Note: There are a few cases of duplicates in user autocompletion which are being worked on.

[OMTC][PGO] crash in mozilla::layers::DeprecatedContentClientDoubleBuffered::UpdateDestinationFrom(mozilla::layers::RotatedBuffer const&, nsIntRegion const&)

VERIFIED FIXED in mozilla29

Status

()

Core
Graphics: Layers
--
critical
VERIFIED FIXED
4 years ago
3 years ago

People

(Reporter: Alice0775 White, Assigned: nrc)

Tracking

({crash})

29 Branch
mozilla29
x86
Windows 7
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [dupeme], crash signature)

Attachments

(2 attachments)

(Reporter)

Description

4 years ago
This bug was filed from the Socorro interface and is 
report bp-b4298e3a-0ec2-4eac-b36c-063632140114.
=============================================================

Browser(Nightly29.0a1 and m-i PGO) crashes with OMTC enabled.

This crash happens only PGO build.

Steps To Reproduce:
1. Enable OMTC
   layers.offmainthreadcomposition.enabled = true
2. Restart Browser
3. Open http://www.youtube.com/watch?v=FEm8PZ_lUh8
(Reporter)

Comment 1

4 years ago
Regression window(m-c pgo)
Good:
http://hg.mozilla.org/mozilla-central/rev/12d3ba62a599
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 ID:20140112180004
Bad;
http://hg.mozilla.org/mozilla-central/rev/80a27198344a
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 ID:20140113060018
Pushlog:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=12d3ba62a599&tochange=80a27198344a


Regression window(m-i pgo)
Good:
http://hg.mozilla.org/integration/mozilla-inbound/rev/656e14ae9363
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 ID:20140110090110
Crash
http://hg.mozilla.org/integration/mozilla-inbound/rev/7d5fcd8a3a99
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 ID:20140110120002
Pushlog:
http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=656e14ae9363&tochange=7d5fcd8a3a99


Suspected : Bug 958375, Bug 958369, Bug 958437 ???
(Reporter)

Updated

4 years ago
Component: General → Graphics: Layers
(Reporter)

Updated

4 years ago
Blocks: 899785
(Assignee)

Comment 2

4 years ago
I think this needs a null check, I'll look into soon.
Assignee: nobody → ncameron

Comment 3

4 years ago
I've seen what appears to be the same crash in 2014_01_14 nightly.

https://bugzilla.mozilla.org/show_bug.cgi?id=959624
(Reporter)

Comment 4

4 years ago
And also see Bug 960266
(Assignee)

Comment 5

4 years ago
Created attachment 8360667 [details] [diff] [review]
patch

One of these I stole from one of your patches I reviewed in another bug, hope you don't mind!
Attachment #8360667 - Flags: review?(nical.bugzilla)
(Assignee)

Updated

4 years ago
Attachment #8360667 - Flags: review?(nical.bugzilla) → review?(bugmail.mozilla)
Comment on attachment 8360667 [details] [diff] [review]
patch

Review of attachment 8360667 [details] [diff] [review]:
-----------------------------------------------------------------

rs=me
Attachment #8360667 - Flags: review?(bugmail.mozilla) → review+
(Assignee)

Comment 7

4 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/c040b200b336
(Assignee)

Comment 8

4 years ago
This patch is necessary, but possibly not sufficient to fix the problem.
Whiteboard: [dupeme] → [dupeme][leave-open]
https://hg.mozilla.org/mozilla-central/rev/c040b200b336
I certainly get crashes still with the latest nightly.

Comment 11

4 years ago
with the latest nightly, i get a crash while scrolling http://www.globalfundexchange.com/faqs/86-glossary/307-what-is-the-treynor-ratio with OMTC enabled.

https://crash-stats.mozilla.com/report/index/6b48d312-6a7c-43ca-bd40-0d6252140120
(Assignee)

Comment 12

4 years ago
Was just testing the nightly and got a crash on the youtube link from the first comment, but the crash was in flash, not Firefox (https://crash-stats.mozilla.com/report/index/bb5b0483-4479-45ff-b280-706062140121)
(Assignee)

Updated

4 years ago
Duplicate of this bug: 959624
(Assignee)

Updated

4 years ago
Duplicate of this bug: 960266
(Assignee)

Comment 15

4 years ago
Confirmed we are still crashing when visiting http://www.globalfundexchange.com/faqs/86-glossary/307-what-is-the-treynor-ratio at ReturnDrawTarget. I assume we just need a page with component alpha (and thus an OnWhite DT) to trigger this bug.

I don't see anything wrong here though. It is possible it is a PGO bug. Perhaps we could move ReturnDrawTarget from the header to the cpp so it is less likely to be inlined?
(Assignee)

Comment 16

4 years ago
(In reply to Nick Cameron [:nrc] from comment #15)
> I don't see anything wrong here though. It is possible it is a PGO bug.
> Perhaps we could move ReturnDrawTarget from the header to the cpp so it is
> less likely to be inlined?

This did not help.

Comment 17

4 years ago
Are we sure that https://hg.mozilla.org/integration/mozilla-inbound/rev/c040b200b336 has made it into nightly?

I'm still seeing my version of the crash in the latest nightly as well.
(Assignee)

Comment 18

4 years ago
(In reply to Marc Auslander from comment #17)
> Are we sure that
> https://hg.mozilla.org/integration/mozilla-inbound/rev/c040b200b336 has made
> it into nightly?
> 
> I'm still seeing my version of the crash in the latest nightly as well.

Yes, I checked that.
(Assignee)

Comment 19

4 years ago
However, I've also been spinning my own PGO builds to test my guesswork, and those didn't have the null-checks. Let me do another build...

(And thanks for the reminder!)
(Assignee)

Updated

4 years ago
Whiteboard: [dupeme][leave-open] → [dupeme]
(Assignee)

Comment 20

4 years ago
Created attachment 8364824 [details] [diff] [review]
patch

The renaming is not needed for the fix, I just found it awkward when fixing that the RotatedBuffer and ContentClient methods had the same name.

The bug is the missing '&' from the signature of ReturnDrawTargetToBuffer.
Attachment #8364824 - Flags: review?(matt.woodrow)
Comment on attachment 8364824 [details] [diff] [review]
patch

Review of attachment 8364824 [details] [diff] [review]:
-----------------------------------------------------------------

Can you land this as two patches please :)
Attachment #8364824 - Flags: review?(matt.woodrow) → review+
(Assignee)

Comment 22

4 years ago
 https://hg.mozilla.org/integration/mozilla-inbound/rev/2e93f0faa6ad
 https://hg.mozilla.org/integration/mozilla-inbound/rev/dc8f8287710b
https://hg.mozilla.org/mozilla-central/rev/2e93f0faa6ad
https://hg.mozilla.org/mozilla-central/rev/dc8f8287710b
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla29

Comment 24

4 years ago
I'm still seeing the same crash with the 1/24 build of nightly.
(Assignee)

Comment 25

4 years ago
(In reply to Marc Auslander from comment #24)
> I'm still seeing the same crash with the 1/24 build of nightly.

Give it another day, it might not have made it in time. (I have a working PGO build, so its possible I needed the .h -> .cpp changes too, but that seems unlikely)

Comment 26

4 years ago
Crashed again here
https://crash-stats.mozilla.com/report/index/0d2fab26-bc59-475a-a47f-cf5562140125
Latest nightly Built from http://hg.mozilla.org/mozilla-central/rev/9d650c07b547
(Reporter)

Comment 27

4 years ago
(In reply to wojtekka from comment #26)
> Crashed again here
> https://crash-stats.mozilla.com/report/index/0d2fab26-bc59-475a-a47f-
> cf5562140125
> Latest nightly Built from
> http://hg.mozilla.org/mozilla-central/rev/9d650c07b547

Build ID is 20140124030216in your reports. It means not Latest nightly Built.
Try again with Latest nightly Build ID 20140125030205.

Comment 28

4 years ago
http://hg.mozilla.org/mozilla-central/rev/9e06d42c2a6a in buildconfig

problem appears fixed in my test profile

I'm turning omc back on for my working profile and report any troubles.

thanks.

Updated

3 years ago
Keywords: verifyme
Verified as fixed with the STR from comment 0 on Win 7 x86, using latest Aurora.
Status: RESOLVED → VERIFIED
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.