Closed Bug 1041744 Opened 10 years ago Closed 10 years ago

crash in mozilla::layers::TileClient::GetBackBuffer(nsIntRegion const&, mozilla::layers::TextureClientPool*, bool*, bool)

Categories

(Core :: Graphics: Layers, defect)

Product:
Core
Component:
Graphics: Layers
Version:
33 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla35
Tracking Flags:
Tracking Status
e10s m2+ ---
firefox32 --- unaffected
firefox33 + verified
firefox34 + verified
firefox35 --- verified
b2g-v2.0 --- unaffected
b2g-v2.0M --- unaffected
b2g-v2.1 --- fixed
b2g-v2.2 --- fixed
fennec 33+ ---

People

(Reporter: nhirata, Assigned: nical)

References

Details

(Keywords: crash, Whiteboard: [b2g-crash])

Crash Data

Attachments

(1 file, 1 obsolete file)

rebased patch
5.80 KB, patch
bas.schouten
: review+
Sylvestre
: approval-mozilla-aurora+
Sylvestre
: approval-mozilla-beta+
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-8ba7e76d-264e-4978-a2c7-301d42140714. ============================================================= Crashing Thread Frame Module Signature Source 0 libxul.so mozilla::layers::TileClient::GetBackBuffer(nsIntRegion const&, mozilla::layers::TextureClientPool*, bool*, bool) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/TiledContentClient.cpp:623 1 libxul.so mozilla::layers::ClientTiledLayerBuffer::ValidateTile(mozilla::layers::TileClient, nsIntPoint const&, nsIntRegion const&) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/TiledContentClient.cpp:850 2 libxul.so mozilla::layers::TiledLayerBuffer<mozilla::layers::ClientTiledLayerBuffer, mozilla::layers::TileClient>::Update(nsIntRegion const&, nsIntRegion const&) /home/geeksphone/FOS/keon/gecko/gfx/layers/TiledLayerBuffer.h:504 3 libxul.so mozilla::layers::ClientTiledLayerBuffer::PaintThebes(nsIntRegion const&, nsIntRegion const&, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/TiledContentClient.cpp:800 4 libxul.so mozilla::layers::ClientTiledLayerBuffer::ProgressiveUpdate(nsIntRegion&, nsIntRegion&, nsIntRegion const&, mozilla::layers::BasicTiledLayerPaintData*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/TiledContentClient.cpp:1247 5 libxul.so mozilla::layers::ClientTiledThebesLayer::RenderHighPrecision(nsIntRegion&, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/ClientTiledThebesLayer.cpp:222 6 libxul.so mozilla::layers::ClientTiledThebesLayer::RenderLayer() /home/geeksphone/FOS/keon/gecko/gfx/layers/client/ClientTiledThebesLayer.cpp:393 7 libxul.so mozilla::layers::ClientContainerLayer::RenderLayer() /home/geeksphone/FOS/keon/gecko/gfx/layers/client/ClientContainerLayer.h:61 8 libxul.so mozilla::layers::ClientContainerLayer::RenderLayer() /home/geeksphone/FOS/keon/gecko/gfx/layers/client/ClientContainerLayer.h:61 9 libxul.so mozilla::layers::ClientLayerManager::EndTransactionInternal(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/ClientLayerManager.cpp:211 10 libxul.so mozilla::layers::ClientLayerManager::EndTransaction(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/ClientLayerManager.cpp:237 11 libxul.so mozilla::layers::ClientLayerManager::EndTransaction(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/ClientLayerManager.cpp:244 12 libxul.so mozilla::layers::ClientLayerManager::EndTransaction(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/ClientLayerManager.cpp:244 13 libxul.so nsDisplayList::PaintForFrame(nsDisplayListBuilder*, nsRenderingContext*, nsIFrame*, unsigned int) const /home/geeksphone/FOS/keon/gecko/layout/base/nsDisplayList.cpp:1393 14 libxul.so nsDisplayList::PaintRoot(nsDisplayListBuilder*, nsRenderingContext*, unsigned int) const /home/geeksphone/FOS/keon/gecko/layout/base/nsDisplayList.cpp:1244 15 libxul.so nsLayoutUtils::PaintFrame(nsRenderingContext*, nsIFrame*, nsRegion const&, unsigned int, unsigned int) /home/geeksphone/FOS/keon/gecko/layout/base/nsLayoutUtils.cpp:2977 16 libxul.so PresShell::Paint(nsView*, nsRegion const&, unsigned int) /home/geeksphone/FOS/keon/gecko/layout/base/nsPresShell.cpp:6221 17 libxul.so nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) /home/geeksphone/FOS/keon/gecko/view/src/nsViewManager.cpp:443 18 libxul.so nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) /home/geeksphone/FOS/keon/gecko/view/src/nsViewManager.cpp:384 19 libxul.so nsViewManager::ProcessPendingUpdates() /home/geeksphone/FOS/keon/gecko/view/src/nsViewManager.cpp:1075 20 libxul.so nsRefreshDriver::Tick(long long, mozilla::TimeStamp) /home/geeksphone/FOS/keon/gecko/layout/base/nsRefreshDriver.cpp:1278 21 libxul.so nsRefreshDriver::DoTick() /home/geeksphone/FOS/keon/gecko/layout/base/nsRefreshDriver.cpp:1041 22 libxul.so nsRefreshDriver::DoRefresh() /home/geeksphone/FOS/keon/gecko/layout/base/nsRefreshDriver.cpp:1520 23 libxul.so nsRefreshDriver::FinishedWaitingForTransaction() /home/geeksphone/FOS/keon/gecko/layout/base/nsRefreshDriver.cpp:1400 24 libxul.so nsRefreshDriver::NotifyTransactionCompleted(unsigned long long) /home/geeksphone/FOS/keon/gecko/layout/base/nsRefreshDriver.cpp:1440 25 libxul.so mozilla::layers::ClientLayerManager::DidComposite(unsigned long long) /home/geeksphone/FOS/keon/gecko/gfx/layers/client/ClientLayerManager.cpp:314 26 libxul.so mozilla::dom::TabChild::DidComposite(unsigned long long) /home/geeksphone/FOS/keon/gecko/dom/ipc/TabChild.cpp:2810 27 libxul.so mozilla::layers::CompositorChild::RecvDidComposite(unsigned long long const&, unsigned long long const&) /home/geeksphone/FOS/keon/gecko/gfx/layers/ipc/CompositorChild.cpp:135 28 libxul.so mozilla::layers::PCompositorChild::OnMessageReceived(IPC::Message const&) /home/geeksphone/FOS/keon/objdir-gecko/ipc/ipdl/PCompositorChild.cpp:744 29 libxul.so mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) /home/geeksphone/FOS/keon/gecko/ipc/glue/MessageChannel.cpp:1152 30 libxul.so mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message const&) /home/geeksphone/FOS/keon/gecko/ipc/glue/MessageChannel.cpp:1066 31 libxul.so mozilla::ipc::MessageChannel::OnMaybeDequeueOne() /home/geeksphone/FOS/keon/gecko/ipc/glue/MessageChannel.cpp:1049 32 libxul.so RunnableMethod<FdWatcher, void (FdWatcher::*)(), Tuple0>::Run() /home/geeksphone/FOS/keon/gecko/ipc/chromium/src/base/tuple.h:383 33 libxul.so mozilla::ipc::MessageChannel::DequeueTask::Run() /home/geeksphone/FOS/keon/objdir-gecko/ipc/glue/../../dist/include/mozilla/ipc/MessageChannel.h:390 34 libxul.so MessageLoop::RunTask(Task*) /home/geeksphone/FOS/keon/gecko/ipc/chromium/src/base/message_loop.cc:357 35 libxul.so MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) /home/geeksphone/FOS/keon/gecko/ipc/chromium/src/base/message_loop.cc:365 36 libxul.so MessageLoop::DoWork() /home/geeksphone/FOS/keon/gecko/ipc/chromium/src/base/message_loop.cc:443 37 libxul.so mozilla::ipc::DoWorkRunnable::Run() /home/geeksphone/FOS/keon/gecko/ipc/glue/MessagePump.cpp:233 38 libxul.so nsThread::ProcessNextEvent(bool, bool*) /home/geeksphone/FOS/keon/gecko/xpcom/threads/nsThread.cpp:766 39 libxul.so NS_ProcessNextEvent(nsIThread*, bool) /home/geeksphone/FOS/keon/gecko/xpcom/glue/nsThreadUtils.cpp:256 40 libxul.so mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /home/geeksphone/FOS/keon/gecko/ipc/glue/MessagePump.cpp:99 41 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /home/geeksphone/FOS/keon/gecko/ipc/glue/MessagePump.cpp:302 42 libxul.so MessageLoop::RunInternal() /home/geeksphone/FOS/keon/gecko/ipc/chromium/src/base/message_loop.cc:229 43 libxul.so MessageLoop::Run() /home/geeksphone/FOS/keon/gecko/ipc/chromium/src/base/message_loop.cc:222 44 libxul.so nsBaseAppShell::Run() /home/geeksphone/FOS/keon/gecko/widget/xpwidgets/nsBaseAppShell.cpp:164 45 libxul.so XRE_RunAppShell /home/geeksphone/FOS/keon/gecko/toolkit/xre/nsEmbedFunctions.cpp:693 46 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /home/geeksphone/FOS/keon/gecko/ipc/glue/MessagePump.cpp:272 47 libxul.so MessageLoop::RunInternal() /home/geeksphone/FOS/keon/gecko/ipc/chromium/src/base/message_loop.cc:229 48 libxul.so MessageLoop::Run() /home/geeksphone/FOS/keon/gecko/ipc/chromium/src/base/message_loop.cc:222 49 libxul.so XRE_InitChildProcess /home/geeksphone/FOS/keon/gecko/toolkit/xre/nsEmbedFunctions.cpp:530 50 plugin-container main /home/geeksphone/FOS/keon/gecko/ipc/app/MozillaRuntimeMain.cpp:149 51 libc.so __libc_init /home/geeksphone/FOS/keon_nightly/bionic/libc/bionic/libc_init_dynamic.c:114 occurred in : app://verticalhome.gaiamobile.org/manifest.webapp more reports: https://crash-stats.mozilla.com/report/list?product=B2G&signature=mozilla%3A%3Alayers%3A%3ATileClient%3A%3AGetBackBuffer%28nsIntRegion+const%26%2C+mozilla%3A%3Alayers%3A%3ATextureClientPool*%2C+bool*%2C+bool%29#tab-reports First occurrence : 20140711221717 Last occurrence : 20140719221739 keon
status-b2g-v2.1: --- → affected
Whiteboard: [b2g-crash]
This happening because the allocation of a tile failed and this code path does not handle it. Fixing the crash should be pretty easy, although it's not clear that there is something we can do about the fact that rendering will be broken (there's going to be a missing tile in the layer!).
Assignee: nobody → nical.bugzilla
The crash happens on keon. keon's gonk seems same to peak. Their gonk has a problem like Bug 1036905. It seems to affect to allocation failure.
(In reply to Sotaro Ikeda [:sotaro PTO July/25 - Aug/3] from comment #2) > The crash happens on keon. keon's gonk seems same to peak. Their gonk has a > problem like Bug 1036905. It seems to affect to allocation failure. Bug 1039883 reduce Tile usage. It might mitigate the problem.
Instead use NS_ASSERTION which will make tests fail on try but not crash.
Attachment #8464676 - Flags: review?(bas)
[Tracking Requested - why for this release]: topcrash affecting Firefox for Android 33b and we have a regression in the crash rate
status-firefox32: --- → ?
status-firefox33: --- → affected
status-firefox34: --- → affected
status-firefox35: --- → ?
tracking-firefox33: --- → ?
tracking-firefox34: --- → ?
tracking-fennec: --- → ?
Where did we get stuck with this bug? Seems to be in review for a while, so I'm assuming some conversation happened offline and just wasn't recorded here? Here's a sample Fennec crash: https://crash-stats.mozilla.com/report/index/22c61ad7-30bb-4c5b-8e1d-28da82140907
Flags: needinfo?(nical.bugzilla)
Flags: needinfo?(bas)
Attached patch rebased patchSplinter Review
Attachment #8464676 - Attachment is obsolete: true
Attachment #8464676 - Flags: review?(bas)
Attachment #8487179 - Flags: review?(bas)
Attachment #8487179 - Flags: review?(bas) → review+
tracking-fennec: ? → 33+
Crash does not show up in the the 32.0 Firefox for Android.
status-firefox32: ?unaffected
https://hg.mozilla.org/mozilla-central/rev/6d1071f4d95e
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla35
Nical, could you fill an uplift request for aurora & beta? Merci!
status-firefox35: ?fixed
Flags: needinfo?(nical.bugzilla)
Comment on attachment 8487179 [details] [diff] [review] rebased patch Approval Request Comment [Feature/regressing bug #]: [User impact if declined]: Crashes on platforms using tiling (android, b2g) [Describe test coverage new/current, TBPL]: baking on central. No specific test, the issue may happen when we run out of gpu memory, hard to reliably test for because dependent on hardware and drivers. [Risks and why]: low risk, only affects a situation where we would crash before. [String/UUID change made/needed]:
Attachment #8487179 - Flags: approval-mozilla-beta?
Attachment #8487179 - Flags: approval-mozilla-aurora?
Flags: needinfo?(nical.bugzilla)
Attachment #8487179 - Flags: approval-mozilla-beta?
Attachment #8487179 - Flags: approval-mozilla-beta+
Attachment #8487179 - Flags: approval-mozilla-aurora?
Attachment #8487179 - Flags: approval-mozilla-aurora+
OS: Gonk (Firefox OS) → All
Verified that this crash signature is not showing up in Beta 4 Firefox for Android.
status-firefox33: fixedverified
status-firefox34: fixedverified
status-firefox35: fixedverified
Flags: needinfo?(bas)
Unable to verify because there are no STR's for Firefox OS.
QA Whiteboard: [QAnalyst-verify-][QAnalyst-Triage?]
Flags: needinfo?(ktucker)
QA Whiteboard: [QAnalyst-verify-][QAnalyst-Triage?] → [QAnalyst-verify-][QAnalyst-Triage+]
Flags: needinfo?(ktucker)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: