Closed Bug 1799722 Opened 2 years ago Closed 1 year ago

Crash in [@ libc.so@0x15084 | libGLES_mali.so@0x42532]

Categories

(Core :: Graphics, defect, P2)

Product:
Core
Component:
Graphics
Platform:
ARM
Android
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
108 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- unaffected
firefox107 --- fixed
firefox108 --- fixed

People

(Reporter: amejia, Assigned: jnicol)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1799722 - Null-terminate shader strings on old Mali devices. r?#gfx-reviewers
48 bytes, text/x-phabricator-request
dmeehan
: approval-mozilla-release+
Details | Review

Crash report: https://crash-stats.mozilla.org/report/index/dcf8f4cc-3fc7-42b7-87e4-749f70221108

Reason: SIGSEGV / SEGV_ACCERR

Top 10 frames of crashing thread:

0  libc.so  libc.so@0x15084  
1  libGLES_mali.so  libGLES_mali.so@0x42532  
2  libmozglue.so  Mutex::Unlock  memory/build/Mutex.h:133
2  libmozglue.so  AutoLock<Mutex>::~AutoLock  memory/build/Mutex.h:186
2  libmozglue.so  arena_t::MallocSmall  memory/build/mozjemalloc.cpp:3125
2  libmozglue.so  arena_t::Malloc  memory/build/mozjemalloc.cpp:3163
3  libGLES_mali.so  libGLES_mali.so@0x2b23ce  
4  libGLES_mali.so  libGLES_mali.so@0xa159e  
5  libmozglue.so  BaseAllocator::malloc  memory/build/mozjemalloc.cpp:4314
6  libGLESv2.so  libGLESv2.so@0x7526

Graphics driver crash on Samsung devices running Android 5.1. Galaxy J1, Galaxy J2, and Galaxy Tab E 8.0.

Component: Core → Graphics
Product: GeckoView → Core
Hardware: Unspecified → ARM
Version: unspecified → Trunk

Fairly low crash volume post-Fx106. Jamie, could you please have a look at this?

Severity: -- → S3
Flags: needinfo?(jnicol)
Priority: -- → P2

The backtrace seems corrupted in the linked crash report, but every other report I look at the signature looks correct. We're crashing in glShaderSource().

Note if you super search for libGLES_mali.so there are a number of signatures matching this libc@XXX | libGLES_mali.so@XXX pattern. And each of them are also crashing from glShaderSource. So the overall crash numbers are actually rather high.

Affected devices appear to be Mali-T628, Mali-T720, and Mali-T760.

It's hard to say what's going on here, though. The GraphicsCompileShader annotation seems to be a random selection of shaders, so it's not like the driver does not like a specific shader. Nor is it obviously crashing when attempting to compile the first shader, eg 100% reproducible.

As a complete shot in the dark, I'm going to see if null-terminating our shader strings we pass to the driver helps. Failing that I'm not really sure what else we can do without further information. Thankfully the GPU process means these users won't be inconvenienced too badly.

Flags: needinfo?(jnicol)
Crash Signature: [@ libc.so@0x15084 | libGLES_mali.so@0x42532] → [@ libc.so@0x15084 | libGLES_mali.so@0x42532] [@ libc.so@0x15080 | libGLES_mali.so@0x27a0a1] [@ libc.so@0x15084 | libGLES_mali.so@0x26cf42] [@ libc.so@0x13f10 | libGLES_mali.so@0x27a0a1] [@ libc.so@0x190e4 | libGLES_mali.so@0x29ccda] [@ libc.so@0x190…

We are seeing a number of crashes in glShaderSource on old Mali
devices (T628, T720, and T760). It's difficult to see what the problem
is without more information, but as a shot in the dark this patch
ensures we null- terminate the source strings before passing them to
the driver.

Assignee: nobody → jnicol
Status: NEW → ASSIGNED
Pushed by jnicol@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/69c71771caba
Null-terminate shader strings on old Mali devices. r=gfx-reviewers,jrmuizel

https://hg.mozilla.org/mozilla-central/rev/69c71771caba

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox108: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 108 Branch

Given the crash volume, this could be a good 107 dot release ride-along candidate if the patch continue to look good on Beta & Nightly.

status-firefox107: --- → affected
status-firefox-esr102: --- → unaffected

Might still be a wee bit too early to conclusively say it's fixed, but it's looking promising, and should be risk free. So I'll request uplift.

Comment on attachment 9303056 [details]
Bug 1799722 - Null-terminate shader strings on old Mali devices. r?#gfx-reviewers

Beta/Release Uplift Approval Request

  • User impact if declined: Frequent GPU process crashes for users on some Mali devices. This will usually result in falling back to SWGL with degraded performance, though occasionally they might also eventually see parent process crashes
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Adds a null terminator to a string passed to a driver. Workaround already in place on the emulator and therefore widely tested on CI
  • String changes made/needed:
  • Is Android affected?: Yes
Attachment #9303056 - Flags: approval-mozilla-release?

Comment on attachment 9303056 [details]
Bug 1799722 - Null-terminate shader strings on old Mali devices. r?#gfx-reviewers

Approved for 107.0.1

Attachment #9303056 - Flags: approval-mozilla-release? → approval-mozilla-release+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: