Closed Bug 1628583 Opened 4 years ago Closed 4 years ago

Crash in [@ wl_proxy_marshal | moz_container_get_wl_surface]

Categories

(Core :: Widget: Gtk, defect)

Product:
Core
Component:
Widget: Gtk
Platform:
Unspecified
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla77
Tracking Flags:
Tracking Status
firefox-esr68 --- unaffected
firefox75 --- wontfix
firefox76 --- wontfix
firefox77 --- fixed

People

(Reporter: gsvelto, Assigned: stransky)

References

(Blocks 1 open bug)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file, 2 obsolete files)

Bug 1628583 [Wayland] Use mutex to access mozcontainer wayland internals, r?jhorak
47 bytes, text/x-phabricator-request
Details | Review

This bug is for crash report bp-58c206c3-256c-48c7-9869-385a20200407.

Top 10 frames of crashing thread:

0 libwayland-client.so.0 wl_proxy_marshal 
1 libxul.so moz_container_get_wl_surface widget/gtk/mozcontainer.cpp:656
2 libxul.so moz_container_get_wl_egl_window widget/gtk/mozcontainer.cpp:684
3 libxul.so mozilla::gl::GLContextEGL::CreateEGLSurfaceForCompositorWidget gfx/gl/GLContextProviderEGL.cpp:324
4 libxul.so mozilla::wr::RenderCompositorEGL::CreateEGLSurface gfx/webrender_bindings/RenderCompositorEGL.cpp:49
5 libxul.so mozilla::wr::RenderCompositorEGL::Resume gfx/webrender_bindings/RenderCompositorEGL.cpp:132
6 libxul.so mozilla::wr::WebRenderAPI::Resume gfx/webrender_bindings/WebRenderAPI.cpp:587
7 libxul.so mozilla::wr::RenderThread::RunEvent gfx/webrender_bindings/RenderThread.cpp:413
8 libxul.so mozilla::detail::RunnableMethodImpl<mozilla::wr::RenderThread*, void  xpcom/threads/nsThreadUtils.h:1210
9 libxul.so base::MessagePumpDefault::Run ipc/chromium/src/base/message_pump_default.cc:35

Wayland-specifc crash happening on multiple distros. This is a NULL pointer access originating from here.

Should be this one - Bug 1624745.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE

Ahh I see, this one is for GL backend. Okay, Thanks a lot!

Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Assignee: nobody → stransky
Blocks: wr-linux-wayland
Status: REOPENED → NEW

Yeah, the top frames are the same but the stack is different.

I see. When GL backend is used, both Renderer and Compositor threads access to mozcontainer wayland routines so we need some synchronization here.

Note that because the symbols aren't great there's a few more signatures on crash-stats if you search for moz_container_get_wl_surface. I'm not sure if they're related or not. Either way we should have better symbols soon and the <name omitted> entries should largely go away from the stack traces.

Mozcontainer is accessed from various threads - Main/Compositor/Renderer - which causes races
when wayland surfaces are created/deleted/updated so we need to control it.

Crash Signature: [@ wl_proxy_marshal | moz_container_get_wl_surface] → [@ wl_proxy_marshal | moz_container_get_wl_surface] [@ <name omitted> | <name omitted> | moz_container_request_parent_frame_callback] [@ <name omitted> | moz_container_request_parent_frame_callback] [@ __pthread_mutex_lock | wl_proxy_create | moz_containe…
Pushed by ccoroiu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/779722364805
[Wayland] Use mutex to access mozcontainer wayland internals, r=jhorak

https://hg.mozilla.org/mozilla-central/rev/779722364805

Status: NEW → RESOLVED
Closed: 4 years ago4 years ago
status-firefox77: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla77

Backed out changeset 779722364805 (Bug 1628583) per request a=backout in https://bugzilla.mozilla.org/show_bug.cgi?id=1632481#c9

https://hg.mozilla.org/mozilla-central/rev/03626342f6e659ac6699a21e30423e2267c1971f

Status: RESOLVED → REOPENED
Crash Signature: [@ wl_proxy_marshal | moz_container_get_wl_surface] [@ <name omitted> | <name omitted> | moz_container_request_parent_frame_callback] [@ <name omitted> | moz_container_request_parent_frame_callback] [@ __pthread_mutex_lock | wl_proxy_create | moz_containe… → [@ wl_proxy_marshal | moz_container_get_wl_surface] [@ <name omitted> | <name omitted> | moz_container_request_parent_frame_callback] [@ <name omitted> | moz_container_request_parent_frame_callback] [@ __pthread_mutex_lock | wl_proxy_create | moz_conta…
status-firefox77: fixed → ---
Resolution: FIXED → ---
Target Milestone: mozilla77 → ---
Attachment #9142782 - Attachment is obsolete: true

Updated, Thanks. We need to split mozcontained wayland implementation to a different class to make sure we don't mix X11/Wayland calls.

This failed to land due to:
"2 out of 2 hunks ignored -- saving rejects to file widget/gtk/mozcontainer.h.rej
16 out of 16 hunks ignored -- saving rejects to file widget/gtk/mozcontainer.cpp.rej
abort: patch command failed: exited with status 256"

:stransky can you please take a look?

Flags: needinfo?(stransky)

Sure, thanks.

Flags: needinfo?(stransky)

Updated, Thanks.

Pushed by dluca@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f13f2ff2e18c
[Wayland] Use mutex to access mozcontainer wayland internals, r=jhorak

https://hg.mozilla.org/mozilla-central/rev/f13f2ff2e18c

Status: REOPENED → RESOLVED
Closed: 4 years ago4 years ago
status-firefox77: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla77
Crash Signature: moz_container_request_parent_frame_callback] [@ __pthread_mutex_lock_full | wl_proxy_create | moz_container_request_parent_frame_callback] [@ wl_proxy_marshal_constructor | moz_container_request_parent_frame_callback] → moz_container_request_parent_frame_callback] [@ __pthread_mutex_lock_full | wl_proxy_create | moz_container_request_parent_frame_callback] [@ wl_proxy_marshal_constructor | moz_container_request_parent_frame_callback] [@ libpthread.so.0@0xa404]
Attachment #9143552 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: