Closed
Bug 1430550
Opened 6 years ago
Closed 6 years ago
Crash in mozilla::detail::MutexImpl::~MutexImpl | mozilla::gfx::SourceSurfaceSkia::~SourceSurfaceSkia
Categories
(Core :: Graphics: Layers, defect, P3)
Tracking
()
RESOLVED
FIXED
mozilla60
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox58 | --- | wontfix |
firefox59 | --- | fixed |
firefox60 | --- | fixed |
People
(Reporter: cyu, Assigned: jnicol)
References
Details
(Keywords: crash, Whiteboard: [gfx-noted])
Crash Data
Attachments
(1 file)
59 bytes,
text/x-review-board-request
|
bas.schouten
:
review+
lizzard
:
approval-mozilla-beta+
|
Details |
This bug was filed from the Socorro interface and is report bp-c2627541-6fee-4de9-a5a9-8730e0180114. ============================================================= Top 10 frames of crashing thread: 0 libmozglue.so mozilla::detail::MutexImpl::~MutexImpl mozglue/misc/Mutex_posix.cpp:67 1 libxul.so mozilla::gfx::SourceSurfaceSkia::~SourceSurfaceSkia xpcom/threads/Mutex.h:59 2 libxul.so mozilla::gfx::SourceSurfaceSkia::~SourceSurfaceSkia gfx/2d/SourceSurfaceSkia.cpp:28 3 libxul.so mozilla::detail::RefCounted<mozilla::gfx::DrawTarget, mozilla::detail::RefCountAtomicity::AtomicRefCount>::Release 4 libxul.so RefPtr<mozilla::gfx::DataSourceSurface>::~RefPtr 5 libxul.so mozilla::gfx::DrawTargetSkia::~DrawTargetSkia gfx/2d/DrawTargetSkia.cpp:311 6 libxul.so mozilla::gfx::DrawTargetSkia::~DrawTargetSkia gfx/2d/DrawTargetSkia.cpp:293 7 libxul.so mozilla::detail::RefCounted<mozilla::gfx::DrawTarget, mozilla::detail::RefCountAtomicity::AtomicRefCount>::Release 8 libxul.so RefPtr<mozilla::gfx::DataSourceSurface>::assign_assuming_AddRef mfbt/RefPtr.h:41 9 libxul.so mozilla::layers::PersistentBufferProviderBasic::Destroy mfbt/RefPtr.h:168 ============================================================= 4 crashes out of 2 installations on Android nightly build 20180112100100. MOZ_Crash() in failure in pthread_mutex_destroy().
Comment 2•6 years ago
|
||
This appears to be fallout from recent changes Bas did to add mutexing to SourceSurfaceSkia for OMTP. That is to say, that code never had mutexes before, but now it does. We are not currently using OMTP on Android, so technically these mutexes are not necessary there. But Bas recommended we track this down in case we ever do want to enable OMTP on Android rather than merely ifdefing out the mutexing on Android. The crash is happening down in the posix MutexImpl code, because the pthread_mutex_destroy(&platformData()->ptMutex) call is failing. Note that &platformData()->ptMutex is essentially inline data in the Mutex, which is itself inline data in the SourceSurfaceSkia. So we'd expect that address to be valid if the SourceSurfaceSkia address was valid, and the converse, it would be invalid if the SourceSurfaceSkia address was invalid. So the question is whether it is failing because the SourceSurfaceSkia is bogus, or because of some unfortunate underlying library issue with pthreads on the particular Android installs in these reports? Jamie, can you look into this?
Flags: needinfo?(lsalzman) → needinfo?(jnicol)
Priority: -- → P3
Whiteboard: [gfx-noted]
Assignee | ||
Comment 3•6 years ago
|
||
Also possible is that it is failing because the mutex is still locked.
Assignee: nobody → jnicol
Flags: needinfo?(jnicol)
Assignee | ||
Comment 4•6 years ago
|
||
All the reports have the following errors:
> [0][GFX1]: Failed making Skia raster image for GPU surface (t=4.30355)
> [1][GFX1]: Failed accessing pixels for Skia raster image (t=4.30368)
meaning SourceSurfaceSkia::GetData() is failing. I see that SourceSurfaceSkia::Map doesn't unlock the mutex if GetData fails. I don't know the calling code so don't know whether this is intended, but it looks pretty suspicious to me.
Comment hidden (mozreview-request) |
Comment 6•6 years ago
|
||
mozreview-review |
Comment on attachment 8943670 [details] Bug 1430550 - Don't keep mutex locked if SourceSurfaceSkia::Map fails. https://reviewboard.mozilla.org/r/214058/#review219782 Shouldn't we check if mIsMapped before Unlocking() in Unmap() to avoid calling Unlock() twice and potentially erroring?
Comment 7•6 years ago
|
||
mozreview-review-reply |
Comment on attachment 8943670 [details] Bug 1430550 - Don't keep mutex locked if SourceSurfaceSkia::Map fails. https://reviewboard.mozilla.org/r/214058/#review219782 Hmm, I guess the calling code is not supposed to call Unmap() if Map() returns false, so arguably Unmap() should be safe as is.
Assignee | ||
Comment 8•6 years ago
|
||
mozreview-review-reply |
Comment on attachment 8943670 [details] Bug 1430550 - Don't keep mutex locked if SourceSurfaceSkia::Map fails. https://reviewboard.mozilla.org/r/214058/#review219782 Yeah, the calling code should never call Unmap if Map failed. We assert in debug builds that it doesn't.
Comment 9•6 years ago
|
||
mozreview-review |
Comment on attachment 8943670 [details] Bug 1430550 - Don't keep mutex locked if SourceSurfaceSkia::Map fails. https://reviewboard.mozilla.org/r/214058/#review220002
Attachment #8943670 -
Flags: review?(bas) → review+
Comment 10•6 years ago
|
||
Pushed by jnicol@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/47f0db7bf34d Don't keep mutex locked if SourceSurfaceSkia::Map fails. r=bas
Comment 11•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/47f0db7bf34d
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox60:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
Comment 12•6 years ago
|
||
Remember to uplift this to 59, since the SourceSurfaceSkia regression ultimately started then.
Assignee | ||
Comment 13•6 years ago
|
||
Comment on attachment 8943670 [details] Bug 1430550 - Don't keep mutex locked if SourceSurfaceSkia::Map fails. Thanks Lee. Approval Request Comment [Feature/Bug causing the regression]: Off main thread painting [User impact if declined]: Crashes on Android [Is this code covered by automated tests?]: No [Has the fix been verified in Nightly?]: Yes [Needs manual test from QE? If yes, steps to reproduce]: No [List of other uplifts needed for the feature/fix]: None [Is the change risky?]: No [Why is the change risky/not risky?]: Simple change, unlocks a mutex on failure path [String changes made/needed]: None
Attachment #8943670 -
Flags: approval-mozilla-beta?
Comment 14•6 years ago
|
||
Comment on attachment 8943670 [details] Bug 1430550 - Don't keep mutex locked if SourceSurfaceSkia::Map fails. Should help avoid a crash for fennec users. Let's take this for the 59 beta 4 build.
Attachment #8943670 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Updated•6 years ago
|
status-firefox58:
--- → wontfix
status-firefox-esr52:
--- → unaffected
Comment 15•6 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-beta/rev/9a6efeac534b
You need to log in
before you can comment on or make changes to this bug.
Description
•