Closed
Bug 1541113
Opened 5 years ago
Closed 5 years ago
Hit MOZ_CRASH(Content-process DrawTargetRecording can't create requested clipped drawtarget) at src/gfx/2d/DrawTargetRecording.cpp:571
Categories
(Core :: Graphics: WebRender, defect, P3)
Core
Graphics: WebRender
Tracking
()
VERIFIED
FIXED
mozilla68
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox66 | --- | disabled |
| firefox67 | --- | verified |
| firefox68 | --- | verified |
People
(Reporter: tsmith, Assigned: kats)
References
(Blocks 2 open bugs, Regression)
Details
(4 keywords)
Crash Data
Attachments
(2 files)
|
96 bytes,
text/html
|
Details | |
|
47 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
|
Details | Review |
Reduced with m-c:
BuildID=20190402144906
SourceStamp=85476bad25bfbd3525d6d8779f4705a3fedf9103
For some reason I can only repro this crash using the attached test case running the browser in Xvfb. Not sure if it is because of the virtual screen resolution or bit depth.
Hit MOZ_CRASH(Content-process DrawTargetRecording can't create requested clipped drawtarget) at src/gfx/2d/DrawTargetRecording.cpp:571
#0 mozilla::gfx::DrawTargetRecording::CreateSimilarDrawTargetForFilter(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SurfaceFormat, mozilla::gfx::FilterNode*, mozilla::gfx::FilterNode*, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits, float> const&) src/gfx/2d/DrawTargetRecording.cpp:569:5
#1 nsFilterInstance::BuildSourceImage(mozilla::gfx::DrawTarget*, mozilla::image::imgDrawingParams&, mozilla::gfx::FilterNode*, mozilla::gfx::FilterNode*, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&) src/layout/svg/nsFilterInstance.cpp:703:43
#2 nsFilterInstance::Render(gfxContext*, mozilla::image::imgDrawingParams&, float) src/layout/svg/nsFilterInstance.cpp:798:3
#3 nsFilterInstance::PaintFilteredFrame(nsIFrame*, gfxContext*, nsSVGFilterPaintCallback*, nsRegion const*, mozilla::image::imgDrawingParams&, float) src/layout/svg/nsFilterInstance.cpp:94:14
#4 nsSVGIntegrationUtils::PaintFilter(nsSVGIntegrationUtils::PaintFramesParams const&) src/layout/svg/nsSVGIntegrationUtils.cpp:1085:3
#5 nsDisplayFilters::PaintAsLayer(nsDisplayListBuilder*, gfxContext*, mozilla::layers::LayerManager*) src/layout/painting/nsDisplayList.cpp:9656:3
#6 mozilla::layers::Grouper::PaintContainerItem(mozilla::layers::DIGroup*, nsDisplayItem*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, nsDisplayList*, gfxContext*, mozilla::layers::WebRenderDrawEventRecorder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:996:48
#7 mozilla::layers::DIGroup::PaintItemRange(mozilla::layers::Grouper*, nsDisplayItem*, nsDisplayItem*, gfxContext*, mozilla::layers::WebRenderDrawEventRecorder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:821:19
#8 mozilla::layers::Grouper::PaintContainerItem(mozilla::layers::DIGroup*, nsDisplayItem*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, nsDisplayList*, gfxContext*, mozilla::layers::WebRenderDrawEventRecorder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1007:15
#9 mozilla::layers::DIGroup::PaintItemRange(mozilla::layers::Grouper*, nsDisplayItem*, nsDisplayItem*, gfxContext*, mozilla::layers::WebRenderDrawEventRecorder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:821:19
#10 mozilla::layers::DIGroup::EndGroup(mozilla::layers::WebRenderLayerManager*, nsDisplayListBuilder*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::Grouper*, nsDisplayItem*, nsDisplayItem*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:688:5
#11 mozilla::layers::Grouper::ConstructGroups(nsDisplayListBuilder*, mozilla::layers::WebRenderCommandBuilder*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::DIGroup*, nsDisplayList*, mozilla::layers::StackingContextHelper const&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1236:17
#12 mozilla::layers::WebRenderCommandBuilder::DoGroupingForDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1469:5
#13 mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1607:5
#14 nsDisplayWrapList::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:5861:30
#15 nsDisplaySVGWrapper::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:9887:31
#16 mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1733:38
#17 nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:8218:30
#18 mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1733:38
#19 mozilla::layers::WebRenderCommandBuilder::BuildWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, nsDisplayList*, nsDisplayListBuilder*, mozilla::wr::RenderRootArray<mozilla::layers::WebRenderScrollData>&, WrFiltersHolder&&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1550:5
#20 mozilla::layers::WebRenderLayerManager::EndTransactionWithoutLayer(nsDisplayList*, nsDisplayListBuilder*, WrFiltersHolder&&, mozilla::layers::WebRenderBackgroundData*) src/gfx/layers/wr/WebRenderLayerManager.cpp:326:30
#21 nsDisplayList::PaintRoot(nsDisplayListBuilder*, gfxContext*, unsigned int) src/layout/painting/nsDisplayList.cpp:2766:18
#22 nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) src/layout/base/nsLayoutUtils.cpp:3903:12
#23 mozilla::PresShell::Paint(nsView*, nsRegion const&, unsigned int) src/layout/base/PresShell.cpp:6078:5
#24 nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) src/view/nsViewManager.cpp:461:19
#25 nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) src/view/nsViewManager.cpp:396:33
#26 nsViewManager::ProcessPendingUpdates() src/view/nsViewManager.cpp:1022:5
#27 nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:2036:11
#28 mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) src/layout/base/nsRefreshDriver.cpp:319:7
#29 mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:336:5
#30 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:702:16
#31 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) src/layout/base/nsRefreshDriver.cpp:597:9
#32 mozilla::layout::VsyncChild::RecvNotify(mozilla::VsyncEvent const&) src/layout/ipc/VsyncChild.cpp:65:16
#33 mozilla::layout::PVsyncChild::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PVsyncChild.cpp:168:54
#34 mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PBackgroundChild.cpp:3941:28
#35 mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2151:21
#36 mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:2078:9
#37 mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1937:3
#38 mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1968:13
#39 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1180:14
#40 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:482:10
#41 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:88:21
#42 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:315:10
#43 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290:3
#44 nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#45 XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:919:20
#46 mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:238:9
#47 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:315:10
#48 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290:3
#49 XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:757:34
#50 content_process_main(mozilla::Bootstrap*, int, char**) src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
#51 main src/browser/app/nsBrowserApp.cpp:263:18
Flags: in-testsuite?
|
||
Comment 1•5 years ago
|
||
I get a crash on my win64+iGFX nightly when i open the testcase :
https://crash-stats.mozilla.org/report/index/5b1773fc-886c-46c8-b620-722f00190402
Crash Signature: [@ mozilla::gfx::DrawTargetRecording::CreateSimilarDrawTargetForFilter ]
|
Assignee | |
Comment 2•5 years ago
|
||
|
|
Assignee | |
Updated•5 years ago
|
Priority: -- → P3
|
|
Assignee | |
Comment 3•5 years ago
|
||
Pushed by kgupta@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/66d47e242915 Avoid crashing content process with giant drawtarget. r=mstange
|
||
Comment 5•5 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
|
|
Assignee | |
Updated•5 years ago
|
status-firefox67:
--- → fix-optional
|
|
Assignee | |
Comment 6•5 years ago
|
||
Comment on attachment 9055464 [details]
Bug 1541113 - Avoid crashing content process with giant drawtarget. r?mstange
Beta/Release Uplift Approval Request
- Feature/Bug causing the regression: Bug 1522021
- User impact if declined: Content process crash in pathological cases
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: Yes
- If yes, steps to reproduce: Load testcase attached to bug, ensure content process doesn't crash
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Just adds an early-exit codepath
- String changes made/needed:
Attachment #9055464 -
Flags: approval-mozilla-beta?
|
|
Assignee | |
Updated•5 years ago
|
Flags: qe-verify?
|
||
Comment 7•5 years ago
|
||
It's a P3, let's get it verified by QA on Nightly before uplifting to beta, thanks.
Flags: qe-verify? → qe-verify+
|
||
Updated•5 years ago
|
status-firefox66:
--- → disabled
status-firefox-esr60:
--- → unaffected
Flags: in-testsuite? → in-testsuite+
|
||
Updated•5 years ago
|
Whiteboard: [qa-triaged]
|
|
||
Updated•5 years ago
|
QA Whiteboard: [qa-triaged]
Whiteboard: [qa-triaged]
|
||
Comment 8•5 years ago
|
||
I successfully reproduced the issue on Firefox Nightly 68.0a1 (2019-04-02) under Windows 10 (x64) on a system with Intel® HD Graphics 630 using the testcase found in Comment 0.
The issue is no longer reproducible on latest Nightly 68.0a1 (2019-04-10) under Windows 10 (x64) on the same system mentioned above.
Status: RESOLVED → VERIFIED
|
|
||
Comment 9•5 years ago
|
||
Comment on attachment 9055464 [details]
Bug 1541113 - Avoid crashing content process with giant drawtarget. r?mstange
Low risk crash fix, covered by tests and verified by QA on Nightly, uplift approved for 67 beta 10, thanks!
Attachment #9055464 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
||
Comment 10•5 years ago
|
||
| bugherder uplift | ||
|
|
||
Comment 11•5 years ago
|
||
I tried verifying the issue on Firefox Beta 67.0b10 (20190411041332, build from treeherder) by accessing the testcase from Comment 0.
The browser will show only a black page (67.0b8 which is supposed to be affected will return with a black page too and not crashing the page like it is doing on Nightly from 2019-04-02), while on latest Nightly (2019-04-10) it returned with a white page. Kartikaya, could you look over it and please let me know what is the expected behavior?
Tests were performed on the same system with Intel® HD Graphics 630.
Flags: needinfo?(kats)
|
|
Assignee | |
Comment 12•5 years ago
|
||
You need to enable WebRender (set gfx.webrender.all=true, restart browser) in order to reproduce the issue and verify the fix. On Nightly WebRender is enabled by default for Intel graphics, which is probably why you were able to verify on Nightly but not on Beta.
Flags: needinfo?(kats)
|
|
||
Comment 13•5 years ago
|
||
Thanks for the answer. The issue is fixed on Firefox beta 67.0b10 (20190411084603 from treeherder) under Windows 10 (x64).
Flags: qe-verify+
|
||
Updated•5 years ago
|
Keywords: regression
|
|
||
Updated•2 years ago
|
Has Regression Range: --- → yes
You need to log in
before you can comment on or make changes to this bug.
Description
•