Closed Bug 793416 Opened 12 years ago Closed 8 years ago

crash in gfxXlibNativeRenderer::Draw with gfx.content.azure.enabled/cairo

Categories

(Core :: Graphics, defect)

18 Branch
All
Linux
defect
Not set
critical

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: scoobidiver, Unassigned)

References

Details

(Keywords: crash, regression)

Crash Data

It has been hit by two users several times from 18.0a1/20120921. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=1e56d3016820&tochange=48c4938eaf57
It's likely a regression from bug 772726.

Signature 	gfxXlibNativeRenderer::Draw More Reports Search
UUID	09a493b5-a955-4bfb-a32d-1537f2120921
Date Processed	2012-09-21 14:39:38
Uptime	1388
Last Crash	28.4 minutes before submission
Install Age	2.6 hours since version was first installed.
Install Time	2012-09-21 20:03:42
Product	Firefox
Version	18.0a1
Build ID	20120921030601
Release Channel	nightly
OS	Linux
OS Version	0.0.0 Linux 3.5.3-1-ARCH #1 SMP PREEMPT Sun Aug 26 08:15:06 UTC 2012 i686
Build Architecture	x86
Build Architecture Info	AuthenticAMD family 16 model 5 stepping 2
Crash Reason	SIGSEGV
Crash Address	0x4
App Notes 	
OpenGL: X.Org -- Gallium 0.4 on AMD RS780 -- 2.1 Mesa 8.0.4 -- texture_from_pixmap
libGL.so.1? libGL.so.1+ GL Context? GL Context+ GL Layers? GL Layers+ 
EMCheckCompatibility	True

Frame 	Module 	Signature 	Source
0 	libxul.so 	gfxXlibNativeRenderer::Draw 	gfx/thebes/gfxASurface.h:110
1 	libxul.so 	gfxGdkNativeRenderer::Draw 	gfx/thebes/gfxGdkNativeRenderer.cpp:61
2 	libxul.so 	nsNativeThemeGTK::DrawWidgetBackground 	widget/gtk2/nsNativeThemeGTK.cpp:823
3 	libxul.so 	nsCSSRendering::PaintBackgroundWithSC 	layout/base/nsCSSRendering.cpp:2367
4 	libxul.so 	nsCSSRendering::PaintBackground 	layout/base/nsCSSRendering.cpp:1523
5 	libxul.so 	nsDisplayBackground::Paint 	layout/base/nsDisplayList.cpp:1981
6 	libxul.so 	mozilla::FrameLayerBuilder::DrawThebesLayer 	layout/base/FrameLayerBuilder.cpp:3019
7 	libxul.so 	mozilla::layers::BasicThebesLayer::PaintThebes 	gfx/layers/basic/BasicThebesLayer.cpp:140
8 	libxul.so 	mozilla::layers::BasicLayerManager::PaintSelfOrChildren 	gfx/layers/basic/BasicLayerManager.cpp:822
9 	libxul.so 	mozilla::layers::BasicLayerManager::PaintLayer 	gfx/layers/basic/BasicLayerManager.cpp:941
10 	libxul.so 	mozilla::layers::BasicLayerManager::PaintSelfOrChildren 	gfx/layers/basic/BasicLayerManager.cpp:837
11 	libxul.so 	mozilla::layers::BasicLayerManager::PaintLayer 	gfx/layers/basic/BasicLayerManager.cpp:941
12 	libxul.so 	mozilla::layers::BasicLayerManager::EndTransactionInternal 	gfx/layers/basic/BasicLayerManager.cpp:585
13 	libxul.so 	nsDisplayList::PaintForFrame 	layout/base/nsDisplayList.cpp:1065
14 	libxul.so 	nsDisplayList::PaintRoot 	layout/base/nsDisplayList.cpp:953
15 	libxul.so 	nsLayoutUtils::PaintFrame 	layout/base/nsLayoutUtils.cpp:1867
16 	libxul.so 	PresShell::RenderDocument 	layout/base/nsPresShell.cpp:4342
17 	libxul.so 	nsCanvasRenderingContext2DAzure::DrawWindow 	content/canvas/src/nsCanvasRenderingContext2DAzure.cpp:3979
18 	libxul.so 	mozilla::dom::CanvasRenderingContext2DBinding::drawWindow 	obj-firefox/dom/bindings/CanvasRenderingContext2DBinding.cpp:1875
19 	libxul.so 	mozilla::dom::CanvasRenderingContext2DBinding::genericMethod 	obj-firefox/dom/bindings/CanvasRenderingContext2DBinding.cpp:2577
20 	libxul.so 	js::InvokeKernel 	js/src/jscntxtinlines.h:370
21 	libxul.so 	js::Interpret 	js/src/jsinterp.cpp:2454
22 	libxul.so 	js::RunScript 	js/src/jsinterp.cpp:324
...

More reports at:
https://crash-stats.mozilla.com/report/list?signature=gfxXlibNativeRenderer%3A%3ADraw
I see this happen with a fresh profile, only change being gfx.content.azure.enabled being created and set to true.
It always crashes on the same sites, upon viewing the content.

Example of sites affected:
reddit.com
bugzilla.mozilla.org
mozillazine.org

Example of sites not affected:
en.wikipedia.org
caniuse.com
youtube.com
aftonbladet.se


Any other information that might be of assistance?

I'm currently looking into using mozregression to find a specific changeset.
Bug 524410 means the stack is not as helpful here as it could be.

Guessing the missing frames are

http://hg.mozilla.org/mozilla-central/annotate/48c4938eaf57/gfx/thebes/gfxXlibNativeRenderer.cpp#l299
http://hg.mozilla.org/mozilla-central/annotate/48c4938eaf57/gfx/thebes/gfxXlibNativeRenderer.cpp#l513

suggesting that ctx->CurrentSurface() is returning null.

Looks like the X11 port is not ready for gfx.content.azure.enabled.
Depends on: 524410
From 19.0a1/20121009, every crash signatures on Linux have a Windows look.
For this bug, more reports at: https://crash-stats.mozilla.com/report/list?signature=gfxXlibNativeRenderer%3A%3ADraw%28gfxContext*%2C+nsIntSize%2C+unsigned+int%2C+Screen*%2C+Visual*%2C+gfxXlibNativeRenderer%3A%3ADrawOutput*%29
Crash Signature: [@ gfxXlibNativeRenderer::Draw] → [@ gfxXlibNativeRenderer::Draw] [@ gfxXlibNativeRenderer::Draw(gfxContext*, nsIntSize, unsigned int, Screen*, Visual*, gfxXlibNativeRenderer::DrawOutput*)]
Azure content isn't implemented on Linux so it will crash if you set gfx.content.azure.enabled to true.
I just hit this, with Firefox crashing a few seconds after launching on pretty much any page.
However, it only happens w/ azure set to cairo.  When set to skia, no crashes.
Summary: crash in gfxXlibNativeRenderer::Draw → crash in gfxXlibNativeRenderer::Draw with gfx.content.azure.enabled/cairo
(In reply to nemo from comment #5)
> However, it only happens w/ azure set to cairo.  When set to skia, no
> crashes.

It will ignore the setting unless you set it to cairo.
Oh? skia works for azure canvas, and I *thought* it worked for content w/ azure content enabled set to true.
m'k first I heard of this.

Odd 'cause I'd swear CSS transforms were no longer jagged w/ skia set.  Guess I'll recheck when I'm back at that machine tomorrow :)
Welp. No idea if you were right about skia (presumably are) but jagginess was exclusively due to layers.acceleration.force-enabled set to true or not.  Now I'm wondering if that was the reason for the crash instead :(  Although I'm not getting any crashes anymore with any combination of azure or layer acceleration.

Admittedly, the crappy fglrx driver does start failing more over time, as if it has some leak, that is resolved on restarting X, so, that could be muddying things.
One comment says: "You should probably consider forcing azure.enabled off when in safemode...".
All hardware acceleration is disabled in safe mode, though I guess if people are using azure content on unsupported systems, disabling it in safe mode would be a kind thing to do.
There was one report of this crash a month ago in Firefox 45 and a total of 11 reports going back a year. I don't foresee that we'll be doing anything about this at present volume. Please reopen this bug report if it's something we plan to address.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.