Closed Bug 1851991 Opened 10 months ago Closed 9 months ago

Startup Crash in [@ mozilla::gfx::GPUProcessManager::SetAppInForeground]

Categories

(Core :: Widget: Win32, defect)

Product:
Core
Component:
Widget: Win32
Platform:
Unspecified
Windows
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
119 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- unaffected
firefox-esr115 --- fixed
firefox117 --- wontfix
firefox118 + fixed
firefox119 --- fixed

People

(Reporter: aryx, Assigned: bas.schouten)

References

(Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Bug 1851991: Do not try to raise the GPU process priority when it hasn't been initialized yet. r=jrmuizel
48 bytes, text/x-phabricator-request
pascalc
: approval-mozilla-release+
dmeehan
: approval-mozilla-esr115+
Details | Review

This crash signature existed before but often only one instance reported crashes. For the beta versions of Firefox 118, there are 3-4 installs which reported this. 58 crashes on Windows 10 and 4 on Windows 11 over the past 3 months.

Crash report: https://crash-stats.mozilla.org/report/index/bc2e8578-4813-4488-951b-8bc8c0230906

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0  xul.dll  mozilla::gfx::GPUProcessManager::SetAppInForeground  gfx/ipc/GPUProcessManager.cpp:1516
0  xul.dll  nsWindow::ProcessMessageInternal  widget/windows/nsWindow.cpp:5895
1  xul.dll  nsWindow::ProcessMessage  widget/windows/nsWindow.cpp:4890
1  xul.dll  nsWindow::WindowProcInternal  widget/windows/nsWindow.cpp:4842
2  xul.dll  CallWindowProcCrashProtected  xpcom/base/nsCrashOnException.cpp:27
2  xul.dll  nsWindow::WindowProc  widget/windows/nsWindow.cpp:4795
3  user32.dll  UserCallWinProcCheckWow  
4  user32.dll  DispatchClientMessage  
5  user32.dll  _fnDWORD  
6  ntdll.dll  KiUserCallbackDispatch

Further down the stack:

 36 	xul.dll	mozilla::widget::TSFTextStore::Initialize()	widget/windows/TSFTextStore.cpp:6795
37 	xul.dll	mozilla::widget::IMEHandler::Initialize()	widget/windows/WinIMEHandler.cpp:68
38 	xul.dll	mozilla::widget::IMEHandler::InitInputContext(nsWindow*, mozilla::widget::InputContext&)	widget/windows/WinIMEHandler.cpp:490
38 	xul.dll	nsWindow::Create(nsIWidget*, void*, mozilla::gfx::IntRectTyped<mozilla::LayoutDevicePixel> const&, mozilla::widget::InitData*)	widget/windows/nsWindow.cpp:1203
39 	xul.dll	nsIWidget::Create(nsIWidget*, void*, mozilla::gfx::IntRectTyped<mozilla::DesktopPixel> const&, mozilla::widget::InitData*)	widget/nsIWidget.h:463
40 	xul.dll	mozilla::AppWindow::Initialize(nsIAppWindow*, nsIAppWindow*, int, int, bool, mozilla::widget::InitData&)	xpfe/appshell/AppWindow.cpp:212
40 	xul.dll	nsAppShellService::JustCreateTopWindow(nsIAppWindow*, nsIURI*, unsigned int, int, int, bool, mozilla::AppWindow**)	xpfe/appshell/nsAppShellService.cpp:671
41 	xul.dll	nsAppShellService::CreateTopLevelWindow(nsIAppWindow*, nsIURI*, unsigned int, int, int, nsIAppWindow**)	xpfe/appshell/nsAppShellService.cpp:178
42 	xul.dll	nsAppStartup::CreateChromeWindow(nsIWebBrowserChrome*, unsigned int, nsIOpenWindowInfo*, bool*, nsIWebBrowserChrome**)	toolkit/components/startup/nsAppStartup.cpp:756

Could this be related to the onscreen keyboard shown from the start with the use of initialization code since bug 1846476 landed?

Flags: needinfo?(VYV03354)

Why needinfo'ed from me? I did neither write nor review the patch in bug 1846476. Bug 1846476 should not change the behavior on Win10+, but redirecting to Greg for verification.

Flags: needinfo?(VYV03354) → needinfo?(gregp)

Sorry, the needinfo request was supposed to be for Masayuki.

Flags: needinfo?(masayuki)

Yeah, I don't think bug 1846476 has anything to do with this crash. It's a very simple patch that shouldn't have changed behavior on Win10+

Flags: needinfo?(gregp)

The bug is marked as tracked for firefox118 (beta). We have limited time to fix this, the soft freeze is in 13 days. However, the bug still isn't assigned.

:gcp, could you please find an assignee for this tracked bug? If you disagree with the tracking decision, please talk with the release managers.

For more information, please visit BugBot documentation.

Flags: needinfo?(gpascutto)
Assignee: nobody → masayuki
Severity: -- → S3
Flags: needinfo?(gpascutto)

I think that the GPUProcessManager::Get() caller in widget/windows should ensure the instance or put a user/app message into the queue if it's not initialized yet.

Florian Queze, you added the call, could you take a look?

Assignee: masayuki → nobody
Flags: needinfo?(masayuki) → needinfo?(florian)

(In reply to Masayuki Nakano [:masayuki] (he/him)(JST, +0900) from comment #5)

Florian Queze, you added the call, could you take a look?

Not in the near future (I'm on parental leave).

This is a reminder regarding comment #4!

The bug is marked as tracked for firefox118 (beta). We have limited time to fix this, the soft freeze is in 7 days. However, the bug still isn't assigned.

Maybe Bas could help? He was also involved in bug 1671490.

Flags: needinfo?(florian) → needinfo?(bas)
Keywords: regression
Regressed by: 1671490

Hmm.. Could this just be happening because there is no GPU process in some cases? In any case. Writing a patch.

Flags: needinfo?(bas)

(In reply to Masayuki Nakano [:masayuki] (he/him)(JST, +0900) from comment #5)

I think that the GPUProcessManager::Get() caller in widget/windows should ensure the instance or put a user/app message into the queue if it's not initialized yet.

Florian Queze, you added the call, could you take a look?

Hmm, so it does look like we always create the singleton regardless of whether there is a GPU process:

https://searchfox.org/mozilla-central/source/gfx/thebes/gfxPlatform.cpp#818

It's not great that this gets run before we've even run gfxPlatform::Init. I'm not sure I understand why.

Assignee: nobody → bas
Status: NEW → ASSIGNED
Pushed by bschouten@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5fef89467c73
Do not try to raise the GPU process priority when it hasn't been initialized yet. r=jrmuizel

https://hg.mozilla.org/mozilla-central/rev/5fef89467c73

Status: ASSIGNED → RESOLVED
Closed: 9 months ago
status-firefox119: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 119 Branch

The patch landed in nightly and beta is affected.
:bas.schouten, is this bug important enough to require an uplift?

  • If yes, please nominate the patch for beta approval.
  • If no, please set status-firefox118 to wontfix.

For more information, please visit BugBot documentation.

Flags: needinfo?(bas)

Comment on attachment 9353253 [details]
Bug 1851991: Do not try to raise the GPU process priority when it hasn't been initialized yet. r=jrmuizel

Beta/Release Uplift Approval Request

  • User impact if declined: A small number of users will crash.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Simple null pointer check, if that check would fail right now, we would crash.
  • String changes made/needed: None.
  • Is Android affected?: No
Flags: needinfo?(bas)
Attachment #9353253 - Flags: approval-mozilla-beta?

Keeping it on the radar for the planned dot release.

Attachment #9353253 - Flags: approval-mozilla-beta? → approval-mozilla-release?
See Also: → 1856637

(In reply to Bas Schouten (:bas.schouten) from comment #10)

It's not great that this gets run before we've even run gfxPlatform::Init. I'm not sure I understand why.

If that helps, there are more details in bug 1856637 about how we reach our WindowProc here. As far as I can tell, the path is the following:

  • XREMain::XRE_mainRun calls NS_CreateServicesFromCategory for app-startup;
  • this makes nsBrowserGlue observe app-startup, which calls _earlyBlankFirstPaint and thus Services.ww.openWindow;
  • from nsWindowWatcher::OpenWindow we reach mozilla::widget::TSFTextStore::Initialize, which calls a Microsoft method CThreadInputMgr::Activate;
  • this Microsoft method internally calls PeekMessage and flushes the message queue for our window.

Comment on attachment 9353253 [details]
Bug 1851991: Do not try to raise the GPU process priority when it hasn't been initialized yet. r=jrmuizel

Approved for our next 118 dot release, thanks.

Attachment #9353253 - Flags: approval-mozilla-release? → approval-mozilla-release+
Attachment #9353253 - Flags: approval-mozilla-esr115?

Comment on attachment 9353253 [details]
Bug 1851991: Do not try to raise the GPU process priority when it hasn't been initialized yet. r=jrmuizel

Approved for 115.4esr.

Attachment #9353253 - Flags: approval-mozilla-esr115? → approval-mozilla-esr115+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: