1524418 - Hit MOZ_CRASH(Content-process DrawTargetRecording can't create requested similar drawtarget) at src/gfx/2d/DrawTargetRecording.cpp:530

Status: RESOLVED FIXED

(Core :: Graphics: WebRender, defect, P3)

Description

[Tyson Smith [:tsmith]]

Attachment: testcase.html

Reduced with m-c:
BuildID=20190131165827
SourceStamp=fc35330e07dac48cab0ae9cbe3f98565091f0880

Hit MOZ_CRASH(Content-process DrawTargetRecording can't create requested similar drawtarget) at src/gfx/2d/DrawTargetRecording.cpp:530

#0 mozilla::gfx::DrawTargetRecording::CreateSimilarDrawTarget(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SurfaceFormat) const src/gfx/2d/DrawTargetRecording.cpp:528:5
#1 gfxCallbackDrawable::MakeSurfaceDrawable(gfxContext*, mozilla::gfx::SamplingFilter) src/gfx/thebes/gfxDrawable.cpp:102:34
#2 gfxCallbackDrawable::Draw(gfxContext*, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, double> const&, mozilla::gfx::ExtendMode, mozilla::gfx::SamplingFilter, double, mozilla::gfx::BaseMatrix<double> const&) src/gfx/thebes/gfxDrawable.cpp:138:24
#3 gfxUtils::DrawPixelSnapped(gfxContext*, gfxDrawable*, mozilla::gfx::SizeTyped<mozilla::gfx::UnknownUnits, double> const&, mozilla::image::ImageRegion const&, mozilla::gfx::SurfaceFormat, mozilla::gfx::SamplingFilter, unsigned int, double, bool) src/gfx/thebes/gfxUtils.cpp:559:13
#4 mozilla::image::VectorImage::Show(gfxDrawable*, mozilla::image::SVGDrawingParameters const&) src/image/VectorImage.cpp:1199:3
#5 mozilla::image::VectorImage::Draw(gfxContext*, mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::image::ImageRegion const&, unsigned int, mozilla::gfx::SamplingFilter, mozilla::Maybe<mozilla::SVGImageContext> const&, unsigned int, float) src/image/VectorImage.cpp:994:5
#6 DrawImageInternal(gfxContext&, nsPresContext*, imgIContainer*, mozilla::gfx::SamplingFilter, nsRect const&, nsRect const&, nsPoint const&, nsRect const&, mozilla::Maybe<mozilla::SVGImageContext> const&, unsigned int, mozilla::gfx::ExtendMode, float) src/layout/base/nsLayoutUtils.cpp:6584:22
#7 nsLayoutUtils::DrawBackgroundImage(gfxContext&, nsIFrame*, nsPresContext*, imgIContainer*, mozilla::gfx::IntSizeTyped<mozilla::CSSPixel> const&, mozilla::gfx::SamplingFilter, nsRect const&, nsRect const&, nsSize const&, nsPoint const&, nsRect const&, unsigned int, mozilla::gfx::ExtendMode, float) src/layout/base/nsLayoutUtils.cpp:6798:12
#8 mozilla::nsImageRenderer::Draw(nsPresContext*, gfxContext&, nsRect const&, nsRect const&, nsRect const&, nsPoint const&, nsSize const&, mozilla::gfx::IntRectTyped<mozilla::CSSPixel> const&, float) src/layout/painting/nsImageRenderer.cpp:459:16
#9 mozilla::nsImageRenderer::DrawLayer(nsPresContext*, gfxContext&, nsRect const&, nsRect const&, nsPoint const&, nsRect const&, nsSize const&, float) src/layout/painting/nsImageRenderer.cpp:706:10
#10 nsCSSRendering::PaintStyleImageLayerWithSC(nsCSSRendering::PaintBGParams const&, gfxContext&, mozilla::ComputedStyle*, nsStyleBorder const&) src/layout/painting/nsCSSRendering.cpp:2607:38
#11 nsCSSRendering::PaintStyleImageLayer(nsCSSRendering::PaintBGParams const&, gfxContext&) src/layout/painting/nsCSSRendering.cpp:1837:10
#12 nsDisplayBackgroundImage::PaintInternal(nsDisplayListBuilder*, gfxContext*, nsRect const&, nsRect*) src/layout/painting/nsDisplayList.cpp:4137:26
#13 mozilla::layers::PaintItemByDrawTarget(nsDisplayItem*, mozilla::gfx::DrawTarget*, mozilla::gfx::PointTyped<mozilla::LayoutDevicePixel, float> const&, nsDisplayListBuilder*, RefPtr<mozilla::layers::BasicLayerManager> const&, mozilla::gfx::SizeTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::Maybe<mozilla::gfx::Color>&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1963:14
#14 mozilla::layers::WebRenderCommandBuilder::GenerateFallbackData(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*, mozilla::gfx::RectTyped<mozilla::LayoutDevicePixel, float>&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:2145:28
#15 mozilla::layers::WebRenderCommandBuilder::PushItemAsImage(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:2390:48
#16 mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, nsDisplayItem*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1652:9
#17 mozilla::layers::WebRenderCommandBuilder::BuildWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, nsDisplayList*, nsDisplayListBuilder*, mozilla::layers::WebRenderScrollData&, mozilla::wr::TypedSize2D<float, mozilla::wr::LayoutPixel>&, nsTArray<mozilla::wr::FilterOp>&&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1452:5
#18 mozilla::layers::WebRenderLayerManager::EndTransactionWithoutLayer(nsDisplayList*, nsDisplayListBuilder*, nsTArray<mozilla::wr::FilterOp>&&, mozilla::layers::WebRenderBackgroundData*) src/gfx/layers/wr/WebRenderLayerManager.cpp:276:30
#19 nsDisplayList::PaintRoot(nsDisplayListBuilder*, gfxContext*, unsigned int) src/layout/painting/nsDisplayList.cpp:2613:18
#20 nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) src/layout/base/nsLayoutUtils.cpp:3788:12
#21 mozilla::PresShell::Paint(nsView*, nsRegion const&, unsigned int) src/layout/base/PresShell.cpp:6070:5
#22 nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) src/view/nsViewManager.cpp:461:19
#23 nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) src/view/nsViewManager.cpp:396:33
#24 nsViewManager::ProcessPendingUpdates() src/view/nsViewManager.cpp:1030:5
#25 nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:2022:11
#26 mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) src/layout/base/nsRefreshDriver.cpp:319:7
#27 mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:336:5
#28 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:692:16
#29 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) src/layout/base/nsRefreshDriver.cpp:592:9
#30 mozilla::layout::VsyncChild::RecvNotify(mozilla::VsyncEvent const&) src/layout/ipc/VsyncChild.cpp:65:16
#31 mozilla::layout::PVsyncChild::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PVsyncChild.cpp:167:20
#32 mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PBackgroundChild.cpp:2788:28
#33 mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2160:21
#34 mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:2087:9
#35 mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1936:3
#36 mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1967:13
#37 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1161:14
#38 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:474:10
#39 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:88:21
#40 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:315:10
#41 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290:3
#42 nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#43 XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:908:20
#44 mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:238:9
#45 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:315:10
#46 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290:3
#47 XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:746:34
#48 content_process_main(mozilla::Bootstrap*, int, char**) src/browser/app/../../ipc/contentproc/plugin-container.cpp:49:28
#49 main src/browser/app/nsBrowserApp.cpp:265:18
#50 __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#51 _start (firefox+0x34a04)

Comment 1

[Jeff Muizelaar [:jrmuizel]]

Kats, I think you looked at something like this a little while ago?

Comment 2

[Kartikaya Gupta (email:kats@mozilla.staktrace.com)]

Yeah it's another one of those fallout-from-1466613 bugs. I can look at this one too.

Comment 3

[Kartikaya Gupta (email:kats@mozilla.staktrace.com)]

https://treeherder.mozilla.org/#/jobs?repo=try&group_state=expanded&revision=a520337dacbe43f270dcc60ffd4f8543d777a152

Comment 4

[Kartikaya Gupta (email:kats@mozilla.staktrace.com)]

Attachment: Bug 1524418 - Avoid crashing content process with giant drawtarget. r?mstange

Comment 5

[Pulsebot]

Pushed by kgupta@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/dd683ef8b000
Avoid crashing content process with giant drawtarget. r=mstange

Comment 6

[Cosmin Sabou [:CosminS]]

https://hg.mozilla.org/mozilla-central/rev/dd683ef8b000