Closed Bug 1216909 Opened 4 years ago Closed 4 years ago

BD24 AVR:NULL firefox.exe!xul.dll!mozilla::layers::ContentClientDoubleBuffered::FinalizeFrame

Categories

(Core :: Graphics: Layers, defect, critical)

41 Branch
defect
Not set
critical

Tracking

()

VERIFIED FIXED
Tracking Status
firefox43 --- unaffected
firefox44 + fixed
firefox45 --- unaffected
firefox46 --- unaffected

People

(Reporter: abbGZcvu_bugzilla.mozilla.org, Unassigned)

References

Details

(Keywords: crash, testcase, topcrash)

Crash Data

Attachments

(2 files)

Attached file Repro
Repro:
<nav><marquee>x<style>*{transform:scaleY(9)

Problem:
Access violation while reading memory at 0x0 using a NULL ptr

Stack:
xul.dll!mozilla::layers::ContentClientDoubleBuffered::FinalizeFrame + 0xC9 (BD in id)
xul.dll!mozilla::layers::RotatedContentBuffer::BeginPaint + 0x261 (24 in id)
xul.dll!mozilla::layers::ContentClientRemoteBuffer::BeginPaintBuffer + 0x14
xul.dll!mozilla::layers::ClientPaintedLayer::PaintThebes + 0x84
xul.dll!mozilla::layers::ClientPaintedLayer::RenderLayerWithReadback + 0x7A
xul.dll!mozilla::layers::ClientContainerLayer::RenderLayer + 0xA5
xul.dll!mozilla::layers::ClientLayer::RenderLayerWithReadback + 0x5
xul.dll!mozilla::layers::ClientContainerLayer::RenderLayer + 0xA5
xul.dll!mozilla::layers::ClientLayer::RenderLayerWithReadback + 0x5
xul.dll!mozilla::layers::ClientContainerLayer::RenderLayer + 0xA5
xul.dll!mozilla::layers::ClientLayer::RenderLayerWithReadback + 0x5
xul.dll!mozilla::layers::ClientContainerLayer::RenderLayer + 0xA5
xul.dll!mozilla::layers::ClientLayer::RenderLayerWithReadback + 0x5
xul.dll!mozilla::layers::ClientContainerLayer::RenderLayer + 0xA5
xul.dll!mozilla::layers::ClientLayer::RenderLayerWithReadback + 0x5
xul.dll!mozilla::layers::ClientContainerLayer::RenderLayer + 0xA5
xul.dll!mozilla::layers::ClientLayerManager::EndTransactionInternal + 0xD8
xul.dll!mozilla::layers::ClientLayerManager::EndTransaction + 0x2B
xul.dll!nsDisplayList::PaintRoot + 0x456
xul.dll!nsLayoutUtils::PaintFrame + 0x5C0
xul.dll!PresShell::Paint + 0x13C
xul.dll!nsViewManager::ProcessPendingUpdatesPaint + 0xBE
xul.dll!nsViewManager::ProcessPendingUpdatesForView + 0x133
xul.dll!nsViewManager::ProcessPendingUpdates + 0x2E
xul.dll!nsRefreshDriver::Tick + 0x47A
xul.dll!mozilla::RefreshDriverTimer::TickDriver + 0x39
xul.dll!mozilla::RefreshDriverTimer::Tick + 0xB8
xul.dll!mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers + 0x79
xul.dll!mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver + 0x4E
xul.dll!nsRunnableMethodImpl<void (__thiscall mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::*)(mozilla::TimeStamp),1,mozilla::TimeStamp>::Run + 0x1F
xul.dll!nsThread::ProcessNextEvent + 0x281
xul.dll!mozilla::ipc::MessagePump::Run + 0x5F
xul.dll!MessageLoop::RunHandler + 0x20
xul.dll!MessageLoop::Run + 0x19
xul.dll!nsBaseAppShell::Run + 0x32
xul.dll!nsAppShell::Run + 0x1B
xul.dll!nsAppStartup::Run + 0x20
xul.dll!XREMain::XRE_mainRun + 0x4A7
xul.dll!XREMain::XRE_main + 0x1F8
xul.dll!XRE_main + 0x40
firefox.exe!do_main + 0x125
firefox.exe!NS_internal_main + 0xEC
firefox.exe!wmain + 0xBC
firefox.exe!__tmainCRTStartup + 0xFE
kernel32.dll!BaseThreadInitThunk + 0xE
ntdll.dll!__RtlUserThreadStart + 0x70
ntdll.dll!_RtlUserThreadStart + 0x1B

Note that this does NOT appear to affect nightly.
Attached file BugId report
Additional note: This may be related to hardware acceleration, as this triggers reliably in v41 on VMs running on my servers, but not at all in v41 on my main machine.
Crash Signature: [@ mozilla::layers::ContentClientDoubleBuffered::FinalizeFrame ]
See Also: → 1200021
This was mentioned in the channel meeting today as a topcrash in 43.0b4. 
Jet, can you help us find an owner for this bug? Thanks.
Flags: needinfo?(bugs)
Keywords: topcrash
Component: Layout → Graphics: Layers
Flags: needinfo?(bugs)
OK, I'll track it there and untrack here. Thanks Milan
This is a bit hard to follow but I'll try to summarize it as best I can.

*This* bug depends on (or is a dupe of) bug 1200021 which depends on bug 1233182 which depends on bug 1230740 which was just landed on Aurora today to test impact.

Currently the signature sits at the following ranks in each branch:
> Nightly (46): 0 crashes over the last week
>  Aurora (45): 0 crashes over the last week
>    Beta (44): 726 crashes over the last week or #20 with 0.82%
> Release (43): 0 crashes over the last week

I'll follow up in the chain of bugs but I think we should make sure this gets into 44 before we release if it's low enough risk.
[Tracking Requested - why for this release]: updating status flags and nominating to track based on current data. I think we should continue to track this until we know for certain it is a dupe.
We should check how this goes once Beta 9 happens.
Seems like we can close this based on bug 1230740 comment 27.  Anthony, can you check and re-open if that's not the case?
Status: NEW → RESOLVED
Closed: 4 years ago
Flags: needinfo?(anthony.s.hughes)
Resolution: --- → FIXED
(In reply to Milan Sreckovic [:milan] from comment #10)
> Seems like we can close this based on bug 1230740 comment 27.  Anthony, can
> you check and re-open if that's not the case?

Well this is not fixed for Firefox 44 given that bug 1230740 never uplifted to Beta. Over the last week we had 183 crashes reported against 44.0 Beta. That said it's no longer a topcrash.

Skylined, does your testcase still reproduce in the latest Firefox 44.0 build?
Flags: needinfo?(anthony.s.hughes) → needinfo?(berendjanwever)
No
Flags: needinfo?(berendjanwever)
(In reply to SkyLined from comment #12)
> No

Thanks
Status: RESOLVED → VERIFIED
(In reply to Anthony Hughes, QA Mentor (:ashughes) from comment #11)
> (In reply to Milan Sreckovic [:milan] from comment #10)
> > Seems like we can close this based on bug 1230740 comment 27.  Anthony, can
> > you check and re-open if that's not the case?
> 
> Well this is not fixed for Firefox 44 given that bug 1230740 never uplifted
> to Beta. Over the last week we had 183 crashes reported against 44.0 Beta.
> That said it's no longer a topcrash.

Right, it's a bit confusing, since the uplift actually happened in bug 1233182.
You need to log in before you can comment on or make changes to this bug.