WR crashes on debug_assert! with out-of-process iframes

RESOLVED FIXED in Firefox 68

Status

()

defect
P2
normal
RESOLVED FIXED
3 months ago
3 months ago

People

(Reporter: hsivonen, Assigned: gw)

Tracking

(Regression)

unspecified
mozilla68
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox68 fixed)

Details

Attachments

(1 attachment)

Steps to reproduce

  1. Set fission.oopif.attribute to true.
  2. Set gfx.webrender.picture-caching to false.
  3. Set gfx.webrender.allto true.
  4. Restart Firefox.
  5. Navigate to https://hsivonen.fi/fission-scroll.html

Actual results

Assertion crash at https://searchfox.org/mozilla-central/rev/6db0a6a56653355fcbb25c4fa79c6e7ffc6f88e9/gfx/wr/webrender/src/display_list_flattener.rs#1348

Expected results

No crash.

Flags: needinfo?(dmalyshau)
Priority: -- → P3

Dzmitry, looks like we will need this for Fission M2 milestone (deadline of May 6).

Blocks: oop-frames
No longer blocks: fission
Priority: P3 → P2

Dzmitry is on vacation for the next two weeks. Glenn is a better person to look at this in the mean time.

Flags: needinfo?(dmalyshau) → needinfo?(gwatson)

This assert is checking that the display list by Gecko does not provide multiple stacking contexts which all have picture caching enabled (the cache_tiles field in push_stacking_context).

Picture caching currently only works correctly on a single, top-level, stacking context - which is what this assert is checking for.

It's likely that the code in Gecko which determines whether to enable picture caching on a stacking context is getting confused by the OOP iframe and thinking it is a top level window, or something similar.

I notice that the bug specifically is being reproduced when gfx.webrender.picture-caching is false. I can make a change so that the assert only triggers when picture caching is enabled, which will stop the assert firing in this test case. However, the root cause of the bug (that Gecko is seemingly supplying an invalid display list) will need to be resolved before picture caching can be enabled in fission mode.

I'll land a patch today that at least only checks the assert if picture caching is enabled.

Flags: needinfo?(gwatson)
Assignee: nobody → gwatson
Pushed by gwatson@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a9c4558b4975
WR crashes on debug_assert! with out-of-process iframes r=jrmuizel
Status: NEW → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68

(In reply to Glenn Watson [:gw] from comment #3)

I notice that the bug specifically is being reproduced when gfx.webrender.picture-caching is false.

That's due to bug 1527380.

I'll land a patch today that at least only checks the assert if picture caching is enabled.

Thanks.

You need to log in before you can comment on or make changes to this bug.