Open Bug 1269028 Opened 7 years ago Updated 12 days ago

crash in floorf called from mozilla::ContainerState::ScaleToOutsidePixels, on AMD family 20 model 2 stepping 0 CPUs

Categories

(Core :: Layout, defect, P5)

Unspecified
Windows NT
defect

Tracking

()

REOPENED
Tracking Status
platform-rel --- -
firefox47 --- affected
firefox48 --- affected
firefox49 --- affected
firefox50 --- affected

People

(Reporter: dbaron, Unassigned)

References

Details

(Keywords: crash, Whiteboard: [platform-rel-AMD], qa-not-actionable)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-a30539c8-9801-4fdb-9313-3f9a52160428.
=============================================================

In yesterday's nightly there were 4 crashes where the top of the stack was:
0 	ucrtbase.dll 	floorf 	
1 	xul.dll 	mozilla::ContainerState::ScaleToOutsidePixels(nsRect const&, bool) 	layout/base/FrameLayerBuilder.cpp
2 	xul.dll 	mozilla::ContainerState::ProcessDisplayItems(nsDisplayList*) 	layout/base/FrameLayerBuilder.cpp
3 	xul.dll 	mozilla::FrameLayerBuilder::BuildContainerLayerFor(nsDisplayListBuilder*, mozilla::layers::LayerManager*, nsIFrame*, nsDisplayItem*, nsDisplayList*, mozilla::ContainerLayerParameters const&, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits> const*, unsigned int) 	layout/base/FrameLayerBuilder.cpp
4 	xul.dll 	nsDisplayList::PaintRoot(nsDisplayListBuilder*, nsRenderingContext*, unsigned int) 	layout/base/nsDisplayList.cpp
5 	xul.dll 	nsLayoutUtils::PaintFrame(nsRenderingContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, unsigned int) 	layout/base/nsLayoutUtils.cpp
6 	xul.dll 	PresShell::Paint(nsView*, nsRegion const&, unsigned int) 	layout/base/nsPresShell.cpp

All 4 users were running 64-bit builds on Windows 10, and had video driver version 15.201.1151.0 (although there were 3 different "Adapter subsys id"s and 4 different install times).  All 4 users had "family 20 model 2 stepping 0 | 2" CPUs, which is consistent with bug 772330.

Debugging the crash (which I did for 2 of the 4) showed nonsense:  RIP was allegedly on the first instruction of floorf, which is "xor r8d,r8d", although the crash was an EXCEPTION_ACCESS_VIOLATION_WRITE with a crash address of 0x0.

This seems basically unactionable, though we'll see if it happens again.
unactionable -> P5, for now
Priority: -- → P5
No longer blocks: 772330
Depends on: 772330
Crash volume for signature 'floorf':
 - nightly (version 50): 6 crashes from 2016-06-06.
 - aurora  (version 49): 3 crashes from 2016-06-07.
 - beta    (version 48): 31 crashes from 2016-06-06.
 - release (version 47): 0 crash from 2016-05-31.
 - esr     (version 45): 0 crash from 2016-04-07.

Crash volume on the last weeks:
             Week N-1   Week N-2   Week N-3   Week N-4   Week N-5   Week N-6   Week N-7
 - nightly          0          0          5          0          0          1          0
 - aurora           1          0          0          0          0          2          0
 - beta            14         13          3          0          0          0          0
 - release          0          0          0          0          0          0          0
 - esr              0          0          0          0          0          0          0

Affected platform: Windows
Crash volume for signature 'floorf':
 - nightly(version 50):8 crashes from 2016-06-06.
 - aurora (version 49):3 crashes from 2016-06-07.
 - beta   (version 48):33 crashes from 2016-06-06.
 - release(version 47):1 crash from 2016-05-31.
 - esr    (version 45):0 crashes from 2016-04-07.

Crash volume on the last weeks:
            W. N-1  W. N-2  W. N-3  W. N-4  W. N-5  W. N-6  W. N-7
 - nightly       1       0       1       5       0       0       1
 - aurora        0       1       0       0       0       0       2
 - beta          1      14      15       3       0       0       0
 - release       1       0       0       0       0       0       0
 - esr           0       0       0       0       0       0       0

Affected platform: Windows
platform-rel: --- → ?
Whiteboard: [platform-rel-AMD]
platform-rel: ? → +
Very low volume (e.g., 1 in the past week), removing partner tracking.  Could be related to bug 1248241 though, both are converting floats to ints...
platform-rel: + → -
See Also: → 1248241

Reopening bug since there are crash reports in the last 6 months

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → WORKSFORME
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Whiteboard: [platform-rel-AMD] → [platform-rel-AMD], qa-not-actionable

Since the crash volume is low (less than 5 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.

For more information, please visit auto_nag documentation.

Severity: critical → S3
You need to log in before you can comment on or make changes to this bug.