Open Bug 1269028 Opened 9 years ago Updated 2 years ago

crash in floorf called from mozilla::ContainerState::ScaleToOutsidePixels, on AMD family 20 model 2 stepping 0 CPUs

Categories

(Core :: Layout, defect, P5)

Unspecified
Windows NT
defect

Tracking

()

REOPENED
Tracking Status
platform-rel --- -
firefox47 --- affected
firefox48 --- affected
firefox49 --- affected
firefox50 --- affected

People

(Reporter: dbaron, Unassigned)

References

Details

(Keywords: crash, Whiteboard: [platform-rel-AMD], qa-not-actionable)

Crash Data

This bug was filed from the Socorro interface and is report bp-a30539c8-9801-4fdb-9313-3f9a52160428. ============================================================= In yesterday's nightly there were 4 crashes where the top of the stack was: 0 ucrtbase.dll floorf 1 xul.dll mozilla::ContainerState::ScaleToOutsidePixels(nsRect const&, bool) layout/base/FrameLayerBuilder.cpp 2 xul.dll mozilla::ContainerState::ProcessDisplayItems(nsDisplayList*) layout/base/FrameLayerBuilder.cpp 3 xul.dll mozilla::FrameLayerBuilder::BuildContainerLayerFor(nsDisplayListBuilder*, mozilla::layers::LayerManager*, nsIFrame*, nsDisplayItem*, nsDisplayList*, mozilla::ContainerLayerParameters const&, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits> const*, unsigned int) layout/base/FrameLayerBuilder.cpp 4 xul.dll nsDisplayList::PaintRoot(nsDisplayListBuilder*, nsRenderingContext*, unsigned int) layout/base/nsDisplayList.cpp 5 xul.dll nsLayoutUtils::PaintFrame(nsRenderingContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, unsigned int) layout/base/nsLayoutUtils.cpp 6 xul.dll PresShell::Paint(nsView*, nsRegion const&, unsigned int) layout/base/nsPresShell.cpp All 4 users were running 64-bit builds on Windows 10, and had video driver version 15.201.1151.0 (although there were 3 different "Adapter subsys id"s and 4 different install times). All 4 users had "family 20 model 2 stepping 0 | 2" CPUs, which is consistent with bug 772330. Debugging the crash (which I did for 2 of the 4) showed nonsense: RIP was allegedly on the first instruction of floorf, which is "xor r8d,r8d", although the crash was an EXCEPTION_ACCESS_VIOLATION_WRITE with a crash address of 0x0. This seems basically unactionable, though we'll see if it happens again.
unactionable -> P5, for now
Priority: -- → P5
No longer blocks: 772330
Depends on: 772330
Crash volume for signature 'floorf': - nightly (version 50): 6 crashes from 2016-06-06. - aurora (version 49): 3 crashes from 2016-06-07. - beta (version 48): 31 crashes from 2016-06-06. - release (version 47): 0 crash from 2016-05-31. - esr (version 45): 0 crash from 2016-04-07. Crash volume on the last weeks: Week N-1 Week N-2 Week N-3 Week N-4 Week N-5 Week N-6 Week N-7 - nightly 0 0 5 0 0 1 0 - aurora 1 0 0 0 0 2 0 - beta 14 13 3 0 0 0 0 - release 0 0 0 0 0 0 0 - esr 0 0 0 0 0 0 0 Affected platform: Windows
Crash volume for signature 'floorf': - nightly(version 50):8 crashes from 2016-06-06. - aurora (version 49):3 crashes from 2016-06-07. - beta (version 48):33 crashes from 2016-06-06. - release(version 47):1 crash from 2016-05-31. - esr (version 45):0 crashes from 2016-04-07. Crash volume on the last weeks: W. N-1 W. N-2 W. N-3 W. N-4 W. N-5 W. N-6 W. N-7 - nightly 1 0 1 5 0 0 1 - aurora 0 1 0 0 0 0 2 - beta 1 14 15 3 0 0 0 - release 1 0 0 0 0 0 0 - esr 0 0 0 0 0 0 0 Affected platform: Windows
platform-rel: --- → ?
Whiteboard: [platform-rel-AMD]
platform-rel: ? → +
Very low volume (e.g., 1 in the past week), removing partner tracking. Could be related to bug 1248241 though, both are converting floats to ints...
platform-rel: + → -
See Also: → 1248241

Reopening bug since there are crash reports in the last 6 months

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WORKSFORME
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Whiteboard: [platform-rel-AMD] → [platform-rel-AMD], qa-not-actionable

Since the crash volume is low (less than 5 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.

For more information, please visit auto_nag documentation.

Severity: critical → S3
You need to log in before you can comment on or make changes to this bug.