Closed Bug 813024 Opened 13 years ago Closed 13 years ago

crash in mozilla::layers::BasicLayerManager::SetDefaultTarget

Categories

(Core :: Widget, defect)

Product:
Core
Component:
Widget
Version:
19 Branch
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla20
Tracking Flags:
Tracking Status
firefox18 --- verified
firefox19 + verified
firefox20 + verified
firefox-esr17 18+ verified
b2g18 --- fixed

People

(Reporter: scoobidiver, Assigned: tnikkel)

References

Details

(Keywords: crash, regression, topcrash, Whiteboard: [startupcrash])

Crash Data

Attachments

(3 files)

Backtrace
8.33 KB, text/plain
Details
Problem stack
46.16 KB, text/plain
Details
patch
1.99 KB, patch
roc
: review+
bajaj
: approval-mozilla-aurora+
bajaj
: approval-mozilla-beta+
akeybl
: approval-mozilla-esr17+
Details | Diff | Splinter Review
It's #5 top crasher (#3 non fixed) in 19.0a1 on Mac OS X. It first showed up in 19.0a1/20121026. The regression window might be (discontinuous across builds): http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=5c82f5a5e90d&tochange=5ecff3e46ed5 It might be related to bug 805745 (similar first frames and regression window). Signature mozilla::layers::BasicLayerManager::SetDefaultTarget(gfxContext*) More Reports Search UUID 94e22e90-16cd-4940-8a9f-bc8e22121117 Date Processed 2012-11-17 17:11:47 Uptime 2 Last Crash 24 seconds before submission Install Age 1.1 days since version was first installed. Install Time 2012-11-16 15:22:19 Product Firefox Version 19.0a1 Build ID 20121116030725 Release Channel nightly OS Mac OS X OS Version 10.7.5 11G63 Build Architecture amd64 Build Architecture Info family 6 model 37 stepping 5 Crash Reason EXC_BAD_ACCESS / KERN_INVALID_ADDRESS Crash Address 0xa00 App Notes AdapterVendorID: 0x1002, AdapterDeviceID: 0x68c0GL Context? GL Context+ GL Layers? GL Layers+ EMCheckCompatibility True Adapter Vendor ID 0x1002 Adapter Device ID 0x68c0 Frame Module Signature Source 0 XUL mozilla::layers::BasicLayerManager::SetDefaultTarget dist/include/nsISupportsImpl.h:276 1 XUL nsBaseWidget::AutoLayerManagerSetup::~AutoLayerManagerSetup nsBaseWidget.cpp:756 2 XUL -[ChildView drawRect:inContext:alternate:] nsChildView.mm:2517 3 XUL -[ChildView drawRect:inTitlebarContext:] nsChildView.mm:2411 4 XUL TitlebarDrawCallback nsCocoaWindow.mm:2913 5 CoreGraphics CoreGraphics@0x251e74 6 libRIP.A.dylib libRIP.A.dylib@0x1b886 More reports at: https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Alayers%3A%3ABasicLayerManager%3A%3ASetDefaultTarget%28gfxContext*%29
There's 23 crashes overall with this signature, a lot of those dupes, not sure if this is more than 3-4 people seeing this crash at all. Might be worth a look if there's something one can spot with easy code inspection, but not sure we need to track at this stage.
Let's wait to see if this persists on Aurora.
(In reply to Alex Keybl [:akeybl] from comment #2) > Let's wait to see if this persists on Aurora. I upgraded my Aurora from 18 to 19 today and I couldn't launch the browser without crashing it :| So after 4-5 crashes, I'm finally using it..and looking at this report. https://crash-stats.mozilla.com/report/index/bp-514f46b7-2b6e-442c-93ad-0cc052121128
Also, startup time is much higher on 19.0a compared to the previous one. Magnitude of a more than few seconds
(In reply to Shyam Mani [:fox2mike] from comment #4) > Also, startup time is much higher on 19.0a compared to the previous one. > Magnitude of a more than few seconds Please file a separate bug for the startup perf issue you're running into. Now that we've had somebody internally run into this crash, makes sense to investigate. Throwing this one over to roc to help find an assignee. Note: this is mac only right now.
Assignee: nobody → roc
tracking-firefox19: ?+
It does look a lot like a Mac version of bug 805745. Let's hope Timothy can fix that.
Assignee: roc → tnikkel
Depends on: 805745
I hit this and was unable to start Firefox with my default profile until I opened it in safe mode.
Should be fixed by bug 805745.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
status-firefox20: --- → fixed
Target Milestone: --- → mozilla20
It's not fixed. There are still crashes after the patch of bug 805745 landed.
Status: RESOLVED → REOPENED
status-firefox20: fixedaffected
Resolution: FIXED → ---
Could you point me to those crashes? I can't find them. Note that the first nightly that has bug 805745 is 2012-12-14 (it didn't make the m-c merge for 2012-12-13).
(In reply to Timothy Nikkel (:tn) from comment #10) > Could you point me to those crashes? Follow the link in comment 0. It seems even worse than before.
Ok, interesting. Those didn't show up following the link for it from the top crashes. Those crashes are all in alternate paints, which is Mac only. I'll look into it.
The spike in 20.0a1/20121214 is caused by bug 805745.
Blocks: 805745
tracking-firefox20: --- → ?
No longer depends on: 805745
This is preventing me from starting nightly at all and is 100% reproducible. I'll see if I can reproduce with a debug build.
Likewise, I hit this on nightly and had to use safe mode to be able to start the browser.
It seems like this new crash is worse then what is fixed by the offending patch from bug 805745 so I'll back it out until we have a fix for this.
Attached file Backtrace
From an up-to-date debug build.
Attached file Problem stack
Here's the problem: we perform a paint, and when we run scripts we end up running a sync XHR which causes a nested paint to begin.
Attached patch patchSplinter Review
So this just makes us do the right thing if we have nested painting calls and hence nested AutoUseBasicLayerManager's. It would be nice if we could get rid of all nested painted, but I'm not sure if that is possible, and we'll want a branch patch for this issue anyway.
Attachment #692817 - Flags: review?(roc)
https://hg.mozilla.org/mozilla-central/rev/82d45d6f8964
Status: REOPENED → RESOLVED
Closed: 13 years ago13 years ago
Resolution: --- → FIXED
Hmm, I'm continuing to crash on startup in nightly builds: https://crash-stats.mozilla.com/report/index/bp-303f0f41-dc05-4e5e-bb55-70d512121217
This patch didn't make the 2012-12-17 nightly, so that is expected.
Comment on attachment 692817 [details] [diff] [review] patch We want this because bug 805745 makes this bug worse. [Approval Request Comment] Bug caused by (feature/regressing bug #): not sure, the problematic code exists at least as far back as 18 User impact if declined: crashes in some situations with certain addons Testing completed (on m-c, etc.): been on nightly Risk to taking this patch (and alternatives if risky): this is a straight forward patch that clearly does the right thing String or UUID changes made by this patch: none
Attachment #692817 - Flags: approval-mozilla-beta?
Attachment #692817 - Flags: approval-mozilla-aurora?
Attachment #692817 - Flags: approval-mozilla-beta?
Attachment #692817 - Flags: approval-mozilla-beta+
Attachment #692817 - Flags: approval-mozilla-aurora?
Attachment #692817 - Flags: approval-mozilla-aurora+
Comment on attachment 692817 [details] [diff] [review] patch [Approval Request Comment] If this is not a sec:{high,crit} bug, please state case for ESR consideration: want this so that bug 805745 doesn't have any chance of making crashes more frequent User impact if declined: maybe some amount of crashes Fix Landed on Version: 18, 19, 20 Risk to taking this patch (and alternatives if risky): simple straight forward patch String or UUID changes made by this patch: none See https://wiki.mozilla.org/Release_Management/ESR_Landing_Process for more info.
Attachment #692817 - Flags: approval-mozilla-esr17?
Attachment #692817 - Flags: approval-mozilla-esr17? → approval-mozilla-esr17+
QA Contact: ioana.budnar
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: