Just now I managed to trigger a `0x1be385f9` crash: bp-05d12616-888e-42d9-997f-287e30210609 But I *didn't* use the strategy I described in comment #13. Instead I used a slightly corrupt `IOAccelResource` object of type `0xc0` ("VidMemShared"). I corrupted the data passed to `IOAccelResourceCreate()` to create it. By "slightly corrupt" I mean not enough to make this call fail, but enough to make the kernel mode driver fail (and set the `0x1be385f9` context error) while processing a "ResourceList" tag that includes this object (its resource id). I'm still not sure where this leaves us. But I did find out that Safari doesn't use them (though Chrome does). And there's an underhanded trick I can play to make Firefox not use them, without any obvious loss of quality (though with perhaps some loss of performance). If I can find a less underhanded way to do this, I'll write a patch for it. It's just possible that it will get rid of these crashes. Of course we'd want to hide this change behind a pref. But if this patch gets landed, I'd like the pref to be on for a week or so, to see what effect it has on Mozilla's crash stats.
Bug 1713230 Comment 16 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Just now I managed to trigger a `0x1be385f9` crash: bp-05d12616-888e-42d9-997f-287e30210609 But I *didn't* use the strategy I described in comment #13. Instead I used a slightly corrupt `IOAccelResource` object of type `0xc0` ("VidMemShared"). I corrupted the data passed to `IOAccelResourceCreate()` to create it. By "slightly corrupt" I mean not enough to make this call fail, but enough to make the kernel mode driver fail (and set the `0x1be385f9` context error) while processing a "ResourceList" tag that includes this object (its resource id). I'm still not sure where this leaves us. But I did find out that Safari doesn't use them (though Chrome does). And there's an underhanded trick I can play to make Firefox not use them, without any obvious loss of quality (though with perhaps some loss of performance). If I can find a less underhanded way to do this, I'll write a patch for it. It's just possible that it will get rid of these crashes (at least the "out of memory" ones). Of course we'd want to hide this change behind a pref. But if this patch gets landed, I'd like the pref to be on for a week or so, to see what effect it has on Mozilla's crash stats.