Closed
Bug 1449575
Opened 7 years ago
Closed 3 years ago
Assertion failure: (pixel & 0xff000000) == 0xff000000, at /builds/worker/workspace/build/src/dom/canvas/WebGLContext.cpp:1570
Categories
(Core :: Graphics: CanvasWebGL, defect, P1)
Tracking
()
RESOLVED
FIXED
100 Branch
People
(Reporter: jkratzer, Assigned: jgilbert)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: assertion, regression, testcase, Whiteboard: [gfx-noted][fuzzblocker])
Attachments
(3 files, 1 obsolete file)
Testcase found while fuzzing mozilla-central rev 5bf126434fac.
rax = 0x0000000000000000 rdx = 0x0000000000000000
rcx = 0x00007fc3ecb442dd rbx = 0x00007fc3cc1e7000
rsi = 0x00007fc3ece13770 rdi = 0x00007fc3ece12540
rbp = 0x00007ffe5918d1c0 rsp = 0x00007ffe5918d190
r8 = 0x00007fc3ece13770 r9 = 0x00007fc3edede740
r10 = 0x0000000000000039 r11 = 0x0000000000000000
r12 = 0x00007fc3c1e7b901 r13 = 0x00007fc3c1fb4f90
r14 = 0x00007fc3cc1e75b8 r15 = 0x00007fc3c1ee7000
rip = 0x00007fc3dc3a851b
OS|Linux|0.0.0 Linux 4.4.0-116-generic #140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018 x86_64
CPU|amd64|family 6 model 78 stepping 3|1
GPU|||
Crash|SIGSEGV|0x0|0
0|0|libxul.so|mozilla::WebGLContext::PresentScreenBuffer|hg:hg.mozilla.org/mozilla-central:gfx/gl/GLContext.h:5bf126434fac78a31256c994b9dbf4b1031b0350|845|0x37
0|1|libxul.so|mozilla::WebGLContext::BeginComposition|hg:hg.mozilla.org/mozilla-central:dom/canvas/WebGLContext.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|1601|0x5
0|2|libxul.so|mozilla::layers::ShareableCanvasRenderer::UpdateCompositableClient|hg:hg.mozilla.org/mozilla-central:gfx/layers/CanvasRenderer.h:5bf126434fac78a31256c994b9dbf4b1031b0350|146|0x6
0|3|libxul.so|mozilla::layers::ClientCanvasLayer::RenderLayer|hg:hg.mozilla.org/mozilla-central:gfx/layers/client/ClientCanvasLayer.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|29|0x8
0|4|libxul.so|mozilla::layers::ClientContainerLayer::RenderLayer|hg:hg.mozilla.org/mozilla-central:gfx/layers/client/ClientContainerLayer.h:5bf126434fac78a31256c994b9dbf4b1031b0350|58|0xd
0|5|libxul.so|mozilla::layers::ClientLayerManager::EndTransactionInternal|hg:hg.mozilla.org/mozilla-central:gfx/layers/client/ClientLayerManager.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|359|0xa
0|6|libxul.so|mozilla::layers::ClientLayerManager::EndTransaction|hg:hg.mozilla.org/mozilla-central:gfx/layers/client/ClientLayerManager.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|423|0x11
0|7|libxul.so|nsDisplayList::PaintRoot|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|2751|0x17
0|8|libxul.so|nsLayoutUtils::PaintFrame|hg:hg.mozilla.org/mozilla-central:layout/base/nsLayoutUtils.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|4012|0x5
0|9|libxul.so|mozilla::PresShell::Paint|hg:hg.mozilla.org/mozilla-central:layout/base/PresShell.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|6348|0x17
0|10|libxul.so|nsViewManager::ProcessPendingUpdatesPaint|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|480|0x12
0|11|libxul.so|nsViewManager::ProcessPendingUpdatesForView|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|412|0xd
0|12|libxul.so|nsViewManager::ProcessPendingUpdates|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|1102|0x11
0|13|libxul.so|nsRefreshDriver::Tick|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|2055|0x8
0|14|libxul.so|mozilla::RefreshDriverTimer::TickRefreshDrivers|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|308|0xf
0|15|libxul.so|mozilla::RefreshDriverTimer::Tick|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|330|0x12
0|16|libxul.so|mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|771|0x5
0|17|libxul.so|mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|585|0xc
0|18|libxul.so|mozilla::layout::VsyncChild::RecvNotify|hg:hg.mozilla.org/mozilla-central:layout/ipc/VsyncChild.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|68|0x9
0|19|libxul.so|mozilla::layout::PVsyncChild::OnMessageReceived|s3:gecko-generated-sources:668ae60ab945c9f59521cbd54f26b8fa229f96b8af45937bd735d86a432f1cf35482c0014090f530c334ca11ea7389383a8632cd0e23daddc7575da11217aca5/ipc/ipdl/PVsyncChild.cpp:|156|0xf
0|20|libxul.so|mozilla::ipc::MessageChannel::DispatchAsyncMessage|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|2135|0x6
0|21|libxul.so|mozilla::ipc::MessageChannel::DispatchMessage|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|2065|0xb
0|22|libxul.so|mozilla::ipc::MessageChannel::RunMessage|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|1911|0xb
0|23|libxul.so|mozilla::ipc::MessageChannel::MessageTask::Run|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|1944|0xc
0|24|libxul.so|nsThread::ProcessNextEvent|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|1096|0x15
0|25|libxul.so|NS_ProcessNextEvent|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|519|0x11
0|26|libxul.so|mozilla::ipc::MessagePump::Run|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|97|0xa
0|27|libxul.so|MessageLoop::RunInternal|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:5bf126434fac78a31256c994b9dbf4b1031b0350|326|0x17
0|28|libxul.so|MessageLoop::Run|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:5bf126434fac78a31256c994b9dbf4b1031b0350|319|0x8
0|29|libxul.so|nsBaseAppShell::Run|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|157|0xd
0|30|libxul.so|XRE_RunAppShell|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|893|0x11
0|31|libxul.so|mozilla::ipc::MessagePumpForChildProcess::Run|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|269|0x5
0|32|libxul.so|MessageLoop::RunInternal|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:5bf126434fac78a31256c994b9dbf4b1031b0350|326|0x17
0|33|libxul.so|MessageLoop::Run|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:5bf126434fac78a31256c994b9dbf4b1031b0350|319|0x8
0|34|libxul.so|XRE_InitChildProcess|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|719|0x8
0|35|firefox|content_process_main|hg:hg.mozilla.org/mozilla-central:ipc/contentproc/plugin-container.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|50|0x14
0|36|firefox|main|hg:hg.mozilla.org/mozilla-central:browser/app/nsBrowserApp.cpp:5bf126434fac78a31256c994b9dbf4b1031b0350|280|0x11
0|37|libc-2.23.so||||0x20830
0|38|firefox|MOZ_ReportAssertionFailure|hg:hg.mozilla.org/mozilla-central:mfbt/Assertions.h:5bf126434fac78a31256c994b9dbf4b1031b0350|164|0x5
Flags: in-testsuite?
|
||
Updated•7 years ago
|
Priority: -- → P3
Whiteboard: [gfx-noted]
|
|
||
Updated•7 years ago
|
OS: Unspecified → Linux
Hardware: Unspecified → x86_64
|
Assignee | |
Comment 1•7 years ago
|
||
This doesn't reproduce for me. Which versions does this reproduce on? If it repros for you on moz-central near tip, please attach about:support.
Flags: needinfo?(jkratzer)
|
Reporter | |
Comment 2•7 years ago
|
||
This only appears to trigger when run inside of xvfb. Possibly due to the default resolution of the xvfb runner?
Flags: needinfo?(jkratzer)
|
||
Comment 3•3 years ago
|
||
Attachment #8963125 -
Attachment is obsolete: true
|
|
||
Comment 4•3 years ago
|
||
The fuzzers are hitting this frequently, marking as fuzzblocker.
status-firefox93:
--- → wontfix
status-firefox94:
--- → affected
status-firefox95:
--- → affected
status-firefox-esr91:
--- → affected
Whiteboard: [gfx-noted] → [gfx-noted][fuzzblocker]
|
|
||
Comment 5•3 years ago
•
|
||
I was also only able to reproduce this while running with xvfb. I'm not sure if there are other scenarios that would trigger this issue but this is how the fuzzers are run on Linux.
The issue can be reproduced on Linux using Grizzly:
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch --build 06e67beeafc2 --debug --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.html --xvfb
|
|
||
Comment 6•3 years ago
|
||
A Pernosco session is available here: https://pernos.co/debug/zQMVGrD5GQBBD7EvChkMbA/index.html
|
|
Assignee | |
Updated•3 years ago
|
Priority: P3 → P1
|
||
Updated•3 years ago
|
|
|
Assignee | |
Comment 7•3 years ago
|
||
This could be related to some unexpected-alpha bugs we're seeing.
|
|
Assignee | |
Updated•3 years ago
|
Assignee: nobody → jgilbert
|
||
Comment 8•3 years ago
|
||
Set release status flags based on info from the regressing bug 1726265
|
|
Assignee | |
Comment 9•3 years ago
|
||
- Remove mention of --enable-address-sanitizer, since it's not at all sufficient on its own. (Leave link to asan docs though)
- Clarify that ./mach gtest dontruntests is only needed for gtests. (I didn't need it for grizzly replays)
|
|
Assignee | |
Comment 10•3 years ago
|
||
- Always use DoColorMask(u32?, u8) in webgl code.
- Handle OES_draw_buffers_indexed ColorMaski in GLBlitHelper.
|
|
Assignee | |
Comment 11•3 years ago
|
||
Well, that timeline doesn't work at all, but rather fixing this will fix the regressions that bug 1726265 caused.
|
||
Comment 13•3 years ago
|
||
Pushed by jgilbert@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/7317ade3916d
Update fuzzing build docs. - r=jkratzer
https://hg.mozilla.org/integration/autoland/rev/40e73d26d430
Don't attempt ColorMask elision in WebGL. r=gfx-reviewers,aosmond
|
|
||
Updated•3 years ago
|
Keywords: regression
|
|
||
Comment 14•3 years ago
|
||
Pushed by imoraru@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/1eff375a0a81
fix file-whitespace lint failures on WebGLContext.cpp. r=fix CLOSED TREE
|
||
Comment 15•3 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/7317ade3916d
https://hg.mozilla.org/mozilla-central/rev/40e73d26d430
https://hg.mozilla.org/mozilla-central/rev/1eff375a0a81
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 100 Branch
|
||
Updated•3 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•