Closed Bug 603069 Opened 15 years ago Closed 12 years ago

[D2D] crash mainly at start-up on Windows 7 [@ HwTextFilter::PrepareFilterState(CD3DSurface*, CD3DSurface*, CD3DSurface*, DWRITE_RASTER_TYPE) ]

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: scoobidiver, Unassigned)

Details

(Keywords: crash, regression)

Crash Data

Build: Mozilla/5.0 (Windows NT 6.1; rv:2.0b8pre) Gecko/20101008 Firefox/4.0b8pre This is a new crash signature. Crashes first appeared in b8pre/20101007 build. It happens mainly at start-up on Windows 7. It is #8 top crasher in b8pre/20101008 build. Signature HwTextFilter::PrepareFilterState(CD3DSurface*, CD3DSurface*, CD3DSurface*, DWRITE_RASTER_TYPE) UUID 87b95bd0-16e9-427e-b6d2-a2d372101008 Time 2010-10-08 06:16:02.584159 Uptime 1 Last Crash 1 seconds before submission Install Age 30 seconds since version was first installed. Product Firefox Version 4.0b8pre Build ID 20101008041525 Branch 2.0 OS Windows NT OS Version 6.1.7600 CPU x86 CPU Info GenuineIntel family 6 model 15 stepping 6 Crash Reason EXCEPTION_ACCESS_VIOLATION_WRITE Crash Address 0x90 App Notes AdapterVendorID: 10de, AdapterDeviceID: 0191 Frame Module Signature [Expand] Source 0 d2d1.dll HwTextFilter::PrepareFilterState 1 d2d1.dll TextStageManager::CompleteRendering 2 d2d1.dll CHwSurfaceRenderTarget::FlushQueuedOperations 3 d2d1.dll CBatchSerializer::FlushInternal 4 d2d1.dll CBatchSerializer::FlushInternalAndTryIncreaseStorage 5 d2d1.dll DrawingContext::FillRectangle 6 d2d1.dll D2DRenderTargetBase<ID2D1HwndRenderTarget>::FillRectangle 7 xul.dll _cairo_d2d_fill gfx/cairo/cairo/src/cairo-d2d-surface.cpp:3386 8 xul.dll _cairo_surface_fill gfx/cairo/cairo/src/cairo-surface.c:2216 9 xul.dll _cairo_gstate_fill gfx/cairo/cairo/src/cairo-gstate.c:1184 10 xul.dll _moz_cairo_fill_preserve gfx/cairo/cairo/src/cairo.c:2338 11 xul.dll gfxSurfaceDrawable::Draw gfx/thebes/gfxDrawable.cpp:173 12 xul.dll gfxUtils::DrawPixelSnapped gfx/thebes/gfxUtils.cpp:417 13 xul.dll imgFrame::Draw modules/libpr0n/src/imgFrame.cpp:488 14 xul.dll mozilla::imagelib::RasterImage::Draw modules/libpr0n/src/RasterImage.cpp:2432 15 xul.dll DrawImageInternal layout/base/nsLayoutUtils.cpp:3068 16 xul.dll nsLayoutUtils::DrawSingleImage layout/base/nsLayoutUtils.cpp:3185 17 xul.dll nsImageBoxFrame::PaintImage layout/xul/base/src/nsImageBoxFrame.cpp:393 18 xul.dll nsDisplayXULImage::Paint layout/xul/base/src/nsImageBoxFrame.cpp:343 19 xul.dll mozilla::FrameLayerBuilder::DrawThebesLayer layout/base/FrameLayerBuilder.cpp:1684 20 xul.dll mozilla::layers::ThebesLayerD3D9::DrawRegion gfx/layers/d3d9/ThebesLayerD3D9.cpp:345 21 xul.dll mozilla::layers::ThebesLayerD3D9::RenderLayer gfx/layers/d3d9/ThebesLayerD3D9.cpp:223 22 xul.dll mozilla::layers::ContainerLayerD3D9::RenderLayer gfx/layers/d3d9/ContainerLayerD3D9.cpp:218 23 xul.dll mozilla::layers::LayerManagerD3D9::Render gfx/layers/d3d9/LayerManagerD3D9.cpp:290 24 xul.dll mozilla::layers::LayerManagerD3D9::EndTransaction gfx/layers/d3d9/LayerManagerD3D9.cpp:158 25 xul.dll nsDisplayList::PaintForFrame layout/base/nsDisplayList.cpp:452 26 xul.dll nsLayoutUtils::PaintFrame layout/base/nsLayoutUtils.cpp:1429 27 xul.dll PresShell::Paint layout/base/nsPresShell.cpp:6116 28 xul.dll nsRegion::SubRect gfx/src/nsRegion.cpp:1111 29 xul.dll nsViewManager::RenderViews view/src/nsViewManager.cpp:447 The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=dee1e01fd8ed&tochange=5bb4f093a50b More reports at: http://crash-stats.mozilla.com/report/list?range_value=4&range_unit=weeks&signature=HwTextFilter%3A%3APrepareFilterState%28CD3DSurface*%2C%20CD3DSurface*%2C%20CD3DSurface*%2C%20DWRITE_RASTER_TYPE%29
blocking2.0: --- → ?
Summary: [D2D] crashmainly at start-up on Windows 7 [@ HwTextFilter::PrepareFilterState(CD3DSurface*, CD3DSurface*, CD3DSurface*, DWRITE_RASTER_TYPE) ] → [D2D] crash mainly at start-up on Windows 7 [@ HwTextFilter::PrepareFilterState(CD3DSurface*, CD3DSurface*, CD3DSurface*, DWRITE_RASTER_TYPE) ]
Hrm, so this started appearing the same time as Bug 603071. I wonder if there is some sort of correlation.
So, this occurs when flushing the text rendering calls in the pipeline. Since the regression range contains a bunch of text rendering changes I'm wondering whether they could have something to do with this? Jfkthame, could you have a look at this?
AdapterVendorID: 10de, AdapterDeviceID: 0191 This only appears to happen on this device, which is an NVidia 8800 GTX I believe.
(In reply to comment #2) > the regression range contains a bunch of text rendering changes I'm wondering > whether they could have something to do with this? The main font-related changes (apart from some Mac-only fixes) are the landing and integration of OTS, the sanitizer for downloadable fonts. I don't see how that could be a factor here. The crash address is consistently 0x90, which sounds like it's probably related to a null pointer somewhere. Any possibility that the surface's RenderTarget or brush might not be valid?
(In reply to comment #4) > (In reply to comment #2) > > the regression range contains a bunch of text rendering changes I'm wondering > > whether they could have something to do with this? > > The main font-related changes (apart from some Mac-only fixes) are the landing > and integration of OTS, the sanitizer for downloadable fonts. I don't see how > that could be a factor here. > > The crash address is consistently 0x90, which sounds like it's probably related > to a null pointer somewhere. Any possibility that the surface's RenderTarget or > brush might not be valid? Extremely unlikely, and nothing that touched any of that code in the regression range, fwiw. Could it be a font that gets sanitized in an improper way?
(In reply to comment #5) > Extremely unlikely, and nothing that touched any of that code in the regression > range, fwiw. Could it be a font that gets sanitized in an improper way? I don't thikn so. If so, it would probably not load the font at all - or crash within platform rasterizer code. This doesn't look at all like the font-related crashes we've seen in the past. Copying jdaggett for any comments.... A testcase that reproduces the crash would be great, or even just a clue to the URLs where crashes are happening. With so many of them showing uptime=1, I wonder if they've even got as far as trying to load any downloadable fonts?
OS: Windows 7 → Windows XP
(In reply to comment #6) > (In reply to comment #5) > > Extremely unlikely, and nothing that touched any of that code in the regression > > range, fwiw. Could it be a font that gets sanitized in an improper way? > > I don't thikn so. If so, it would probably not load the font at all - or crash > within platform rasterizer code. This doesn't look at all like the font-related > crashes we've seen in the past. > > Copying jdaggett for any comments.... > > A testcase that reproduces the crash would be great, or even just a clue to the > URLs where crashes are happening. With so many of them showing uptime=1, I > wonder if they've even got as far as trying to load any downloadable fonts? That's a good reason why it shouldn't be OTS. I'm surprised that it's all the exact same device though, I wonder if it's all the same user that has something broken?
> I wonder if it's all the same user that has something broken? There are two series of successive crashes, with same device id and same CPU, so there is only one user with this crash signature. So the regression range in comment 0 is not necessarily the good one. I think it could be linked to the lastpass extension and its associated lpxpcom.dll file.
(In reply to comment #8) > > I wonder if it's all the same user that has something broken? > There are two series of successive crashes, with same device id and same CPU, > so there is only one user with this crash signature. So the regression range in > comment 0 is not necessarily the good one. > I think it could be linked to the lastpass extension and its associated > lpxpcom.dll file. Interesting, thanks for that information! In that case this is atleast blocking-!
blocking2.0: ? → ---
Crash Signature: [@ HwTextFilter::PrepareFilterState(CD3DSurface*, CD3DSurface*, CD3DSurface*, DWRITE_RASTER_TYPE) ]
There have been only one crash in 8.0 for the last four weeks.
There have been no crashes for the last four weeks.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.