Closed
Bug 1485274
Opened 6 years ago
Closed 6 years ago
Crash in static void webrender::display_list_flattener::DisplayListFlattener::add_primitive
Categories
(Core :: Graphics: WebRender, defect, P1)
Core
Graphics: WebRender
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox-esr60 | --- | unaffected |
| firefox61 | --- | unaffected |
| firefox62 | --- | unaffected |
| firefox63 | --- | disabled |
People
(Reporter: calixte, Assigned: u480271)
References
(Blocks 2 open bugs)
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
|
222 bytes,
text/html
|
Details |
This bug was filed from the Socorro interface and is report bp-dda0d954-84aa-4753-bbc3-d540a0180822. ============================================================= Top 10 frames of crashing thread: 0 xul.dll static void std::panicking::rust_panic_with_hook src/libstd/panicking.rs:521 1 xul.dll static <NoType> std::panicking::begin_panic<str*> src/libstd/panicking.rs:445 2 xul.dll static void webrender::display_list_flattener::DisplayListFlattener::add_primitive gfx/webrender/src/display_list_flattener.rs:896 3 xul.dll static union core::option::Option<webrender_api::display_list::BuiltDisplayListIter> webrender::display_list_flattener::DisplayListFlattener::flatten_item gfx/webrender/src/display_list_flattener.rs:610 4 xul.dll static void webrender::display_list_flattener::DisplayListFlattener::flatten_items gfx/webrender/src/display_list_flattener.rs:297 5 xul.dll static union core::option::Option<webrender_api::display_list::BuiltDisplayListIter> webrender::display_list_flattener::DisplayListFlattener::flatten_item gfx/webrender/src/display_list_flattener.rs:619 6 @0x4aae03c6af 7 xul.dll static void webrender::display_list_flattener::DisplayListFlattener::flatten_items gfx/webrender/src/display_list_flattener.rs:297 8 xul.dll static void webrender::display_list_flattener::DisplayListFlattener::flatten_root gfx/webrender/src/display_list_flattener.rs:260 9 xul.dll static union core::option::Option<webrender_api::display_list::BuiltDisplayListIter> webrender::display_list_flattener::DisplayListFlattener::flatten_item gfx/webrender/src/display_list_flattener.rs:644 ============================================================= There are 19 crashes (from 7 installations) in nightly 63 with buildid 20180821220101. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1483303. [1] https://hg.mozilla.org/mozilla-central/rev?node=912a1df48dfd
Flags: needinfo?(jmuizelaar)
|
Reporter | |
Updated•6 years ago
|
Crash Signature: [@ static void webrender::display_list_flattener::DisplayListFlattener::add_primitive] → [@ static void webrender::display_list_flattener::DisplayListFlattener::add_primitive]
[@ webrender::display_list_flattener::DisplayListFlattener::add_primitive]
|
||
Comment 1•6 years ago
|
||
Saw that when loading a Form in Service Now.
|
|
||
Comment 2•6 years ago
|
||
It seems I can reproduce at will on this service now page. Anything that you guys would like me to capture? (more logs etc ...)
|
|
||
Comment 3•6 years ago
|
||
[ludovic@saraan ~]$ export RUST_BACKTRACE=1
[ludovic@saraan ~]$ bin/firefox/firefox
thread 'WRSceneBuilder#1' panicked at 'bug: other brush kinds not expected here yet', gfx/webrender/src/prim_store.rs:1252:25
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
stack backtrace:
0: std::sys::unix::backtrace::tracing::imp::unwind_backtrace
1: std::panicking::default_hook::{{closure}}
2: std::panicking::default_hook
3: std::panicking::rust_panic_with_hook
4: std::panicking::begin_panic
5: webrender::display_list_flattener::DisplayListFlattener::add_primitive
6: webrender::display_list_flattener::DisplayListFlattener::flatten_item
7: webrender::display_list_flattener::DisplayListFlattener::flatten_items
8: webrender::display_list_flattener::DisplayListFlattener::flatten_item
9: webrender::display_list_flattener::DisplayListFlattener::flatten_items
10: webrender::display_list_flattener::DisplayListFlattener::flatten_root
11: webrender::display_list_flattener::DisplayListFlattener::flatten_item
12: webrender::display_list_flattener::DisplayListFlattener::flatten_items
13: webrender::display_list_flattener::DisplayListFlattener::flatten_item
14: webrender::display_list_flattener::DisplayListFlattener::flatten_items
15: webrender::display_list_flattener::DisplayListFlattener::flatten_root
16: webrender::display_list_flattener::DisplayListFlattener::create_frame_builder
Redirecting call to abort() to mozalloc_abort
ExceptionHandler::GenerateDump cloned child 19372
ExceptionHandler::SendContinueSignalToChild sent continue signal to child
ExceptionHandler::WaitForContinueSignal waiting for continue signal...|
|
||
Comment 4•6 years ago
|
||
[ludovic@saraan ~]$ export RUST_BACKTRACE=full
[ludovic@saraan ~]$ bin/firefox/firefox
thread 'WRSceneBuilder#1' panicked at 'bug: other brush kinds not expected here yet', gfx/webrender/src/prim_store.rs:1252:25
stack backtrace:
0: 0x7f433fc1b802 - std::sys::unix::backtrace::tracing::imp::unwind_backtrace::h845003dfd4057b58
1: 0x7f433fc0c84c - std::panicking::default_hook::{{closure}}::h67eac88e3f053d87
2: 0x7f433fc0bcab - std::panicking::default_hook::hb9cbad724f559203
3: 0x7f433fc0b85e - std::panicking::rust_panic_with_hook::he4c3a67f6258a8f9
4: 0x7f433f73a356 - std::panicking::begin_panic::hbc69133b13209583
5: 0x7f433f81929f - webrender::display_list_flattener::DisplayListFlattener::add_primitive::h9d980fc61ea0e76c
6: 0x7f433f817605 - webrender::display_list_flattener::DisplayListFlattener::flatten_item::h7ad0c8420bb8126c
7: 0x7f433f80f16e - webrender::display_list_flattener::DisplayListFlattener::flatten_items::h4f98fb6e47e4678d
8: 0x7f433f8153f8 - webrender::display_list_flattener::DisplayListFlattener::flatten_item::h7ad0c8420bb8126c
9: 0x7f433f80f16e - webrender::display_list_flattener::DisplayListFlattener::flatten_items::h4f98fb6e47e4678d
10: 0x7f433f80d347 - webrender::display_list_flattener::DisplayListFlattener::flatten_root::hc3d4dae650415e2b
11: 0x7f433f817d37 - webrender::display_list_flattener::DisplayListFlattener::flatten_item::h7ad0c8420bb8126c
12: 0x7f433f80f16e - webrender::display_list_flattener::DisplayListFlattener::flatten_items::h4f98fb6e47e4678d
13: 0x7f433f8153f8 - webrender::display_list_flattener::DisplayListFlattener::flatten_item::h7ad0c8420bb8126c
14: 0x7f433f80f16e - webrender::display_list_flattener::DisplayListFlattener::flatten_items::h4f98fb6e47e4678d
15: 0x7f433f80d347 - webrender::display_list_flattener::DisplayListFlattener::flatten_root::hc3d4dae650415e2b
16: 0x7f433f80705f - webrender::display_list_flattener::DisplayListFlattener::create_frame_builder::he2ca009d71c0ab3a
17: 0x7f433f824b84 - std::sys_common::backtrace::__rust_begin_short_backtrace::h241ff1ca87bfabca
18: 0x7f433f822dde - <F as alloc::boxed::FnBox<A>>::call_box::h7d6217009f8bd197
19: 0x7f433fc0e711 - std::sys::unix::thread::Thread::new::thread_start::h7d7a420a78cfa84d
20: 0x7f434de16593 - start_thread
21: 0x7f434ce000de - clone
22: 0x0 - <unknown>
Redirecting call to abort() to mozalloc_abort|
|
||
Comment 6•6 years ago
|
||
Crash url https://www.quora.com/Does-Android-Studio-support-JavaScript
|
||
Updated•6 years ago
|
Blocks: wr-stability
|
||
Comment 7•6 years ago
|
||
I can reproduce this on macOS by navigating to https://sso.mozilla.com/ and clicking ‘The Hub’.
OS: Windows 10 → All
Hardware: Unspecified → All
|
||
Comment 8•6 years ago
|
||
Corresponding WebRender issue https://github.com/servo/webrender/issues/2981
|
||
Comment 9•6 years ago
|
||
I created a reduced test case from the Hub link.
|
||
Updated•6 years ago
|
Flags: needinfo?(jmuizelaar) → needinfo?(gwatson)
|
||
Comment 10•6 years ago
|
||
Got a site that crashes the browser upon loading it https://www.codeweavers.com/about/blogs/jwhite/2018/8/22/wine-and-steam-a-major-milestone https://crash-stats.mozilla.com/report/index/1b033e93-68db-4f51-b119-acaf20180823 https://crash-stats.mozilla.com/report/index/382dabf8-2a98-4efc-81cb-c24ed0180823
|
Assignee | |
Comment 11•6 years ago
|
||
I've investigated this and it's caused by the rendering of unknown glyph "tofu" using border for the surrounding box. The shadow code didn't expect a border. I've extended PrimitiveContainer::create_shadow() to handle BrushKind::Border and BrushKind::Image and the panic!() goes away.
|
||
Comment 12•6 years ago
|
||
Another page which constantly reproduces it for me is http://es6-features.org/. Just in case you need another example to verify your fix.
|
||
Updated•6 years ago
|
Priority: -- → P1
|
||
Comment 13•6 years ago
|
||
Can instantly crash Firefox using this URL: https://www.soundguys.com/understanding-bluetooth-codecs-15352/
|
||
Updated•6 years ago
|
See Also: → https://github.com/servo/webrender/issues/2981
|
|
||
Updated•6 years ago
|
Assignee: nobody → dglastonbury
Depends on: 1485791
See Also: → https://github.com/servo/webrender/pull/2984
|
||
Comment 17•6 years ago
|
||
The fix has landed in WR and will be in the next update.
Flags: needinfo?(gwatson)
|
||
Comment 18•6 years ago
|
||
Yesterday I found a site that was causing crashes in nightly and the crash reports linked to this. Today no crashes! Thanks!
|
|
||
Updated•6 years ago
|
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•