Closed Bug 1027107 Opened 5 years ago Closed 5 years ago

Large OOM in mozilla::gfx::AlphaBoxBlur::Blur

Categories

(Core :: Graphics, defect, critical)

26 Branch
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla33
Tracking Status
firefox30 --- wontfix
firefox31 + verified
firefox32 + verified
firefox33 --- verified

People

(Reporter: kairo, Assigned: mattwoodrow)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

I can reproduce this on my HTC One (M8) and nightly Fennec, by loading http://www.lionsgate.com/movies/ and either just waiting, or zooming in and out and panning around.  There's a hang, then a crash:

https://crash-stats.mozilla.com/report/index/67b427ff-a1da-4b2c-8241-e75c02140619
Severity: normal → critical
I did see this three times today on my Nexus 10 with all current updates (Android 4.4.4) and yesterday's Nightly build while reading http://ascii.textfiles.com/archives/4306, see bp-cefebc15-84e0-4baa-88c4-310932140708 bp-ec8cba2b-c032-4bfb-9e63-098bc2140708 and bp-331d5f10-c97b-45f8-8958-6eeed2140708
My stacks come from gfxAlphaBoxBlur::DoBlur at http://hg.mozilla.org/mozilla-central/annotate/81691a55e60f/gfx/thebes/gfxBlur.cpp#l117 which was last changed by Matt Woodrow in bug 940845.

Matt, is this connected to your work?
Flags: needinfo?(matt.woodrow)
Nope, but seems easy enough to fix.
Assignee: nobody → matt.woodrow
Attachment #8452110 - Flags: review?(bas)
Flags: needinfo?(matt.woodrow)
Kevin, just FYI, this OOM crash is happening quite a bit on Android trunk.
And from stats, it looks like everything starting with 30 is seeing this to some degree. If the fix is low-risk, maybe we want this for 31 still.
Is this any different than bug 1028802?
(In reply to Kevin Brosnan [:kbrosnan] from comment #7)
> Is this any different than bug 1028802?

The crash here is marked as OOM, while the other one isn't. It probably needs a dev to find out if they are related or not.
Attachment #8452110 - Flags: review?(bas) → review+
NI for comment 7
Flags: needinfo?(matt.woodrow)
I don't think it's the same bug.
Flags: needinfo?(matt.woodrow)
https://hg.mozilla.org/mozilla-central/rev/25e05badc128
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla33
The crash stats seem to suggest we should take this on branches.
Comment on attachment 8452110 [details] [diff] [review]
Use fallible allocations

Approval Request Comment
[Feature/regressing bug #]: code has been this way for years, but is now being triggered with large allocations for some reason 
[User impact if declined]: crashes
[Describe test coverage new/current, TBPL]: been on m-c
[Risks and why]: practically zero, since it just makes us skip the blur step and not crash if we can't allocate enough memory for it
[String/UUID change made/needed]: none
Attachment #8452110 - Flags: approval-mozilla-beta?
Attachment #8452110 - Flags: approval-mozilla-aurora?
Blocks: 1028802
Comment on attachment 8452110 [details] [diff] [review]
Use fallible allocations

Should be low risk. Comment #6 and #13 both suggest we should take it. Taking it.
Attachment #8452110 - Flags: approval-mozilla-beta?
Attachment #8452110 - Flags: approval-mozilla-beta+
Attachment #8452110 - Flags: approval-mozilla-aurora?
Attachment #8452110 - Flags: approval-mozilla-aurora+
No crashes in Socorro for both signatures after 2014-07-10:

1. [@ OOM | large | mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | mozilla::gfx::AlphaBoxBlur::Blur(unsigned char*)] signature:

-> for 31.0b: https://crash-stats.mozilla.com/report/list?signature=OOM+%7C+large+%7C+mozalloc_abort%28char+const%2A+const%29+%7C+mozalloc_handle_oom%28unsigned+int%29+%7C+moz_xmalloc+%7C+mozilla%3A%3Agfx%3A%3AAlphaBoxBlur%3A%3ABlur%28unsigned+char%2A%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&version=Firefox%3A31.0b&hang_type=any&date=2014-07-15+10%3A00%3A00&range_value=1#tab-reports

-> for 32.0a2: https://crash-stats.mozilla.com/report/list?signature=OOM+%7C+large+%7C+mozalloc_abort%28char+const%2A+const%29+%7C+mozalloc_handle_oom%28unsigned+int%29+%7C+moz_xmalloc+%7C+mozilla%3A%3Agfx%3A%3AAlphaBoxBlur%3A%3ABlur%28unsigned+char%2A%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&version=Firefox%3A32.0a2&hang_type=any&date=2014-07-15+11%3A00%3A00&range_value=1#tab-reports

-> for 33.0a1: https://crash-stats.mozilla.com/report/list?signature=OOM+%7C+large+%7C+mozalloc_abort%28char+const%2A+const%29+%7C+mozalloc_handle_oom%28unsigned+int%29+%7C+moz_xmalloc+%7C+mozilla%3A%3Agfx%3A%3AAlphaBoxBlur%3A%3ABlur%28unsigned+char%2A%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&version=Firefox%3A33.0a1&hang_type=any&date=2014-07-15+11%3A00%3A00&range_value=1#tab-reports

2. [@ OOM | large | mozalloc_abort(char const*) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | mozilla::gfx::AlphaBoxBlur::Blur(unsigned char*)] signature:

-> for 31.0b: https://crash-stats.mozilla.com/report/list?signature=OOM+%7C+large+%7C+mozalloc_abort%28char+const%2A+const%29+%7C+mozalloc_handle_oom%28unsigned+int%29+%7C+moz_xmalloc+%7C+mozilla%3A%3Agfx%3A%3AAlphaBoxBlur%3A%3ABlur%28unsigned+char%2A%29&product=Firefox&query_type=contains&range_unit=weeks&process_type=any&version=Firefox%3A31.0b&hang_type=any&date=2014-07-15+11%3A00%3A00&range_value=1#tab-reports

-> for 32.0a2: https://crash-stats.mozilla.com/query/?product=Firefox&version=Firefox%3A32.0a2&range_value=1&range_unit=weeks&date=07%2F15%2F2014+11%3A00%3A00&query_search=signature&query_type=contains&query=OOM+%7C+large+%7C+mozalloc_abort%28char+const*%29+%7C+mozalloc_handle_oom%28unsigned+int%29+%7C+moz_xmalloc+%7C+mozilla%3A%3Agfx%3A%3AAlphaBoxBlur%3A%3ABlur%28unsigned+char*%29&reason=&release_channels=&build_id=&process_type=any&hang_type=any

-> for 33.0a1: https://crash-stats.mozilla.com/query/?product=Firefox&version=Firefox%3A33.0a1&range_value=1&range_unit=weeks&date=07%2F15%2F2014+11%3A00%3A00&query_search=signature&query_type=contains&query=OOM+%7C+large+%7C+mozalloc_abort%28char+const*%29+%7C+mozalloc_handle_oom%28unsigned+int%29+%7C+moz_xmalloc+%7C+mozilla%3A%3Agfx%3A%3AAlphaBoxBlur%3A%3ABlur%28unsigned+char*%29&reason=&release_channels=&build_id=&process_type=any&hang_type=any


Although, I suggest we wait one more week to collect more data before calling this fixed.
Going through Socorro, I get the following for crashes in the past 28 days:

1. [@ OOM | large | mozalloc_abort(char const* const) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | mozilla::gfx::AlphaBoxBlur::Blur(unsigned char*)] signature (https://crash-stats.mozilla.com/report/list?signature=OOM+%7C+large+%7C+mozalloc_abort%28char+const%2A+const%29+%7C+mozalloc_handle_oom%28unsigned+int%29+%7C+moz_xmalloc+%7C+mozilla%3A%3Agfx%3A%3AAlphaBoxBlur%3A%3ABlur%28unsigned+char%2A%29&range_value=28&range_unit=days&date=2014-07-15#tab-reports):

-> for 31.0b: 0 crashes in builds newer than July 7th (20140707160635)
-> for 32.0a2: 0 crashes in builds newer than July 7th (20140707004006)
-> for 33.0a1: 0 crashes in builds newer than July 8th (20140708030203)

2. [@ OOM | large | mozalloc_abort(char const*) | mozalloc_handle_oom(unsigned int) | moz_xmalloc | mozilla::gfx::AlphaBoxBlur::Blur(unsigned char*)] signature (https://crash-stats.mozilla.com/report/list?range_unit=days&range_value=28&signature=OOM+%7C+large+%7C+mozalloc_abort%28char+const%2A%29+%7C+mozalloc_handle_oom%28unsigned+int%29+%7C+moz_xmalloc+%7C+mozilla%3A%3Agfx%3A%3AAlphaBoxBlur%3A%3ABlur%28unsigned+char%2A%29#tab-reports):

-> for 31.0b: 0 crashes in builds newer than July 7th (20140707155504)
-> for 32.0a2: 0 crashes in builds newer than June 19th (20140619004025)
-> for 33.0a1: 0 crashes in builds newer than July 9th (20140709030201)

Marking verified since there don't seem to be any new crash reports since ~2 weeks.
(In reply to Florin Mezei, QA (:FlorinMezei) from comment #18)
> 1. [@ OOM | large | mozalloc_abort(char const* const) |
> mozalloc_handle_oom(unsigned int) | moz_xmalloc |
> mozilla::gfx::AlphaBoxBlur::Blur(unsigned char*)] signature
> (https://crash-stats.mozilla.com/report/
> list?signature=OOM+%7C+large+%7C+mozalloc_abort%28char+const%2A+const%29+%7C+
> mozalloc_handle_oom%28unsigned+int%29+%7C+moz_xmalloc+%7C+mozilla%3A%3Agfx%3A
> %3AAlphaBoxBlur%3A%3ABlur%28unsigned+char%2A%29&range_value=28&range_unit=day
> s&date=2014-07-15#tab-reports):

The correct URL is: https://crash-stats.mozilla.com/report/list?range_unit=days&range_value=28&signature=OOM+%7C+large+%7C+mozalloc_abort%28char+const%2A+const%29+%7C+mozalloc_handle_oom%28unsigned+int%29+%7C+moz_xmalloc+%7C+mozilla%3A%3Agfx%3A%3AAlphaBoxBlur%3A%3ABlur%28unsigned+char%2A%29#tab-reports
You need to log in before you can comment on or make changes to this bug.