Closed
Bug 1403539
Opened 7 years ago
Closed 7 years ago
Crash in mozilla::wr::ShmSegmentsWriter::AllocChunk
Categories
(Core :: Graphics: WebRender, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla58
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox56 | --- | unaffected |
firefox57 | --- | unaffected |
firefox58 | --- | fixed |
People
(Reporter: marcia, Assigned: vliu)
References
(Blocks 1 open bug)
Details
(Keywords: crash, regression, Whiteboard: [wr-mvp])
Crash Data
Attachments
(1 file, 1 obsolete file)
9.50 KB,
patch
|
nical
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is
report bp-648e41d0-e56e-4550-825d-f891a0170927.
=============================================================
Seen while looking at nightly data: http://bit.ly/2fPA88L. Crashes started using 20170926100259. It appears based on the comments it may be confined to one user.
Comment says: I only use Firefox Nightly 58 64 bit. And this is the first time I crashed on this website tonight.
URLs:
https://www.youtube.com/watch?v=pGGBYlIYYu0
https://www.youtube.com/watch?v=bAivUvpjKLQ
Updated•7 years ago
|
Blocks: stage-wr-trains
status-firefox57:
--- → unaffected
Updated•7 years ago
|
Priority: -- → P2
Whiteboard: [wr-mvp]
Assignee | ||
Comment 1•7 years ago
|
||
From the analysis of crash report , all of them were hit MOZ_CRASH() in [1] from the fail return of AllocShmem(mChunkSize, shmType, &shm). Actually there is no enough information to tell the fail reason for this allocation fail. Might be OOM because there were two crash report indicate false Code: 0x8007000e(E_OUTOFMEMORY). All happens on Windows 10 and most were crashed in Parent process.
[1]: https://searchfox.org/mozilla-central/rev/f54c1723befe6bcc7229f005217d5c681128fcad/gfx/layers/wr/IpcResourceUpdateQueue.cpp#85
Assignee | ||
Comment 2•7 years ago
|
||
The latest build (20171002100134) still have the crash report of this signature. It seems that 0x8007000e(E_OUTOFMEMORY) only happens in part of signature on 20170926220106 build so it might not be an OOM case. Based on this, I will try to figure out how to fix this.
Assignee: nobody → vliu
Updated•7 years ago
|
Status: NEW → ASSIGNED
Priority: P2 → P1
Assignee | ||
Comment 3•7 years ago
|
||
Hi nical,
Here I drafted a patch to skip XXXImage to append once share memory allocated fails in Write(). Could you please have a review to see if it is reasonable for this skipping? Thanks.
Attachment #8915427 -
Flags: review?(nical.bugzilla)
Comment 4•7 years ago
|
||
Comment on attachment 8915427 [details] [diff] [review]
0001-Bug-1403539-Skip-AppendElement-for-XXXImage-if-faile.patch
Review of attachment 8915427 [details] [diff] [review]:
-----------------------------------------------------------------
If adding an image is fallible we have to properly support failure in the calling code. Otherwise we will refer to an image that does not exist in the display list, and update/delete images that don't exist. These memory management bugs are a lot harder to debug than this assertion so I much prefer crashing the content process here than moving the bug into the parent process.
This patch is good but we can't (or at least I would prefer we don't) do this without propagating the error up to the display list construction and not generate display items, etc.
Attachment #8915427 -
Flags: review?(nical.bugzilla) → review-
Assignee | ||
Comment 5•7 years ago
|
||
Hi nical,
As talked on IRC, the attached patch was proposed to skip to PushImage in WebRenderCommandsBuilder if AddXXXImage fails to return. In current design, it seems that only AddBlobImage was actually called from GenerateFallbackData(). Could you please have a review to see if it is fine for error handling? Thanks.
Attachment #8915427 -
Attachment is obsolete: true
Attachment #8915909 -
Flags: review?(nical.bugzilla)
Updated•7 years ago
|
Attachment #8915909 -
Flags: review?(nical.bugzilla) → review+
Assignee | ||
Comment 6•7 years ago
|
||
Pushed by vliu@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/b3dddc032e3d
Skip to PushImage in WebRenderCommandsBuilder if AddXXXImage fails to return. r=nical
Comment 8•7 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
Updated•7 years ago
|
status-firefox56:
--- → unaffected
status-firefox-esr52:
--- → unaffected
You need to log in
before you can comment on or make changes to this bug.
Description
•