Closed Bug 880842 Opened 11 years ago Closed 11 years ago

crash in mozilla::gfx::DrawTargetCG::DrawSurface

Categories

(Core :: Graphics, defect)

24 Branch
All
macOS
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla24
Tracking Status
firefox23 --- unaffected
firefox24 + verified

People

(Reporter: scoobidiver, Assigned: snorp)

References

Details

(Keywords: crash, regression, topcrash, Whiteboard: [startupcrash])

Crash Data

Attachments

(1 file)

It first showed up in 24.0a1/20130607. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=204de5b7e0a6&tochange=dc8e78ed8c44
It's likely a regression from bug 848482.

Signature 	mozilla::gfx::DrawTargetCG::DrawSurface(mozilla::gfx::SourceSurface*, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::DrawSurfaceOptions const&, mozilla::gfx::DrawOpt... More Reports Search
UUID	efa7ddc8-01f9-40a6-aa1a-27fa32130607
Date Processed	2013-06-07 14:20:08
Uptime	5
Last Crash	10.8 minutes before submission
Install Age	22.1 minutes since version was first installed.
Install Time	2013-06-07 13:57:56
Product	Firefox
Version	24.0a1
Build ID	20130607031055
Release Channel	nightly
OS	Mac OS X
OS Version	10.6.8 10K549
Build Architecture	amd64
Build Architecture Info	family 6 model 23 stepping 10
Crash Reason	EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Crash Address	0x0
App Notes 	
AdapterVendorID: 0x10de, AdapterDeviceID: 0x 863GL Layers? GL Context? GL Context+ GL Layers+ 
Processor Notes 	sp-processor10_phx1_mozilla_com_12928:2012; SignatureTool: signature truncated due to length; exploitability tool: ERROR: unable to analyze dump
EMCheckCompatibility	True
Adapter Vendor ID	0x10de
Adapter Device ID	0x 863

Frame 	Module 	Signature 	Source
0 	XUL 	mozilla::gfx::DrawTargetCG::DrawSurface 	DrawTargetCG.cpp:198
1 	XUL 	mozilla::gfx::DrawTargetCG::CreateSourceSurfaceFromData const 	RefPtr.h:81
2 	XUL 	mozilla::gfx::DrawTargetCG::OptimizeSourceSurface const 	DrawTargetCG.cpp:210
3 	XUL 	mozilla::dom::CanvasRenderingContext2D::DrawWindow 	content/canvas/src/CanvasRenderingContext2D.cpp:3231
4 	XUL 	xpc_qsUnwrapArgImpl 	js/xpconnect/src/XPCQuickStubs.cpp:719
5 	XUL 	js::InvokeGetterOrSetter 	js/src/vm/Interpreter.cpp:512
6 	XUL 	js::ObjectImpl::nativeLookup 	js/src/vm/ObjectImpl.cpp:303
7 	XUL 	mozilla::dom::CanvasRenderingContext2DBinding::drawWindow 	obj-firefox/x86_64/dom/bindings/CanvasRenderingContext2DBinding.cpp:3168
8 	XUL 	mozilla::dom::CanvasRenderingContext2DBinding::genericMethod 	obj-firefox/x86_64/dom/bindings/CanvasRenderingContext2DBinding.cpp:4129
9 	XUL 	js::Invoke 	js/src/jscntxtinlines.h:349
10 	XUL 	js::GetPropertyOperation 	js/src/vm/Interpreter-inl.h:293
11 	XUL 	js::Interpret 	js/src/vm/Interpreter.cpp:2217
12 	libnss3.dylib 	PR_GetCurrentThread 	
13 	libSystem.B.dylib 	pthread_mutex_unlock 	
14 	XUL 	js::RunScript 	js/src/vm/Interpreter.cpp:352
15 	XUL 	js::UnwindScope 	js/src/vm/Interpreter.cpp:781
16 	XUL 	js::ion::HandleException 	js/src/ion/IonFrames.cpp:425
17 	GeForceGLDriver 	GeForceGLDriver@0x1 	
18 	XUL 	js::Invoke 	js/src/jscntxtinlines.h:349
19 	XUL 	nsThreadManager::GetIsMainThread 	xpcom/threads/nsThreadManager.cpp:274
20 	libnss3.dylib 	PR_GetCurrentThread 	
21 	XUL 	nsThreadManager::GetIsMainThread 	xpcom/threads/nsThreadManager.cpp:274
22 	libnss3.dylib 	PR_GetCurrentThread 	
23 	XUL 	nsThreadManager::GetIsMainThread 	xpcom/threads/nsThreadManager.cpp:274
24 	XUL 	NS_IsMainThread 	obj-firefox/x86_64/xpcom/build/nsThreadUtils.cpp:137
25 	XUL 	XPCCallContext::~XPCCallContext 	js/xpconnect/src/xpcprivate.h:485
26 	XUL 	XPC_WN_CallMethod 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1481
27 	libSystem.B.dylib 	memset_pattern4 	
28 	XUL 	js::ContextStack::pushInvokeFrame 	obj-firefox/x86_64/dist/include/js/Value.h:872
29 	XUL 	js::Invoke 	js/src/vm/Interpreter.cpp:408
30 	XUL 	js::Invoke 	js/src/jscntxtinlines.h:349
31 	XUL 	js::Invoke 	js/src/vm/Interpreter.cpp:441
32 	XUL 	js::ion::DoCallFallback 	js/src/ion/BaselineIC.cpp:6992

More reports at:
https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Agfx%3A%3ADrawTargetCG%3A%3ADrawSurface%28mozilla%3A%3Agfx%3A%3ASourceSurface*%2C+mozilla%3A%3Agfx%3A%3ARectTyped%3Cmozilla%3A%3Agfx%3A%3AUnknownUnits%3E+const%26%2C+mozilla%3A%3Agfx%3A%3ARectTyped%3Cmozilla%3A%3Agfx%3A%3AUnknownUnits%3E+const%26%2C+mozilla%3A%3Agfx%3A%3ADrawSurfaceOptions+const%26%2C+mozilla%3A%3Agfx%3A%3ADrawOpt%2E%2E%2E
It's #1 top crasher in 24.0a1 on Mac OS X.
Keywords: topcrash
George, James?
Flags: needinfo?(snorp)
Flags: needinfo?(gwright)
Fallout from bug 848482? James will know more...
Flags: needinfo?(gwright)
Is anyone able to actually reproduce this? I don't have any startup crashes with either nightly or a local build.
Flags: needinfo?(snorp)
(In reply to James Willcox (:snorp) (jwillcox@mozilla.com) from comment #5)
It's reproducible every startup on stock m-c Nightly on an Early 2011 MBP running 10.7.5 with an AMD Radeon HD 6750M 1024 MB.
(In reply to Matthew N. [:MattN] from comment #6)
> (In reply to James Willcox (:snorp) (jwillcox@mozilla.com) from comment #5)
> It's reproducible every startup on stock m-c Nightly on an Early 2011 MBP
> running 10.7.5 with an AMD Radeon HD 6750M 1024 MB.

I can't reproduce on either of my two macs running 10.8.x. Weird. Maybe it only happens on 10.7? In any case, I think I can post a speculative fix.
I can reproduce on 10.8 on every startup on Nightly using my 13-inch, Mid 2012 Mac-Book Air with Intel HD Graphics 4000 512 MB
Assignee: nobody → snorp
Attachment #761094 - Flags: review?(matt.woodrow)
If someone who is currently crashing could try that patch, it would be really helpful. Thanks.
It would be interesting to know how this got by mochitest/reftest/marionette/etc as well...
(In reply to James Willcox (:snorp) (jwillcox@mozilla.com) from comment #10)
> If someone who is currently crashing could try that patch, it would be
> really helpful. Thanks.

Hi can you link to a  Mac build with this patch? I can then test and report results here. Thanks
(In reply to raymond [:retornam] from comment #12)
> (In reply to James Willcox (:snorp) (jwillcox@mozilla.com) from comment #10)
> > If someone who is currently crashing could try that patch, it would be
> > really helpful. Thanks.
> 
> Hi can you link to a  Mac build with this patch? I can then test and report
> results here. Thanks

Give this a shot: http://people.mozilla.org/~jwillcox/Nightly.app.zip
(In reply to James Willcox (:snorp) (jwillcox@mozilla.com) from comment #13)
> (In reply to raymond [:retornam] from comment #12)
> > (In reply to James Willcox (:snorp) (jwillcox@mozilla.com) from comment #10)
> > > If someone who is currently crashing could try that patch, it would be
> > > really helpful. Thanks.
> > 
> > Hi can you link to a  Mac build with this patch? I can then test and report
> > results here. Thanks
> 
> Give this a shot: http://people.mozilla.org/~jwillcox/Nightly.app.zip

Crashes on startup for me.
(In reply to raymond [:retornam] from comment #14)
> (In reply to James Willcox (:snorp) (jwillcox@mozilla.com) from comment #13)
> > (In reply to raymond [:retornam] from comment #12)
> > > (In reply to James Willcox (:snorp) (jwillcox@mozilla.com) from comment #10)
> > > > If someone who is currently crashing could try that patch, it would be
> > > > really helpful. Thanks.
> > > 
> > > Hi can you link to a  Mac build with this patch? I can then test and report
> > > results here. Thanks
> > 
> > Give this a shot: http://people.mozilla.org/~jwillcox/Nightly.app.zip
> 
> Crashes on startup for me.

James, this wasn't a packaged build so it crashes due to missing libraries. You need to do |./mach package| if you want to distribute a .app bundle.

dyld: launch, loading dependent libraries

Dyld Error Message:
  Library not loaded: @executable_path/libmozglue.dylib
  Referenced from: /tmp/Nightly.app/Contents/MacOS/firefox
  Reason: image not found

ls -al /tmp/Nightly.app/Contents/MacOS/libmozglue.dylib
lrwxr-xr-x  1 matthew  staff  77 Jun 11 15:15 /tmp/Nightly.app/Contents/MacOS/libmozglue.dylib -> /Users/snorp/source/mozilla-central/objdir-mac/mozglue/build/libmozglue.dylib

My own opt build doesn't crash even without your patch so I can't use it as-is to verify whether your fix works. Can you provide a packaged or tinderbox build?
Status: NEW → ASSIGNED
(In reply to Matthew N. [:MattN] from comment #15)
> My own opt build doesn't crash even without your patch so I can't use it
> as-is to verify whether your fix works. 

My m-c opt build didn't crash in a new profile but it did with my default profile. After applying the patch it no longer crashed on startup in that profile so the patch seems to avoid the crash for me. Thanks!
Comment on attachment 761094 [details] [diff] [review]
Guard against null temporary drawing surface

Review of attachment 761094 [details] [diff] [review]:
-----------------------------------------------------------------

Looks like a valid fix.

I'd be very interested to know *why* we're actually failing to create the surface though. It seems like it would only happen if the source surface was marked as invalid.
Attachment #761094 - Flags: review?(matt.woodrow) → review+
(In reply to Matt Woodrow (:mattwoodrow) from comment #17)
> Comment on attachment 761094 [details] [diff] [review]
> Guard against null temporary drawing surface
> 
> Review of attachment 761094 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> Looks like a valid fix.
> 
> I'd be very interested to know *why* we're actually failing to create the
> surface though. It seems like it would only happen if the source surface was
> marked as invalid.

I agree, but I can't seem to reproduce it locally at all. It is starting to sound like maybe there is an add-on doing something at startup?
(In reply to James Willcox (:snorp) (jwillcox@mozilla.com) from comment #11)
> It would be interesting to know how this got by
> mochitest/reftest/marionette/etc as well...


(In reply to Matthew N. [:MattN] from comment #16)
> My m-c opt build didn't crash in a new profile but it did with my default
> profile.

I'm assuming this is the reason and there is not much we can (want to) do about it?
https://hg.mozilla.org/mozilla-central/rev/8203dff7f4fb
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla24
Blocks: 881634
No crashes at all checking the crashstats for the last 4 weeks. Verified fixed
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.