Closed
Bug 1132528
Opened 9 years ago
Closed 9 years ago
Monkey Crash [@ mozilla::OffTheBooksMutex::Lock | mozilla::layers::GrallocReporter::CollectReports ]
Categories
(Core :: Graphics: Layers, defect, P2)
Tracking
()
People
(Reporter: m1, Assigned: sotaro)
References
Details
(Keywords: crash, Whiteboard: [caf-crash 447][caf priority: p2][CR 795175][b2g-crash])
Crash Data
Attachments
(14 files, 2 obsolete files)
155.64 KB,
text/plain
|
Details | |
414.96 KB,
text/plain
|
Details | |
155.64 KB,
text/plain
|
Details | |
414.96 KB,
text/plain
|
Details | |
155.64 KB,
text/plain
|
Details | |
414.96 KB,
text/plain
|
Details | |
188.13 KB,
text/plain
|
Details | |
427.09 KB,
text/plain
|
Details | |
151.77 KB,
text/plain
|
Details | |
396.73 KB,
text/plain
|
Details | |
4.34 KB,
patch
|
Details | Diff | Splinter Review | |
1.76 KB,
patch
|
nical
:
review+
bajaj
:
approval-mozilla-b2g37+
|
Details | Diff | Splinter Review |
718 bytes,
text/plain
|
Details | |
414.58 KB,
text/plain
|
Details |
+++ This bug was initially created as a clone of Bug #1125940 +++ We have been observing the following crash during monkey runs, L-based gonk. [@ mozilla::OffTheBooksMutex::Lock | mozilla::layers::GrallocReporter::CollectReports | nsMemoryReporterManager::GetReportsForThisProcessExtended | nsMemoryReporterManager::StartGettingReports ] First observed on Mozilla build ID 20150130184047, recently observed on Mozilla build ID 20150211183505. This has not yet been observed on a KK-based gonk.
Updated•9 years ago
|
Whiteboard: [b2g-crash] → [CR 795175][b2g-crash]
Updated•9 years ago
|
Whiteboard: [CR 795175][b2g-crash] → [caf priority: p2][CR 795175][b2g-crash]
Updated•9 years ago
|
Whiteboard: [caf priority: p2][CR 795175][b2g-crash] → [caf-crash 447][caf priority: p2][CR 795175][b2g-crash]
Comment 1•9 years ago
|
||
Observed on: Device: msm8909 Gonk Version: AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.071 Moz BuildID: 20150211002505 Manifest: https://www.codeaurora.org/cgit/quic/lf/b2g/manifest/tree/caf_AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.071.xml?h=release Gecko Version: 37.0a2 Gaia: http://git.mozilla.org/?p=releases/gaia.git;a=commit;h=943be6fd146017dcd9d4c9d1027be1e43bad13eb Gecko: http://git.mozilla.org/?p=releases/gecko.git;a=commit;h=3829518d5d1898c888e6c88ec1fa2bbf0b7bc72a Patches: bug 1091307, bug 1067629, bug 1125418, bug 1130271
Comment 2•9 years ago
|
||
Comment 3•9 years ago
|
||
Reporter | ||
Comment 4•9 years ago
|
||
Comment on attachment 8563615 [details]
EXTRA file attachment - AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.071
(bad cafbot! this was the very first instance of this crash from last December)
Attachment #8563615 -
Attachment is obsolete: true
Reporter | ||
Comment 5•9 years ago
|
||
Comment on attachment 8563616 [details]
decoded minidump - AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.071
(cafbot, you need to try again)
Attachment #8563616 -
Attachment is obsolete: true
Comment 6•9 years ago
|
||
Observed on: Device: msm8909 Gonk Version: AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.058 Moz BuildID: 20150120002507 Manifest: https://www.codeaurora.org/cgit/quic/lf/b2g/manifest/tree/caf_AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.058.xml?h=release Gecko Version: 37.0a2 Gaia: http://git.mozilla.org/?p=releases/gaia.git;a=commit;h=f5b3d1b6cfa3e702033f613915ae637cb735cbfb Gecko: http://git.mozilla.org/?p=releases/gecko.git;a=commit;h=bb6c4d3fc51281f1a2ee0ff471221dbc1d0d1035 Patches: bug 1091307, bug 1067629, bug 1125418, bug 1130271
Comment 7•9 years ago
|
||
Comment 8•9 years ago
|
||
Reporter | ||
Comment 9•9 years ago
|
||
(/me throws cafbot a bone. Such a good boy!)
Reporter | ||
Updated•9 years ago
|
blocking-b2g: --- → 2.2?
Comment 10•9 years ago
|
||
Observed on: Device: msm8909 Gonk Version: AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.073 Moz BuildID: 20150212002504 Manifest: https://www.codeaurora.org/cgit/quic/lf/b2g/manifest/tree/caf_AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.073.xml?h=release Gecko Version: 37.0a2 Gaia: http://git.mozilla.org/?p=releases/gaia.git;a=commit;h=791e53728cd8018f1d7cf7efe06bbeb1179f0370 Gecko: http://git.mozilla.org/?p=releases/gecko.git;a=commit;h=2a90b4d5194b06c63ebcf0377703126b08349b92 Patches: bug 1130271, bug 1067629, bug 1125418, bug 1091307, bug 1130196
Comment 11•9 years ago
|
||
Comment 12•9 years ago
|
||
Reporter | ||
Comment 13•9 years ago
|
||
Who can look at this crash?
Flags: needinfo?(sku)
Flags: needinfo?(mlee)
Flags: needinfo?(bbajaj)
Comment 14•9 years ago
|
||
Observed on: Device: msm8909 Gonk Version: AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.074 Moz BuildID: 20150214002504 Manifest: https://www.codeaurora.org/cgit/quic/lf/b2g/manifest/tree/caf_AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.074.xml?h=release Gecko Version: 37.0a2 Gaia: http://git.mozilla.org/?p=releases/gaia.git;a=commit;h=ea64caf6d4ab03fc4472eca9f41f20d651d55fa9 Gecko: http://git.mozilla.org/?p=releases/gecko.git;a=commit;h=f0efef29cfa937da4d8497636cdae4b978d93674 Patches: bug 1091307, bug 1067629, bug 1125418, bug 1130271, bug 1130196
Comment 15•9 years ago
|
||
Comment 16•9 years ago
|
||
Comment 17•9 years ago
|
||
Nicholas, Can you have someone on your team help investigatethe cuae of this crash. The Crash signature points to nsMemoryReporterManager::GetReportsForThisProcessExtended [1] which seems to have been worked on by you and @jld. Thanks, Mike [1] https://hg.mozilla.org/mozilla-central/annotate/9696d1c4b3ba/xpcom/base/nsMemoryReporterManager.cpp
Flags: needinfo?(mlee) → needinfo?(n.nethercote)
Comment 18•9 years ago
|
||
> Can you have someone on your team help investigatethe cuae of this crash. > The Crash signature points to > nsMemoryReporterManager::GetReportsForThisProcessExtended [1] which seems to > have been worked on by you and @jld. GetReportsForThisProcessExtended() is code that calls into all the memory reporters, and so isn't particularly relevant. The specific reporter in which the crash is occurring in is GrallocReporter. It looks like Sotaro added the lock to that reporter in bug 1036419. Sotaro, can you please take a look? Thank you.
Flags: needinfo?(n.nethercote) → needinfo?(sotaro.ikeda.g)
Updated•9 years ago
|
Component: Stability → Graphics: Layers
Product: Firefox OS → Core
Updated•9 years ago
|
blocking-b2g: 2.2? → 2.2+
Flags: needinfo?(bbajaj)
Assignee | ||
Comment 19•9 years ago
|
||
I take a look.
Assignee: nobody → sotaro.ikeda.g
Flags: needinfo?(sotaro.ikeda.g)
Assignee | ||
Comment 20•9 years ago
|
||
From decoded minidump, the crash happened in b2g process. But logcat log does not have the crash info. In the logcat log, b2g process emit the logcat log normally until end of the logcat log.
Assignee | ||
Comment 21•9 years ago
|
||
The decoded minidump does not have an information about which line number of SharedBufferManagerParent.cpp caused the crash. From the following in attachment 8565022 [details], BaseAutoLock is used, therefore the crash seems to happen about SharedBufferManagerParent::mLock.
-------------------------------------
1 libxul.so!mozilla::layers::GrallocReporter::CollectReports [Mutex.h : 164 + 0x3]
r4 = 0xaccc1c40 r5 = 0xbed2e1bc r6 = 0x00000639 r7 = 0xadb1b340
r8 = 0x00000000 r9 = 0xbed2e188 r10 = 0xadb1b340 fp = 0xbed2e2c4
sp = 0xbed2e148 pc = 0xb50c2c7f
Found by: call frame info
Assignee | ||
Comment 22•9 years ago
|
||
It seems wired that a lifetime of SharedBufferManagerParent::mLock is same to SharedBufferManagerParent. And SharedBufferManagerParent instance is registered to SharedBufferManagerParent::sManagers only during SharedBufferManagerParent is live. And SharedBufferManagerParent's creation and destruction always happen on main thread.
Reporter | ||
Updated•9 years ago
|
Flags: needinfo?(sku)
Comment 23•9 years ago
|
||
Observed on: Device: msm8909 Gonk Version: AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.078 Moz BuildID: 20150218002515 Manifest: https://www.codeaurora.org/cgit/quic/lf/b2g/manifest/tree/caf_AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.078.xml?h=release Gecko Version: 37.0a2 Gaia: http://git.mozilla.org/?p=releases/gaia.git;a=commit;h=da509caa7395d3d090ce973e8de082b4680a590d Gecko: http://git.mozilla.org/?p=releases/gecko.git;a=commit;h=782bc95dce066e2b262f556adf947a9a1409e6a0 Patches: bug 1067629, bug 1125940, bug 1130271, bug 1125418, bug 1091307, bug 1132388, bug 1130196
Comment 24•9 years ago
|
||
Comment 25•9 years ago
|
||
Comment 26•9 years ago
|
||
Observed on: Device: msm8909 Gonk Version: AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.081 Moz BuildID: 20150218002515 Manifest: https://www.codeaurora.org/cgit/quic/lf/b2g/manifest/tree/caf_AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.081.xml?h=release Gecko Version: 37.0a2 Gaia: http://git.mozilla.org/?p=releases/gaia.git;a=commit;h=da509caa7395d3d090ce973e8de082b4680a590d Gecko: http://git.mozilla.org/?p=releases/gecko.git;a=commit;h=782bc95dce066e2b262f556adf947a9a1409e6a0 Patches: bug 1067629, bug 1125940, bug 1130271, bug 1125418, bug 1091307, bug 1132388, bug 1130196
Comment 27•9 years ago
|
||
Comment 28•9 years ago
|
||
Assignee | ||
Comment 29•9 years ago
|
||
On my flame-kk, assemble code of MutexAutoLock lock(mgr->mLock); was the following. The crash address of 0x1cc seems to come from "mgr->mLock". From it, somehow mgr seems to become nullptr.
>=> 0xb5097f06 <+58>: 0b a8 add r0, sp, #44 ; 0x2c
> 0xb5097f08 <+60>: 07 f5 e6 71 add.w r1, r7, #460 ; 0x1cc
> 0xb5097f0c <+64>: 47 f4 8e ff bl 0xb4cdfe2c ><mozilla::BaseAutoLock<mozilla::Mutex>::BaseAutoLock(mozilla::Mutex&)>
Assignee | ||
Comment 30•9 years ago
|
||
/dev/log/main has the following log at the most last part. The memory report seems to trigger to call GrallocReporter::CollectReports()
> 01-01 00:52:42.314 867 867 D slogger : Triggered Gecko memory report for iteration 450
> 01-01 00:52:42.315 3770 3784 I Gecko:DumpUtils: FifoWatcher(command:memory report) dispatching memory report runnable.
> 01-01 00:52:42.317 3770 3784 I Gecko:DumpUtils: FifoWatcher closing and re-opening fifo.
> 01-01 00:52:42.335 3770 3770 I DMD : opened /data/local/tmp/memory-reports/dmd-3162-28318.json.gz for writing
> 01-01 00:52:42.337 3770 3770 I DMD : opened /data/local/tmp/memory-reports/dmd-3162-4561.json.gz for writing
> 01-01 00:52:42.338 3770 3770 I DMD : opened /data/local/tmp/memory-reports/dmd-3162-4414.json.gz for writing
> 01-01 00:52:42.339 3770 3770 I DMD : opened /data/local/tmp/memory-reports/dmd-3162-3770.json.gz for writing
> 01-01 00:52:44.770 3770 3854 E HWComposer: Non-uniform vsync interval: 766654218
> 01-01 00:52:44.774 3770 4125 E libsuspend: Error reading from /sys/power/wakeup_count: Interrupted system call
Assignee | ||
Comment 31•9 years ago
|
||
(In reply to Sotaro Ikeda [:sotaro] from comment #29) > On my flame-kk, assemble code of MutexAutoLock lock(mgr->mLock); was the > following. The crash address of 0x1cc seems to come from "mgr->mLock". From > it, somehow mgr seems to become nullptr. Hmm, it is not clear how this could happen.
Reporter | ||
Comment 32•9 years ago
|
||
:sotaro -- LMK if you'd like me to add a debug patch into our build. This crash reproduced 4 times last night (still L only, never observed on KK), so if you have a patch by 16:00 PST today then there will be time to get it into tonight's test run and maybe we'll have more data tomorrow.
Assignee | ||
Comment 33•9 years ago
|
||
m1, thanks for the offer! I am preparing a log patch.
Assignee | ||
Comment 34•9 years ago
|
||
Add log around SharedBufferManagerParent
Assignee | ||
Comment 36•9 years ago
|
||
I found one possible cause in SharedBufferManagerParent::GetInstance(). If SharedBufferManagerParent was already deleted, mBuffers[key] creates a entry for the key https://dxr.mozilla.org/mozilla-central/source/gfx/layers/ipc/SharedBufferManagerParent.cpp#332
Assignee | ||
Comment 37•9 years ago
|
||
Assignee | ||
Comment 38•9 years ago
|
||
(In reply to Sotaro Ikeda [:sotaro] from comment #37) > Created attachment 8567671 [details] [diff] [review] > patch - Handle non existent key This might fix the crash.
Reporter | ||
Comment 39•9 years ago
|
||
(In reply to Sotaro Ikeda [:sotaro] from comment #35) > m1, I created the log patch. Would you like me to apply the log patch or the "non-existent key" patch? They conflict with each other at the moment when I apply both.
Flags: needinfo?(mvines)
Reporter | ||
Comment 40•9 years ago
|
||
I've resolved the merge conflicts between the two patches and will add them both (unless I hear otherwise)
Assignee | ||
Comment 41•9 years ago
|
||
Thanks, it would be nice if boths are applied.
Reporter | ||
Comment 42•9 years ago
|
||
No crash overnight with both patches observed. There have been bouts of a day or two where the crash has not been seen in the past, but a good sign. If cafbot doesn't comment by mid-week then victory can probably be declared.
Assignee | ||
Comment 43•9 years ago
|
||
Thanks! Good news.
Assignee | ||
Updated•9 years ago
|
Attachment #8567671 -
Flags: review?(nical.bugzilla)
Updated•9 years ago
|
Attachment #8567671 -
Flags: review?(nical.bugzilla) → review+
Assignee | ||
Comment 44•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/2bcfb8e2dae9
https://hg.mozilla.org/mozilla-central/rev/2bcfb8e2dae9
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox39:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
Reporter | ||
Comment 46•9 years ago
|
||
Comment on attachment 8567671 [details] [diff] [review] patch - Handle non existent key We've had this patch in our v2.2 tree for over a week now and have not observed the crash it purports to fix since.
Attachment #8567671 -
Flags: approval-mozilla-b2g37?
Updated•9 years ago
|
Attachment #8567671 -
Flags: approval-mozilla-b2g37? → approval-mozilla-b2g37+
Comment 47•9 years ago
|
||
https://hg.mozilla.org/releases/mozilla-b2g37_v2_2/rev/0dbec8381c00
status-b2g-v2.2:
--- → fixed
status-b2g-master:
--- → fixed
status-firefox37:
--- → wontfix
status-firefox38:
--- → wontfix
Blocks: CAF-v3.0-FL-metabug
No longer blocks: CAF-v3.0-FL-metabug
Comment 48•9 years ago
|
||
Observed on: Device: msm8610 Gonk Version: AU_LINUX_GECKO_LF.BF.1.1.01.05.00.000.019 Moz BuildID: 20141218040201 Manifest: https://www.codeaurora.org/cgit/quic/lf/b2g/manifest/tree/caf_AU_LINUX_GECKO_LF.BF.1.1.01.05.00.000.019.xml?h=release Gecko Version: 37.0a1 Gaia: http://git.mozilla.org/?p=releases/gaia.git;a=commit;h=58734e8a48157f99d5b733412b600c2e04c954fe Gecko: http://git.mozilla.org/?p=releases/gecko.git;a=commit;h=41db432713eb777389a5c34570f0b2a9cbe11af8 Patches: bug 1120620
Comment 49•9 years ago
|
||
Comment 50•9 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•