Closed Bug 903842 Opened 11 years ago Closed 8 years ago

crash in mozilla::layers::LayerManagerD3D10::VerifyBufferSize @ CDXGISwapChain::ResizeBuffers

Categories

(Core :: Graphics: Layers, defect)

Product:
Core
Component:
Graphics: Layers
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INCOMPLETE
Tracking Flags:
Tracking Status
firefox27 --- ?
firefox28 --- affected
firefox29 --- affected
firefox32 --- affected

People

(Reporter: xtc4uall, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, Whiteboard: [tbird crash])

Crash Data

Attachments

(1 file)

WinDBG Log
218.21 KB, application/x-zip-compressed
Details
This bug was filed from the Socorro interface and is report bp-8d761b29-82b4-417c-b1e4-ec5312130811 . ============================================================= Frame Module Signature Source 0 dxgi.dll CDXGISwapChain::ResizeBuffers(unsigned int,unsigned int,unsigned int,DXGI_FORMAT,unsigned int) 1 xul.dll mozilla::layers::LayerManagerD3D10::VerifyBufferSize() gfx/layers/d3d10/LayerManagerD3D10.cpp 2 xul.dll mozilla::layers::LayerManagerD3D10::SetupPipeline() gfx/layers/d3d10/LayerManagerD3D10.cpp 3 xul.dll mozilla::layers::LayerManagerD3D10::Render(mozilla::layers::LayerManager::EndTransactionFlags) gfx/layers/d3d10/LayerManagerD3D10.cpp 4 xul.dll mozilla::layers::LayerManagerD3D10::EndTransaction(void (*)(mozilla::layers::ThebesLayer *,gfxContext *,nsIntRegion const &,nsIntRegion const &,void *),void *,mozilla::layers::LayerManager::EndTransactionFlags) gfx/layers/d3d10/LayerManagerD3D10.cpp 5 xul.dll mozilla::layers::LayerManagerD3D10::EndEmptyTransaction(mozilla::layers::LayerManager::EndTransactionFlags) gfx/layers/d3d10/LayerManagerD3D10.cpp 6 xul.dll PresShell::Paint(nsView *,nsRegion const &,unsigned int) layout/base/nsPresShell.cpp 7 xul.dll nsViewManager::Refresh(nsView *,nsIntRegion const &) view/src/nsViewManager.cpp 8 xul.dll nsView::PaintWindow(nsIWidget *,nsIntRegion) view/src/nsView.cpp 9 xul.dll nsWindow::OnPaint(HDC__ *,unsigned int) widget/windows/nsWindowGfx.cpp 10 xul.dll nsWindow::ProcessMessage(unsigned int,unsigned int &,long &,long *) widget/windows/nsWindow.cpp 11 xul.dll nsCOMPtr_base::assign_from_qi(nsQueryInterface,nsID const &) obj-firefox/xpcom/build/nsCOMPtr.cpp 12 xul.dll nsWindow::WindowProcInternal(HWND__ *,unsigned int,unsigned int,long) widget/windows/nsWindow.cpp 13 xul.dll CallWindowProcCrashProtected xpcom/base/nsCrashOnException.cpp 14 xul.dll xul.dll@0x25b410 15 xul.dll xul.dll@0x27ad70 16 user32.dll InternalCallWinProc 17 user32.dll NtUserGetDC 18 user32.dll DispatchClientMessage 19 user32.dll __fnDWORD 20 ntdll.dll KiUserCallbackDispatcher 21 ntdll.dll KiUserApcDispatcher 22 xul.dll nsWindow::DispatchStarvedPaints(HWND__ *,long) widget/windows/nsWindow.cpp 23 xul.dll nsWindow::DispatchPendingEvents() widget/windows/nsWindow.cpp 24 xul.dll nsWindow::ProcessMessage(unsigned int,unsigned int &,long &,long *) widget/windows/nsWindow.cpp 25 xul.dll nsWindow::WindowProcInternal(HWND__ *,unsigned int,unsigned int,long) widget/windows/nsWindow.cpp 26 xul.dll CallWindowProcCrashProtected xpcom/base/nsCrashOnException.cpp 27 xul.dll nsWindow::WindowProc(HWND__ *,unsigned int,unsigned int,long) widget/windows/nsWindow.cpp 28 user32.dll InternalCallWinProc 29 user32.dll UserCallWinProcCheckWow 30 user32.dll DispatchMessageWorker 31 user32.dll DispatchMessageW 32 xul.dll nsAppShell::ProcessNextNativeEvent(bool) widget/windows/nsAppShell.cpp 33 xul.dll nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal *,bool,unsigned int) widget/xpwidgets/nsBaseAppShell.cpp 34 xul.dll nsThread::ProcessNextEvent(bool,bool *) xpcom/threads/nsThread.cpp 35 xul.dll NS_ProcessNextEvent(nsIThread *,bool) obj-firefox/xpcom/build/nsThreadUtils.cpp 36 xul.dll mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate *) ipc/glue/MessagePump.cpp 37 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc 38 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 39 xul.dll nsBaseAppShell::Run() widget/xpwidgets/nsBaseAppShell.cpp 40 xul.dll nsAppShell::Run() widget/windows/nsAppShell.cpp 41 xul.dll nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp 42 xul.dll XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp 43 xul.dll XREMain::XRE_main(int,char * * const,nsXREAppData const *) toolkit/xre/nsAppRunner.cpp 44 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp 45 firefox.exe do_main browser/app/nsBrowserApp.cpp 46 firefox.exe NS_internal_main(int,char * *) browser/app/nsBrowserApp.cpp 47 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp 48 firefox.exe __tmainCRTStartup f:/dd/vctools/crt_bld/self_x86/crt/src/crtexe.c 49 kernel32.dll BaseThreadInitThunk 50 ntdll.dll __RtlUserThreadStart 51 ntdll.dll _RtlUserThreadStart Got this when switching Tabs. per Crashstats happening across several Versions: https://crash-stats.mozilla.com/report/list?signature=CDXGISwapChain%3A%3AResizeBuffers%28unsigned+int%2C+unsigned+int%2C+unsigned+int%2C+DXGI_FORMAT%2C+unsigned+int%29&product=Firefox&product=Thunderbird&product=SeaMonkey&query_type=contains&range_unit=weeks&process_type=any&hang_type=crash&date=2013-08-11+10%3A00%3A00&range_value=1
It's correlated to the latest Direct2D version of Windows 7: 100% (15/15) vs. 15% (8303/57000) d3d11.dll 13% (2/15) vs. 2% (879/57000) 6.2.9200.16492 87% (13/15) vs. 10% (5793/57000) 6.2.9200.16570 100% (15/15) vs. 21% (12055/57000) d2d1.dll 100% (15/15) vs. 12% (6638/57000) 6.2.9200.16492 Crash reports without the date: https://crash-stats.mozilla.com/report/list?product=Firefox&signature=CDXGISwapChain%3A%3AResizeBuffers%28unsigned+int%2C+unsigned+int%2C+unsigned+int%2C+DXGI_FORMAT%2C+unsigned+int%29
Summary: crash in CDXGISwapChain::ResizeBuffers(unsigned int, unsigned int, unsigned int, DXGI_FORMAT, unsigned int) → crash in mozilla::layers::LayerManagerD3D10::VerifyBufferSize @ CDXGISwapChain::ResizeBuffers
Is is going ever to be fixed? It happens to me almost every day. I always open a lot of tabs and never close my browser. Usually it was always ok but this problem started to appear about a half a year ago. The problem works this way: The browser window content starts becoming black. Resizing the window helps for a while, but not that much. If I drag and drop a tab to create a new browser window - that new window becomes completely blank (white) (impossible to see even the title bar). If I try to do anything with this blank window (resize, move, close) - the browser crashes immediately. Even if I don't create a new window from the tab, then the browser will work longer but will eventually crash anyway. The only way to avoid crash is to open a new window (CTRL-N) and close the old ones. This prevents crash without browser restart. Please fix it - it really annoys :(
You posted in the EMPTY crash bugs that they may be related, but the reports with the signature here do not look like OOM crashes to me so are probably different. They could still be related in some form, but I would think they are different at least in some way. In any case, the reports here have way more info.
The symptoms reported in comment 2 match very closely with OOM conditions being unable to allocation texture data. Denis, do you have a crash report ID from within the past week or so that I can check for detailed memory information?
Flags: needinfo?(deniska666)
Note from MS docs on IDXGISwapChain::ResizeBuffers: For swap chains that you created with DXGI_SWAP_CHAIN_FLAG_GDI_COMPATIBLE, before you call ResizeBuffers, also call IDXGISurface1::ReleaseDC on the swap chain's back-buffer surface to ensure that you have no outstanding GDI device contexts (DCs) open. Nowhere in http://hg.mozilla.org/releases/mozilla-release/annotate/d20d499b219f/gfx/layers/d3d10/LayerManagerD3D10.cpp#l655 do I see us doing this. Can this be a problem?
Flags: needinfo?(bas)
Hi Benjamin, here is my latest crash report with ResizeBuffers error: https://crash-stats.mozilla.com/report/index/1e78caf6-bbf9-4a4d-8649-63a352131129 p.s. Sorry for my useless obscene language in the comment there... But it really frustrates, especially if you are actively browsing and searching for some info.
Flags: needinfo?(deniska666)
I tried to reproduce this issue today, and I succeeded: https://crash-stats.mozilla.com/report/index/df5dbdb6-9e33-47f0-a7b0-728d02131205 Again: lots of tabs, multiple windows, after some hours of usage, the content area started becoming black. I then created a new window from one of the tabs using drag-n-drop. The window was totally white (no controls visible at all). I tried to resize it, and the browser crashed immediately.
This is a todays crash with the same symptoms but without crashing thread identified: https://crash-stats.mozilla.com/report/index/d566010c-15a0-40a9-8493-6867a2131210
(In reply to Benjamin Smedberg [:bsmedberg] from comment #5) > Note from MS docs on IDXGISwapChain::ResizeBuffers: > > For swap chains that you created with DXGI_SWAP_CHAIN_FLAG_GDI_COMPATIBLE, > before you call ResizeBuffers, also call IDXGISurface1::ReleaseDC on the > swap chain's back-buffer surface to ensure that you have no outstanding GDI > device contexts (DCs) open. > > Nowhere in > http://hg.mozilla.org/releases/mozilla-release/annotate/d20d499b219f/gfx/ > layers/d3d10/LayerManagerD3D10.cpp#l655 do I see us doing this. Can this be > a problem? In theory it shouldn't matter, since we also never do a GetDC. We should really just get rid of using this flags altogether, but I believe on some buggy driver it would cause some problems.
Flags: needinfo?(bas)
(In reply to Denis V from comment #7) > I tried to reproduce this issue today, and I succeeded: > https://crash-stats.mozilla.com/report/index/df5dbdb6-9e33-47f0-a7b0- > 728d02131205 > Again: lots of tabs, multiple windows, after some hours of usage, the > content area started becoming black. I then created a new window from one of > the tabs using drag-n-drop. The window was totally white (no controls > visible at all). I tried to resize it, and the browser crashed immediately. It would be really good to know which error code we're getting from the ResizeBuffers call in this case.
We're not returning from ResizeBuffers; it's either calling ResizeBuffers on a null pointer or ResizeBuffers is itself crashing internally.
I just ran into this crash today after I put Nightly (Holly) in the background and then clicked on the taskbar to bring it back to the foreground... I'll attach my full WinDBG log in a moment, but here is what I have so far: FAULTING_IP: dxgi!CDXGISwapChain::ResizeBuffers+13bf3 5fabc9a8 8b08 mov ecx,dword ptr [eax] EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 5fabc9a8 (dxgi!CDXGISwapChain::ResizeBuffers+0x00013bf3) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 00000000 Attempt to read from address 00000000 CONTEXT: 00000000 -- (.cxr 0x0;r) eax=00000000 ebx=00000001 ecx=00000004 edx=15fff630 esi=16a260a8 edi=16a260a0 eip=5fabc9a8 esp=15fff608 ebp=15fff6fc iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 dxgi!CDXGISwapChain::ResizeBuffers+0x13bf3: 5fabc9a8 8b08 mov ecx,dword ptr [eax] ds:002b:00000000=???????? FAULTING_THREAD: 00090158 PROCESS_NAME: firefox.exe ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 00000000 EXCEPTION_PARAMETER2: 00000000 READ_ADDRESS: 00000000 FOLLOWUP_IP: dxgi!CDXGISwapChain::ResizeBuffers+13bf3 5fabc9a8 8b08 mov ecx,dword ptr [eax] NTGLOBALFLAG: 70 APPLICATION_VERIFIER_FLAGS: 0 APP: firefox.exe ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) x86fre BUGCHECK_STR: APPLICATION_FAULT_NULL_POINTER_READ_BEFORE_CALL PRIMARY_PROBLEM_CLASS: NULL_POINTER_READ_BEFORE_CALL DEFAULT_BUCKET_ID: NULL_POINTER_READ_BEFORE_CALL LAST_CONTROL_TRANSFER: from 10748fd8 to 5fabc9a8 STACK_TEXT: 15fff6fc 10748fd8 16a260a0 00000001 00000780 dxgi!CDXGISwapChain::ResizeBuffers+0x13bf3 15fff760 1098b3f0 0929e410 15fff820 0929e600 xul!mozilla::layers::CompositorD3D11::VerifyBufferSize+0x8f 15fff780 1098b4b6 0929e410 1d6bcc00 0929e600 xul!mozilla::layers::CompositorD3D11::UpdateRenderTarget+0x17 15fff7e0 10cd34b0 0929e634 00000000 0929e600 xul!mozilla::layers::CompositorD3D11::BeginFrame+0x3b 15fff85c 10cd3700 0ae46000 15fff8d8 1d6771a8 xul!mozilla::layers::LayerManagerComposite::Render+0x191 15fff8bc 1078d146 00000000 00000000 00000000 xul!mozilla::layers::LayerManagerComposite::EndTransaction+0xb9 15fff8cc 10aac87e 00000000 15fffa0c 1d677000 xul!mozilla::layers::LayerManagerComposite::EndEmptyTransaction+0x1a 15fff90c 10aac8e1 1d677000 0baa5660 10020205 xul!mozilla::layers::CompositorParent::CompositeInTransaction+0xfa 15fff918 10020205 15fffa0c 0a630e38 15fff934 xul!mozilla::layers::CompositorParent::Composite+0x1e 15fff928 10022982 0baa5660 15fff96c 10023851 xul!MessageLoop::RunTask+0x15 15fff934 10023851 15fff948 0ae437e0 0ae437f0 xul!MessageLoop::DeferOrRunPendingTask+0x30 15fff96c 100238c7 0ae437f0 00000000 15fffa0c xul!MessageLoop::DoDelayedWork+0x7d 15fff9a0 10021150 00fffa0c 78742503 0ae22ce4 xul!base::MessagePumpDefault::Run+0x64 15fff9d8 10021630 0ae22cd0 00000001 00000500 xul!MessageLoop::RunHandler+0x51 15fff9f8 10027eac 00000000 00000000 00000000 xul!MessageLoop::Run+0x19 15fffae4 1001d3c0 15fffaf8 77be495d 0ae22cd0 xul!base::Thread::ThreadMain+0xa6 15fffaec 77be495d 0ae22cd0 15fffb3c 77e498ee xul!`anonymous namespace'::ThreadFunc+0xb 15fffaf8 77e498ee 0ae22cd0 3572548f 00000000 KERNEL32!BaseThreadInitThunk+0xe 15fffb3c 77e498c4 ffffffff 77e3e0d2 00000000 ntdll!__RtlUserThreadStart+0x20 15fffb4c 00000000 1001d3b5 0ae22cd0 00000000 ntdll!_RtlUserThreadStart+0x1b STACK_COMMAND: dt ntdll!LdrpLastDllInitializer BaseDllName ; dt ntdll!LdrpFailureData ; .cxr 0x0 ; kb SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: dxgi!CDXGISwapChain::ResizeBuffers+13bf3 FOLLOWUP_NAME: MachineOwner MODULE_NAME: dxgi IMAGE_NAME: dxgi.dll DEBUG_FLR_IMAGE_TIMESTAMP: 524d37dd FAILURE_BUCKET_ID: NULL_POINTER_READ_BEFORE_CALL_c0000005_dxgi.dll!CDXGISwapChain::ResizeBuffers BUCKET_ID: APPLICATION_FAULT_NULL_POINTER_READ_BEFORE_CALL_dxgi!CDXGISwapChain::ResizeBuffers+13bf3 ANALYSIS_SOURCE: UM FAILURE_ID_HASH_STRING: um:null_pointer_read_before_call_c0000005_dxgi.dll!cdxgiswapchain::resizebuffers FAILURE_ID_HASH: {201cecda-ed06-f98d-ed84-d54eeb55485e} Followup: MachineOwner
Attached file WinDBG Log
FF 28.0a2 (2013-12-31), Win7/64 https://crash-stats.mozilla.com/report/index/e85b3ee0-e610-4424-8a34-0c0742131231 Displaying one tab containing very large animated GIF (366,949 KB)
#107 crash for FF 26
Blocks: 998605
It will be soon a year since the bug was created, and no reaction, no fix. You, guys, play dirty tricks with the UI (remember those ugly 29 ui changes), but pay no attention to stability. Firefox is becoming a buggy awkward monster :(
Finally, I've been having this bug for a while and trying to track down the bug report. I've just had my first crash on Firefox 29.0: https://crash-stats.mozilla.com/report/index/3ed70f7b-2542-4df5-ab60-bb3ba2140507 Same symptoms as Denis V reports - window content randomly blacking out as page is scrolled/tabs switched/window resized. This then leads to missing elements of the page and window chrome, right up to the entire window - including the windows borders - rendering in flat white. There was no contention for RAM. Firefox was using ~2GB. I'll try and keep process explorer open to check GPU memory in future.
I think bug 1018729 is a dupe and has STR
Depends on: 1018729
My symptoms: the content area becomes black; interacting with the content makes it alternate between showing properly and changing back to black. Importantly, once it starts happening, it will not stop; it's like something gets corrupted and stays corrupted until a crash (or a preemptive restart). When the black starts to happen, the crash is usually very easy to trigger: restore and maximize the browser a couple of times and bang. But often it survives a couple of resizes. I do not know of any steps to reliably make the black appear. Haven't noticed any correlation either; it seems to start out of the blue. Also interesting is that after a crash, the session restore is almost guaranteed to fail to restore the last couple of tabs I opened. My crash reports already link to this bug, so I presume they are easy to find.
My SO's Firefox beta 32.0 crashed like this: bp-72809541-7617-44df-bc6c-953732140731 31/07/2014 06:39 p.m.
status-firefox32: --- → affected
With h/w acceleration disabled, very similar symptoms appear, but never end in a crash. They look like this: http://screencast.com/t/pBaZS7WtbNs (fast forward to 0:30). Sounds like it could be part of the same underlying problem. This crash is now in the top 50 crashers for Firefox 31.
Whiteboard: [tbird crash]
See Also: → 1131879
Reminder, bug 1018729 has a testcase. Related to comment 21, this signature highly correlates to reenabling of HWA in Thunderbird 29 per bug 1131879 comment 9. However, the user of bp-07580f2c-c4c8-4110-bbb2-0a7d42150220 (and other crashes with this signature) couldn't stop his crashing by setting preference to true for gfx.direct2d.disabled and layers.acceleration.disabled Other issues with ResizeBuffers - https://bugzilla.mozilla.org/buglist.cgi?f1=short_desc&o3=substring&list_id=12023739&v3=graphics&o1=nowordssubstr&j2=OR&classification=Client%20Software&classification=Components&f4=keywords&chfieldto=Now&query_format=advanced&chfieldfrom=2013-01-01&f3=component&f2=OP&o4=substring&longdesc=ResizeBuffers&longdesc_type=anywordssubstr&product=Core&product=Firefox - some have been fixed since this bug report was filed
Blocks: 1086611
Blocks: tb-hwa
Crash Signature: [@ CDXGISwapChain::ResizeBuffers(unsigned int, unsigned int, unsigned int, DXGI_FORMAT, unsigned int)] → [@ CDXGISwapChain::ResizeBuffers(unsigned int, unsigned int, unsigned int, DXGI_FORMAT, unsigned int)] [@ CDXGISwapChain::ResizeBuffers]
In Firefox there are no reports beyond Firefox 47. We still have crashes with the current Thunderbird 45.3.0 (2 reports since release) but I expect these will go away once Thunderbird 52 builds are released. For these reasons I don't see much point in keeping this report open. Please reopen this bug report if you are able to reproduce this crash in a current Firefox version or a Thunderbird daily build.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: