Closed Bug 1838792 Opened 2 years ago Closed 2 years ago

Crash in [@ mozilla::ThreadSafeWeakPtr<T>::operator=]

Categories

(Core :: Graphics, defect, P1)

Product:
Core
Component:
Graphics
Platform:
Desktop
Windows
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
116 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- wontfix
firefox-esr115 --- fixed
firefox114 --- wontfix
firefox115 --- wontfix
firefox116 --- fixed

People

(Reporter: bobowen, Assigned: bobowen)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1838792: Add TryAddStoredObject to DrawEventRecorderPrivate and use in DrawTargetRecording. r=aosmond!
48 bytes, text/x-phabricator-request
diannaS
: approval-mozilla-esr115+
Details | Review

+++ This bug was initially created as a clone of Bug #1825169 +++

Cloning because this crash is still happening, but the fix from bug 1825169 was a genuine issue, fixed other bugs, had follow-ups and was uplifted, so I think re-opening will cause more confusion.

Crash report: https://crash-stats.mozilla.org/report/index/e79c5095-09c8-482c-a7d5-540dc0230328

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0  xul.dll  RefPtr<mozilla::detail::ThreadSafeWeakReference>::assign_assuming_AddRef  mfbt/RefPtr.h:66
0  xul.dll  RefPtr<mozilla::detail::ThreadSafeWeakReference>::assign_with_AddRef  mfbt/RefPtr.h:62
0  xul.dll  RefPtr<mozilla::detail::ThreadSafeWeakReference>::operator=  mfbt/RefPtr.h:190
0  xul.dll  mozilla::ThreadSafeWeakPtr<mozilla::gfx::SourceSurface>::operator=  mfbt/ThreadSafeWeakPtr.h:218
1  xul.dll  mozilla::gfx::DrawTargetRecording::OptimizeSourceSurface const  gfx/2d/DrawTargetRecording.cpp:565
2  xul.dll  nsLayoutUtils::SurfaceFromElement  layout/base/nsLayoutUtils.cpp:7290
3  xul.dll  nsLayoutUtils::SurfaceFromElement  layout/base/nsLayoutUtils.cpp:7459
4  xul.dll  nsLayoutUtils::SurfaceFromElement  layout/base/nsLayoutUtils.h:2228
4  xul.dll  mozilla::dom::CanvasRenderingContext2D::DrawImage  dom/canvas/CanvasRenderingContext2D.cpp:4837
5  xul.dll  mozilla::dom::CanvasRenderingContext2D::DrawImage  dom/canvas/CanvasRenderingContext2D.h:256

I've spotted another issue, hopefully this is the real one.
We don't process pending deletions in HasStoredObject.

I could just add a call in there, but it will result in multiple calls to ProcessPendingDeletions (which involves locking) in some code paths, so a little bit of a refactor is needed to remove that.

This means we can do a combination of HasStoredObject and AddStoredObject with
only one call to ProcessPendingDeletions, which uses locking.

Pushed by bobowencode@gmail.com: https://hg.mozilla.org/integration/autoland/rev/f0a3370d3d44 Add TryAddStoredObject to DrawEventRecorderPrivate and use in DrawTargetRecording. r=aosmond

https://hg.mozilla.org/mozilla-central/rev/f0a3370d3d44

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox116: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 116 Branch

The patch landed in nightly and beta is affected.
:bobowen, is this bug important enough to require an uplift?

  • If yes, please nominate the patch for beta approval.
  • If no, please set status-firefox115 to wontfix.

For more information, please visit BugBot documentation.

Flags: needinfo?(bobowencode)

(In reply to BugBot [:suhaib / :marco/ :calixte] from comment #6)

The patch landed in nightly and beta is affected.
:bobowen, is this bug important enough to require an uplift?

  • If yes, please nominate the patch for beta approval.
  • If no, please set status-firefox115 to wontfix.

For more information, please visit BugBot documentation.

I think we're too close to release to get it in 115 but maybe it could go in a dot release.
Either way I'll uplift to ESR115 once we've seen the impact.

Flags: needinfo?(bobowencode)

Is this ready for an ESR115 uplift request?

Flags: needinfo?(bobowencode)

(In reply to Ryan VanderMeulen [:RyanVM] from comment #8)

Is this ready for an ESR115 uplift request?

Yes, looks like this has solved the problem.

Flags: needinfo?(bobowencode)

Comment on attachment 9340918 [details]
Bug 1838792: Add TryAddStoredObject to DrawEventRecorderPrivate and use in DrawTargetRecording. r=aosmond!

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: Medium crash rate that was made worse just before start of ESR115.
  • User impact if declined: Users still experience tab crashes with some sites using canvas.
  • Fix Landed on Version: 116
  • Risk to taking this patch: Medium
  • Why is the change risky/not risky? (and alternatives if risky): Not putting low because the changes required some refactoring, so they are fairly simple but not trivial.
Attachment #9340918 - Flags: approval-mozilla-esr115?

Comment on attachment 9340918 [details]
Bug 1838792: Add TryAddStoredObject to DrawEventRecorderPrivate and use in DrawTargetRecording. r=aosmond!

Approved for 115.1esr

Attachment #9340918 - Flags: approval-mozilla-esr115? → approval-mozilla-esr115+

This seems to be spiking like crazy on Release 115.0.2 in the last few days. I guess it's not surprising given the lack of backport there, but just FYI that we probably should keep an eye on this next cycle still to verify that the crash rate looks good once this fix goes out.

Flags: needinfo?(bobowencode)

(In reply to Ryan VanderMeulen [:RyanVM] from comment #13)

This seems to be spiking like crazy on Release 115.0.2 in the last few days. I guess it's not surprising given the lack of backport there, but just FYI that we probably should keep an eye on this next cycle still to verify that the crash rate looks good once this fix goes out.

No crashes for a week, so looks like I finally fixed the problem.

Flags: needinfo?(bobowencode)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: