Closed Bug 868946 Opened 7 years ago Closed 7 years ago

crash in mozilla::gl::GLContext::MakeCurrent ../../dist/include/GLContext.h:185

Categories

(Core :: Graphics: Layers, defect, critical)

ARM
Gonk (Firefox OS)
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla24

People

(Reporter: shawnjohnjr, Assigned: nical)

Details

(Keywords: crash, Whiteboard: [b2g-crash])

Crash Data

Attachments

(1 file)

STR:
1. Connect a Bluetooth headset
2. Make an incoming call, and answer from bluetooth
3. Make another incoming call, hang up the first call from bluetooth via sending CHUP command
4. hang up another incoming call again immediately

Version:
m-c version, gecko commit 61322a468cf3b98bb01bf58843ae47754f747f50

mozilla::gl::GLContext::MakeCurrent (this=0x0, aForce=<value optimized out>) at ../../dist/include/GLContext.h:185
185	        return MakeCurrentImpl(aForce);
(gdb) bt
#0  mozilla::gl::GLContext::MakeCurrent (this=0x0, aForce=<value optimized out>) at ../../dist/include/GLContext.h:185
#1  0x416ae72e in mozilla::layers::GrallocTextureHostOGL::Lock (this=0x48472700)
    at /home/build/workspace1/B2G-2/B2G/gecko/gfx/layers/opengl/TextureHostOGL.cpp:757
#2  0x416a676c in AutoLockTextureHost (this=0x4866b180, aEffectChain=..., aOpacity=1, aTransform=<value optimized out>, aOffset=..., aFilter=@0x46f58414, 
    aClipRect=..., aVisibleRegion=0x46f583c4, aLayerProperties=0x0) at ../../dist/include/mozilla/layers/TextureHost.h:321
#3  mozilla::layers::ContentHostBase::Composite (this=0x4866b180, aEffectChain=..., aOpacity=1, aTransform=<value optimized out>, aOffset=..., aFilter=@0x46f58414, 
    aClipRect=..., aVisibleRegion=0x46f583c4, aLayerProperties=0x0) at /home/build/workspace1/B2G-2/B2G/gecko/gfx/layers/composite/ContentHost.cpp:52
#4  0x4169a5d0 in mozilla::layers::ThebesLayerComposite::RenderLayer (this=0x485b0400, aOffset=<value optimized out>, aClipRect=<value optimized out>)
    at /home/build/workspace1/B2G-2/B2G/gecko/gfx/layers/composite/ThebesLayerComposite.cpp:134
#5  0x41698e5c in ContainerRender<mozilla::layers::ContainerLayerComposite> (this=0x485b0000, aOffset=..., aClipRect=...)
    at /home/build/workspace1/B2G-2/B2G/gecko/gfx/layers/composite/ContainerLayerComposite.cpp:122
#6  mozilla::layers::ContainerLayerComposite::RenderLayer (this=0x485b0000, aOffset=..., aClipRect=...)
    at /home/build/workspace1/B2G-2/B2G/gecko/gfx/layers/composite/ContainerLayerComposite.cpp:319
#7  0x41698e5c in ContainerRender<mozilla::layers::ContainerLayerComposite> (this=0x48269c00, aOffset=..., aClipRect=...)
    at /home/build/workspace1/B2G-2/B2G/gecko/gfx/layers/composite/ContainerLayerComposite.cpp:122
#8  mozilla::layers::ContainerLayerComposite::RenderLayer (this=0x48269c00, aOffset=..., aClipRect=...)
    at /home/build/workspace1/B2G-2/B2G/gecko/gfx/layers/composite/ContainerLayerComposite.cpp:319
#9  0x41698b0c in ContainerRender<mozilla::layers::RefLayerComposite> (this=0x48588800, aOffset=..., aClipRect=...)
    at /home/build/workspace1/B2G-2/B2G/gecko/gfx/layers/composite/ContainerLayerComposite.cpp:122
#10 mozilla::layers::RefLayerComposite::RenderLayer (this=0x48588800, aOffset=..., aClipRect=...)
    at /home/build/workspace1/B2G-2/B2G/gecko/gfx/layers/composite/ContainerLayerComposite.cpp:363
#11 0x41698e5c in ContainerRender<mozilla::layers::ContainerLayerComposite> (this=0x4826c400, aOffset=..., aClipRect=...)
    at /home/build/workspace1/B2G-2/B2G/gecko/gfx/layers/composite/ContainerLayerComposite.cpp:122
#12 mozilla::layers::ContainerLayerComposite::RenderLayer (this=0x4826c400, aOffset=..., aClipRect=...)
    at /home/build/workspace1/B2G-2/B2G/gecko/gfx/layers/composite/ContainerLayerComposite.cpp:319
#13 0x41698e5c in ContainerRender<mozilla::layers::ContainerLayerComposite> (this=0x4826b800, aOffset=..., aClipRect=...)
    at /home/build/workspace1/B2G-2/B2G/gecko/gfx/layers/composite/ContainerLayerComposite.cpp:122
#14 mozilla::layers::ContainerLayerComposite::RenderLayer (this=0x4826b800, aOffset=..., aClipRect=...)
    at /home/build/workspace1/B2G-2/B2G/gecko/gfx/layers/composite/ContainerLayerComposite.cpp:319
#15 0x41699bd8 in mozilla::layers::LayerManagerComposite::Render (this=0x48e7db00)
    at /home/build/workspace1/B2G-2/B2G/gecko/gfx/layers/composite/LayerManagerComposite.cpp:299
#16 0x41699e2c in mozilla::layers::LayerManagerComposite::EndTransaction (this=0x48e7db00, aCallback=0, aCallbackData=0x0, aFlags=<value optimized out>)
    at /home/build/workspace1/B2G-2/B2G/gecko/gfx/layers/composite/LayerManagerComposite.cpp:193
#17 0x4169932a in mozilla::layers::LayerManagerComposite::EndEmptyTransaction (this=0x0, aFlags=<value optimized out>)
    at /home/build/workspace1/B2G-2/B2G/gecko/gfx/layers/composite/LayerManagerComposite.cpp:158
#18 0x416a4ad4 in mozilla::layers::CompositorParent::Composite (this=0x44dd0680) at /home/build/workspace1/B2G-2/B2G/gecko/gfx/layers/ipc/CompositorParent.cpp:467
#19 0x413d4716 in DispatchToMethod<mozilla::dom::ContentParent, void (mozilla::dom::ContentParent::*)()> (this=<value optimized out>)
    at /home/build/workspace1/B2G-2/B2G/gecko/ipc/chromium/src/base/tuple.h:383
#20 RunnableMethod<mozilla::dom::ContentParent, void (mozilla::dom::ContentParent::*)(), Tuple0>::Run (this=<value optimized out>)
    at /home/build/workspace1/B2G-2/B2G/gecko/ipc/chromium/src/base/task.h:307
#21 0x416469cc in MessageLoop::RunTask (this=0x46f58dec, task=0x46f5840c) at /home/build/workspace1/B2G-2/B2G/gecko/ipc/chromium/src/base/message_loop.cc:337
#22 0x416477d6 in MessageLoop::DeferOrRunPendingTask (this=0x0, pending_task=<value optimized out>)
    at /home/build/workspace1/B2G-2/B2G/gecko/ipc/chromium/src/base/message_loop.cc:345
#23 0x41647846 in MessageLoop::DoDelayedWork (this=0x46f58dec, next_delayed_work_time=0x46878e30)
    at /home/build/workspace1/B2G-2/B2G/gecko/ipc/chromium/src/base/message_loop.cc:472
OS: Linux → Gonk (Firefox OS)
Hardware: x86_64 → ARM
Whiteboard: [native-crash]
Severity: normal → critical
Crash Signature: [@ mozilla::gl::GLContext::MakeCurrent()]
Keywords: crash
Whiteboard: [native-crash] → [b2g-crash]
Version: unspecified → Trunk
I rollback to commit d04b8f699b0adec259203ea487e8ed7a8a7d8a40. Problem disappeared. Occurrence rate with original commit number is 100%.
According to Shawn, the regression range is http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=3d939baa396b&tochange=b109e2dbf03b  I imagine this is due to us re-enabling gralloc in bug 868556.  Waiting for the bluetooth headset to test with.
While waiting for the headset - Benoit, Nical, can you think of a scenario where mGL pointer would be null in TextureHostOGL::Lock call?  Should we be checking for the null pointer there?
Flags: needinfo?(nical.bugzilla)
Flags: needinfo?(bjacob)
I also encountered this issue with a different but simpler STR:
1) Call unagi from another device
2) Remote device disconnects the call.
Crash happens.
It looks like when call disconnect problem could happen. Is it 100% reproducible as following Comment 4 STR?
(In reply to Hsin-Yi Tsai [:hsinyi] from comment #4)
> I also encountered this issue with a different but simpler STR:
> 1) Call unagi from another device
> 2) Remote device disconnects the call.
> Crash happens.

More specifically:
1) Leave unagi in Homescreen (not lockscreen). Call unagi from another device.
2) When ungai displays 'incoming call screen', remote device disconnects the call.
3) 'Incoming call screen' wipes. Then crash happens.

Reproduce:4/5 (80%)
There should be a test at the beginning of GrallocTextureHostOGL that checks for IsValid() and return false if not valid. IsValid should also check that mGL != nullptr.
Flags: needinfo?(nical.bugzilla)
So, to give a bit more background, this situation typically happens when for some reason we tear-down the layer tree, while keeping a compositable alive (for instance when it is doing async texture transfer, like video frames). In this case we need to remove all the references to the CompositorOGL in the Compositable, so we call SetCompositor, which sets mGL to null. as soon as the compositable is attached to another layer it should get a reference to it's compositor/GLContext.
This is part of the trickiness of CompositableHosts and TextureHosts potentially outliving their layer tree.
So we need to support this situation. That said, in our case it also might be that the we missed something and the TextureHost should have a valid GLContext, so this might not fix the bug.
Assignee: nobody → nical.bugzilla
Attachment #746411 - Flags: review?(bjacob)
In particular, I heard tales about incoming calls or something related using an additional widget or something like that, so I am not too surprised we run into edge cases there (to my knowledge b2g uses only one widget everywhere else, although I am not sure).
Comment on attachment 746411 [details] [diff] [review]
Make GrallocTextureHostOGL::Lock not crash when it is in a temporary invalid state

Review of attachment 746411 [details] [diff] [review]:
-----------------------------------------------------------------

r=me with a question.

::: gfx/layers/composite/TextureHost.h
@@ +194,2 @@
>     */
> +  virtual bool Lock() { return IsValid(); }

Why not pure virtual? Why would any texturehost not implement lock?
Flags: needinfo?(bjacob)
Attachment #746411 - Flags: review?(bjacob) → review+
(In reply to Benoit Jacob [:bjacob] from comment #10)
> Why not pure virtual? Why would any texturehost not implement lock?

Right now lock only needs to be implemented when there's actual sharing (as opposed to sending/receiving data as we do for ImageLayer).
This is changing with bug 858914 though.
https://hg.mozilla.org/mozilla-central/rev/6d7135b9d8ef
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla24
You need to log in before you can comment on or make changes to this bug.