Closed Bug 1207040 Opened 9 years ago Closed 9 years ago

Mochitest shutdown crash on the compositor thread

Categories

(Firefox OS Graveyard :: Emulator, defect)

Product:
Firefox OS Graveyard
Component:
Emulator
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: cyu, Assigned: edgar)

References

Details

(Whiteboard: [EMU] [CI])

Attachments

(1 file)

[device_generic_goldfish:b2g-4.4.2_r1] PR #39
62 bytes, text/x-github-pull-request
tzimmermann
: review+
Details | Review
Running on emulator-x86-kk, mochitest crashes on the compositor thread during shutdown: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1868.1906] HostConnection::rcEncoder (this=this@entry=0xe5e5e5e5) at device/generic/goldfish/opengl/system/OpenglSystemCommon/HostConnection.cpp:131 131 if (!m_rcEnc) { (gdb) p this $30 = (HostConnection * const) 0xe5e5e5e5 (gdb) bt #0 HostConnection::rcEncoder (this=this@entry=0xe5e5e5e5) at device/generic/goldfish/opengl/system/OpenglSystemCommon/HostConnection.cpp:131 #1 0xaafe751d in eglMakeCurrent (draw=draw@entry=0x0, read=read@entry=0x0, ctx=ctx@entry=0x0, dpy=<optimized out>) at device/generic/goldfish/opengl/system/egl/egl.cpp:948 #2 0xaafe7ee4 in eglMakeCurrent (ctx=0x0, read=0x0, draw=0x0, dpy=0xaaff5040 <s_display>) at device/generic/goldfish/opengl/system/egl/egl.cpp:917 #3 eglReleaseThread () at device/generic/goldfish/opengl/system/egl/egl.cpp:778 #4 0xb7458f3a in eglReleaseThread () at frameworks/native/opengl/libs/EGL/eglApi.cpp:1309 #5 0xb7599171 in CleanAll (this=<optimized out>) at bionic/libc/bionic/pthread_key.cpp:161 #6 pthread_key_clean_all () at bionic/libc/bionic/pthread_key.cpp:193 #7 0xb759a74a in pthread_exit (retval=0x0) at bionic/libc/bionic/pthread.c:104 #8 0xb7598c15 in __thread_entry (func=0xb319e2b5 <ThreadFunc(void*)>, arg=0xaeb645b0, tls=0xae7bddd0) at bionic/libc/bionic/pthread_create.cpp:106 #9 0xb75cb076 in __pthread_clone () at bionic/libc/arch-x86/bionic/clone.S:45 #10 0xae7bddd0 in ?? () #11 0xb937b8f0 in ?? ()
Blocks: 1192121
This is a cross-dependency of thread-local storage cleanup: 1. Device layer cleans up its TLS first, but didn't set it to null in device/generic/goldfish/opengl/system/OpenglSystemCommon/ThreadInfo.cpp. This is the root cause of the crash. 2. The framework layer cleans up its TLS layer, and enters the device layer. 3. The device layer tries to get the TLS and gets an already-freed pointer. It dereferences it and crashes. On L, the bug is already fixed in function tlsDestruct() in ThreadInfo.cpp by nulling out the TLS: > ((void **)__get_tls())[TLS_SLOT_OPENGL] = NULL; So we only need to update the goldfish opengl implementation to L.
Even I cherrypicked the fix in comment #1, I can still run into crash on startup as: E/libEGL ( 1771): EGLNativeWindowType 0xb0bb7808 already connected to another API E/libEGL ( 1771): eglCreateWindowSurface:414 error 3003 (EGL_BAD_ALLOC) Where we aborted in mozilla-central/gfx/gl/GLContextProviderEGL.cpp:785 that we fail to create an EGLSurface. We may need to cherrypick more fixes of goldfish opengl implementation from L or even newer.
Blocks: 1234779
(In reply to Cervantes Yu [:cyu] [:cervantes] from comment #2) > Even I cherrypicked the fix in comment #1, I can still run into crash on > startup as: > > E/libEGL ( 1771): EGLNativeWindowType 0xb0bb7808 already connected to > another API > E/libEGL ( 1771): eglCreateWindowSurface:414 error 3003 (EGL_BAD_ALLOC) > > Where we aborted in mozilla-central/gfx/gl/GLContextProviderEGL.cpp:785 that > we fail to create an EGLSurface. We may need to cherrypick more fixes of > goldfish opengl implementation from L or even newer. I would like to cherry-pick the fix [1] from upstream for the crash first and file bug 1234779 to follow-up the EGLSurface issue. [1] https://android.googlesource.com/device/generic/goldfish/+/a1de8e2f5e4c29341be01bae364a54d92d14c742%5E!/#F0
Assignee: nobody → echen
Comment on attachment 8701411 [details] [review] [device_generic_goldfish:b2g-4.4.2_r1] PR #39 Hi Thomas, I cherry-pick a fix for crash from upstream, may I have your review? Thank you.
Attachment #8701411 - Flags: review?(tzimmermann)
Whiteboard: [EMU] [CI]
Comment on attachment 8701411 [details] [review] [device_generic_goldfish:b2g-4.4.2_r1] PR #39 Rubber stamping. ;)
Attachment #8701411 - Flags: review?(tzimmermann) → review+
b2g-4.4.2_r1: https://github.com/mozilla-b2g/device_generic_goldfish/commit/49f5591508df408fab7d7d8322681b004a2750f3
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: