Open
Bug 1269028
Opened 9 years ago
Updated 2 years ago
crash in floorf called from mozilla::ContainerState::ScaleToOutsidePixels, on AMD family 20 model 2 stepping 0 CPUs
Categories
(Core :: Layout, defect, P5)
Tracking
()
People
(Reporter: dbaron, Unassigned)
References
Details
(Keywords: crash, Whiteboard: [platform-rel-AMD], qa-not-actionable)
Crash Data
This bug was filed from the Socorro interface and is
report bp-a30539c8-9801-4fdb-9313-3f9a52160428.
=============================================================
In yesterday's nightly there were 4 crashes where the top of the stack was:
0 ucrtbase.dll floorf
1 xul.dll mozilla::ContainerState::ScaleToOutsidePixels(nsRect const&, bool) layout/base/FrameLayerBuilder.cpp
2 xul.dll mozilla::ContainerState::ProcessDisplayItems(nsDisplayList*) layout/base/FrameLayerBuilder.cpp
3 xul.dll mozilla::FrameLayerBuilder::BuildContainerLayerFor(nsDisplayListBuilder*, mozilla::layers::LayerManager*, nsIFrame*, nsDisplayItem*, nsDisplayList*, mozilla::ContainerLayerParameters const&, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits> const*, unsigned int) layout/base/FrameLayerBuilder.cpp
4 xul.dll nsDisplayList::PaintRoot(nsDisplayListBuilder*, nsRenderingContext*, unsigned int) layout/base/nsDisplayList.cpp
5 xul.dll nsLayoutUtils::PaintFrame(nsRenderingContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, unsigned int) layout/base/nsLayoutUtils.cpp
6 xul.dll PresShell::Paint(nsView*, nsRegion const&, unsigned int) layout/base/nsPresShell.cpp
All 4 users were running 64-bit builds on Windows 10, and had video driver version 15.201.1151.0 (although there were 3 different "Adapter subsys id"s and 4 different install times). All 4 users had "family 20 model 2 stepping 0 | 2" CPUs, which is consistent with bug 772330.
Debugging the crash (which I did for 2 of the 4) showed nonsense: RIP was allegedly on the first instruction of floorf, which is "xor r8d,r8d", although the crash was an EXCEPTION_ACCESS_VIOLATION_WRITE with a crash address of 0x0.
This seems basically unactionable, though we'll see if it happens again.
Reporter | ||
Updated•9 years ago
|
Comment 2•8 years ago
|
||
Crash volume for signature 'floorf':
- nightly (version 50): 6 crashes from 2016-06-06.
- aurora (version 49): 3 crashes from 2016-06-07.
- beta (version 48): 31 crashes from 2016-06-06.
- release (version 47): 0 crash from 2016-05-31.
- esr (version 45): 0 crash from 2016-04-07.
Crash volume on the last weeks:
Week N-1 Week N-2 Week N-3 Week N-4 Week N-5 Week N-6 Week N-7
- nightly 0 0 5 0 0 1 0
- aurora 1 0 0 0 0 2 0
- beta 14 13 3 0 0 0 0
- release 0 0 0 0 0 0 0
- esr 0 0 0 0 0 0 0
Affected platform: Windows
Comment 3•8 years ago
|
||
Crash volume for signature 'floorf':
- nightly(version 50):8 crashes from 2016-06-06.
- aurora (version 49):3 crashes from 2016-06-07.
- beta (version 48):33 crashes from 2016-06-06.
- release(version 47):1 crash from 2016-05-31.
- esr (version 45):0 crashes from 2016-04-07.
Crash volume on the last weeks:
W. N-1 W. N-2 W. N-3 W. N-4 W. N-5 W. N-6 W. N-7
- nightly 1 0 1 5 0 0 1
- aurora 0 1 0 0 0 0 2
- beta 1 14 15 3 0 0 0
- release 1 0 0 0 0 0 0
- esr 0 0 0 0 0 0 0
Affected platform: Windows
status-firefox47:
--- → affected
Updated•8 years ago
|
platform-rel: --- → ?
Whiteboard: [platform-rel-AMD]
Updated•8 years ago
|
platform-rel: ? → +
Very low volume (e.g., 1 in the past week), removing partner tracking. Could be related to bug 1248241 though, both are converting floats to ints...
platform-rel: + → -
See Also: → 1248241
Reopening bug since there are crash reports in the last 6 months
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WORKSFORME
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Whiteboard: [platform-rel-AMD] → [platform-rel-AMD], qa-not-actionable
Comment 6•2 years ago
|
||
Since the crash volume is low (less than 5 per week), the severity is downgraded to S3
. Feel free to change it back if you think the bug is still critical.
For more information, please visit auto_nag documentation.
Severity: critical → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•