WR crashes on debug_assert! with out-of-process iframes

RESOLVED FIXED in Firefox 68

Status

()

defect
P2
normal
RESOLVED FIXED
a month ago
a month ago

People

(Reporter: hsivonen, Assigned: gw)

Tracking

(Regression)

unspecified
mozilla68
Points:
---

Firefox Tracking Flags

(firefox68 fixed)

Details

Attachments

(1 attachment)

(Reporter)

Description

a month ago

Steps to reproduce

  1. Set fission.oopif.attribute to true.
  2. Set gfx.webrender.picture-caching to false.
  3. Set gfx.webrender.allto true.
  4. Restart Firefox.
  5. Navigate to https://hsivonen.fi/fission-scroll.html

Actual results

Assertion crash at https://searchfox.org/mozilla-central/rev/6db0a6a56653355fcbb25c4fa79c6e7ffc6f88e9/gfx/wr/webrender/src/display_list_flattener.rs#1348

Expected results

No crash.

(Reporter)

Updated

a month ago
Flags: needinfo?(dmalyshau)
Priority: -- → P3

Dzmitry, looks like we will need this for Fission M2 milestone (deadline of May 6).

Blocks: oop-frames
No longer blocks: fission
Priority: P3 → P2

Dzmitry is on vacation for the next two weeks. Glenn is a better person to look at this in the mean time.

Flags: needinfo?(dmalyshau) → needinfo?(gwatson)
(Assignee)

Comment 3

a month ago

This assert is checking that the display list by Gecko does not provide multiple stacking contexts which all have picture caching enabled (the cache_tiles field in push_stacking_context).

Picture caching currently only works correctly on a single, top-level, stacking context - which is what this assert is checking for.

It's likely that the code in Gecko which determines whether to enable picture caching on a stacking context is getting confused by the OOP iframe and thinking it is a top level window, or something similar.

I notice that the bug specifically is being reproduced when gfx.webrender.picture-caching is false. I can make a change so that the assert only triggers when picture caching is enabled, which will stop the assert firing in this test case. However, the root cause of the bug (that Gecko is seemingly supplying an invalid display list) will need to be resolved before picture caching can be enabled in fission mode.

I'll land a patch today that at least only checks the assert if picture caching is enabled.

Flags: needinfo?(gwatson)
(Assignee)

Updated

a month ago
Assignee: nobody → gwatson

Comment 5

a month ago
Pushed by gwatson@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a9c4558b4975
WR crashes on debug_assert! with out-of-process iframes r=jrmuizel

Comment 6

a month ago
bugherder
Status: NEW → RESOLVED
Last Resolved: a month ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
(Reporter)

Comment 7

a month ago

(In reply to Glenn Watson [:gw] from comment #3)

I notice that the bug specifically is being reproduced when gfx.webrender.picture-caching is false.

That's due to bug 1527380.

I'll land a patch today that at least only checks the assert if picture caching is enabled.

Thanks.

You need to log in before you can comment on or make changes to this bug.