Closed Bug 1393956 Opened 2 years ago Closed 2 years ago

Crash in arena_dalloc_small | free_impl | std::vector<T>::_Reallocate

Categories

(Core :: Graphics: WebRender, defect, critical)

Unspecified
Windows 10
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla57
Tracking Status
firefox-esr52 --- unaffected
firefox55 --- unaffected
firefox56 --- unaffected
firefox57 --- fixed

People

(Reporter: marcia, Assigned: lsalzman)

References

(Blocks 2 open bugs)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is 
report bp-683890bc-6dff-45a2-86a0-4d9750170825.
=============================================================

New crash which started in 20170825100126: http://bit.ly/2xzLwvW. 3 crashes/3 installs.
Priority: -- → P3
Summary: Stylo: Crash in arena_dalloc_small | free_impl | std::vector<T>::_Reallocate → stylo: Crash in arena_dalloc_small | free_impl | std::vector<T>::_Reallocate
The crashes happen on gpu process... I don't quite think we have anything to do with gpu process, so it sounds unrelated to stylo to me.
I think this is a WebRender bug, not a Stylo bug. The stack track includes a function in the `mozilla::wr::` namespace.

I see 9 crash reports with this signature in the last week. 6 have Stylo enabled, but 3 don't.
No longer blocks: stylo-crash-reports
Component: CSS Parsing and Computation → Graphics: WebRender
Priority: P3 → --
Summary: stylo: Crash in arena_dalloc_small | free_impl | std::vector<T>::_Reallocate → Crash in arena_dalloc_small | free_impl | std::vector<T>::_Reallocate
Maybe OOM? Happens inside font goop invoked from Moz2DRenderCallback.
Given that the crash is happened deep inside of a free in NativeFontResourceDWrite, instead of an allocation, and given that this is happening during modification of a std::unordered_map which is known to not be thread-safe in that way, it would appear that this is some sort of race rather than that OOM.

To that end, this patch tries to make NativeFontResourceDWrite actually thread-safe. A mutex is used to guard the std::unordered_map, and the refcount in DWriteFontFileStream is made atomic.
Assignee: nobody → lsalzman
Status: NEW → ASSIGNED
Attachment #8903588 - Flags: review?(jmuizelaar)
Attachment #8903588 - Flags: review?(jmuizelaar) → review?(bas)
Comment on attachment 8903588 [details] [diff] [review]
ensure NativeFontResourceDWrite is thread-safe

Review of attachment 8903588 [details] [diff] [review]:
-----------------------------------------------------------------

Okay I guess, make sure this doesn't hurt performance.
Attachment #8903588 - Flags: review?(bas) → review+
Pushed by lsalzman@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/19a399059c8b
ensure NativeFontResourceDWrite is thread-safe. r=bas
https://hg.mozilla.org/mozilla-central/rev/19a399059c8b
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
You need to log in before you can comment on or make changes to this bug.