Closed
Bug 1509148
Opened 6 years ago
Closed 5 years ago
Hit MOZ_CRASH(assertion failed: a <= b && b <= c && c <= d) at src\third_party\rust\plane-split\src\polygon.rs:41
Categories
(Core :: Graphics: WebRender, defect, P4)
Core
Graphics: WebRender
Tracking
()
RESOLVED
FIXED
mozilla67
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox65 | --- | disabled |
| firefox66 | --- | disabled |
| firefox67 | --- | fixed |
People
(Reporter: tsmith, Assigned: kvark)
References
(Blocks 2 open bugs)
Details
(Keywords: assertion, testcase)
Attachments
(3 files)
Reduced with m-c:
BuildID=20181120164749
SourceStamp=8eff0a4f5d8f4442ce233d492185a90c460846ef
Hit MOZ_CRASH(assertion failed: a <= b && b <= c && c <= d) at src\third_party\rust\plane-split\src\polygon.rs:41
23|0|xul.dll|static void MOZ_CrashOOL(const char *, int, const char *)|hg:hg.mozilla.org/mozilla-central:mfbt/Assertions.h:8eff0a4f5d8f4442ce233d492185a90c460846ef|311|0x0
23|1|xul.dll|GeckoCrashOOL|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsAppRunner.cpp:8eff0a4f5d8f4442ce233d492185a90c460846ef|5350|0x5
23|2|xul.dll|static void gkrust_shared::panic_hook(struct core::panic::PanicInfo *)|hg:hg.mozilla.org/mozilla-central:toolkit/library/rust/shared/lib.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|234|0x7
23|3|xul.dll|static void core::ops::function::Fn::call<fn(core::panic::PanicInfo*),(core::panic::PanicInfo*)>( * *, struct core::panic::PanicInfo *)|/libcore/ops/function.rs|78|0xc
23|4|xul.dll|void std::panicking::rust_panic_with_hook()|/rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libstd/panicking.rs|481|0x6
23|5|xul.dll|<NoType> std::panicking::begin_panic<str*>(struct str*, struct (str*, u32, u32) *)|/libstd/panicking.rs|411|0x21
23|6|xul.dll|union binary_space_partition::PlaneCut<plane_split::polygon::Polygon<f64, webrender_api::units::WorldPixel>> plane_split::bsp::{{impl}}::cut<f64,webrender_api::units::WorldPixel>(struct plane_split::polygon::Polygon<f64, webrender_api::units::WorldPixel> *, struct plane_split::polygon::Polygon<f64, webrender_api::units::WorldPixel>)|hg:hg.mozilla.org/mozilla-central:third_party/rust/plane-split/src/bsp.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|31|0x18
23|7|xul.dll|void binary_space_partition::BspNode<plane_split::polygon::Polygon<f64, webrender_api::units::WorldPixel>>::insert<plane_split::polygon::Polygon<f64, webrender_api::units::WorldPixel>>(struct plane_split::polygon::Polygon<f64, webrender_api::units::WorldPixel>)|hg:hg.mozilla.org/mozilla-central:third_party/rust/binary-space-partition/src/lib.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|102|0x1e
23|8|xul.dll|bool webrender::picture::PicturePrimitive::add_split_plane(struct webrender::gpu_types::TransformPalette *, struct webrender::prim_store::PrimitiveInstance *, struct euclid::rect::TypedRect<f32, webrender_api::units::LayoutPixel>, struct euclid::rect::TypedRect<f32, webrender_api::units::WorldPixel>, unsigned __int64)|hg:hg.mozilla.org/mozilla-central:gfx/webrender/src/picture.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|753|0x65
23|9|xul.dll|static bool webrender::prim_store::PrimitiveStore::prepare_prim_for_render(struct webrender::prim_store::PrimitiveInstance *, struct webrender::frame_builder::PrimitiveContext *, struct webrender::frame_builder::PictureContext *, struct webrender::frame_builder::PictureState *, struct webrender::frame_builder::FrameBuildingContext *, struct webrender::frame_builder::FrameBuildingState *, struct webrender_api::display_list::BuiltDisplayList *, unsigned __int64)|hg:hg.mozilla.org/mozilla-central:gfx/webrender/src/prim_store.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|2373|0x1d
23|10|xul.dll|void webrender::prim_store::PrimitiveStore::prepare_primitives(struct webrender::picture::PrimitiveList *, struct webrender::frame_builder::PictureContext *, struct webrender::frame_builder::PictureState *, struct webrender::frame_builder::FrameBuildingContext *, struct webrender::frame_builder::FrameBuildingState *)|hg:hg.mozilla.org/mozilla-central:gfx/webrender/src/prim_store.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|2508|0x48
23|11|xul.dll|static bool webrender::prim_store::PrimitiveStore::prepare_prim_for_render(struct webrender::prim_store::PrimitiveInstance *, struct webrender::frame_builder::PrimitiveContext *, struct webrender::frame_builder::PictureContext *, struct webrender::frame_builder::PictureState *, struct webrender::frame_builder::FrameBuildingContext *, struct webrender::frame_builder::FrameBuildingState *, struct webrender_api::display_list::BuiltDisplayList *, unsigned __int64)|hg:hg.mozilla.org/mozilla-central:gfx/webrender/src/prim_store.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|2185|0x28
23|12|xul.dll|void webrender::prim_store::PrimitiveStore::prepare_primitives(struct webrender::picture::PrimitiveList *, struct webrender::frame_builder::PictureContext *, struct webrender::frame_builder::PictureState *, struct webrender::frame_builder::FrameBuildingContext *, struct webrender::frame_builder::FrameBuildingState *)|hg:hg.mozilla.org/mozilla-central:gfx/webrender/src/prim_store.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|2508|0x48
23|13|xul.dll|static bool webrender::prim_store::PrimitiveStore::prepare_prim_for_render(struct webrender::prim_store::PrimitiveInstance *, struct webrender::frame_builder::PrimitiveContext *, struct webrender::frame_builder::PictureContext *, struct webrender::frame_builder::PictureState *, struct webrender::frame_builder::FrameBuildingContext *, struct webrender::frame_builder::FrameBuildingState *, struct webrender_api::display_list::BuiltDisplayList *, unsigned __int64)|hg:hg.mozilla.org/mozilla-central:gfx/webrender/src/prim_store.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|2185|0x28
23|14|xul.dll|void webrender::prim_store::PrimitiveStore::prepare_primitives(struct webrender::picture::PrimitiveList *, struct webrender::frame_builder::PictureContext *, struct webrender::frame_builder::PictureState *, struct webrender::frame_builder::FrameBuildingContext *, struct webrender::frame_builder::FrameBuildingState *)|hg:hg.mozilla.org/mozilla-central:gfx/webrender/src/prim_store.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|2508|0x48
23|15|xul.dll|static bool webrender::prim_store::PrimitiveStore::prepare_prim_for_render(struct webrender::prim_store::PrimitiveInstance *, struct webrender::frame_builder::PrimitiveContext *, struct webrender::frame_builder::PictureContext *, struct webrender::frame_builder::PictureState *, struct webrender::frame_builder::FrameBuildingContext *, struct webrender::frame_builder::FrameBuildingState *, struct webrender_api::display_list::BuiltDisplayList *, unsigned __int64)|hg:hg.mozilla.org/mozilla-central:gfx/webrender/src/prim_store.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|2185|0x28
23|16|xul.dll|void webrender::prim_store::PrimitiveStore::prepare_primitives(struct webrender::picture::PrimitiveList *, struct webrender::frame_builder::PictureContext *, struct webrender::frame_builder::PictureState *, struct webrender::frame_builder::FrameBuildingContext *, struct webrender::frame_builder::FrameBuildingState *)|hg:hg.mozilla.org/mozilla-central:gfx/webrender/src/prim_store.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|2508|0x48
23|17|xul.dll|static bool webrender::prim_store::PrimitiveStore::prepare_prim_for_render(struct webrender::prim_store::PrimitiveInstance *, struct webrender::frame_builder::PrimitiveContext *, struct webrender::frame_builder::PictureContext *, struct webrender::frame_builder::PictureState *, struct webrender::frame_builder::FrameBuildingContext *, struct webrender::frame_builder::FrameBuildingState *, struct webrender_api::display_list::BuiltDisplayList *, unsigned __int64)|hg:hg.mozilla.org/mozilla-central:gfx/webrender/src/prim_store.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|2185|0x28
23|18|xul.dll|void webrender::prim_store::PrimitiveStore::prepare_primitives(struct webrender::picture::PrimitiveList *, struct webrender::frame_builder::PictureContext *, struct webrender::frame_builder::PictureState *, struct webrender::frame_builder::FrameBuildingContext *, struct webrender::frame_builder::FrameBuildingState *)|hg:hg.mozilla.org/mozilla-central:gfx/webrender/src/prim_store.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|2508|0x48
23|19|xul.dll|static bool webrender::prim_store::PrimitiveStore::prepare_prim_for_render(struct webrender::prim_store::PrimitiveInstance *, struct webrender::frame_builder::PrimitiveContext *, struct webrender::frame_builder::PictureContext *, struct webrender::frame_builder::PictureState *, struct webrender::frame_builder::FrameBuildingContext *, struct webrender::frame_builder::FrameBuildingState *, struct webrender_api::display_list::BuiltDisplayList *, unsigned __int64)|hg:hg.mozilla.org/mozilla-central:gfx/webrender/src/prim_store.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|2185|0x28
23|20|xul.dll|void webrender::prim_store::PrimitiveStore::prepare_primitives(struct webrender::picture::PrimitiveList *, struct webrender::frame_builder::PictureContext *, struct webrender::frame_builder::PictureState *, struct webrender::frame_builder::FrameBuildingContext *, struct webrender::frame_builder::FrameBuildingState *)|hg:hg.mozilla.org/mozilla-central:gfx/webrender/src/prim_store.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|2508|0x48
23|21|xul.dll|struct webrender::tiling::Frame webrender::frame_builder::FrameBuilder::build(struct webrender::resource_cache::ResourceCache *, struct webrender::gpu_cache::GpuCache *, struct webrender::render_backend::FrameStamp, struct webrender::clip_scroll_tree::ClipScrollTree *, struct std::collections::hash::map::HashMap<webrender_api::api::PipelineId, alloc::sync::Arc<webrender::scene::ScenePipeline>, core::hash::BuildHasherDefault<fxhash::FxHasher>> *, struct euclid::scale::TypedScale<f32, webrender_api::units::WorldPixel, webrender_api::units::DevicePixel>, char, struct euclid::point::TypedPoint2D<f32, webrender_api::units::WorldPixel>, struct webrender::profiler::TextureCacheProfileCounters *, struct webrender::profiler::GpuCacheProfileCounters *, struct webrender::scene::SceneProperties *, struct webrender::render_backend::FrameResources *)|hg:hg.mozilla.org/mozilla-central:gfx/webrender/src/frame_builder.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|349|0x4f4
23|22|xul.dll|static struct webrender::internal_types::RenderedDocument webrender::render_backend::Document::build_frame(struct webrender::resource_cache::ResourceCache *, struct webrender::gpu_cache::GpuCache *, struct webrender::profiler::ResourceProfileCounters *)|hg:hg.mozilla.org/mozilla-central:gfx/webrender/src/render_backend.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|413|0x42
23|23|xul.dll|static void webrender::render_backend::RenderBackend::update_document(struct webrender_api::api::DocumentId, struct alloc::vec::Vec<webrender_api::api::ResourceUpdate>, union core::option::Option<webrender::scene_builder::DocumentResourceUpdates>, struct alloc::vec::Vec<webrender_api::api::FrameMsg>, struct alloc::vec::Vec<webrender_api::api::NotificationRequest>, bool, bool, unsigned int *, struct webrender::profiler::BackendProfileCounters *, bool)|hg:hg.mozilla.org/mozilla-central:gfx/webrender/src/render_backend.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|1212|0x1d
23|24|xul.dll|static bool webrender::render_backend::RenderBackend::process_api_msg(union webrender_api::api::ApiMsg, struct webrender::profiler::BackendProfileCounters *, unsigned int *)|hg:hg.mozilla.org/mozilla-central:gfx/webrender/src/render_backend.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|1025|0x13b
23|25|xul.dll|void webrender::render_backend::RenderBackend::run(struct webrender::profiler::BackendProfileCounters)|hg:hg.mozilla.org/mozilla-central:gfx/webrender/src/render_backend.rs:8eff0a4f5d8f4442ce233d492185a90c460846ef|800|0x96
23|26|||||0x2
23|27|xul.dll|void std::sys_common::backtrace::__rust_begin_short_backtrace<closure,()>(struct closure)|/libstd/sys_common/backtrace.rs|136|0x81f
23|28|xul.dll|static void std::panicking::try::do_call<std::panic::AssertUnwindSafe<closure>,()>(unsigned char *)|/libstd/panicking.rs|310|0x19
23|29|xul.dll|void panic_abort::__rust_maybe_catch_panic()|/rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libpanic_abort/lib.rs|41|0x5
23|30|xul.dll|static void alloc::boxed::{{impl}}::call_box<(),closure>(struct closure *, <NoType>)|/liballoc/boxed.rs|646|0x7b
23|31|xul.dll|void std::sys_common::thread::start_thread()|/rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libstd/sys_common/thread.rs|24|0xe
23|32|xul.dll|static void std::sys::windows::thread::{{impl}}::new::thread_start()|/rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libstd/sys/windows/thread.rs|56|0x5
23|33|kernel32.dll|CicInputContext::DestroyInputContext()|||0x17c
23|34|mozglue.dll|static void patched_BaseThreadInitThunk(int, void *, void *)|hg:hg.mozilla.org/mozilla-central:mozglue/build/WindowsDllBlocklist.cpp:8eff0a4f5d8f4442ce233d492185a90c460846ef|753|0xe
23|35|ntdll.dll|CInputContext::SetSelection(unsigned long,unsigned long,TF_SELECTION const *)|||0x91
|
Reporter | |
Updated•6 years ago
|
|
|
Reporter | |
Comment 1•6 years ago
|
||
|
||
Comment 2•6 years ago
|
||
Assertion failure in plane-split, so kvark should take a look when he has a chance and redirect as needed.
Flags: needinfo?(dmalyshau)
|
Assignee | |
Comment 3•6 years ago
|
||
This can happen if a NaN sneaked in and bypassed any previous checks.
Assignee: nobody → dmalyshau
Status: NEW → ASSIGNED
Flags: needinfo?(dmalyshau)
|
|
Assignee | |
Comment 4•6 years ago
|
||
I'm not able to repro with 2018-11-21, we don't even enter that plane-splitting code on the given test case.
|
|
Reporter | |
Comment 6•6 years ago
|
||
I cna still reproduce this on Windows running the latest available debug build BuildID=20181122092147 SourceStamp=785032241b2fe327aa833267416b3eb8d846cb4f
Flags: needinfo?(twsmith)
|
|
||
Comment 7•6 years ago
|
||
Can you describe exactly what steps you're taking to reproduce? (Are you using a tool to download and run the build, or are you doing it manually? What environment variables/prefs are set? Do you restart the browser at all? etc. etc.)
Flags: needinfo?(twsmith)
|
|
Reporter | |
Comment 8•6 years ago
|
||
I just tried launching the browser with the attached prefs.js and then I drag and dropped the test case and that triggered the assertion. I've repro'ed it on different Windows 10 1803 machines.
Flags: needinfo?(twsmith)
|
|
||
Comment 9•6 years ago
|
||
I still can't repro it: downloaded https://queue.taskcluster.net/v1/task/PqoDSaR0SkKGgwqvF2WIQA/runs/0/artifacts/public/build/target.zip and unzipped it, launched firefox.exe with a new profile that has your prefs.js file, and dropped the testcase (saved locally) into the browser window. It renders and doesn't crash.
|
|
Reporter | |
Comment 10•6 years ago
|
||
Strange. I can repro with that build. Here is my about:support info. Not sure what the problem could be.
|
||
Updated•6 years ago
|
Blocks: stage-wr-trains
Priority: -- → P2
|
|
||
Updated•6 years ago
|
Priority: P2 → P4
|
||
Comment 11•5 years ago
|
||
Plane splitting has changed it's calculation algorithm. Tyson, can you still reproduce this?
Flags: needinfo?(twsmith)
|
|
Reporter | |
Comment 12•5 years ago
|
||
I can no longer reproduce this with m-c:
BuildID=20190208161559
SourceStamp=b482c6618d72ac38a9a82fbccf425e0a7f8b6129
Flags: needinfo?(twsmith)
|
|
||
Updated•5 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
|
||
Updated•5 years ago
|
status-firefox66:
--- → disabled
status-firefox67:
--- → fixed
status-firefox-esr60:
--- → unaffected
Target Milestone: --- → mozilla67
You need to log in
before you can comment on or make changes to this bug.
Description
•