crash in mozilla::layers::TileClient::GetBackBuffer(nsIntRegion const&, mozilla::layers::TextureClientPool*, bool*, bool)
RESOLVED
FIXED
in Firefox 33
Status
()
People
(Reporter: nhirata, Assigned: nical)
Tracking
({crash})
Firefox Tracking Flags
(e10sm2+, firefox32 unaffected, firefox33+ verified, firefox34+ verified, firefox35 verified, b2g-v2.0 unaffected, b2g-v2.0M unaffected, b2g-v2.1 fixed, b2g-v2.2 fixed, fennec33+)
Details
(Whiteboard: [b2g-crash], crash signature)
Attachments
(1 attachment, 1 obsolete attachment)
|
5.80 KB,
patch
|
bas.schouten
:
review+
sylvestre
:
approval-mozilla-aurora+
sylvestre
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-8ba7e76d-264e-4978-a2c7-301d42140714. ============================================================= Crashing Thread Frame Module Signature Source 0 libxul.so mozilla::layers::TileClient::GetBackBuffer(nsIntRegion const&, mozilla::layers::TextureClientPool*, bool*, bool) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/TiledContentClient.cpp:623 1 libxul.so mozilla::layers::ClientTiledLayerBuffer::ValidateTile(mozilla::layers::TileClient, nsIntPoint const&, nsIntRegion const&) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/TiledContentClient.cpp:850 2 libxul.so mozilla::layers::TiledLayerBuffer<mozilla::layers::ClientTiledLayerBuffer, mozilla::layers::TileClient>::Update(nsIntRegion const&, nsIntRegion const&) /home/geeksphone/FOS/keon/gecko/gfx/layers/TiledLayerBuffer.h:504 3 libxul.so mozilla::layers::ClientTiledLayerBuffer::PaintThebes(nsIntRegion const&, nsIntRegion const&, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/TiledContentClient.cpp:800 4 libxul.so mozilla::layers::ClientTiledLayerBuffer::ProgressiveUpdate(nsIntRegion&, nsIntRegion&, nsIntRegion const&, mozilla::layers::BasicTiledLayerPaintData*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/TiledContentClient.cpp:1247 5 libxul.so mozilla::layers::ClientTiledThebesLayer::RenderHighPrecision(nsIntRegion&, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/ClientTiledThebesLayer.cpp:222 6 libxul.so mozilla::layers::ClientTiledThebesLayer::RenderLayer() /home/geeksphone/FOS/keon/gecko/gfx/layers/client/ClientTiledThebesLayer.cpp:393 7 libxul.so mozilla::layers::ClientContainerLayer::RenderLayer() /home/geeksphone/FOS/keon/gecko/gfx/layers/client/ClientContainerLayer.h:61 8 libxul.so mozilla::layers::ClientContainerLayer::RenderLayer() /home/geeksphone/FOS/keon/gecko/gfx/layers/client/ClientContainerLayer.h:61 9 libxul.so mozilla::layers::ClientLayerManager::EndTransactionInternal(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/ClientLayerManager.cpp:211 10 libxul.so mozilla::layers::ClientLayerManager::EndTransaction(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/ClientLayerManager.cpp:237 11 libxul.so mozilla::layers::ClientLayerManager::EndTransaction(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/ClientLayerManager.cpp:244 12 libxul.so mozilla::layers::ClientLayerManager::EndTransaction(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/ClientLayerManager.cpp:244 13 libxul.so nsDisplayList::PaintForFrame(nsDisplayListBuilder*, nsRenderingContext*, nsIFrame*, unsigned int) const /home/geeksphone/FOS/keon/gecko/layout/base/nsDisplayList.cpp:1393 14 libxul.so nsDisplayList::PaintRoot(nsDisplayListBuilder*, nsRenderingContext*, unsigned int) const /home/geeksphone/FOS/keon/gecko/layout/base/nsDisplayList.cpp:1244 15 libxul.so nsLayoutUtils::PaintFrame(nsRenderingContext*, nsIFrame*, nsRegion const&, unsigned int, unsigned int) /home/geeksphone/FOS/keon/gecko/layout/base/nsLayoutUtils.cpp:2977 16 libxul.so PresShell::Paint(nsView*, nsRegion const&, unsigned int) /home/geeksphone/FOS/keon/gecko/layout/base/nsPresShell.cpp:6221 17 libxul.so nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) /home/geeksphone/FOS/keon/gecko/view/src/nsViewManager.cpp:443 18 libxul.so nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) /home/geeksphone/FOS/keon/gecko/view/src/nsViewManager.cpp:384 19 libxul.so nsViewManager::ProcessPendingUpdates() /home/geeksphone/FOS/keon/gecko/view/src/nsViewManager.cpp:1075 20 libxul.so nsRefreshDriver::Tick(long long, mozilla::TimeStamp) /home/geeksphone/FOS/keon/gecko/layout/base/nsRefreshDriver.cpp:1278 21 libxul.so nsRefreshDriver::DoTick() /home/geeksphone/FOS/keon/gecko/layout/base/nsRefreshDriver.cpp:1041 22 libxul.so nsRefreshDriver::DoRefresh() /home/geeksphone/FOS/keon/gecko/layout/base/nsRefreshDriver.cpp:1520 23 libxul.so nsRefreshDriver::FinishedWaitingForTransaction() /home/geeksphone/FOS/keon/gecko/layout/base/nsRefreshDriver.cpp:1400 24 libxul.so nsRefreshDriver::NotifyTransactionCompleted(unsigned long long) /home/geeksphone/FOS/keon/gecko/layout/base/nsRefreshDriver.cpp:1440 25 libxul.so mozilla::layers::ClientLayerManager::DidComposite(unsigned long long) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/ClientLayerManager.cpp:314 26 libxul.so mozilla::dom::TabChild::DidComposite(unsigned long long) /home/geeksphone/FOS/keon/gecko/dom/ipc/TabChild.cpp:2810 27 libxul.so mozilla::layers::CompositorChild::RecvDidComposite(unsigned long long const&, unsigned long long const&) /home/geeksphone/FOS/keon/gecko/gfx/layers/ipc/CompositorChild.cpp:135 28 libxul.so mozilla::layers::PCompositorChild::OnMessageReceived(IPC::Message const&) /home/geeksphone/FOS/keon/objdir-gecko/ipc/ipdl/PCompositorChild.cpp:744 29 libxul.so mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) /home/geeksphone/FOS/keon/gecko/ipc/glue/MessageChannel.cpp:1152 30 libxul.so mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message const&) /home/geeksphone/FOS/keon/gecko/ipc/glue/MessageChannel.cpp:1066 31 libxul.so mozilla::ipc::MessageChannel::OnMaybeDequeueOne() /home/geeksphone/FOS/keon/gecko/ipc/glue/MessageChannel.cpp:1049 32 libxul.so RunnableMethod<FdWatcher, void (FdWatcher::*)(), Tuple0>::Run() /home/geeksphone/FOS/keon/gecko/ipc/chromium/src/base/tuple.h:383 33 libxul.so mozilla::ipc::MessageChannel::DequeueTask::Run() /home/geeksphone/FOS/keon/objdir-gecko/ipc/glue/../../dist/include/mozilla/ipc/MessageChannel.h:390 34 libxul.so MessageLoop::RunTask(Task*) /home/geeksphone/FOS/keon/gecko/ipc/chromium/src/base/message_loop.cc:357 35 libxul.so MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) /home/geeksphone/FOS/keon/gecko/ipc/chromium/src/base/message_loop.cc:365 36 libxul.so MessageLoop::DoWork() /home/geeksphone/FOS/keon/gecko/ipc/chromium/src/base/message_loop.cc:443 37 libxul.so mozilla::ipc::DoWorkRunnable::Run() /home/geeksphone/FOS/keon/gecko/ipc/glue/MessagePump.cpp:233 38 libxul.so nsThread::ProcessNextEvent(bool, bool*) /home/geeksphone/FOS/keon/gecko/xpcom/threads/nsThread.cpp:766 39 libxul.so NS_ProcessNextEvent(nsIThread*, bool) /home/geeksphone/FOS/keon/gecko/xpcom/glue/nsThreadUtils.cpp:256 40 libxul.so mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /home/geeksphone/FOS/keon/gecko/ipc/glue/MessagePump.cpp:99 41 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /home/geeksphone/FOS/keon/gecko/ipc/glue/MessagePump.cpp:302 42 libxul.so MessageLoop::RunInternal() /home/geeksphone/FOS/keon/gecko/ipc/chromium/src/base/message_loop.cc:229 43 libxul.so MessageLoop::Run() /home/geeksphone/FOS/keon/gecko/ipc/chromium/src/base/message_loop.cc:222 44 libxul.so nsBaseAppShell::Run() /home/geeksphone/FOS/keon/gecko/widget/xpwidgets/nsBaseAppShell.cpp:164 45 libxul.so XRE_RunAppShell /home/geeksphone/FOS/keon/gecko/toolkit/xre/nsEmbedFunctions.cpp:693 46 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /home/geeksphone/FOS/keon/gecko/ipc/glue/MessagePump.cpp:272 47 libxul.so MessageLoop::RunInternal() /home/geeksphone/FOS/keon/gecko/ipc/chromium/src/base/message_loop.cc:229 48 libxul.so MessageLoop::Run() /home/geeksphone/FOS/keon/gecko/ipc/chromium/src/base/message_loop.cc:222 49 libxul.so XRE_InitChildProcess /home/geeksphone/FOS/keon/gecko/toolkit/xre/nsEmbedFunctions.cpp:530 50 plugin-container main /home/geeksphone/FOS/keon/gecko/ipc/app/MozillaRuntimeMain.cpp:149 51 libc.so __libc_init /home/geeksphone/FOS/keon_nightly/bionic/libc/bionic/libc_init_dynamic.c:114 occurred in : app://verticalhome.gaiamobile.org/manifest.webapp more reports: https://crash-stats.mozilla.com/report/list?product=B2G&signature=mozilla%3A%3Alayers%3A%3ATileClient%3A%3AGetBackBuffer%28nsIntRegion+const%26%2C+mozilla%3A%3Alayers%3A%3ATextureClientPool*%2C+bool*%2C+bool%29#tab-reports First occurrence : 20140711221717 Last occurrence : 20140719221739 keon
|
Reporter | |
Updated•5 years ago
|
status-b2g-v2.1:
--- → affected
Whiteboard: [b2g-crash]
|
Assignee | |
Comment 1•5 years ago
|
||
This happening because the allocation of a tile failed and this code path does not handle it. Fixing the crash should be pretty easy, although it's not clear that there is something we can do about the fact that rendering will be broken (there's going to be a missing tile in the layer!).
Assignee: nobody → nical.bugzilla
|
||
Comment 2•5 years ago
|
||
The crash happens on keon. keon's gonk seems same to peak. Their gonk has a problem like Bug 1036905. It seems to affect to allocation failure.
|
|
||
Comment 3•5 years ago
|
||
(In reply to Sotaro Ikeda [:sotaro PTO July/25 - Aug/3] from comment #2) > The crash happens on keon. keon's gonk seems same to peak. Their gonk has a > problem like Bug 1036905. It seems to affect to allocation failure. Bug 1039883 reduce Tile usage. It might mitigate the problem.
|
|
Assignee | |
Comment 4•5 years ago
|
||
Instead use NS_ASSERTION which will make tests fail on try but not crash.
Attachment #8464676 -
Flags: review?(bas)
|
||
Comment 5•5 years ago
|
||
[Tracking Requested - why for this release]: topcrash affecting Firefox for Android 33b and we have a regression in the crash rate
status-firefox32:
--- → ?
status-firefox33:
--- → affected
status-firefox34:
--- → affected
status-firefox35:
--- → ?
tracking-firefox33:
--- → ?
tracking-firefox34:
--- → ?
|
||
Updated•5 years ago
|
tracking-fennec: --- → ?
Where did we get stuck with this bug? Seems to be in review for a while, so I'm assuming some conversation happened offline and just wasn't recorded here? Here's a sample Fennec crash: https://crash-stats.mozilla.com/report/index/22c61ad7-30bb-4c5b-8e1d-28da82140907
Flags: needinfo?(nical.bugzilla)
Flags: needinfo?(bas)
|
|
Assignee | |
Comment 7•5 years ago
|
||
Attachment #8464676 -
Attachment is obsolete: true
Attachment #8464676 -
Flags: review?(bas)
Attachment #8487179 -
Flags: review?(bas)
|
||
Updated•5 years ago
|
Attachment #8487179 -
Flags: review?(bas) → review+
|
|
Assignee | |
Comment 8•5 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/6d1071f4d95e
Flags: needinfo?(nical.bugzilla)
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
tracking-fennec: ? → 33+
|
|
||
Comment 9•5 years ago
|
||
Crash does not show up in the the 32.0 Firefox for Android.
|
|
||
Updated•5 years ago
|
tracking-e10s:
--- → m2+
|
||
Comment 11•5 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/6d1071f4d95e
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla35
|
||
Comment 12•5 years ago
|
||
Nical, could you fill an uplift request for aurora & beta? Merci!
Flags: needinfo?(nical.bugzilla)
|
|
Assignee | |
Comment 13•5 years ago
|
||
Comment on attachment 8487179 [details] [diff] [review] rebased patch Approval Request Comment [Feature/regressing bug #]: [User impact if declined]: Crashes on platforms using tiling (android, b2g) [Describe test coverage new/current, TBPL]: baking on central. No specific test, the issue may happen when we run out of gpu memory, hard to reliably test for because dependent on hardware and drivers. [Risks and why]: low risk, only affects a situation where we would crash before. [String/UUID change made/needed]:
Attachment #8487179 -
Flags: approval-mozilla-beta?
Attachment #8487179 -
Flags: approval-mozilla-aurora?
Flags: needinfo?(nical.bugzilla)
|
|
||
Updated•5 years ago
|
Attachment #8487179 -
Flags: approval-mozilla-beta?
Attachment #8487179 -
Flags: approval-mozilla-beta+
Attachment #8487179 -
Flags: approval-mozilla-aurora?
Attachment #8487179 -
Flags: approval-mozilla-aurora+
|
|
||
Comment 14•5 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/10ddaad98dfe https://hg.mozilla.org/releases/mozilla-beta/rev/9148cd599e9f
|
|
||
Updated•5 years ago
|
OS: Gonk (Firefox OS) → All
|
|
||
Comment 16•5 years ago
|
||
Verified that this crash signature is not showing up in Beta 4 Firefox for Android.
Flags: needinfo?(bas)
|
||
Comment 17•5 years ago
|
||
Unable to verify because there are no STR's for Firefox OS.
QA Whiteboard: [QAnalyst-verify-][QAnalyst-Triage?]
Flags: needinfo?(ktucker)
|
||
Updated•5 years ago
|
QA Whiteboard: [QAnalyst-verify-][QAnalyst-Triage?] → [QAnalyst-verify-][QAnalyst-Triage+]
Flags: needinfo?(ktucker)
You need to log in
before you can comment on or make changes to this bug.
Description
•