Closed Bug 1405518 Opened 7 years ago Closed 7 years ago

Crash in mozilla::layers::ClientLayerManager::ForwardTransaction

Categories

(Core :: Graphics: Layers, defect)

Unspecified
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla58
Tracking Status
firefox-esr52 --- unaffected
firefox56 --- unaffected
firefox57 --- unaffected
firefox58 --- fixed

People

(Reporter: n.nethercote, Assigned: bas.schouten)

References

Details

(Keywords: crash, Whiteboard: [gfx-noted])

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is report bp-53ac2d4e-cff2-4a97-8128-fe2290171003. ============================================================= Moderately frequent bug: 37 occurrences of this in the past 7 days, but 54% of those are in Nightly 58; given Nightly's small userbase this means that it's *much* more common in Nightly, as if something changed recently. The crashing addresses are all over the place: 0x18131655, 0xd, 0xffffffffffffffff. Looks like the recent spike started in Nightly 20170929220356, which gives this regression window: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=946b9c995ec331f4f96360409fd8d2fc49e46838&tochange=57f68296c350469d73d788eb3695a898947b4acb That window includes the first enabling of OMTP (bug 1403935), so that could be a factor. Bas, any ideas?
Flags: needinfo?(bas)
It seems unlikely given the stack, but it's certainly hard to ignore given the data.. is there a drop after the 30th and a rise again after the 3rd?
Flags: needinfo?(bas)
Paint thread doesn't seem to be doing anything at the time of the crash.
Whiteboard: [gfx-noted]
(In reply to Bas Schouten (:bas.schouten) from comment #1) > It seems unlikely given the stack, but it's certainly hard to ignore given > the data.. is there a drop after the 30th and a rise again after the 3rd? Here is a search for this signature in FF58, faceted by build id: https://crash-stats.mozilla.com/search/?signature=~mozilla%3A%3Alayers%3A%3AClientLayerManager%3A%3AForwardTransaction&version=58.0a1&date=%3E%3D2017-09-27T23%3A45%3A00.000Z&date=%3C2017-10-04T23%3A45%3A00.000Z&_sort=-date&_facets=signature&_facets=build_id&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#facet-build_id The answer is: not really. No crashes on the 1st, but crashes on the 29th, 30th, and 2nd.
(In reply to Nicholas Nethercote [:njn] from comment #3) > (In reply to Bas Schouten (:bas.schouten) from comment #1) > > It seems unlikely given the stack, but it's certainly hard to ignore given > > the data.. is there a drop after the 30th and a rise again after the 3rd? > > Here is a search for this signature in FF58, faceted by build id: > https://crash-stats.mozilla.com/search/ > ?signature=~mozilla%3A%3Alayers%3A%3AClientLayerManager%3A%3AForwardTransacti > on&version=58.0a1&date=%3E%3D2017-09-27T23%3A45%3A00.000Z&date=%3C2017-10- > 04T23%3A45%3A00.000Z&_sort=- > date&_facets=signature&_facets=build_id&_columns=date&_columns=signature&_col > umns=product&_columns=version&_columns=build_id&_columns=platform#facet- > build_id > > The answer is: not really. No crashes on the 1st, but crashes on the 29th, > 30th, and 2nd. OMTP made it back in the night of the 2nd, so it may very well have made it into that build. So I'm going to bet this is a refcounting race. I have an idea.
Yup, I'm practically certain I know the cause.
Assignee: nobody → bas
Status: NEW → ASSIGNED
Comment on attachment 8915551 [details] Bug 1405518: Make SyncObjectClient atomically refcounted as it may be accessed both on the paint and the main thread. https://reviewboard.mozilla.org/r/186758/#review191878
Attachment #8915551 - Flags: review?(dvander) → review+
Pushed by bschouten@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/fb3f3e05a357 Make SyncObjectClient atomically refcounted as it may be accessed both on the paint and the main thread. r=dvander
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: