Closed Bug 1521183 Opened 5 years ago Closed 5 years ago

Crash in VRSystemManagerExternal::PullState when VR process is killed.

Categories

(Core :: WebVR, defect)

Product:
Core
Component:
WebVR
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla68
Tracking Flags:
Tracking Status
firefox68 --- fixed

People

(Reporter: daoshengmu, Assigned: daoshengmu)

References

Details

Attachments

(1 file)

Bug 1521183 - Avoid access VR shmem when VR process is crashed accidentally.
47 bytes, text/x-phabricator-request
Details | Review

Reproduce steps:

  1. Open FF and visit https://webvr.info/samples/04-simple-mirroring.html
  2. Wear on a VR headset and click enter to enter the immersive mode.
  3. Kill VR process in Process Explorer.

Then, it will break at VRSystemManagerExternal::PullState in GPU process. The reason I think it is race condition with "VR_SubmitFrame" thread. Even though the VR process has been shutdown, the VR_SubmitFrame is still working on its task. We should use CancelableRunnable task as https://dxr.mozilla.org/mozilla-central/rev/c2593a3058afdfeaac5c990e18794ee8257afe99/gfx/layers/ipc/CompositorVsyncScheduler.cpp#125. When VR process is killed, we need to cancel the current CancelableRunnable task.

Blocks: 1476092
See Also: → 1521930
Assignee: nobody → kgilbert

The reason of this crash is because VRDisplay is set to nullptr and release its shmem, but mSubmitThread is still running. then we invalidate access the shmem.

We were accessing VRSystemManagerExternal in VRDisplayExternal, that makes us difficult to manage the program flow especially when VRSystemManagerExternal::Shutdown(). Once calling VRSystemManagerExternal::Shutdown(), We will destroy VRDisplayExternal and close Shmem, but they are still possible to be accessed by other threads if they still hold the VRDisplayExternal's refPtr.

[1] https://dxr.mozilla.org/mozilla-central/rev/7f816aa10a2053973c4e6977c5d6f6bf15f38820/gfx/vr/gfxVRExternal.cpp#420
[2] https://dxr.mozilla.org/mozilla-central/rev/7f816aa10a2053973c4e6977c5d6f6bf15f38820/gfx/vr/gfxVRExternal.cpp#406

Pushed by apavel@mozilla.com:
https://hg.mozilla.org/mozilla-central/rev/56c9aef4b07f
Avoid access VR shmem when VR process is crashed accidentally. r=kip

https://hg.mozilla.org/mozilla-central/rev/56c9aef4b07f

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox68: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
Flags: qe-verify+
Flags: needinfo?(cristian.comorasu)
QA Contact: cristian.comorasu

Due to hardware issues we could not verify this bug.

Flags: needinfo?(cristian.comorasu)
Assignee: kgilbert → dmu
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: