BD24 AVR:NULL firefox.exe!xul.dll!mozilla::layers::ContentClientDoubleBuffered::FinalizeFrame

VERIFIED FIXED

Status

()

--
critical
VERIFIED FIXED
3 years ago
3 years ago

People

(Reporter: abbGZcvu_bugzilla.mozilla.org, Unassigned)

Tracking

({crash, testcase, topcrash})

41 Branch
crash, testcase, topcrash
Points:
---

Firefox Tracking Flags

(firefox43 unaffected, firefox44+ fixed, firefox45 unaffected, firefox46 unaffected)

Details

(crash signature)

Attachments

(2 attachments)

(Reporter)

Description

3 years ago
Created attachment 8676706 [details]
Repro

Repro:
<nav><marquee>x<style>*{transform:scaleY(9)

Problem:
Access violation while reading memory at 0x0 using a NULL ptr

Stack:
xul.dll!mozilla::layers::ContentClientDoubleBuffered::FinalizeFrame + 0xC9 (BD in id)
xul.dll!mozilla::layers::RotatedContentBuffer::BeginPaint + 0x261 (24 in id)
xul.dll!mozilla::layers::ContentClientRemoteBuffer::BeginPaintBuffer + 0x14
xul.dll!mozilla::layers::ClientPaintedLayer::PaintThebes + 0x84
xul.dll!mozilla::layers::ClientPaintedLayer::RenderLayerWithReadback + 0x7A
xul.dll!mozilla::layers::ClientContainerLayer::RenderLayer + 0xA5
xul.dll!mozilla::layers::ClientLayer::RenderLayerWithReadback + 0x5
xul.dll!mozilla::layers::ClientContainerLayer::RenderLayer + 0xA5
xul.dll!mozilla::layers::ClientLayer::RenderLayerWithReadback + 0x5
xul.dll!mozilla::layers::ClientContainerLayer::RenderLayer + 0xA5
xul.dll!mozilla::layers::ClientLayer::RenderLayerWithReadback + 0x5
xul.dll!mozilla::layers::ClientContainerLayer::RenderLayer + 0xA5
xul.dll!mozilla::layers::ClientLayer::RenderLayerWithReadback + 0x5
xul.dll!mozilla::layers::ClientContainerLayer::RenderLayer + 0xA5
xul.dll!mozilla::layers::ClientLayer::RenderLayerWithReadback + 0x5
xul.dll!mozilla::layers::ClientContainerLayer::RenderLayer + 0xA5
xul.dll!mozilla::layers::ClientLayerManager::EndTransactionInternal + 0xD8
xul.dll!mozilla::layers::ClientLayerManager::EndTransaction + 0x2B
xul.dll!nsDisplayList::PaintRoot + 0x456
xul.dll!nsLayoutUtils::PaintFrame + 0x5C0
xul.dll!PresShell::Paint + 0x13C
xul.dll!nsViewManager::ProcessPendingUpdatesPaint + 0xBE
xul.dll!nsViewManager::ProcessPendingUpdatesForView + 0x133
xul.dll!nsViewManager::ProcessPendingUpdates + 0x2E
xul.dll!nsRefreshDriver::Tick + 0x47A
xul.dll!mozilla::RefreshDriverTimer::TickDriver + 0x39
xul.dll!mozilla::RefreshDriverTimer::Tick + 0xB8
xul.dll!mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers + 0x79
xul.dll!mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver + 0x4E
xul.dll!nsRunnableMethodImpl<void (__thiscall mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::*)(mozilla::TimeStamp),1,mozilla::TimeStamp>::Run + 0x1F
xul.dll!nsThread::ProcessNextEvent + 0x281
xul.dll!mozilla::ipc::MessagePump::Run + 0x5F
xul.dll!MessageLoop::RunHandler + 0x20
xul.dll!MessageLoop::Run + 0x19
xul.dll!nsBaseAppShell::Run + 0x32
xul.dll!nsAppShell::Run + 0x1B
xul.dll!nsAppStartup::Run + 0x20
xul.dll!XREMain::XRE_mainRun + 0x4A7
xul.dll!XREMain::XRE_main + 0x1F8
xul.dll!XRE_main + 0x40
firefox.exe!do_main + 0x125
firefox.exe!NS_internal_main + 0xEC
firefox.exe!wmain + 0xBC
firefox.exe!__tmainCRTStartup + 0xFE
kernel32.dll!BaseThreadInitThunk + 0xE
ntdll.dll!__RtlUserThreadStart + 0x70
ntdll.dll!_RtlUserThreadStart + 0x1B

Note that this does NOT appear to affect nightly.
(Reporter)

Comment 1

3 years ago
Created attachment 8676709 [details]
BugId report
(Reporter)

Comment 2

3 years ago
Additional note: This may be related to hardware acceleration, as this triggers reliably in v41 on VMs running on my servers, but not at all in v41 on my main machine.

Updated

3 years ago
Crash Signature: [@ mozilla::layers::ContentClientDoubleBuffered::FinalizeFrame ]
See Also: → bug 1200021
This was mentioned in the channel meeting today as a topcrash in 43.0b4. 
Jet, can you help us find an owner for this bug? Thanks.
status-firefox43: --- → affected
status-firefox44: --- → ?
status-firefox45: --- → ?
tracking-firefox43: --- → +
Flags: needinfo?(bugs)
Keywords: topcrash
Component: Layout → Graphics: Layers
Chances are, a duplicate of bug 1200021.
Flags: needinfo?(bugs)
OK, I'll track it there and untrack here. Thanks Milan
tracking-firefox43: + → ---
This is a bit hard to follow but I'll try to summarize it as best I can.

*This* bug depends on (or is a dupe of) bug 1200021 which depends on bug 1233182 which depends on bug 1230740 which was just landed on Aurora today to test impact.

Currently the signature sits at the following ranks in each branch:
> Nightly (46): 0 crashes over the last week
>  Aurora (45): 0 crashes over the last week
>    Beta (44): 726 crashes over the last week or #20 with 0.82%
> Release (43): 0 crashes over the last week

I'll follow up in the chain of bugs but I think we should make sure this gets into 44 before we release if it's low enough risk.
[Tracking Requested - why for this release]: updating status flags and nominating to track based on current data. I think we should continue to track this until we know for certain it is a dupe.
status-firefox43: affected → unaffected
status-firefox44: ? → affected
status-firefox45: ? → unaffected
status-firefox46: --- → unaffected
tracking-firefox44: --- → ?

Comment 8

3 years ago
Tracked. Waiting for Milan to respond to https://bugzilla.mozilla.org/show_bug.cgi?id=1230740#c24
tracking-firefox44: ? → +
We should check how this goes once Beta 9 happens.
Seems like we can close this based on bug 1230740 comment 27.  Anthony, can you check and re-open if that's not the case?
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Flags: needinfo?(anthony.s.hughes)
Resolution: --- → FIXED
(In reply to Milan Sreckovic [:milan] from comment #10)
> Seems like we can close this based on bug 1230740 comment 27.  Anthony, can
> you check and re-open if that's not the case?

Well this is not fixed for Firefox 44 given that bug 1230740 never uplifted to Beta. Over the last week we had 183 crashes reported against 44.0 Beta. That said it's no longer a topcrash.

Skylined, does your testcase still reproduce in the latest Firefox 44.0 build?
Flags: needinfo?(anthony.s.hughes) → needinfo?(berendjanwever)
(Reporter)

Comment 12

3 years ago
No
Flags: needinfo?(berendjanwever)
(In reply to SkyLined from comment #12)
> No

Thanks
Status: RESOLVED → VERIFIED
status-firefox44: affected → fixed
(In reply to Anthony Hughes, QA Mentor (:ashughes) from comment #11)
> (In reply to Milan Sreckovic [:milan] from comment #10)
> > Seems like we can close this based on bug 1230740 comment 27.  Anthony, can
> > you check and re-open if that's not the case?
> 
> Well this is not fixed for Firefox 44 given that bug 1230740 never uplifted
> to Beta. Over the last week we had 183 crashes reported against 44.0 Beta.
> That said it's no longer a topcrash.

Right, it's a bit confusing, since the uplift actually happened in bug 1233182.
You need to log in before you can comment on or make changes to this bug.