Closed
Bug 359054
Opened 18 years ago
Closed 18 years ago
crash [@ _moz_cairo_pixman_composite_src_8888x8888mmx ] [@ fbCompositeSrc_8888x8888]
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: Peter6, Assigned: vlad)
References
()
Details
(Keywords: crash, regression, Whiteboard: [blocking1.9a1+])
Crash Data
Attachments
(3 files)
7.79 KB,
text/plain
|
Details | |
480 bytes,
patch
|
pavlov
:
review+
|
Details | Diff | Splinter Review |
1.38 KB,
patch
|
pavlov
:
review+
|
Details | Diff | Splinter Review |
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20061101 Minefield/3.0a1 ID:2006110103 [cairo] repro: 1.open url 2.select a catagory 3.wait for the page to load. result: it crashes right a way it crahes after scrolling reported to crash FF1.5 and 2.0 aswell no crash in EI6/7 or Opera9 TB25352150M Incident ID: 25352150 Stack Signature firefox.exe + 0x543863 (0x00943863) 1d6de24d Product ID FirefoxTrunk Build ID 2006110104 Trigger Time 2006-11-01 07:14:45.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module firefox.exe + (00543863) URL visited User Comments browsing wallpapers.org, select catagory and scroll page - crash Since Last Crash 3720 sec Total Uptime 3720 sec Trigger Reason Access violation Source File, Line No. N/A Stack Trace firefox.exe + 0x543863 (0x00943863) firefox.exe + 0x5454ed (0x009454ed) firefox.exe + 0x53d8e0 (0x0093d8e0)
Reporter | ||
Comment 1•18 years ago
|
||
Incident ID: 25356383 Stack Signature firefox.exe + 0x543863 (0x00943863) 1d6de24d Product ID FirefoxTrunk Build ID 2006103112 Trigger Time 2006-11-01 08:49:23.0 Platform Win32 Operating System Windows NT 5.0 build 2195 Module firefox.exe + (00543863) URL visited http://wallpapers.org/ User Comments crash on wallpapers.org after selecting a catagory Since Last Crash 7641 sec Total Uptime 7641 sec Trigger Reason Access violation Source File, Line No. N/A Stack Trace firefox.exe + 0x543863 (0x00943863) firefox.exe + 0x5454ed (0x009454ed) firefox.exe + 0x53d8e0 (0x0093d8e0) equally useless but consistent
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9a1) Gecko/20061101 Minefield/3.0a1 (bangbang023) WFM, Windows 2000 only ?
Comment 3•18 years ago
|
||
Ok, with a 2006-10-30 trunk build, I get useful talkback data: Talkback ID: TB25360619Y _moz_cairo_pixman_composite_src_8888x8888mmx [mozilla\gfx\cairo\libpixman\src\fbmmx.c, line 1430] _moz_cairo_pixman_composite [mozilla\gfx\cairo\libpixman\src\fbpict.c, line 1892] _cairo_image_surface_composite [mozilla\gfx\cairo\cairo\src\cairo-image-surface.c, line 819] So this seems like a Gfx->Thebes crash bug to me, which normally only would happen on trunk. Can the person(s) who crash on 1.5/2.0 branch post talkback ID's of those crashes?
Severity: normal → critical
Component: General → GFX: Thebes
Flags: blocking1.9?
Keywords: crash
Product: Firefox → Core
Summary: crash [@ firefox.exe] → crash [@ _moz_cairo_pixman_composite_src_8888x8888mmx ]
Version: unspecified → Trunk
I had the 2.0 and 1.5 crashes, but TB did not launch in either instance. As I can't reproduce, we should assume this is Gfx->Thebes only.
Comment 5•18 years ago
|
||
I crashed the trunk on both Win2k and WinXP. The talkbacks were like the first two comments. But I could not get 1.5.0.7 to crash on either OS. The earliest build in the talkback reports with the cairo signature is 2006102704. Looking at the 24 hours previous to that: http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=PhoenixTinderbox&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2006-10-26+04%3A00%3A00&maxdate=2006-10-27+04%3A00%3A00&cvsroot=%2Fcvsroot This looks a lot like it's due to bug 356354. This is crashing in fbmmx.c and that bug's patch made changes to that file.
Comment 6•18 years ago
|
||
No crash for me in Linux (Minefield 2006110104)
Reporter | ||
Comment 7•18 years ago
|
||
(In reply to comment #5) > The earliest build in the talkback reports with the cairo signature is > 2006102704. > Looking at the 24 hours previous to that: > http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=PhoenixTinderbox&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2006-10-26+04%3A00%3A00&maxdate=2006-10-27+04%3A00%3A00&cvsroot=%2Fcvsroot > > This looks a lot like it's due to bug 356354. This is crashing in fbmmx.c and > that bug's patch made changes to that file. > the firefox-3.0a1.en-US.win32_20061026_1611pdt build, from just before bug 356354 landed, crashes like the current ones.
Reporter | ||
Comment 8•18 years ago
|
||
For as far as I can see this regressed between: works in firefox-3.0a1.en-US.win32_20061026_1003pdt build fails in firefox-3.0a1.en-US.win32_20061026_1234pdt build http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&filetype=match&whotype=match&sortby=Date&hours=2&date=explicit&mindate=20061026+091500&maxdate=20061026+123400&cvsroot=%2Fcvsroot which would suggest bug 357761
Comment 9•18 years ago
|
||
Looks can be deceiving. :( I've yet to crash in 2006102604. If that holds up. :) Then there are two other thebes checkins in the reduced regression window: bug 357761 and the patch for both bug 352488 and bug 324803.
Updated•18 years ago
|
QA Contact: general → thebes
Comment 10•18 years ago
|
||
WFM (Vista Build 5744) Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9a1) Gecko/20061101 Minefield/3.0a1 ID:2006110104 [cairo]
Comment 11•18 years ago
|
||
(In reply to comment #8) > For as far as I can see this regressed between: > > works in firefox-3.0a1.en-US.win32_20061026_1003pdt build > fails in firefox-3.0a1.en-US.win32_20061026_1234pdt build > > http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&filetype=match&whotype=match&sortby=Date&hours=2&date=explicit&mindate=20061026+091500&maxdate=20061026+123400&cvsroot=%2Fcvsroot > > which would suggest bug 357761 > Doing what little debugging that I can and looking at bug 357761 I see that nsThebesImage::ThebesDrawTile was added in that bug and is in the call stack when I crash.
Assignee | ||
Comment 12•18 years ago
|
||
Can you guys that are crashing post CPU info? I can't reproduce this crash (Pentium M 2.13ghz) in either debug or the release nightly builds.
Reporter | ||
Comment 13•18 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20061102 Minefield/3.0a1 ID:2006110208 [cairo] om an AMD Athlon 850Mhz
Comment 14•18 years ago
|
||
Both of my machines are Pentium 4s (3.06 gHz). Would posting a stack help?
Comment 15•18 years ago
|
||
Celeron D 2.80GHz TB will not launch for me with this crash. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20061106 Minefield/3.0a1 ID:2006110604 [cairo]
Reporter | ||
Updated•18 years ago
|
Keywords: regression
Comment 16•18 years ago
|
||
WFM with Prescott 2.4A.
Comment 17•18 years ago
|
||
Ok, I can reproduce in a debug build now, this is the backtrace I get. If you need more/other info, just ask.
Assignee | ||
Comment 18•18 years ago
|
||
So the intermediate bandaid would be to just disable MMX; it's not really crucial for browser performance, it more helps SVG, and we can figure out what's going on here after the alpha.
Flags: blocking1.9? → blocking1.9+
Whiteboard: [blocking1.9a1+]
Assignee | ||
Updated•18 years ago
|
Assignee: nobody → vladimir
Assignee | ||
Comment 19•18 years ago
|
||
Let's disable MMX as a workaround for 1.9a1 and fix after. (I'll leave this bug open even after checking in.)
Attachment #245270 -
Flags: review?(pavlov)
Updated•18 years ago
|
Attachment #245270 -
Flags: review?(pavlov) → review+
Assignee | ||
Comment 20•18 years ago
|
||
MMX disabled on the trunk, clearing 1.9a1+. We should revisit this after the alpha though, because we do want the MMX optimizations to be on.
Whiteboard: [blocking1.9a1+]
Reporter | ||
Comment 21•18 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20061110 Minefield/3.0a1 ID:2006111015 [cairo] - with MMX disabled hmm, I'm still crashing on this Vlad
Assignee | ||
Comment 22•18 years ago
|
||
(In reply to comment #21) > Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20061110 > Minefield/3.0a1 ID:2006111015 [cairo] - with MMX disabled > > hmm, I'm still crashing on this Vlad Uh. You're crashing on that mmx function with MMX disabled? Or crashing on the page?
Comment 23•18 years ago
|
||
It crashes but at a new place:TB25821706W That crash is from this build: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20061110 Minefield/3.0a1 ID:2006111016 [cairo]
Reporter | ||
Comment 24•18 years ago
|
||
same stack here Incident ID: 25830018 Stack Signature fbCompositeSrc_8888x8888 14dcaf63 Product ID FirefoxTrunk Build ID 2006111014 Trigger Time 2006-11-10 23:33:58.0 Platform Win32 Operating System Windows NT 5.0 build 2195 Module firefox.exe + (0053a67a) URL visited User Comments Bug 359054 after MMX disabled Since Last Crash 1209 sec Total Uptime 1330 sec Trigger Reason Access violation Source File, Line No. e:\builds\tinderbox\fx-trunk\winnt_5.2_depend\mozilla\gfx\cairo\libpixman\src\fbpict.c, line 628 Stack Trace fbCompositeSrc_8888x8888 [mozilla\gfx\cairo\libpixman\src\fbpict.c, line 628] _moz_cairo_pixman_composite [mozilla\gfx\cairo\libpixman\src\fbpict.c, line 1596] _cairo_image_surface_composite [mozilla\gfx\cairo\cairo\src\cairo-image-surface.c, line 830]
Comment 25•18 years ago
|
||
I crash with the same stacktrace at http://simon.incutio.com/ . That site has an animated gif at the right top of the page. That image also looks garbled sometimes in current trunk builds.
Reporter | ||
Comment 26•18 years ago
|
||
Do we need a different bug for the current crash ?
Comment 27•18 years ago
|
||
I don't think so, it seems to me also that the disabling MMX can be undone as it doesn't seem to fix the crash.
Reporter | ||
Updated•18 years ago
|
Summary: crash [@ _moz_cairo_pixman_composite_src_8888x8888mmx ] → crash [@ _moz_cairo_pixman_composite_src_8888x8888mmx ] [@ fbCompositeSrc_8888x8888]
Assignee | ||
Comment 28•18 years ago
|
||
Ugh, putting blocking back; I was hoping it would be just MMX, but apparently it's not. I still can't reproduce this, but luckily a number of the people who can reproduce are here at the office this week, so I'll try to get a hold of people this week and figure out try to figure out what's going on.
Whiteboard: [blocking1.9a1+]
Assignee | ||
Comment 29•18 years ago
|
||
So here's a potential fix; I wasn't able to crash my build with this applied, but it takes me a while to get to the crash (usually with wallpapers.org and doing a lot of scrolling). Martijn, could you test your build with this patch and see if you can hit it? For reference, the issue that I think is that the ownership/refcounting model between gfxASurface and cairo_surface still isn't 100% correct, and that the temporary surface that gets created (because xPadding/yPadding are not 0) is getting deallocated before cairo's done with it. This is because gfxImageSurface allocates data and owns it, which it then frees in the destructor -- but cairo may have increased the refcnt on the cairo_surface_t. The real fix for this is to clean up our refcounting story once and for all -- that is, the cairo_surface_t should hold the hard refcount, and we should only delete the gfx*Surface wrapper when that refcount goes to 0. But this patch shold bandaid around this issue until the full one gets fixed.
Comment 30•18 years ago
|
||
(In reply to comment #29) > So here's a potential fix; I wasn't able to crash my build with this applied, > but it takes me a while to get to the crash (usually with wallpapers.org and > doing a lot of scrolling). Martijn, could you test your build with this patch > and see if you can hit it? Yeah, that patch seems to fix the crash. I browsed a few minutes through the galleries and I didn't crash with the patch (normally I would crash within a minute).
Comment 31•18 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20061126 Minefield/3.0a1 ID:2006112604 [cairo] Just got this while normal browsing. http://talkback-public.mozilla.org/search/start.jsp?search=2&type=iid&id=TB26527883Y Incident ID: 26527883 Stack Signature fbCompositeSrc_8888x8888 14dcaf63 Product ID FirefoxTrunk Build ID 2006112604 Trigger Time 2006-11-26 13:23:27.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module firefox.exe + (00511c96) URL visited User Comments Since Last Crash 3848 sec Total Uptime 3848 sec Trigger Reason Access violation Source File, Line No. e:\builds\tinderbox\fx-trunk\winnt_5.2_depend\mozilla\gfx\cairo\libpixman\src\fbpict.c, line 627 Stack Trace fbCompositeSrc_8888x8888 [mozilla\gfx\cairo\libpixman\src\fbpict.c, line 627] _moz_cairo_pixman_composite [mozilla\gfx\cairo\libpixman\src\fbpict.c, line 1892] _cairo_image_surface_composite [mozilla\gfx\cairo\cairo\src\cairo-image-surface.c, line 819]
Comment 32•18 years ago
|
||
*** Bug 361937 has been marked as a duplicate of this bug. ***
Comment 33•18 years ago
|
||
load this page http://www.arena-magazine.dk/page/638 and start scrolling I crash all the time
Assignee | ||
Comment 34•18 years ago
|
||
Comment on attachment 246347 [details] [diff] [review] potential fix Ok, let's go with this fix for now; I need to redo the refcounting stuff for surfaces, but that'll take a bit.
Attachment #246347 -
Flags: review?(pavlov)
Updated•18 years ago
|
Attachment #246347 -
Flags: review?(pavlov) → review+
Assignee | ||
Comment 35•18 years ago
|
||
Checked in, and mmx reenabled.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 36•18 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20061127 Minefield/3.0a1 ID:2006112714 [cairo] VERIFIED, No crashes on pages that crashed before
Comment 37•18 years ago
|
||
Given that MMX is apparently not to blame for this bug, why are we not using it in 1.8.1.x? The file with the MMX code, fbmmx.c, is not included in the 1.8.1.1 make file.
Comment 38•18 years ago
|
||
(In reply to comment #37) > Given that MMX is apparently not to blame for this bug, why are we not using it > in 1.8.1.x? The file with the MMX code, fbmmx.c, is not included in the > 1.8.1.1 make file. > Cairo/Thebes is only in 1.9.
Comment 39•18 years ago
|
||
Doesn't 1.8 use Cairo for SVG?
Comment 40•18 years ago
|
||
(In reply to comment #39) > Doesn't 1.8 use Cairo for SVG? Yes, I'm running the mozlibpixman code right now in SeaMonkey v1.1.
Updated•13 years ago
|
Crash Signature: [@ _moz_cairo_pixman_composite_src_8888x8888mmx ]
[@ fbCompositeSrc_8888x8888]
You need to log in
before you can comment on or make changes to this bug.
Description
•