crash in @0x0 | CContext::ID3D11DeviceContext1_SetSamplers_<T>

RESOLVED FIXED in Firefox 47

Status

()

defect
--
critical
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: philipp, Assigned: jrmuizel)

Tracking

({crash})

45 Branch
mozilla49
x86
Windows NT
Points:
---

Firefox Tracking Flags

(firefox45 affected, firefox46 affected, firefox47 fixed, firefox48 fixed, firefox49 fixed)

Details

(Whiteboard: [gfx-noted], crash signature)

Attachments

(1 attachment)

(Reporter)

Description

3 years ago
This bug was filed from the Socorro interface and is 
report bp-d101cc6b-133b-46ea-b136-c920a2160406.
=============================================================
Crashing Thread (0)
Frame 	Module 	Signature 	Source
0 		@0x0 	
1 	d3d11.dll 	CContext::ID3D11DeviceContext1_SetSamplers_<4, 5>(ID3D11DeviceContext1*, unsigned int, unsigned int, ID3D11SamplerState* const*) 	
2 	d3d11.dll 	CContext::InitializeDefaults() 	
3 	d3d11.dll 	CDevice::LLOCompleteLayerConstruction() 	
4 	d3d11.dll 	CBridgeImpl<ILayeredLockOwner, ID3D11LayeredDevice, CLayeredObject<CDevice> >::LLOCompleteLayerConstruction() 	
5 	d3d11.dll 	NDXGI::CDevice::LLOCompleteLayerConstruction() 	
6 	d3d11.dll 	CBridgeImpl<ILayeredLockOwner, ID3D11LayeredDevice, CLayeredObject<NDXGI::CDevice> >::LLOCompleteLayerConstruction() 	
7 	d3d11.dll 	NOutermost::CDevice::LLOCompleteLayerConstruction() 	
8 	d3d11.dll 	NOutermost::CDevice::FinalConstruct(NOutermost::CDevice::TConstructorArgs const&) 	
9 	d3d11.dll 	TComObject<NOutermost::CDevice>::TComObject<NOutermost::CDevice>(void*, NOutermost::CDevice::TConstructorArgs const&, _GUID const&, void**) 	
10 	d3d11.dll 	TComObject<NOutermost::CDevice>::CreateInstance(NOutermost::CDevice::TConstructorArgs const&, void*, void*, _GUID const&, void**) 	
11 	d3d11.dll 	D3D11CreateLayeredDevice(unsigned int, void const*, unsigned long, ID3D11LayeredDevice*, _GUID const&, void**) 	
12 	d3d11.dll 	D3D11CoreCreateLayeredDevice 	
13 	d3d11.dll 	D3D11CoreCreateDevice 	
14 	d3d11.dll 	D3D11CreateDeviceAndSwapChain 	
15 	d3d11.dll 	D3D11CreateDevice 	
16 	libglesv2.dll 	rx::Renderer11::initialize() 	gfx/angle/src/libangle/renderer/d3d/d3d11/Renderer11.cpp
17 	libglesv2.dll 	rx::CreateRendererD3D(egl::Display*, rx::RendererD3D**) 	gfx/angle/src/libangle/renderer/d3d/DisplayD3D.cpp
18 	libglesv2.dll 	rx::DisplayD3D::initialize(egl::Display*) 	gfx/angle/src/libangle/renderer/d3d/DisplayD3D.cpp
19 	ntdll.dll 	RtlQueryPerformanceFrequency 	
20 	msvcr120.dll 	_unlockexit 	f:\dd\vctools\crt\crtw32\startup\crt0dat.c:852
21 	ntdll.dll 	RtlQueryPerformanceFrequency 	
22 	mozglue.dll 	moz_xmalloc 	memory/mozalloc/mozalloc.cpp
23 	libglesv2.dll 	egl::Display::isValidDisplay(egl::Display const*) 	gfx/angle/src/libangle/Display.cpp
24 	libglesv2.dll 	egl::GetDisplay(HDC__*) 	gfx/angle/src/libglesv2/entry_points_egl.cpp
25 	libegl.dll 	eglDestroyImageKHR 	gfx/angle/src/libegl/libEGL.cpp
26 	xul.dll 	mozilla::gl::GLLibraryEGL::EnsureInitialized(bool) 	gfx/gl/GLLibraryEGL.cpp
27 	xul.dll 	mozilla::gl::SurfaceCaps::SurfaceCaps(mozilla::gl::SurfaceCaps const&) 	gfx/gl/SurfaceTypes.cpp
28 	xul.dll 	mozilla::PopulateCapFallbackQueue 	dom/canvas/WebGLContext.cpp
29 	xul.dll 	mozilla::CreateGLWithANGLE 	dom/canvas/WebGLContext.cpp
30 	xul.dll 	mozilla::WebGLContext::CreateAndInitGLWith(already_AddRefed<mozilla::gl::GLContext> (*)(mozilla::gl::SurfaceCaps const&, mozilla::gl::CreateContextFlags, mozilla::WebGLContext*), mozilla::gl::SurfaceCaps const&, mozilla::gl::CreateContextFlags) 	dom/canvas/WebGLContext.cpp
31 	xul.dll 	mozilla::WebGLContext::CreateAndInitGL(bool) 	dom/canvas/WebGLContext.cpp
32 	xul.dll 	mozilla::WebGLContext::SetDimensions(int, int) 	dom/canvas/WebGLContext.cpp
33 	xul.dll 	mozilla::dom::CanvasRenderingContextHelper::UpdateContext(JSContext*, JS::Handle<JS::Value>, mozilla::ErrorResult&) 	dom/canvas/CanvasRenderingContextHelper.cpp
34 	xul.dll 	mozilla::dom::CanvasRenderingContextHelper::GetContext(JSContext*, nsAString_internal const&, JS::Handle<JS::Value>, mozilla::ErrorResult&) 	dom/canvas/CanvasRenderingContextHelper.cpp
35 	xul.dll 	mozilla::dom::HTMLCanvasElement::GetContext(JSContext*, nsAString_internal const&, JS::Handle<JS::Value>, mozilla::ErrorResult&) 	dom/html/HTMLCanvasElement.cpp
36 	xul.dll 	mozilla::dom::HTMLCanvasElementBinding::getContext 	obj-firefox/dom/bindings/HTMLCanvasElementBinding.cpp
37 	xul.dll 	js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
38 	xul.dll 	Interpret 	js/src/vm/Interpreter.cpp
39 	xul.dll 	js::RunScript(JSContext*, js::RunState&) 	js/src/vm/Interpreter.cpp
40 	xul.dll 	js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
41 	xul.dll 	js::fun_apply(JSContext*, unsigned int, JS::Value*) 	js/src/jsfun.cpp
42 	xul.dll 	js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
43 	xul.dll 	Interpret 	js/src/vm/Interpreter.cpp
44 	xul.dll 	js::RunScript(JSContext*, js::RunState&) 	js/src/vm/Interpreter.cpp
45 	xul.dll 	js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
46 	xul.dll 	js::fun_apply(JSContext*, unsigned int, JS::Value*) 	js/src/jsfun.cpp
47 	xul.dll 	js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
48 	xul.dll 	Interpret 	js/src/vm/Interpreter.cpp
49 	xul.dll 	js::RunScript(JSContext*, js::RunState&) 	js/src/vm/Interpreter.cpp
50 	xul.dll 	js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
51 	xul.dll 	js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) 	js/src/vm/Interpreter.cpp
52 	xul.dll 	js::jit::DoCallFallback 	js/src/jit/BaselineIC.cpp
53 		@0x2c975d90 	
54 		@0x2a3bb2a7 	
55 		@0x2c970967 	
56 	xul.dll 	EnterBaseline 	js/src/jit/BaselineJIT.cpp
57 	xul.dll 	xul.dll@0x1ccba8b 	
58 		@0xffffff80 	
59 	xul.dll 	js::jit::CanEnter(JSContext*, js::RunState&) 	js/src/jit/Ion.cpp
60 	xul.dll 	Interpret 	js/src/vm/Interpreter.cpp
61 	xul.dll 	js::RunScript(JSContext*, js::RunState&) 	js/src/vm/Interpreter.cpp
62 	xul.dll 	js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
63 	xul.dll 	js::fun_apply(JSContext*, unsigned int, JS::Value*) 	js/src/jsfun.cpp
64 	xul.dll 	js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
65 	xul.dll 	Interpret 	js/src/vm/Interpreter.cpp
66 	xul.dll 	js::RunScript(JSContext*, js::RunState&) 	js/src/vm/Interpreter.cpp
67 	xul.dll 	js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
68 	xul.dll 	js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) 	js/src/vm/Interpreter.cpp
69 	xul.dll 	js::jit::DoCallFallback 	js/src/jit/BaselineIC.cpp
70 		@0x2c975d90 	
71 		@0x30fef20f 	
72 		@0x346b32e3 	
73 		@0x30ff16bf 	
74 		@0x2c970967 	
75 	xul.dll 	EnterBaseline 	js/src/jit/BaselineJIT.cpp
76 	xul.dll 	js::jit::EnterBaselineMethod(JSContext*, js::RunState&) 	js/src/jit/BaselineJIT.cpp
77 	xul.dll 	js::jit::CanEnter(JSContext*, js::RunState&) 	js/src/jit/Ion.cpp
78 	xul.dll 	js::RunScript(JSContext*, js::RunState&) 	js/src/vm/Interpreter.cpp
79 	mozglue.dll 	je_malloc 	memory/mozjemalloc/jemalloc.c
80 	xul.dll 	js::jit::ICStubCompiler::newStub<js::jit::ICGetProp_Native, js::jit::ICStubSpace*&, js::jit::JitCode*, js::jit::ICStub*&, js::ReceiverGuard&, unsigned int&>(js::jit::ICStubSpace*&, js::jit::JitCode*&&, js::jit::ICStub*&, js::ReceiverGuard&, unsigned int&) 	js/src/jit/SharedIC.h
81 	xul.dll 	js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) 	js/src/vm/Interpreter.cpp
82 	xul.dll 	js::jit::DoCallFallback 	js/src/jit/BaselineIC.cpp
83 		@0xffffff87 	
84 		@0xffffff84

this is the same signature which bug 1222496 tried to address in firefox 44, but it is still crashing in subsequent versions & nearly exclusively on intel gpus. 

many user comments mention google maps as one way to trigger the crash.
jrmuizel, is it similar to bug 1222496?
Flags: needinfo?(jmuizelaar)
Whiteboard: [gfx-noted]
Assignee: nobody → jmuizelaar
Flags: needinfo?(jmuizelaar)
This patch should help. It's not exactly pretty and hopefully can be made better once gfxConfig lands but we need this soon.
Attachment #8745098 - Flags: review?(dvander)
Attachment #8745098 - Flags: review?(dvander) → review+

Comment 4

3 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/706a4bcfad6e
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
Comment on attachment 8745098 [details] [diff] [review]
Don't use D3D11 ANGLE if D3D11 is no good

Approval Request Comment
[Feature/regressing bug #]: D3D11 ANGLE
[User impact if declined]: The browser will crash when using WebGL on affected machiens
[Describe test coverage new/current, TreeHerder]: Has been on m-c for a while
[Risks and why]: Should be pretty low risk. The worst thing that could happen would be to disable D3D11 ANGLE unnecessarily more.
Attachment #8745098 - Flags: approval-mozilla-beta?
Attachment #8745098 - Flags: approval-mozilla-aurora?
Comment on attachment 8745098 [details] [diff] [review]
Don't use D3D11 ANGLE if D3D11 is no good

The overall volume of this crash is quite low but since it's still early Beta, let's uplift. Aurora48+, Beta47+
Attachment #8745098 - Flags: approval-mozilla-beta?
Attachment #8745098 - Flags: approval-mozilla-beta+
Attachment #8745098 - Flags: approval-mozilla-aurora?
Attachment #8745098 - Flags: approval-mozilla-aurora+
Please hold off landing this on aurora/beta for a bit. It may cause us to not use WARP ANGLE when we should be. I'm investigating.
Comment on attachment 8745098 [details] [diff] [review]
Don't use D3D11 ANGLE if D3D11 is no good

Clearing out the flags just to be sure.
Attachment #8745098 - Flags: approval-mozilla-beta+
Attachment #8745098 - Flags: approval-mozilla-aurora+
Comment on attachment 8745098 [details] [diff] [review]
Don't use D3D11 ANGLE if D3D11 is no good

Approval Request Comment
I've checked the concern that I had with this patch and it should be fine.
Attachment #8745098 - Flags: approval-mozilla-beta?
Attachment #8745098 - Flags: approval-mozilla-aurora?
Comment on attachment 8745098 [details] [diff] [review]
Don't use D3D11 ANGLE if D3D11 is no good

Aurora48+, Beta47+
Attachment #8745098 - Flags: approval-mozilla-beta?
Attachment #8745098 - Flags: approval-mozilla-beta+
Attachment #8745098 - Flags: approval-mozilla-aurora?
Attachment #8745098 - Flags: approval-mozilla-aurora+
This patch doesn't apply to aurora.

hg graft -er 706a4bcfad6e
grafting 341563:706a4bcfad6e "Bug 1262427. Don't try D3D11 harder. r=dvander"
merging gfx/thebes/gfxPlatform.cpp
merging gfx/thebes/gfxPlatform.h
merging gfx/thebes/gfxWindowsPlatform.cpp
merging gfx/thebes/gfxWindowsPlatform.h
warning: conflicts while merging gfx/thebes/gfxPlatform.cpp! (edit, then use 'hg resolve --mark')
abort: unresolved conflicts, can't continue
(use hg resolve and hg graft --continue)
Flags: needinfo?(jmuizelaar)
You'll need to use the patch on the bug. The version on central is completely different.
Flags: needinfo?(jmuizelaar)
You need to log in before you can comment on or make changes to this bug.