Closed Bug 785604 Opened 7 years ago Closed 3 years ago

crash in imgFrame::Init @ gfxImageSurface::gfxImageSurface

Categories

(Core :: ImageLib, defect, critical)

16 Branch
x86
Windows XP
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: scoobidiver, Unassigned)

References

Details

(Keywords: crash, regression, steps-wanted)

Crash Data

It's #19 top browser crasher in 16.0a2 with other crashes that share this signature.

Signature 	moz_abort | arena_run_split More Reports Search
UUID	2e332a41-2268-4924-b35c-e3a2f2120825
Date Processed	2012-08-25 03:17:07
Uptime	3397
Last Crash	57.3 minutes before submission
Install Age	56.6 minutes since version was first installed.
Install Time	2012-08-25 02:19:54
Product	Firefox
Version	16.0a2
Build ID	20120824042011
Release Channel	aurora
OS	Windows NT
OS Version	6.1.7601 Service Pack 1
Build Architecture	x86
Build Architecture Info	AuthenticAMD family 16 model 6 stepping 3
Crash Reason	EXCEPTION_BREAKPOINT
Crash Address	0x74bd1c09
App Notes 	
AdapterVendorID: 0x1002, AdapterDeviceID: 0x9712, AdapterSubsysID: 04891025, AdapterDriverVersion: 8.783.2.0
D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ 
Processor Notes 	This dump is too long and has triggered the automatic truncation routine
EMCheckCompatibility	True
Adapter Vendor ID	0x1002
Adapter Device ID	0x9712
Total Virtual Memory	4294836224
Available Virtual Memory	3647029248
System Memory Use Percentage	92
Available Page File	76038144
Available Physical Memory	311865344

Frame 	Module 	Signature 	Source
0 	mozglue.dll 	moz_abort 	memory/build/extraMallocFuncs.c:114
1 	mozglue.dll 	arena_run_split 	memory/mozjemalloc/jemalloc.c:3374
2 	mozglue.dll 	arena_malloc_large 	memory/mozjemalloc/jemalloc.c:4163
3 	mozglue.dll 	je_malloc 	memory/mozjemalloc/jemalloc.c:6291
4 	xul.dll 	gfxImageSurface::gfxImageSurface 	gfx/thebes/gfxImageSurface.cpp:111
5 	xul.dll 	imgFrame::Init 	image/src/imgFrame.cpp:192
6 	xul.dll 	mozilla::image::RasterImage::InternalAddFrame 	image/src/RasterImage.cpp:1044
7 	xul.dll 	mozilla::image::RasterImage::EnsureFrame 	image/src/RasterImage.cpp:1147
8 	xul.dll 	mozilla::image::nsJPEGDecoder::WriteInternal 	image/decoders/nsJPEGDecoder.cpp:361
9 	xul.dll 	mozilla::image::RasterImage::WriteToDecoder 	image/src/RasterImage.cpp:2382
10 	xul.dll 	mozilla::image::RasterImage::SyncDecode 	image/src/RasterImage.cpp:2531
11 	xul.dll 	mozilla::image::RasterImage::RequestDecode 	image/src/RasterImage.cpp:2483
12 	xul.dll 	imgRequestProxy::RequestDecode 	image/src/imgRequestProxy.cpp:315
13 	xul.dll 	LockEnumerator 	content/base/src/nsDocument.cpp:8314
14 	xul.dll 	nsBaseHashtable<nsDepCharHashKey,xptiInterfaceEntry*,xptiInterfaceEntry*>::s_Enu 	obj-firefox/dist/include/nsBaseHashtable.h:400
15 	xul.dll 	PL_DHashTableEnumerate 	obj-firefox/xpcom/build/pldhash.cpp:715
16 	xul.dll 	nsDocument::SetImageLockingState 	content/base/src/nsDocument.cpp:8342
17 	xul.dll 	PresShell::SetIsActive 	layout/base/nsPresShell.cpp:8960
18 	xul.dll 	nsDocShell::SetIsActive 	docshell/base/nsDocShell.cpp:5014
19 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:70
20 	xul.dll 	XPCWrappedNative::CallMethod 	js/xpconnect/src/XPCWrappedNative.cpp:2418
21 	xul.dll 	XPCWrappedNative::SetAttribute 	js/xpconnect/src/xpcprivate.h:2819
22 	xul.dll 	XPC_WN_GetterSetter 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1514
...

More reports at:
https://crash-stats.mozilla.com/report/list?signature=moz_abort+|+arena_run_split
Presumably this is an OOM or Out-of-address-space? Points to http://hg.mozilla.org/releases/mozilla-aurora/annotate/128124e804df/memory/mozjemalloc/jemalloc.c#l1955 which only aborts if VirtualAlloc or mmap fail.
Keywords: needURLs
Is this generally only seen on D2D enabled builds? Or are there also non-D2D builds in there?
(In reply to Bas Schouten (:bas) from comment #3)
> Is this generally only seen on D2D enabled builds? Or are there also non-D2D
> builds in there?
There are so many different crashes behind this crash signature that it's hard to find one with the stack trace in comment 0. The fix of bug 778404 would help a lot.
I tried reaching out to a couple of users who reported this crash, and which seemed to list specific steps that got them into this problem, but I haven't heard back. Reading the comments you can see that a lot of people were just using Facebook or Gmail and the browser suddenly crashes with no apparent associated action.
Crash Signature: [@ moz_abort | arena_run_split] → [@ moz_abort | arena_run_split] [@ moz_abort | arena_run_split | arena_malloc_large | je_malloc | gfxImageSurface::gfxImageSurface]
Crash Signature: [@ moz_abort | arena_run_split] [@ moz_abort | arena_run_split | arena_malloc_large | je_malloc | gfxImageSurface::gfxImageSurface] → [@ moz_abort | arena_run_split] [@ moz_abort | arena_run_split | arena_malloc_large | je_malloc | gfxImageSurface::gfxImageSurface(nsIntSize const&, gfxASurface::gfxImageFormat, bool)]
With the skiplist, we know now the right ranking: #97 in 19.0.2, #64 in 20.0b6, and #136 in 21.0a2

(In reply to Bas Schouten (:bas.schouten) from comment #3)
> Is this generally only seen on D2D enabled builds? Or are there also non-D2D
> builds in there?
It's not related to Direct2D because 68% of crashes happen on Windows XP.

It has more to do with images in secure connections and I think ImageLib is the right component. See:
  moz_abort | arena_run_split | arena_malloc_large | je_malloc | gfxImageSurface::gfxImageSurface(nsIntSize const&, gfxASurface::gfxImageFormat, bool)|EXCEPTION_BREAKPOINT (142 crashes)
    100% (142/142) vs.  49% (86615/177218) shdocvw.dll
    100% (142/142) vs.  52% (92823/177218) nssckbi.dll
    100% (142/142) vs.  53% (94773/177218) freebl3.dll
    100% (142/142) vs.  53% (94808/177218) nssdbm3.dll
    100% (142/142) vs.  54% (94859/177218) softokn3.dll
    100% (142/142) vs.  55% (97462/177218) winrnr.dll

More reports at:
https://crash-stats.mozilla.com/report/list?signature=moz_abort+|+arena_run_split+|+arena_malloc_large+|+je_malloc+|+gfxImageSurface%3A%3AgfxImageSurface%28nsIntSize+const%26%2C+gfxASurface%3A%3AgfxImageFormat%2C+bool%29
https://crash-stats.mozilla.com/report/list?signature=moz_abort+|+arena_run_split+|+arena_malloc_large+|+je_malloc+|+arena_bin_nonfull_run_get+|+gfxImageSurface%3A%3AgfxImageSurface%28nsIntSize+const%26%2C+gfxASurface%3A%3AgfxImageFormat%2C+bool%29
Crash Signature: [@ moz_abort | arena_run_split] [@ moz_abort | arena_run_split | arena_malloc_large | je_malloc | gfxImageSurface::gfxImageSurface(nsIntSize const&, gfxASurface::gfxImageFormat, bool)] → [@ moz_abort | arena_run_split] [@ moz_abort | arena_run_split | arena_malloc_large | je_malloc | gfxImageSurface::gfxImageSurface(nsIntSize const&, gfxASurface::gfxImageFormat, bool)] [@ moz_abort | arena_run_split | arena_malloc_large | je_malloc | ar…
Component: Graphics → ImageLib
OS: Windows 7 → Windows XP
Summary: crash in gfxImageSurface::gfxImageSurface → crash in imgFrame::Init @ gfxImageSurface::gfxImageSurface
Mozilla/5.0 (Windows NT 5.1; rv:25.0) Gecko/20130723 Firefox/25.0

Tested on 21.0.1 (buildID: 20130409194949) and latest Nightly (buildID: 20130723030205) with all the URLs from comment 2 with a special attention to facebook and gmail as stated in comment 5. I was not able to reproduce the issue using a clean profile and a dirty one as well. Is there anything I can help with further one here?
Crash Signature: , bool)] [@ moz_abort | arena_run_split | arena_malloc_large | je_malloc | arena_bin_nonfull_run_get | gfxImageSurface::gfxImageSurface(nsIntSize const&, gfxASurface::gfxImageFormat, bool) ] → , bool)] [@ moz_abort | arena_run_split | arena_malloc_large | je_malloc | arena_bin_nonfull_run_get | gfxImageSurface::gfxImageSurface(nsIntSize const&, gfxASurface::gfxImageFormat, bool) ] [@ moz_abort | arena_run_split | arena_malloc_large | je_mallo…
I am closing this bug as there are no recent reports with a currently supported version of Firefox.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.