Closed Bug 1447428 Opened 3 years ago Closed 3 years ago
Crash in mozilla::gfx::Draw
Target D2D1::Draw Filter
This bug was filed from the Socorro interface and is report bp-48b5b0ea-a187-4d21-a76b-d56840180317. ============================================================= Top 10 frames of crashing thread: 0 xul.dll mozilla::gfx::DrawTargetD2D1::DrawFilter gfx/2d/DrawTargetD2D1.cpp:239 1 xul.dll mozilla::gfx::DrawFilterCommand::ExecuteOnDT gfx/2d/DrawCommands.h:212 2 xul.dll mozilla::gfx::DrawTargetCaptureImpl::ReplayToDrawTarget gfx/2d/DrawTargetCapture.cpp:347 3 xul.dll mozilla::gfx::DrawTarget::DrawCapturedDT gfx/2d/DrawTarget.cpp:187 4 xul.dll mozilla::layers::PaintThread::AsyncPaintContents gfx/layers/PaintThread.cpp:333 5 xul.dll mozilla::detail::RunnableFunction<<lambda_a689607eeabb0cdd3694b3306746dc18> >::Run xpcom/threads/nsThreadUtils.h:529 6 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1040 7 xul.dll NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:517 8 xul.dll mozilla::ipc::MessagePumpForNonMainThreads::Run ipc/glue/MessagePump.cpp:364 9 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:319 ============================================================= the volume of this windows content crash is increasing during firefox 59 - could this be in relation to bug 1422475? Correlations for Firefox Release (95.10% in signature vs 00.07% overall) GFX_ERROR "Failed to create effect for FilterType: " = true (25.49% in signature vs 01.05% overall) GFX_ERROR "(gfxWindowsPlatform) scheduled device update." = true (100.0% in signature vs 26.06% overall) "D2D1.1+" in app_notes = true [100.0% vs 59.41% if process_type = content] (24.51% in signature vs 00.91% overall) GFX_ERROR "[D2D1.1] 4CreateBitmap failure " = true (24.51% in signature vs 01.08% overall) GFX_ERROR "(gfxWindowsPlatform) Detected device reset: " = true (21.57% in signature vs 00.98% overall) Module "d3d10_1core.dll" = true (18.63% in signature vs 00.36% overall) useragent_locale = ro
Fresh crash bug related to async paint.
That "failed to create effect for FilterType" is a clue, when CreateEffect fails in FilterNodeD2D1::Create with error code D2DERR_RECREATE_TARGET. Or is this just a different signature for what used to happen on main thread before? We don't accidentally cast to FilterNodeD2D1 where it was some other type?
Assignee: nobody → rhunt
Flags: needinfo?(milan) → needinfo?(bas)
This looks like we're missing a null check in DrawFilterCommand for when the FilterNodeCapture is unable to create a FilterNodeD2D1 for some reason. Normally this would be caught on the content side before the draw commands are created.
Comment on attachment 8962438 [details] [diff] [review] filter-validate.patch Review of attachment 8962438 [details] [diff] [review]: ----------------------------------------------------------------- I wonder what causes this.
Attachment #8962438 - Flags: review?(bas) → review+
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/mozilla-inbound/rev/e35a96b1fab7 Check if FilterNodeCapture was able to successfully validate (bug 1447428, r=bas)
thanks for the patch, could you request an uplift to beta if you deem fit to do so?
Comment on attachment 8962438 [details] [diff] [review] filter-validate.patch Approval Request Comment [Feature/Bug causing the regression]: Missing null check [User impact if declined]: A device reset or filter creation failure at the right time can cause a crash [Is this code covered by automated tests?]: No [Has the fix been verified in Nightly?]: Yes [Needs manual test from QE? If yes, steps to reproduce]: No [List of other uplifts needed for the feature/fix]: None [Is the change risky?]: No [Why is the change risky/not risky?]: It just adds a null check [String changes made/needed]: None
Attachment #8962438 - Flags: approval-mozilla-beta?
Comment on attachment 8962438 [details] [diff] [review] filter-validate.patch Added null check to fix a crash. Approved for 60.0b9.
Attachment #8962438 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.