Closed
Bug 1434994
Opened 6 years ago
Closed 6 years ago
Crash in @0x0 | std::sys_common::backtrace::__rust_begin_short_backtrace<T>
Categories
(Firefox for Android Graveyard :: General, defect, P1)
Tracking
(firefox-esr52 unaffected, firefox58 unaffected, firefox59 unaffected, firefox60+ fixed)
RESOLVED
FIXED
Firefox 60
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox58 | --- | unaffected |
firefox59 | --- | unaffected |
firefox60 | + | fixed |
People
(Reporter: marcia, Assigned: bholley)
References
Details
(Keywords: crash, regression, topcrash)
Crash Data
Attachments
(1 file)
1.60 KB,
patch
|
emilio
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-786f1550-91a3-4ce7-a69e-649600180201. ============================================================= Seen while looking at Android crash stats: http://bit.ly/2nxgHok. Crash spiked using 20180201100053. Possible regression range: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=5454ed95c82a956009db2f4b04d008ec8753e61e&tochange=17ade9f88b6ed2232be51bc02c6860562c3d31dc Maybe https://hg.mozilla.org/mozilla-central/annotate/c3ab38db798e/third_party/rust/rayon-core/src/scope/mod.rs#l2? 209 crashes/115 installations Top 10 frames of crashing thread: 0 @0x0 1 libxul.so std::sys_common::backtrace::__rust_begin_short_backtrace<closure, > third_party/rust/rayon-core/src/registry.rs:559 2 dalvik-main space (region space) (deleted) dalvik-main space @0x3e62ac99 3 NotoSansCJK-Regular.ttc NotoSansCJK-Regular.ttc@0x727117 4 libxul.so std::sys_common::thread::min_stack src/libcore/num/mod.rs:3307 5 browser.db (deleted) browser.db @0x14eb2a 6 libxul.so mozilla::gfx::FilterNodeLightingSoftware<mozilla::gfx::::DiffuseLightingSoftware>::Render mfbt/PodOperations.h:45 7 dalvik-main space (region space) (deleted) dalvik-main space @0x3c616c8c 8 libxul.so std::sys::imp::thread::{{impl}}::new src/libstd/sys/unix/thread.rs 9 libxul.so alloc::boxed::{{impl}}::call_box<, closure> src/libstd/thread/mod.rs:406 =============================================================
Reporter | ||
Comment 2•6 years ago
|
||
:jchen could this have something to do with bug 1428182?
Flags: needinfo?(nchen)
Reporter | ||
Comment 3•6 years ago
|
||
I was able to repro this on my Pixel using the latest nightly - my stack was @0x0 | rayon_core::registry::in_worker<T> STR: 1. Load a page and scroll up or open a link a new tab. Doesn't happen 100% so I will try to get some better steps.
Crash Signature: [@ @0x0 | std::sys_common::backtrace::__rust_begin_short_backtrace<T>] → [@ @0x0 | std::sys_common::backtrace::__rust_begin_short_backtrace<T>]
[@ @0x0 | rayon_core::registry::in_worker<T>]
Reporter | ||
Updated•6 years ago
|
Crash Signature: [@ @0x0 | std::sys_common::backtrace::__rust_begin_short_backtrace<T>]
[@ @0x0 | rayon_core::registry::in_worker<T>] → [@ @0x0 | std::sys_common::backtrace::__rust_begin_short_backtrace<T>]
[@ @0x0 | rayon_core::registry::in_worker<T>]
[@ rayon_core::registry::in_worker<T>]
Comment 4•6 years ago
|
||
(In reply to Marcia Knous [:marcia - use ni] from comment #2) > :jchen could this have something to do with bug 1428182? I would be surprised. That bug should only involve compile-time changes.
Flags: needinfo?(nchen)
Reporter | ||
Updated•6 years ago
|
Crash Signature: [@ @0x0 | std::sys_common::backtrace::__rust_begin_short_backtrace<T>]
[@ @0x0 | rayon_core::registry::in_worker<T>]
[@ rayon_core::registry::in_worker<T>] → [@ @0x0 | std::sys_common::backtrace::__rust_begin_short_backtrace<T>]
[@ mozalloc_abort | abort | std::sys_common::backtrace::__rust_begin_short_backtrace<T>]
[@ @0x0 | rayon_core::registry::in_worker<T>]
[@ rayon_core::registry::in_worker<T>]
[@ coc…
Reporter | ||
Comment 5•6 years ago
|
||
:baku, could 1432963 have anything to do with this spike?
Reporter | ||
Comment 6•6 years ago
|
||
(In reply to Marcia Knous [:marcia - use ni] from comment #5) > :baku, could 1432963 have anything to do with this spike? Sorry Bug 1432963
Updated•6 years ago
|
Product: Core → Firefox for Android
Comment 7•6 years ago
|
||
(In reply to Marcia Knous [:marcia - use ni] from comment #6) > (In reply to Marcia Knous [:marcia - use ni] from comment #5) > > :baku, could 1432963 have anything to do with this spike? > > Sorry Bug 1432963 Probably not. Niko, Ralph, a rustc update landed in central recently, right? Does this crash inside rayon / coco (arm-only it seems) ring a bell? It's late for me now, but I can try to figure out tomorrow with the repro steps of comment 3.
Flags: needinfo?(nmatsakis)
Flags: needinfo?(giles)
Updated•6 years ago
|
Crash Signature: coco::deque::{{impl}}::steal<T>] → coco::deque::{{impl}}::steal<T>]
[@ @0x0 | std::sys::imp::thread::{{impl}}::new]
Reporter | ||
Comment 8•6 years ago
|
||
(In reply to Marcia Knous [:marcia - use ni] from comment #3) > I was able to repro this on my Pixel using the latest nightly - my stack was > @0x0 | rayon_core::registry::in_worker<T> > > STR: > 1. Load a page and scroll up or open a link a new tab. Doesn't happen 100% > so I will try to get some better steps. Yesterday with my Pixel I was loading stories from nfl.com/news and opening them. Usually after I scrolled I would crash, and then subsequent restarts would cause that page to keep on crashing.
Assignee | ||
Comment 11•6 years ago
|
||
It looks like bug 1418161 is in the regression range. That bug does relaxed atomic operations during the rayon traversal, and relaxed atomic ops behave differently on ARM than x86. Thinking about this again, we totally need acquire/release here. Sorry for missing that. :-( I'll write a patch.
Assignee: nobody → bobbyholley
Flags: needinfo?(giles)
Flags: needinfo?(emilio)
Reporter | ||
Updated•6 years ago
|
Assignee: bobbyholley → nobody
Crash Signature: coco::deque::{{impl}}::steal<T>]
[@ @0x0 | std::sys::imp::thread::{{impl}}::new] → coco::deque::{{impl}}::steal<T>]
[@ @0x0 | std::sys::imp::thread::{{impl}}::new]
[@ @0x0 | libGLESv2_adreno.so@0x887e]
[@ @0x0 | libhidltransport.so@0x187e]
[@ @0x0 | libjavacrypto.so@0x87e]
[@ @0x0 | libc++.so@0x187e]
Updated•6 years ago
|
Assignee: nobody → bobbyholley
Updated•6 years ago
|
Priority: -- → P1
Assignee | ||
Comment 12•6 years ago
|
||
MozReview-Commit-ID: 3gtoLRf8TNl
Attachment #8947935 -
Flags: review?(emilio)
Comment 13•6 years ago
|
||
Comment on attachment 8947935 [details] [diff] [review] Use ReleaseAcquire for the cached serialization atomic. v1 Review of attachment 8947935 [details] [diff] [review]: ----------------------------------------------------------------- r=me, though the stacks don't point particularly here. Sorry for overlooking it :(.
Attachment #8947935 -
Flags: review?(emilio) → review+
Comment 14•6 years ago
|
||
Pushed by bholley@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/358a2df0b630 Use ReleaseAcquire for the cached serialization atomic. r=emilio
Reporter | ||
Updated•6 years ago
|
Crash Signature: coco::deque::{{impl}}::steal<T>]
[@ @0x0 | std::sys::imp::thread::{{impl}}::new]
[@ @0x0 | libGLESv2_adreno.so@0x887e]
[@ @0x0 | libhidltransport.so@0x187e]
[@ @0x0 | libjavacrypto.so@0x87e]
[@ @0x0 | libc++.so@0x187e] → coco::deque::{{impl}}::steal<T>]
[@ @0x0 | std::sys::imp::thread::{{impl}}::new]
[@ @0x0 | libGLESv2_adreno.so@0x887e]
[@ @0x0 | libjavacrypto.so@0x87e]
[@ @0x0 | libc++.so@0x187e]
[@ @0x0 | libart-compiler.so@0xd87e]
[@ @0x0 | libGLESv2_adreno.so@…
Comment 15•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/358a2df0b630
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 60
Updated•6 years ago
|
status-firefox58:
--- → unaffected
status-firefox59:
--- → unaffected
status-firefox-esr52:
--- → unaffected
Updated•3 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•