Closed Bug 986572 Opened 6 years ago Closed 6 years ago

MOZ_ASSERT(IsCurrent()); in BeforeGLCall at GLContext.h:618 when choosing picture for MMS via the gallery


(Core :: Graphics: Layers, defect)

Gonk (Firefox OS)
Not set



blocking-b2g 1.4+
Tracking Status
firefox29 --- wontfix
firefox30 --- fixed
firefox31 --- fixed
b2g-v1.4 --- fixed
b2g-v2.0 --- fixed


(Reporter: gwagner, Assigned: bjacob)



(Keywords: regression)


(3 files, 1 obsolete file)

Seen on current trunk on nexus 4 with debug build.
This used to work fine about 1-2 weeks ago.

Have a pic in your gallery
Open Message app
Add attachement, choose gallery
click on picture

Program received signal SIGSEGV, Segmentation fault.
0xb501db9a in BeforeGLCall (this=<optimized out>, glFunction=<optimized out>) at ../../../gfx/gl/GLContext.h:618
618	        MOZ_ASSERT(IsCurrent());
(gdb) bt
#0  0xb501db9a in BeforeGLCall (this=<optimized out>, glFunction=<optimized out>) at ../../../gfx/gl/GLContext.h:618
#1  mozilla::gl::GLContext::BeforeGLCall (this=0xb0bc8000, glFunction=0xb68900df "realGLboolean mozilla::gl::GLContext::fIsTexture(GLuint)") at ../../../gfx/gl/GLContext.h:616
#2  0xb501ded4 in mozilla::gl::GLContext::fIsTexture (this=0xb0bc8000, texture=2) at ../../../gfx/gl/GLContext.h:1341
#3  0xb501ee94 in mozilla::gl::GLBlitHelper::BlitTextureToTexture (this=0xb1cd9f20, srcTex=2, destTex=4, srcSize=..., destSize=..., srcTarget=3553, destTarget=3553) at ../../../gfx/gl/GLBlitHelper.cpp:597
#4  0xb502d976 in mozilla::gl::SharedSurface_GL::ProdCopy (src=0xb0bf3740, dest=0xb0bff730, factory=<optimized out>) at ../../../gfx/gl/SharedSurfaceGL.cpp:131
#5  0xb5031e52 in mozilla::gfx::SurfaceStream_TripleBuffer::CopySurfaceToProducer (this=0xb1cd8900, src=0xb0bf3740, factory=0xb1cd8a80) at ../../../gfx/gl/SurfaceStream.cpp:69
#6  0xb507615a in mozilla::layers::CanvasClientSurfaceStream::Update (this=0xb0bffac0, aSize=..., aLayer=0xb32e4e20) at ../../../gfx/layers/client/CanvasClient.cpp:121
#7  0xb50766a6 in mozilla::layers::ClientCanvasLayer::RenderLayer (this=0xb32e4e20) at ../../../gfx/layers/client/ClientCanvasLayer.cpp:161
#8  0xb5077232 in mozilla::layers::ClientContainerLayer::RenderLayer (this=0xb1e2a000) at ../../../gfx/layers/client/ClientContainerLayer.h:79
#9  0xb5077a60 in mozilla::layers::ClientLayerManager::EndTransactionInternal (this=0xb2c58380, aCallback=
    0xb593d419 <mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*)>, aCallbackData=0xbead7720)
    at ../../../gfx/layers/client/ClientLayerManager.cpp:190
#10 0xb5078574 in mozilla::layers::ClientLayerManager::EndTransaction (this=0xb2c58380, 
    aCallback=0xb593d419 <mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*)>, aCallbackData=0xbead7720, 
    aFlags=mozilla::layers::LayerManager::END_DEFAULT) at ../../../gfx/layers/client/ClientLayerManager.cpp:216
#11 0xb5970eea in nsDisplayList::PaintForFrame (this=0xbead7704, aBuilder=0xbead7720, aCtx=<optimized out>, aForFrame=<optimized out>, aFlags=13) at ../../../layout/base/nsDisplayList.cpp:1379
#12 0xb5971108 in nsDisplayList::PaintRoot (this=0xbead7704, aBuilder=0xbead7720, aCtx=0x0, aFlags=13) at ../../../layout/base/nsDisplayList.cpp:1220
#13 0xb597a2e0 in nsLayoutUtils::PaintFrame (aRenderingContext=0x0, aFrame=0xb211b2b8, aDirtyRegion=<optimized out>, aBackstop=0, aFlags=772) at ../../../layout/base/nsLayoutUtils.cpp:2427
#14 0xb59304ca in PresShell::Paint (this=0xb30c1bc0, aViewToPaint=<optimized out>, aDirtyRegion=..., aFlags=<optimized out>) at ../../../layout/base/nsPresShell.cpp:5932
#15 0xb55ff124 in nsViewManager::ProcessPendingUpdatesPaint (this=0xb210e910, aWidget=0xb2ca4500) at ../../../view/src/nsViewManager.cpp:452
#16 0xb55ff4d4 in nsViewManager::ProcessPendingUpdatesForView (this=<optimized out>, aView=<optimized out>, aFlushDirtyRegion=<optimized out>) at ../../../view/src/nsViewManager.cpp:393
#17 0xb5937b38 in nsRefreshDriver::Tick (this=0xb30a3e60, aNowEpoch=<optimized out>, aNowTime=...) at ../../../layout/base/nsRefreshDriver.cpp:1207
#18 0xb5938024 in mozilla::RefreshDriverTimer::Tick (this=0xb2668880) at ../../../layout/base/nsRefreshDriver.cpp:160
#19 0xb4c25fb6 in nsTimerImpl::Fire (this=0xb2662150) at ../../../xpcom/threads/nsTimerImpl.cpp:551
#20 0xb4c26140 in nsTimerEvent::Run (this=0xb264a210) at ../../../xpcom/threads/nsTimerImpl.cpp:635
#21 0xb4c2351a in ProcessNextEvent (result=0xbead7dbf, mayWait=false, this=0xb3d2e780) at ../../../xpcom/threads/nsThread.cpp:694
#22 nsThread::ProcessNextEvent (this=0xb3d2e780, mayWait=<optimized out>, result=0xbead7dbf) at ../../../xpcom/threads/nsThread.cpp:618
#23 0xb4bdd650 in NS_ProcessNextEvent (thread=0xb3d2e780, mayWait=<optimized out>) at ../../../xpcom/glue/nsThreadUtils.cpp:263
#24 0xb4dd0730 in mozilla::ipc::MessagePump::Run (this=0xb3d01b80, aDelegate=0xbead7f18) at ../../../ipc/glue/MessagePump.cpp:95
#25 0xb4dbdcd2 in MessageLoop::RunInternal (this=0xbead7f18) at ../../../ipc/chromium/src/base/
#26 0xb4dbdcea in RunHandler (this=0xbead7f18) at ../../../ipc/chromium/src/base/
#27 MessageLoop::Run (this=0xbead7f18) at ../../../ipc/chromium/src/base/
#28 0xb535789a in nsBaseAppShell::Run (this=0xb305e640) at ../../../widget/xpwidgets/nsBaseAppShell.cpp:164
#29 0xb5bff8c6 in XRE_RunAppShell () at ../../../toolkit/xre/nsEmbedFunctions.cpp:679
#30 0xb4dd084a in mozilla::ipc::MessagePumpForChildProcess::Run (this=0xb3d01b80, aDelegate=0xbead7f18) at ../../../ipc/glue/MessagePump.cpp:253
#31 0xb4dbdcd2 in MessageLoop::RunInternal (this=0xbead7f18) at ../../../ipc/chromium/src/base/
#32 0xb4dbdcea in RunHandler (this=0xbead7f18) at ../../../ipc/chromium/src/base/
#33 MessageLoop::Run (this=0xbead7f18) at ../../../ipc/chromium/src/base/
#34 0xb5bff7aa in XRE_InitChildProcess (aArgc=5, aArgv=<optimized out>, aProcess=<optimized out>) at ../../../toolkit/xre/nsEmbedFunctions.cpp:516
#35 0x00008862 in main (argc=6, argv=0xbead8a14) at ../../../ipc/app/MozillaRuntimeMain.cpp:149
(gdb) quit
Blocks: 981202
blocking-b2g: --- → 1.4?
Milan, can you look at the impact here and do the triage?
Flags: needinfo?(milan)
Gregor and I spoke offline - we need a regression range, No-Jun, can you help?
Flags: needinfo?(milan) → needinfo?(npark)
Attached file logcat.txt
Cannot reproduce on Buri/Hamachi on latest 1.4:

│ Gaia      730670951e40b2317a167fcd07c398bb662d6e87                         │
│ Gecko  │
│ BuildID   20140324000202                                                   │
│ Version   30.0a2                                                           │
│                     │
│ Dec 23 16:36:04 CST 2013 

When the image is selected, following message shows instead, but I did not see any error messages as described in the comments.

I/Gecko   (  133): [Parent 133] WARNING: waitpid failed pid:741 errno:10: file ../../../gecko/ipc/chromium/src/base/, line 254

I/Gecko   (  133): [Parent 133] WARNING: Failed to deliver SIGKILL to 741!(3).: file ../../../gecko/ipc/chromium/src/chrome/common/, line 118

E/QCALOG  (  189): [MessageQ] ProcessNewMessage: [XTWiFi-PE] unknown deliver target [OS-Agent]
Flags: needinfo?(npark)
(In reply to npark from comment #3)
> Created attachment 8395768 [details]
> logcat.txt
> Cannot reproduce on Buri/Hamachi on latest 1.4:

Did you use an --enable-debug gecko?
Clearing the window request here - I'd like to see an analysis of impact of why this would be a blocker first & agreement that this is a blocker at the drivers' level first before any bisection takes place here. We don't have pre-built debug builds, so any bisection that would happen here would have to be done manually.
BLocking as this is avoiding to investigate other crashers on debug builds and has clear STR(Per :gwagner) . This may be out in the wild and we may not know what exactly the crash signatures or how bad this is.
blocking-b2g: 1.4? → 1.4+
OS: Mac OS X → Gonk (Firefox OS)
Assignee: nobody → bjacob
Attached image ENJOYKTM.jpg
It doesn't happen with pictures that are taken with the camera but it happens when I push my own pic to the SD card.
Thats the pic that causes the crash.
Flags: needinfo?(bjacob)
I still need a regression range.  This may very well be a feature request because a change that enabled a new code path.
Flags: needinfo?(bjacob)
Oh, sorry for ignoring this bug so long. It's eminently actionable. The assertion means we're forgetting to call GLContext::MakeCurrent() somewhere, and the stack in comment 0 says exactly where. This is actually a quite major bug; writing a patch now.
Attachment #8400524 - Flags: review?(jgilbert)
Oh, though it seems that these GL helpers are designed around the idea that the _caller_ calls makecurrent, which is why none of them no... so here's a smaller patch fixing the caller.
Attachment #8400524 - Attachment is obsolete: true
Attachment #8400524 - Flags: review?(jgilbert)
Attachment #8400533 - Flags: review?(jgilbert)
Attachment #8400533 - Flags: review?(jgilbert) → review+
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
You need to log in before you can comment on or make changes to this bug.