Closed Bug 1230740 Opened 4 years ago Closed 4 years ago

crash in mozilla::gfx::GetCairoSurfaceForSourceSurface

Categories

(Core :: Graphics, defect, critical)

43 Branch
x86
Windows NT
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla46
Tracking Status
firefox43 - wontfix
firefox44 --- affected
firefox45 --- fixed
firefox46 --- fixed

People

(Reporter: philipp, Assigned: milan)

References

Details

(Keywords: crash, topcrash-win)

Crash Data

Attachments

(2 files)

[Tracking Requested - why for this release]:

This bug was filed from the Socorro interface and is 
report bp-d687bf78-6bbe-4809-8462-ddf282151203.
=============================================================
Crashing Thread
Frame 	Module 	Signature 	Source
0 	xul.dll 	mozilla::gfx::GetCairoSurfaceForSourceSurface(mozilla::gfx::SourceSurface*, bool, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) 	gfx/2d/DrawTargetCairo.cpp
1 	xul.dll 	mozilla::gfx::AutoClearDeviceOffset::Init(mozilla::gfx::SourceSurface*) 	gfx/2d/DrawTargetCairo.cpp
2 	xul.dll 	mozilla::gfx::DrawTargetCairo::DrawSurface(mozilla::gfx::SourceSurface*, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::DrawSurfaceOptions const&, mozilla::gfx::DrawOptions const&) 	gfx/2d/DrawTargetCairo.cpp
3 	xul.dll 	mozilla::layers::RotatedBuffer::DrawBufferQuadrant(mozilla::gfx::DrawTarget*, mozilla::layers::RotatedBuffer::XSide, mozilla::layers::RotatedBuffer::YSide, mozilla::layers::RotatedBuffer::ContextSource, float, mozilla::gfx::CompositionOp, mozilla::gfx::SourceSurface*, mozilla::gfx::Matrix const*) 	gfx/layers/RotatedBuffer.cpp
4 	xul.dll 	mozilla::layers::RotatedBuffer::DrawBufferWithRotation(mozilla::gfx::DrawTarget*, mozilla::layers::RotatedBuffer::ContextSource, float, mozilla::gfx::CompositionOp, mozilla::gfx::SourceSurface*, mozilla::gfx::Matrix const*) 	gfx/layers/RotatedBuffer.cpp
5 	xul.dll 	mozilla::layers::RotatedContentBuffer::BeginPaint(mozilla::layers::PaintedLayer*, unsigned int) 	gfx/layers/RotatedBuffer.cpp
6 	xul.dll 	mozilla::layers::ContentClientRemoteBuffer::BeginPaintBuffer(mozilla::layers::PaintedLayer*, unsigned int) 	gfx/layers/client/ContentClient.h
7 	xul.dll 	mozilla::layers::ClientPaintedLayer::PaintThebes() 	gfx/layers/client/ClientPaintedLayer.cpp
8 	xul.dll 	mozilla::layers::ClientPaintedLayer::RenderLayerWithReadback(mozilla::layers::ReadbackProcessor*) 	gfx/layers/client/ClientPaintedLayer.cpp
9 	xul.dll 	mozilla::layers::ClientContainerLayer::RenderLayer() 	gfx/layers/client/ClientContainerLayer.h
10 	xul.dll 	mozilla::layers::ClientLayer::RenderLayerWithReadback(mozilla::layers::ReadbackProcessor*) 	gfx/layers/client/ClientLayerManager.h
11 	xul.dll 	mozilla::layers::ClientContainerLayer::RenderLayer() 	gfx/layers/client/ClientContainerLayer.h
12 	xul.dll 	mozilla::layers::ClientLayer::RenderLayerWithReadback(mozilla::layers::ReadbackProcessor*) 	gfx/layers/client/ClientLayerManager.h
13 	xul.dll 	mozilla::layers::ClientContainerLayer::RenderLayer() 	gfx/layers/client/ClientContainerLayer.h
14 	xul.dll 	mozilla::layers::ClientLayer::RenderLayerWithReadback(mozilla::layers::ReadbackProcessor*) 	gfx/layers/client/ClientLayerManager.h
15 	xul.dll 	mozilla::layers::ClientContainerLayer::RenderLayer() 	gfx/layers/client/ClientContainerLayer.h
16 	xul.dll 	mozilla::layers::ClientLayerManager::EndTransactionInternal(void (*)(mozilla::layers::PaintedLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) 	gfx/layers/client/ClientLayerManager.cpp
17 	xul.dll 	mozilla::layers::ClientLayerManager::EndTransaction(void (*)(mozilla::layers::PaintedLayer*, gfxContext*, nsIntRegion const&, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) 	gfx/layers/client/ClientLayerManager.cpp
18 	xul.dll 	nsDisplayList::PaintRoot(nsDisplayListBuilder*, nsRenderingContext*, unsigned int) 	layout/base/nsDisplayList.cpp
19 	xul.dll 	nsLayoutUtils::PaintFrame(nsRenderingContext*, nsIFrame*, nsRegion const&, unsigned int, unsigned int) 	layout/base/nsLayoutUtils.cpp
20 	xul.dll 	PresShell::Paint(nsView*, nsRegion const&, unsigned int) 	layout/base/nsPresShell.cpp

this signature has sprung up in beta 8 in the 43 cycle, so it is probably an effect of the fixes landed in bug 1200021 - it's around #10 on the top score board for 43.0b8. it's not contained to a particular gpu vendor/driver.

nominating for tracking, since it sprung up late in the cycle & so that we keep an eye on its impact.
Tracking for 43, Milan if you have a chance, looks like there is some fallout from bug 1200021.
Flags: needinfo?(milan)
I will take a look - do we know if the crash from bug 1200021 got any better, and if this one is worse than that one?  Given the timing, chances are the backout is the best way to do it, and continue to live with the devil we know from bug 1200021.
If we decide not to back out bug 1200021, here's a speculative patch.
Flags: needinfo?(milan)
Attachment #8696670 - Flags: review?(bas)
Attachment #8696670 - Flags: review?(bas) → review+
the volume of this crash doesn't look much worse than bug 1200021 did.
Comment on attachment 8696670 [details] [diff] [review]
Beta patch - wallpaper over nullptr crashes. r=bas

Approval Request Comment
Do we have time for a beta, with this patch, and time enough to back it out (together with bug 1200021 patch) if this doesn't help?
Attachment #8696670 - Flags: approval-mozilla-beta?
Assignee: nobody → milan
Reproduced with bughunter.

reproducible with x86 bp-dc44efd6-5ecb-4383-b99c-6088c2151210 and x86_64 bp-0ddc6396-5261-4924-94db-0319c2151210 on Windows 7 at https://s0.2mdn.net/1019344/1443037910075/selfie-300x600/index.html

To reproduce, reload the page multiple times. The browser may hang and not show a crash report, but if you kill it and start again and go to about:crashes you will see the crash report.
Great - I'll take a look on Monday when I have Win 7 access.
Flags: needinfo?(milan)
Attachment #8696670 - Attachment description: Wallpaper over nullptr crashes. r=bas → Beta patch - wallpaper over nullptr crashes. r=bas
Flags: needinfo?(milan)
Having trouble reproducing; Bob, what's your about:support graphics section look like?
Flags: needinfo?(bob)
Windows ESX VM:

Graphics
--------

Adapter Description: RDPDD Chained DD
Adapter Description (GPU #2): VMware SVGA 3D
Adapter Drivers: RDPDD
Adapter Drivers (GPU #2): vm3dum vm3dgl
Adapter RAM: Unknown
Adapter RAM (GPU #2): 16
Asynchronous Pan/Zoom: wheel input enabled
Device ID: 0x0000
Device ID (GPU #2): 0x0405
Direct2D Enabled: Blocked for your graphics card because of unresolved driver issues.
DirectWrite Enabled: false (6.2.9200.17568)
Driver Date (GPU #2): 11-11-2013
Driver Version (GPU #2): 7.14.1.2032
GPU #2 Active: false
GPU Accelerated Windows: 0/1 Basic (OMTC) Blocked for your graphics card because of unresolved driver issues.
Subsys ID: 00000000
Subsys ID (GPU #2): 040515ad
Supports Hardware H264 Decoding: No; Hardware video decoding disabled or blacklisted
Vendor ID: 0x0000
Vendor ID (GPU #2): 0x15ad
WebGL Renderer: Blocked for your graphics card because of unresolved driver issues.
windowLayerManagerRemote: true
AzureCanvasBackend: skia
AzureContentBackend: cairo
AzureFallbackCanvasBackend: cairo
AzureSkiaAccelerated: 0
Flags: needinfo?(bob)
Comment on attachment 8696670 [details] [diff] [review]
Beta patch - wallpaper over nullptr crashes. r=bas

Crash fix, taking it. Let's uplift to Beta44.
Attachment #8696670 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Neither patch here appears to apply cleanly to beta 44. Can we get a rebased patch if this is still needed for the new beta 44?
Flags: needinfo?(milan)
This is a follow up patch to bug 1200021; that was never put on 44 (we did 45 and 43.)  I would suggest a few days of collecting 45 information in aurora, and if it looks like the combination of this and bug 1200021 took care of the problem, we can uplift to 44.
Yes, no, maybe?
Comment on attachment 8696670 [details] [diff] [review]
Beta patch - wallpaper over nullptr crashes. r=bas

Going with Milan's recommendation to wait for Aurora45 data before uplifting this to Beta44. Nom'ing for Aurora uplift.
Attachment #8696670 - Flags: approval-mozilla-beta-
Attachment #8696670 - Flags: approval-mozilla-beta+
Attachment #8696670 - Flags: approval-mozilla-aurora?
We can track issues specific to 44 in bug 1233182 because it depends on another bug.
Flags: needinfo?(milan)
Let's land the main patch at this point, and then figure out 45 (in this bug) and 44 (in bug 1233182.)
Keywords: checkin-needed
Attachment #8698160 - Flags: checkin? → checkin+
https://hg.mozilla.org/mozilla-central/rev/99e72f7e3843
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla46
Just a note that this is currently the #14 topcrash in Release with 1877 crashes reported against Firefox 43.0.1, accounting for 0.91% of crashes on Release. I'm not sure what the current uplift strategy is but if this is low risk we should uplift.
Comment on attachment 8696670 [details] [diff] [review]
Beta patch - wallpaper over nullptr crashes. r=bas

Taking it in aurora to test the impact.
Attachment #8696670 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
From bug 1216909 (depends on this bug among others)
===================================================
Currently the signature sits at the following ranks in each branch:
> Nightly (46): 0 crashes over the last week
>  Aurora (45): 0 crashes over the last week
>    Beta (44): 726 crashes over the last week or #20 with 0.82%
> Release (43): 0 crashes over the last week

Given these stats I'm not sure the Nightly/Aurora data is going to be useful. We may want to consider uplifting to Beta sooner rather than later so if there are any negative impacts we hear about them sooner and can back out as necessary.
> Given these stats I'm not sure the Nightly/Aurora data is going to be useful.

Actually I take this bit back. I just noticed the signature in this bug is different (the stats above are for the signature that depends on this bug). We *do* actually have stats for *this* signature (182 and 98 in Nightly and Aurora respectively). So at the end of the day we should be able to measure the impact of this change.

However, I would still like to ask that we keep an eye on bug 1216909 and its dependencies (this bug being one of them) as that is a topcrash that currently affects Beta and Beta alone. I'd like to see that get fixed as part of Firefox 44's release.
Milan, do you feel we are at a safe place where we can consider uplifting this fix to Beta44 to ultimately address top crash bug 1216909? If we do not have conclusive data on how much it has helped, is it worthwhile uplifting this for 44.0b6 and watch it for a week? We can backout if things go downhill or keep it otherwise. Please let me know.
Flags: needinfo?(milan)
I don't see crashes in Aurora after the 28th, so it seems to have helped.  I don't trust my search skills completely, so Anthony can confirm, but, yes, I'd uplift this to Beta.
Flags: needinfo?(milan) → needinfo?(anthony.s.hughes)
Attachment #8696670 - Flags: approval-mozilla-beta- → approval-mozilla-beta?
Comment on attachment 8696670 [details] [diff] [review]
Beta patch - wallpaper over nullptr crashes. r=bas

Will take care of uplifting this to beta/44 as a part of bug 1233182.
Attachment #8696670 - Flags: approval-mozilla-beta?
Sorry it took so long to come back to this, bugmail started going to spam after my holidays. Firefox 45.0a2 has 10 crashes over the last week with a build ID on or before 20151228004010, no crashes with anything more recent.
Flags: needinfo?(anthony.s.hughes)
You need to log in before you can comment on or make changes to this bug.