Closed
Bug 1470439
Opened 6 years ago
Closed 6 years ago
thread 'WRRenderBackend#1' panicked at 'attempt to multiply with overflow', gfx/webrender/src/texture_allocator.rs:57:34
Categories
(Core :: Graphics: WebRender, defect, P1)
Core
Graphics: WebRender
Tracking
()
RESOLVED
FIXED
mozilla63
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox-esr60 | --- | unaffected |
| firefox60 | --- | unaffected |
| firefox61 | --- | unaffected |
| firefox62 | --- | disabled |
| firefox63 | --- | fixed |
People
(Reporter: truber, Assigned: nical)
References
(Blocks 2 open bugs)
Details
(Keywords: assertion, regression, testcase)
Crash Data
Attachments
(1 file)
|
105 bytes,
text/html
|
Details |
The attached testcase causes an assertion in m-c 20180622-6b6f3f6ecf14 with pref("gfx.webrender.all", true)
thread 'WRRenderBackend#1' panicked at 'attempt to multiply with overflow', gfx/webrender/src/texture_allocator.rs:57:34
#0: mozalloc_abort
at memory/mozalloc/mozalloc_abort.cpp:34
#1: abort
at memory/mozalloc/mozalloc_abort.cpp:81
#2: panic_abort::__rust_start_panic
at src/libpanic_abort/lib.rs:59
#3: std::panicking::rust_panic
at src/libstd/panicking.rs:608
#4: std::panicking::rust_panic_with_hook
at src/libstd/panicking.rs:593
#5: std::panicking::begin_panic
at src/libstd/panicking.rs:538
#6: std::panicking::begin_panic_fmt
at src/libstd/panicking.rs:522
#7: std::panicking::rust_begin_panic
at src/libstd/panicking.rs:498
#8: core::panicking::panic_fmt
at src/libcore/panicking.rs:71
#9: core::panicking::panic
at src/libcore/panicking.rs:51
#10: webrender::tiling::TextureAllocator::allocate
at gfx/webrender/src/texture_allocator.rs:57
#11: webrender::tiling::RenderPass::build
at gfx/webrender/src/tiling.rs:306
#12: webrender::render_backend::Document::render
at gfx/webrender/src/frame_builder.rs:385
#13: webrender::render_backend::RenderBackend::update_document
at gfx/webrender/src/render_backend.rs:1075
#14: webrender::render_backend::RenderBackend::run
at gfx/webrender/src/render_backend.rs:759
#15: std::sys_common::backtrace::__rust_begin_short_backtrace
at gfx/webrender/src/renderer.rs:1743
#16: std::panicking::try::do_call
at src/libstd/thread/mod.rs:406
#17: panic_abort::__rust_maybe_catch_panic
at src/libpanic_abort/lib.rs:38
#18: _..boxed..FnBox1101GT$::call_box
at src/libstd/panicking.rs:459
#19: std::sys_common::thread::start_thread
at src/liballoc/boxed.rs:825
#20: std::sys::unix::thread::Thread::new::thread_start
at src/libstd/sys/unix/thread.rs:90Flags: in-testsuite?
|
||
Updated•6 years ago
|
Blocks: stage-wr-trains
Priority: -- → P1
|
||
Comment 1•6 years ago
|
||
bp-210c37ef-3a9c-46a6-9a9d-c8aa20180622 (same crash signature as bug 1441392) good = no crash, broken ui (invisible tab title + transparent and borderless location bar) bad = thread 'WRRenderBackend#1' panicked at 'attempt to multiply with overflow', gfx/webrender/src/texture_allocator.rs:57:34 RUST_BACKTRACE=1 mozregression --good 2018-04-25 --bad 2018-06-21 -B debug --pref gfx.webrender.all:true startup.homepage_welcome_url:'https://bug1470439.bmoattachments.org/attachment.cgi?id=8987066' > 8:18.75 INFO: Last good revision: 13251c6d1ee246f50771d4c2c73ad4d7177d1448 > 8:18.75 INFO: First bad revision: 5e2b8c50e708e20fb90ea6486eb254b4f51479de > 8:18.75 INFO: Pushlog: > https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=13251c6d1ee246f50771d4c2c73ad4d7177d1448&tochange=5e2b8c50e708e20fb90ea6486eb254b4f51479de most likely > 8fd78043032e Kartikaya Gupta — Bug 1466549 - Update webrender to aff9f409f3d6a3518c38c1f7755657f564c1083a. r=Gankro > WR @ 952521658aaf331e7b7382fb18ca1d8b7bfc9dc8 mozregression --repo try --launch 40544f7120e9f01c656464ec8903a915432740ff -B debug --pref gfx.webrender.all:true startup.homepage_welcome_url:'https://bug1470439.bmoattachments.org/attachment.cgi?id=8987066' bad Assumed regression range: https://github.com/servo/webrender/compare/8e697f8cb1f1aab2e5f6b9b903eb7191340b10c5...952521658aaf331e7b7382fb18ca1d8b7bfc9dc8
Blocks: 1466549
Has Regression Range: --- → yes
Has STR: --- → yes
Keywords: regression
See Also: → 1441392
status-firefox60:
--- → unaffected
status-firefox61:
--- → unaffected
|
|
||
Updated•6 years ago
|
Crash Signature: [@ webrender::renderer::Renderer::draw_tile_frame ]
|
Assignee | |
Comment 2•6 years ago
|
||
> Assumed regression range: https://github.com/servo/webrender/compare/8e697f8cb1f1aab2e5f6b9b903eb7191340b10c5...952521658aaf331e7b7382fb18ca1d8b7bfc9dc8 This range might indicate that this was caused by huge dotted/dashed borders trying to allocate large render tasks, which I fixed in https://github.com/servo/webrender/pull/2916
|
|
Assignee | |
Comment 3•6 years ago
|
||
There appear to be other ways to run into the big render task problem, than the one fixed in the PR I mentioned, since the 4 crashes in the last 7 days contain the fix. I filed https://github.com/servo/webrender/issues/2955, but we should probably track this in another bugzilla entry since I think that what this bug was initially filed for is fixed and the stack is not the same.
|
|
Assignee | |
Updated•6 years ago
|
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
|
||
Updated•6 years ago
|
|
|
||
Updated•6 years ago
|
status-firefox-esr52:
--- → unaffected
status-firefox-esr60:
--- → unaffected
You need to log in
before you can comment on or make changes to this bug.
Description
•