Closed Bug 190459 Opened 23 years ago Closed 23 years ago

crashes on startup in [@ DeviceContextImpl::GetMetricsFor]

Categories

(Core Graveyard :: GFX, defect)

Product:
Core Graveyard
Component:
GFX
Platform:
x86
Windows 98
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: dbaron, Assigned: ssu0262)

References

Details

(Keywords: crash, regression, topcrash)

Crash Data

Attachments

(1 file)

Recent DeviceContextImpl::GetMetricsFor crashes on the Trunk
53.12 KB, text/plain
Details
Crashes in DeviceContextImpl::GetMetricsFor started appearing prominently in talkback starting in 2003-01-22-10 builds. Here's all the info I know: DeviceContextImpl::GetMetricsFor 19 BBID range: 16486438 - 16547554 Min/Max Seconds since last crash: 0 - 196 Min/Max Runtime: 0 - 198 Crash data range: 2003-01-22 to 2003-01-23 Build ID range: 2003012210 to 2003012315 Keyword List : Stack Trace: DeviceContextImpl::GetMetricsFor [c:/builds/seamonkey/mozilla/gfx/src/nsDeviceContext.cpp line 368] nsTextBoxFrame::GetTextSize [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsTextBoxFrame.cpp line 803] nsTextBoxFrame::CalcTextSize [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsTextBoxFrame.cpp line 825] nsTextBoxFrame::GetAscent [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsTextBoxFrame.cpp line 875] nsSprocketLayout::GetAscent [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsSprocketLayout.cpp line 1519] nsContainerBox::GetAscent [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsContainerBox.cpp line 588] nsBoxFrame::GetAscent [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsBoxFrame.cpp line 992] nsSprocketLayout::GetAscent [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsSprocketLayout.cpp line 1519] nsContainerBox::GetAscent [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsContainerBox.cpp line 588] nsBoxFrame::GetAscent [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsBoxFrame.cpp line 992] nsSprocketLayout::Layout [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsSprocketLayout.cpp line 243] nsContainerBox::DoLayout [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsContainerBox.cpp line 605] nsBox::Layout [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsBox.cpp line 1074] nsStackLayout::Layout [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsStackLayout.cpp line 328] nsContainerBox::DoLayout [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsContainerBox.cpp line 605] nsBox::Layout [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsBox.cpp line 1074] nsBoxFrame::Reflow [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsBoxFrame.cpp line 902] nsRootBoxFrame::Reflow [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsRootBoxFrame.cpp line 241] nsContainerFrame::ReflowChild [c:/builds/seamonkey/mozilla/layout/html/base/src/nsContainerFrame.cpp line 974] ViewportFrame::Reflow [c:/builds/seamonkey/mozilla/layout/html/base/src/nsViewportFrame.cpp line 300] IncrementalReflow::Dispatch [c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp line 896] PresShell::ProcessReflowCommands [c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp line 6489] PresShell::FlushPendingNotifications [c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp line 5072] nsXULDocument::FlushPendingNotifications [c:/builds/seamonkey/mozilla/content/xul/document/src/nsXULDocument.cpp line 2441] nsXBLStreamListener::Load [c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLService.cpp line 444] nsEventListenerManager::HandleEvent [c:/builds/seamonkey/mozilla/content/events/src/nsEventListenerManager.cpp line 1858] nsDocument::HandleDOMEvent [c:/builds/seamonkey/mozilla/content/base/src/nsDocument.cpp line 3515] nsXMLDocument::EndLoad [c:/builds/seamonkey/mozilla/content/xml/document/src/nsXMLDocument.cpp line 545] nsXMLContentSink::DidBuildModel [c:/builds/seamonkey/mozilla/content/xml/document/src/nsXMLContentSink.cpp line 472] nsExpatDriver::DidBuildModel [c:/builds/seamonkey/mozilla/htmlparser/src/nsExpatDriver.cpp line 972] nsParser::DidBuildModel [c:/builds/seamonkey/mozilla/htmlparser/src/nsParser.cpp line 1284] nsParser::ResumeParse [c:/builds/seamonkey/mozilla/htmlparser/src/nsParser.cpp line 1830] nsParser::OnStopRequest [c:/builds/seamonkey/mozilla/htmlparser/src/nsParser.cpp line 2459] nsXBLStreamListener::OnStopRequest [c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLService.cpp line 320] nsJARChannel::OnStopRequest [c:/builds/seamonkey/mozilla/netwerk/protocol/jar/src/nsJARChannel.cpp line 638] nsCOMPtr_base::assign_with_AddRef [c:/builds/seamonkey/mozilla/xpcom/glue/nsCOMPtr.cpp line 70] nsInputStreamPump::OnStateStop [c:/builds/seamonkey/mozilla/netwerk/base/src/nsInputStreamPump.cpp line 425] nsInputStreamPump::OnInputStreamReady [c:/builds/seamonkey/mozilla/netwerk/base/src/nsInputStreamPump.cpp line 320] nsInputStreamReadyEvent::EventHandler [c:/builds/seamonkey/mozilla/xpcom/io/nsStreamUtils.cpp line 183] PL_HandleEvent [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c line 664] PL_ProcessPendingEvents [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c line 597] _md_EventReceiverProc [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c line 1386] Source File : c:/builds/seamonkey/mozilla/gfx/src/nsDeviceContext.cpp line : 368 (16543961) Comments: i was trying to download the nightly...it had some problem with the windows entry point xp??.dll. now mozilla browser doesn't start when i try to disable quick-start it crashed. (16540867) Comments: While starting the browser after the initial install (16486471) Comments: Startup. (16486438) Comments: Installing it.
I suspected this is due to rbs's checkin to compact the font cache when Win32 GDI resources are low. http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&root=/cvsroot&subdir=mozilla/gfx/src&command=DIFF_FRAMESET&file=nsDeviceContext.cpp&rev2=3.83&rev1=3.82 I checked; memory-pressure only gets Notify'd from the UI thread, so that's not it. I looked hard at the Compact() code and nsFontCache::GetMetricsFor() code, and couldn't see anything. I was suspecting the nsFontCache code was inlined, but apparently it's a virtual method, so unless the compiler is being very smart/tricky/stupid, that's not happening. I don't see how it could be a null mFontCache in nsDeviceContext::GetMetricsFor() (or any other sort of crash there unless there's memory trashing). We really need to be able to reproduce it. Also, verification if it's really windows-only (which would tend to point to the Compact() code). Looking at Bonsai for other changes from the day before this started might help.
> Looking at Bonsai for other changes from the day before this started might help. Yep indeed. Seems a recent regression while Compact() has been pretty safe for over a year. In fact, it is precisely meant to help low-memory situations, and seem to have withstand m1.0/Nav7.0 quite well.
Adding crash, regression keywords and making this zt4newcrash. This crash started with 1/22 Trunk builds. We need to find a fix or identify the checkin that caused this and back it out if possible. This is a Windows only crash according to Talkback data. Here's another slightly different stack with the same stack signature: DeviceContextImpl::GetMetricsFor [c:/builds/seamonkey/mozilla/gfx/src/nsDeviceContext.cpp line 344] ComputeLineHeight [c:/builds/seamonkey/mozilla/layout/html/base/src/nsHTMLReflowState.cpp line 2373] nsHTMLReflowState::CalcLineHeight [c:/builds/seamonkey/mozilla/layout/html/base/src/nsHTMLReflowState.cpp line 2411] nsBlockReflowState::nsBlockReflowState [c:/builds/seamonkey/mozilla/layout/html/base/src/nsBlockReflowState.cpp line 182] nsBlockFrame::Reflow [c:/builds/seamonkey/mozilla/layout/html/base/src/nsBlockFrame.cpp line 816] nsContainerFrame::ReflowChild [c:/builds/seamonkey/mozilla/layout/html/base/src/nsContainerFrame.cpp line 974] CanvasFrame::Reflow [c:/builds/seamonkey/mozilla/layout/html/base/src/nsHTMLFrame.cpp line 590] nsBoxToBlockAdaptor::Reflow [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsBoxToBlockAdaptor.cpp line 906] nsBoxToBlockAdaptor::DoLayout [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsBoxToBlockAdaptor.cpp line 648] nsBox::Layout [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsBox.cpp line 1074] nsScrollBoxFrame::DoLayout [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsScrollBoxFrame.cpp line 361] nsBox::Layout [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsBox.cpp line 1074] nsContainerBox::LayoutChildAt [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsContainerBox.cpp line 647] nsGfxScrollFrameInner::LayoutBox [c:/builds/seamonkey/mozilla/layout/html/base/src/nsGfxScrollFrame.cpp line 1154] nsGfxScrollFrameInner::Layout [c:/builds/seamonkey/mozilla/layout/html/base/src/nsGfxScrollFrame.cpp line 1313] nsGfxScrollFrame::DoLayout [c:/builds/seamonkey/mozilla/layout/html/base/src/nsGfxScrollFrame.cpp line 1162] nsBox::Layout [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsBox.cpp line 1074] nsBoxFrame::Reflow [c:/builds/seamonkey/mozilla/layout/xul/base/src/nsBoxFrame.cpp line 902] nsGfxScrollFrame::Reflow [c:/builds/seamonkey/mozilla/layout/html/base/src/nsGfxScrollFrame.cpp line 848] nsContainerFrame::ReflowChild [c:/builds/seamonkey/mozilla/layout/html/base/src/nsContainerFrame.cpp line 974] ViewportFrame::Reflow [c:/builds/seamonkey/mozilla/layout/html/base/src/nsViewportFrame.cpp line 300] PresShell::InitialReflow [c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp line 2796] HTMLContentSink::StartLayout [c:/builds/seamonkey/mozilla/content/html/document/src/nsHTMLContentSink.cpp line 4191] HTMLContentSink::OpenBody [c:/builds/seamonkey/mozilla/content/html/document/src/nsHTMLContentSink.cpp line 3233] CNavDTD::OpenBody [c:/builds/seamonkey/mozilla/htmlparser/src/CNavDTD.cpp line 3147] CNavDTD::OpenContainer [c:/builds/seamonkey/mozilla/htmlparser/src/CNavDTD.cpp line 3379] CNavDTD::HandleDefaultStartToken [c:/builds/seamonkey/mozilla/htmlparser/src/CNavDTD.cpp line 1391] CNavDTD::HandleStartToken [c:/builds/seamonkey/mozilla/htmlparser/src/CNavDTD.cpp line 1779] CNavDTD::HandleToken [c:/builds/seamonkey/mozilla/htmlparser/src/CNavDTD.cpp line 953] CNavDTD::BuildModel [c:/builds/seamonkey/mozilla/htmlparser/src/CNavDTD.cpp line 528] nsParser::BuildModel [c:/builds/seamonkey/mozilla/htmlparser/src/nsParser.cpp line 1909] nsParser::ResumeParse [c:/builds/seamonkey/mozilla/htmlparser/src/nsParser.cpp line 1773] nsParser::OnDataAvailable [c:/builds/seamonkey/mozilla/htmlparser/src/nsParser.cpp line 2409] nsDocumentOpenInfo::OnDataAvailable [c:/builds/seamonkey/mozilla/uriloader/base/nsURILoader.cpp line 245] nsInputStreamChannel::OnDataAvailable [c:/builds/seamonkey/mozilla/netwerk/base/src/nsInputStreamChannel.cpp line 371] nsInputStreamPump::OnStateTransfer [c:/builds/seamonkey/mozilla/netwerk/base/src/nsInputStreamPump.cpp line 388] nsInputStreamPump::OnInputStreamReady [c:/builds/seamonkey/mozilla/netwerk/base/src/nsInputStreamPump.cpp line 317] nsInputStreamReadyEvent::EventHandler [c:/builds/seamonkey/mozilla/xpcom/io/nsStreamUtils.cpp line 102] PL_HandleEvent [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c line 664] PL_ProcessPendingEvents [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c line 597] _md_TimerProc [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c line 965] KERNEL32.DLL + 0x2317 (0xbff72317) (16571064) Comments: Sames as failure just submitted from same address--this was onlaunch _without_ AdSubtract running. Must revert to previous stable release I guess. (16570838) Comments: First launch after d/l newest build. Tried without AdSubtract running and then with--same error. I am not using Mozilla QuickStart. MOZILLA caused an invalid page fault in module GKGFX.DLL at 017f:61e829bf. Registers: EAX=00835eb0 CS=017f (16570838) Comments: EIP=61e829bf EFLGS=00010202 EBX=01ee9f50 SS=0187 ESP=0065ec34 EBP=0065ec40 ECX=0083c7c0 DS=0187 ESI=00000000 FS=1a97 EDX=00000002 ES=0187 EDI=01ee9f2c GS=0000 Bytes at CS:EIP: 8b 0e 50 ff 75 0c 56 ff 51 0c 5e 5d c2 10 00 55 Stack dump: 0065ec84 (16570838) Comments: 0083a500 00000001 0065ec74 614f68c3 0083a500 01ee9f54 00835eb0 0065ec84 008576c0 ffffffff 00000000 01ee9f50 01ed8a94 0083a500 00835eb0 (16565568) Comments: opening for the first time after install
Keywords: crash, regression, zt4newcrash
Here's all the Talkback data we have for this crash since 1/22.
It might be useful to see registers and disassembly.
Here ya go David (from incident 16612388): x86 Registers: EAX: 024ffce0 EBX: 024ecc40 ECX: 024ed1d0 EDX: 81972250 ESI: 00000000 EDI: 01445718 ESP: 0065e930 EBP: 0065e944 EIP: 61e62a1f cf pf af zf sf of IF df nt RF vm IOPL: 0 CS: 015f DS: 0167 SS: 0167 ES: 0167 FS: 0ff7 GS: 0000 Code Around the PC: 61e62a1f 8b0e mov ecx,[esi] 61e62a21 56 push esi 61e62a22 ff510c call dword ptr [ecx+0xc] 61e62a25 5e pop esi 61e62a26 5d pop ebp 61e62a27 c20c00 ret 0xc 61e62a2a d9442408 fld dword ptr [esp+0x8] 61e62a2e 8b442404 mov eax,[esp+0x4] 61e62a32 d9582c fstp dword ptr [eax+0x2c] 61e62a35 33c0 xor eax,eax 61e62a37 c20800 ret 0x8 61e62a3a 8b442404 mov eax,[esp+0x4] 61e62a3e d99915cbbaef fstp dword ptr [ecx+0xefbacb15]
That shows |mFontCache| is null.
I'm able to reproduce this bug. It's caused by the GRE patch landing on 01/22. Bug 190144 will fix this problem.
mine now.
Assignee: kmcclusk → ssu
bug 190144 is now fixed. closing this bug as fixed. if people are still seeing this bug, please reopen.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Product: Core → Core Graveyard
Crash Signature: [@ DeviceContextImpl::GetMetricsFor]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: