Closed Bug 1283935 Opened 4 years ago Closed 3 years ago

Flash plugin crashes in atiumd6a.dll | MallocAligned, starting around nightly 2016-06-21

Categories

(Core :: Plug-ins, defect, critical)

Unspecified
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED INCOMPLETE
Tracking Status
firefox47 --- affected
firefox48 --- affected
firefox49 --- affected
firefox50 --- affected
firefox51 --- affected

People

(Reporter: dbaron, Unassigned)

Details

(Keywords: crash, topcrash)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-32dd5707-5843-4757-afdb-55fbc2160701.
=============================================================

These crashes started showing up in crash-stats with nightly 2016-06-21.  So far they've almost all been on nightly, although there was one on beta.  They've all been with Flash version 22.0.0.192, which is current, and I presume that's not surprising since we probably block older versions.

The build distribution on nightly channel is:

1 	20160621030208 	6 	35.29 %
3 	20160623030210 	3 	17.65 %
4 	20160624030212 	2 	11.76 %
5 	20160629030209 	2 	11.76 %
2 	20160630030207 	4 	23.53 %

The top of the stack is always:

0 	atiumd6a.dll 	atiumd6a.dll@0xbf08 	
1 	d3d9.dll 	MallocAligned(void**, unsigned __int64, int) 	
2 	d3d9.dll 	operator new(unsigned __int64) 	
Ø 3 	atiumd6a.dll 	atiumd6a.dll@0x95d0 	
4 	dxva2.dll 	CVideoAccelerationService::InitService(IDirect3DDevice9*) 	
Ø 5 	atiumd64.dll 	atiumd64.dll@0x13bb 	
6 	dxva2.dll 	CDxva2SoftwareContainer::GetVideoProcessorDeviceGuidCount(_DXVA2_VideoDesc const*, unsigned int*) 	
7 	d3d9.dll 	GetDecodeGuidCountLH 	
8 	dxva2.dll 	GetVideoProcessorSubStreamFormatCount(_DXVA2_VideoDesc const*, _D3DFORMAT, unsigned int*) 	
9 	dxva2.dll 	GetVideoProcessorSubStreamFormats(_DXVA2_VideoDesc const*, _D3DFORMAT, unsigned int, _D3DFORMAT*) 	
10 	dxva2.dll 	GetVideoProcessorSubStreamFormats(_DXVA2_VideoDesc const*, _D3DFORMAT, unsigned int, _D3DFORMAT*) 	
11 	d3d9.dll 	CDxva2Container::GetDecodeGuidCount(unsigned int*) 	
12 	dxva2.dll 	CVideoAccelerationService::NonDelegatingQueryInterface(_GUID const&, void**) 	
13 	dxva2.dll 	CVideoAccelerationService::GetDecoderDeviceGuids(unsigned int*, _GUID**) 	
14 	npswf64_22_0_0_192.dll 	F_2051344396________________________________________________________________ 	F1272954511___________________________________________:217
15 	ntdll.dll 	RtlAllocateMemoryBlockLookaside 	
16 	ntdll.dll 	LdrpHashUnicodeString 	
17 	ntdll.dll 	?? ?? ::FNODOBFM::`string' 	
18 	ntdll.dll 	LdrpFindLoadedDll 	
19 	ntdll.dll 	LdrGetDllHandleEx 	
20 	ntdll.dll 	LdrGetDllHandle 	
21 	kernelbase.dll 	GetModuleHandleForUnicodeString 	
22 	kernelbase.dll 	BasepGetModuleHandleExW 	
23 		@0x7fe0000ffff 	
24 	ntdll.dll 	RtlAllocateMemoryBlockLookaside 	
25 	ntdll.dll 	RtlAllocateHeap 	
26 	npswf64_22_0_0_192.dll 	F1426734732_________________________________________________
Actually, given that this is nightly only, I'm going to call it our bug for now.
Component: Flash (Adobe) → Plug-ins
Product: External Software Affecting Firefox → Core
Version: unspecified → Trunk
Is it possible that our DXVA stuff could be interacting with Flash's in some way?
Flags: needinfo?(cpearce)
Summary: Crash in atiumd6a.dll | MallocAligned → Flash plugin crashes in atiumd6a.dll | MallocAligned, starting around nightly 2016-06-21
It's possible that this is all a single user, though.  There's only a single unique install time per nightly build ID.
Looks like we have some similar yet different signatures showing up at the same time in the Explosiveness Report: https://crash-analysis.mozilla.com/rkaiser/2016-07-19/2016-07-19.firefox.50.explosiveness.html

Specifically:
https://crash-stats.mozilla.com/report/list?signature=atiumd6a.dll | atiu9p64.dll%400x7728
https://crash-stats.mozilla.com/report/list?signature=atiumd6a.dll

I don't know if these are related or if they should be filed separately.
Crash volume for signature 'atiumd6a.dll | MallocAligned':
 - nightly(version 50):68 crashes from 2016-06-06.
 - aurora (version 49):0 crashes from 2016-06-07.
 - beta   (version 48):2 crashes from 2016-06-06.
 - release(version 47):1 crash from 2016-05-31.
 - esr    (version 45):0 crashes from 2016-04-07.

Crash volume on the last weeks:
            W. N-1  W. N-2  W. N-3  W. N-4  W. N-5  W. N-6  W. N-7
 - nightly      11      37       3       0       6      11       0
 - aurora        0       0       0       0       0       0       0
 - beta          0       0       1       0       1       0       0
 - release       0       0       1       0       0       0       0
 - esr           0       0       0       0       0       0       0

Affected platform: Windows
(In reply to David Baron :dbaron: ⌚️UTC-7 (review requests must explain patch) from comment #3)
> Is it possible that our DXVA stuff could be interacting with Flash's in some
> way?

It's possible, but I'd have thought it unlikely. Mattwoodrow might have some ideas...
Flags: needinfo?(cpearce) → needinfo?(matt.woodrow)
Crash volume for signature 'atiumd6a.dll | MallocAligned':
 - nightly (version 51): 26 crashes from 2016-08-01.
 - aurora  (version 50): 0 crashes from 2016-08-01.
 - beta    (version 49): 1 crash from 2016-08-02.
 - release (version 48): 0 crashes from 2016-07-25.
 - esr     (version 45): 0 crashes from 2016-05-02.

Crash volume on the last weeks (Week N is from 08-22 to 08-28):
            W. N-1  W. N-2  W. N-3
 - nightly       8      15       3
 - aurora        0       0       0
 - beta          1       0       0
 - release       0       0       0
 - esr           0       0       0

Affected platform: Windows

Crash rank on the last 7 days:
             Browser   Content Plugin
 - nightly                     #28
 - aurora
 - beta                        #787
 - release
 - esr
I can't think of anything, sorry. Each process should be entirely separate as far as DXVA/D3D go.
Flags: needinfo?(matt.woodrow)
If this were Flash 23, I might try pointing at the async drawing work. But that's only on for Flash beta, not Flash release. I cannot explain what this is, other than perhaps a single nightly user or some driver testers?

I'm going to mark this INCOMPLETE because I don't think it's worth tracking as it stands.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.