Closed Bug 1393956 Opened 7 years ago Closed 7 years ago

Crash in arena_dalloc_small | free_impl | std::vector<T>::_Reallocate

Categories

(Core :: Graphics: WebRender, defect)

Product:
Core
Component:
Graphics: WebRender
Platform:
Unspecified
Windows 10
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla57
Tracking Flags:
Tracking Status
firefox-esr52 --- unaffected
firefox55 --- unaffected
firefox56 --- unaffected
firefox57 --- fixed

People

(Reporter: marcia, Assigned: lsalzman)

References

(Blocks 1 open bug)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

ensure NativeFontResourceDWrite is thread-safe
4.18 KB, patch
bas.schouten
: review+
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-683890bc-6dff-45a2-86a0-4d9750170825. ============================================================= New crash which started in 20170825100126: http://bit.ly/2xzLwvW. 3 crashes/3 installs.
Blocks: stylo-crash-reports
status-firefox55: --- → unaffected
status-firefox56: --- → ?
status-firefox-esr52: --- → unaffected
Priority: -- → P3
Summary: Stylo: Crash in arena_dalloc_small | free_impl | std::vector<T>::_Reallocate → stylo: Crash in arena_dalloc_small | free_impl | std::vector<T>::_Reallocate
The crashes happen on gpu process... I don't quite think we have anything to do with gpu process, so it sounds unrelated to stylo to me.
I think this is a WebRender bug, not a Stylo bug. The stack track includes a function in the `mozilla::wr::` namespace. I see 9 crash reports with this signature in the last week. 6 have Stylo enabled, but 3 don't.
No longer blocks: stylo-crash-reports
status-firefox56: ?unaffected
Component: CSS Parsing and Computation → Graphics: WebRender
Priority: P3 → --
Summary: stylo: Crash in arena_dalloc_small | free_impl | std::vector<T>::_Reallocate → Crash in arena_dalloc_small | free_impl | std::vector<T>::_Reallocate
Maybe OOM? Happens inside font goop invoked from Moz2DRenderCallback.
Blocks: wr-stability, stage-wr-trains
Given that the crash is happened deep inside of a free in NativeFontResourceDWrite, instead of an allocation, and given that this is happening during modification of a std::unordered_map which is known to not be thread-safe in that way, it would appear that this is some sort of race rather than that OOM. To that end, this patch tries to make NativeFontResourceDWrite actually thread-safe. A mutex is used to guard the std::unordered_map, and the refcount in DWriteFontFileStream is made atomic.
Assignee: nobody → lsalzman
Status: NEW → ASSIGNED
Attachment #8903588 - Flags: review?(jmuizelaar)
Attachment #8903588 - Flags: review?(jmuizelaar) → review?(bas)
Comment on attachment 8903588 [details] [diff] [review] ensure NativeFontResourceDWrite is thread-safe Review of attachment 8903588 [details] [diff] [review]: ----------------------------------------------------------------- Okay I guess, make sure this doesn't hurt performance.
Attachment #8903588 - Flags: review?(bas) → review+
Pushed by lsalzman@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/19a399059c8b ensure NativeFontResourceDWrite is thread-safe. r=bas
https://hg.mozilla.org/mozilla-central/rev/19a399059c8b
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox57: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: