Assertion failure: d3d11.IsEnabled(), at /builds/worker/checkouts/gecko/gfx/thebes/DeviceManagerDx.cpp:81
Categories
(Core :: Audio/Video: Playback, defect, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox125 | --- | affected |
People
(Reporter: jkratzer, Assigned: alwu)
References
(Blocks 3 open bugs)
Details
(Keywords: assertion, testcase, Whiteboard: [bugmon:bisected,confirmed])
Crash Data
Attachments
(1 file)
293 bytes,
text/plain
|
Details |
Testcase found while fuzzing mozilla-central rev 63e18d5ef9ec (built with: --enable-debug --enable-fuzzing).
Testcase can be reproduced using the following commands:
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch --build 63e18d5ef9ec --debug --fuzzing -n firefox
$ python -m grizzly.replay.bugzilla ./firefox/firefox <bugid>
[@ mozilla::gfx::DeviceManagerDx::LoadD3D11]
r10 = 0x00007ff8175d0000 r11 = 0x000000fc4febe0e0 r12 = 0x0000026796b688b0
r13 = 0xaaaaaaaaaaaaaaaa r14 = 0x000000fc4febee30 r15 = 0x0000000000000001
r8 = 0x000000000000000e r9 = 0x00007ff81775ebf8 rax = 0x00007fffa39cbfaf
rbp = 0x0000000000000000 rbx = 0x000002679a844160 rcx = 0x00007ff80111c198
rdi = 0x0000026796b27200 rdx = 0x0000000000000000 rip = 0x00007fff9af494bd
rsi = 0x000000fc4febec38 rsp = 0x000000fc4febeb30
OS|Windows NT|10.0.22621
CPU|amd64|family 6 model 186 stepping 2|6
Crash|EXCEPTION_BREAKPOINT|0x00007fff9af494bd|14
14|0|xul.dll|mozilla::gfx::DeviceManagerDx::LoadD3D11()|hg:hg.mozilla.org/mozilla-central:gfx/thebes/DeviceManagerDx.cpp:63e18d5ef9ecb56ee260694de696c442f0bd5670|81|0x14d
14|1|xul.dll|mozilla::gfx::DeviceManagerDx::CreateMediaEngineDevice()|hg:hg.mozilla.org/mozilla-central:gfx/thebes/DeviceManagerDx.cpp:63e18d5ef9ecb56ee260694de696c442f0bd5670|1124|0x2f
14|2|xul.dll|mozilla::MFMediaEngineParent::InitializeDXGIDeviceManager()|hg:hg.mozilla.org/mozilla-central:dom/media/ipc/MFMediaEngineParent.cpp:63e18d5ef9ecb56ee260694de696c442f0bd5670|182|0x41
14|3|xul.dll|mozilla::MFMediaEngineParent::CreateMediaEngine()|hg:hg.mozilla.org/mozilla-central:dom/media/ipc/MFMediaEngineParent.cpp:63e18d5ef9ecb56ee260694de696c442f0bd5670|135|0x19a
14|4|xul.dll|mozilla::MFMediaEngineParent::MFMediaEngineParent(mozilla::RemoteDecoderManagerParent*, nsISerialEventTarget*)|hg:hg.mozilla.org/mozilla-central:dom/media/ipc/MFMediaEngineParent.cpp:63e18d5ef9ecb56ee260694de696c442f0bd5670|83|0x2b9
14|5|xul.dll|mozilla::PRemoteDecoderManagerParent::OnMessageReceived(IPC::Message const&)|s3:gecko-generated-sources:96d8262865988e1222df5a2f82eb94dc1fa40af81f2c389412de40c15bff2e582c79007c4c0176269dcaef1baec6416fc03ff26b0cb056335a265af8cff285f9/ipc/ipdl/PRemoteDecoderManagerParent.cpp:|345|0x2e0
14|6|xul.dll|mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:63e18d5ef9ecb56ee260694de696c442f0bd5670|1812|0x14e
14|7|xul.dll|mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::UniquePtr<IPC::Message,mozilla::DefaultDelete<IPC::Message> >)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:63e18d5ef9ecb56ee260694de696c442f0bd5670|1731|0x2a7
14|8|xul.dll|mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::ipc::MessageChannel::MessageTask&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:63e18d5ef9ecb56ee260694de696c442f0bd5670|1524|0x193
14|9|xul.dll|mozilla::ipc::MessageChannel::MessageTask::Run()|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:63e18d5ef9ecb56ee260694de696c442f0bd5670|1622|0xdd
14|10|xul.dll|mozilla::TaskQueue::Runner::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskQueue.cpp:63e18d5ef9ecb56ee260694de696c442f0bd5670|257|0x367
14|11|xul.dll|nsThreadPool::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadPool.cpp:63e18d5ef9ecb56ee260694de696c442f0bd5670|341|0x7df
14|12|xul.dll|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:63e18d5ef9ecb56ee260694de696c442f0bd5670|1193|0xa68
14|13|xul.dll|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:63e18d5ef9ecb56ee260694de696c442f0bd5670|480|0x44
14|14|xul.dll|mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:63e18d5ef9ecb56ee260694de696c442f0bd5670|300|0xad
14|15|xul.dll|MessageLoop::RunHandler()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:63e18d5ef9ecb56ee260694de696c442f0bd5670|363|0x4f
14|16|xul.dll|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:63e18d5ef9ecb56ee260694de696c442f0bd5670|345|0x6e
14|17|xul.dll|nsThread::ThreadFunc(void*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:63e18d5ef9ecb56ee260694de696c442f0bd5670|370|0x15a
14|18|nss3.dll|_PR_NativeRunThread(void*)|hg:hg.mozilla.org/mozilla-central:nsprpub/pr/src/threads/combined/pruthr.c:63e18d5ef9ecb56ee260694de696c442f0bd5670|399|0x120
14|19|nss3.dll|pr_root(void*)|hg:hg.mozilla.org/mozilla-central:nsprpub/pr/src/md/windows/w95thred.c:63e18d5ef9ecb56ee260694de696c442f0bd5670|139|0x10
14|20|ucrtbase.dll||||
14|21|KERNELBASE.dll||||
14|22|kernel32.dll||||
14|23|ucrtbase.dll||||
14|24|mozglue.dll|patched_BaseThreadInitThunk(int, void*, void*)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/dllservices/mozglue/WindowsDllBlocklist.cpp:63e18d5ef9ecb56ee260694de696c442f0bd5670|558|0x74
14|25|ntdll.dll||||
14|26|KERNELBASE.dll||||
Reporter | ||
Comment 1•7 months ago
|
||
Reporter | ||
Updated•7 months ago
|
Comment 2•7 months ago
|
||
This is also being reported by live sites testing.
Comment 3•7 months ago
|
||
Testcase crashes using the initial build (mozilla-central 20240305094850-63e18d5ef9ec) but not with tip (mozilla-central 20240306095835-cf015b6f24b4.)
The bug appears to have been fixed in the following build range:
Start: 488c772c72746cdfbf99e927acee696c4d6a5aef (20240306025323)
End: cf015b6f24b494190f562b255147f96e8b8b4139 (20240306095835)
Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=488c772c72746cdfbf99e927acee696c4d6a5aef&tochange=cf015b6f24b494190f562b255147f96e8b8b4139
jkratzer, can you confirm that the above bisection range is responsible for fixing this issue?
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
Updated•7 months ago
|
Reporter | ||
Comment 4•7 months ago
|
||
Although the URL given by bugmon doesn't show any commits, it appears that this was fixed via https://hg.mozilla.org/mozilla-central/rev/236a38c8865a.
Natalia, can you confirm?
Updated•7 months ago
|
Assignee | ||
Updated•7 months ago
|
Comment 5•7 months ago
|
||
(In reply to Jason Kratzer [:jkratzer] from comment #4)
Although the URL given by bugmon doesn't show any commits, it appears that this was fixed via https://hg.mozilla.org/mozilla-central/rev/236a38c8865a.
Natalia, can you confirm?
The backout was done for causing crash spikes in Bug 1824294 and also Microsoft::WRL::ComPtr<T>::InternalRelease crashes.
I'm not seeing any occurrences, so I suppose it was indeed fixed by the backout too.
:Aryx, could you please confirm, if you have a few minutes to check?
Thank you.
Comment 6•7 months ago
|
||
Yes, no crashes with [@ Microsoft::WRL::ComPtr<T>::InternalRelease]
after the backout. No crash reports from users for [@ mozilla::gfx::DeviceManagerDx::LoadD3D11]
.
Comment 7•7 months ago
|
||
This bug prevents fuzzing from making progress; however, it has low severity. It is important for fuzz blocker bugs to be addressed in a timely manner (see here why?).
:alwu, could you consider increasing the severity?
For more information, please visit BugBot documentation.
Assignee | ||
Updated•7 months ago
|
Comment 8•7 months ago
|
||
This was last reported by fuzzers targeting m-c 20240306-099f52f30c39.
Reporter | ||
Comment 9•7 months ago
|
||
I'm not sure what happened with bugmon but the testcase from comment 0 still reproduces on the latest build (20240314-2333872b0f50). We've also started getting a new flood of reports related to this issue.
Comment hidden (Intermittent Failures Robot) |
Comment 11•6 months ago
|
||
(In reply to Jason Kratzer [:jkratzer] from comment #9)
I'm not sure what happened with bugmon but the testcase from comment 0 still reproduces on the latest build (20240314-2333872b0f50). We've also started getting a new flood of reports related to this issue.
What do you mean by flood of reports? Did you post this to the wrong bug maybe? I see no reports in crashstats, and there's just one failure in Nightly in CI.
Reporter | ||
Comment 12•6 months ago
|
||
(In reply to Jim Mathies [:jimm] from comment #11)
(In reply to Jason Kratzer [:jkratzer] from comment #9)
I'm not sure what happened with bugmon but the testcase from comment 0 still reproduces on the latest build (20240314-2333872b0f50). We've also started getting a new flood of reports related to this issue.
What do you mean by flood of reports? Did you post this to the wrong bug maybe? I see no reports in crashstats, and there's just one failure in Nightly in CI.
I meant specifically being reported by the fuzzers. It looks there were a few days where the testcase was no longer reproducible but starting around 2024/03/14 we started seeing new crashes with this signature.
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Comment 20•4 months ago
|
||
(In reply to Bugmon [:jkratzer for issues] from comment #3)
Testcase crashes using the initial build (mozilla-central 20240305094850-63e18d5ef9ec) but not with tip (mozilla-central 20240306095835-cf015b6f24b4.)
The bug appears to have been fixed in the following build range:
Start: 488c772c72746cdfbf99e927acee696c4d6a5aef (20240306025323)
End: cf015b6f24b494190f562b255147f96e8b8b4139 (20240306095835)
Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=488c772c72746cdfbf99e927acee696c4d6a5aef&tochange=cf015b6f24b494190f562b255147f96e8b8b4139jkratzer, can you confirm that the above bisection range is responsible for fixing this issue?
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
Pushlog in autoland.
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=488c772c72746cdfbf99e927acee696c4d6a5aef&tochange=cf015b6f24b494190f562b255147f96e8b8b4139
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Comment hidden (Intermittent Failures Robot) |
Assignee | ||
Comment 34•7 days ago
|
||
Hello, Jason,
Considering this has a very low crash rate, should we remove this from fuzzy-blocker? Thanks.
Reporter | ||
Comment 35•6 days ago
|
||
Alastor, I think that's fine. Though, just to be clear, the fuzzblocker tag is based on the crash volume seen by the fuzzers only. Looking at it today, we're getting around ~20 crashes a day matching this signature. That's low enough for us to remove it.
Comment hidden (Intermittent Failures Robot) |
Description
•