Closed Bug 1582645 Opened 6 months ago Closed 6 months ago

Crash in [@ webrender_bindings::moz2d_renderer::BlobReader::read_entry]

Categories

(Core :: Graphics: WebRender, defect, P1, critical)

Unspecified
Windows 10
defect

Tracking

()

RESOLVED FIXED
mozilla71
Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- unaffected
firefox69 --- unaffected
firefox70 --- unaffected
firefox71 blocking fixed

People

(Reporter: pascalc, Assigned: jrmuizel)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: crash, regression, regressionwindow-wanted, Whiteboard: [rca: coding error])

Crash Data

Attachments

(3 files, 1 obsolete file)

This bug is for crash report bp-1d03375a-1d36-415b-9b7e-d44250190919.

Top 10 frames of crashing thread:

0 xul.dll GeckoCrash toolkit/xre/nsAppRunner.cpp:5117
1 xul.dll static void gkrust_shared::panic_hook toolkit/library/rust/shared/lib.rs:248
2 xul.dll static void core::ops::function::Fn::call<fn src/libcore/ops/function.rs:69
3 xul.dll static void std::panicking::rust_panic_with_hook src/libstd/panicking.rs:481
4 xul.dll static <NoType> std::panicking::begin_panic<str*> src/libstd/panicking.rs:411
5 xul.dll static struct webrender_bindings::moz2d_renderer::Entry webrender_bindings::moz2d_renderer::BlobReader::read_entry gfx/webrender_bindings/src/moz2d_renderer.rs
6 xul.dll static void webrender_bindings::moz2d_renderer::{{impl}}::update gfx/webrender_bindings/src/moz2d_renderer.rs:641
7 xul.dll static void webrender::resource_cache::ResourceCache::pre_scene_building_update gfx/wr/webrender/src/resource_cache.rs:674
8 xul.dll static union core::option::Option<alloc::boxed::Box<webrender::scene_builder_thread::Transaction>> core::iter::adapters::{{impl}}::next<alloc::boxed::Box<webrender::scene_builder_thread::Transaction>, core::iter::adapters::zip::Zip<core::slice::Iter<webrender_api::api::DocumentId>, alloc::vec::Drain<webrender_api::api::TransactionMsg>>, closure> src/libcore/iter/adapters/mod.rs:570
9 xul.dll static union webrender::render_backend::RenderBackendStatus webrender::render_backend::RenderBackend::process_api_msg gfx/wr/webrender/src/render_backend.rs:1209

Calixte, could you identify the source of this regression with Clouseau please? Thanks

Flags: needinfo?(cdenizet)

Bug 1570081 landed in that build (20190918100042).

Flags: needinfo?(nical.bugzilla)
Regressed by: 1570081

Jeff is the most knowledgeable about the blob serialization code.

Flags: needinfo?(nical.bugzilla) → needinfo?(jmuizelaar)

This could also be bug 1570435 or bug 1581953

Blocks: wr-71
Flags: needinfo?(jmuizelaar)
Priority: -- → P1

According to clouseau, it could be bug 1570435.

Flags: needinfo?(cdenizet)

I can reproduce this on bongacams.com

It looks like this is caused by https://phabricator.services.mozilla.com/D43222. We ignore the update with an empty visible rect. The next time we go round, we use the empty visible rect on content side, but the previous visible rect in the blob merging.

Nical, do you recall why this change was needed?

Flags: needinfo?(nical.bugzilla)

I don't remember exactly which but there are a bunch of places that break with sizes equal to zero in webrender (some divisions, assertions here and there).
We could make webrender robust against these (I don't think it would be difficult). At the time it seemd straightforward to not add something to the display list when we know it won't be rendered, but I didn't anticipate it would break the flow of creating and updating resources.

Flags: needinfo?(nical.bugzilla)
Attached file A test case that shows the problem (obsolete) —
Attached file svg-empty.html

A further reduced test case

Attachment #9095030 - Attachment is obsolete: true

This avoids us setting when we don't send it. e.g. When it's empty.

Thanks for jumping on this, Jeff.

Assignee: nobody → jmuizelaar

I ran into some reftest failures on try that I'm still trying to figure out.

Depends on: 1584316

I experienced two crashes in Nightly when using Google docs (slides) on MacOS. My crash report linked to this bug.

Here's a crash report if it helps.
https://crash-stats.mozilla.org/report/index/c482bcbd-4bee-4927-8979-6abde0190926

Pushed by jmuizelaar@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/43ac974f69db
Only set mLastVisibleRect after we've sent it to WebRender. r=nical
Status: NEW → RESOLVED
Closed: 6 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71

I've been having crashes while using Discord since 2019-09-27, running up to date Arch Linux. Worth noting is that I disable the GPU process to work around bug 1572625, and the crash is basically impossible to reproduce if I enable it again (maybe it's crashing silently in the background?).
Crash report: https://crash-stats.mozilla.org/report/index/82050440-8f48-4286-b4d4-df6de0190928
The regression window I found with mozregression seems to point to the fix for this bug: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=aa8f530a1a35ba9b1c84303dbe15107d0026d77c&tochange=1e0685b06c61f350da1973d419223883ba64d3e2

Backed out changeset 43ac974f69db (bug 1582645) for increasing the crash volume

Backout: https://hg.mozilla.org/mozilla-central/rev/de4a32bbbe50d2a21e38eab7a4042378cc435aa8

Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Target Milestone: mozilla71 → ---

Dan, do you have any idea what in Discord was triggering the issue? i.e. what were your steps to reproduce when running the regression window?

Flags: needinfo?(streetwalkermc)

I was able to reproduce on https://play.drova.io/merchant

Flags: needinfo?(jmuizelaar)

(In reply to Jeff Muizelaar [:jrmuizel] from comment #22)

Dan, do you have any idea what in Discord was triggering the issue? i.e. what were your steps to reproduce when running the regression window?

I'm not entirely sure, sometimes it crashes on its own and sometimes when I type into the message box. Either way, it happens really fast. With mozregression, I was only able to get a full browser crash with --pref layers.gpu-process.enabled:false. I've seen a lag spike once without (GPU process crashing in the background?), but I have no idea how to get debugging information in that case.

Flags: needinfo?(streetwalkermc)
Regressions: 1584592
Pushed by jmuizelaar@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/df723e7120dc
Only set mLastVisibleRect after we've sent it to WebRender. r=nical
Attachment #9097466 - Attachment description: Bug 1582645. Add crash test → Bug 1582645. Add crash test to manifest.
Status: REOPENED → RESOLVED
Closed: 6 months ago6 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71

This bug has been identified as part of a pilot on determining root causes of blocking and dot release drivers.

It needs a root-cause set for it. Please see the list at https://docs.google.com/document/d/1FFEGsmoU8T0N8R9kk-MXWptOPtXXXRRIe4vQo3_HgMw/.

Add the root cause as a whiteboard tag in the form [rca - <cause> ] and remove the rca-needed keyword.

If you have questions, please contact :tmaity.

Keywords: rca-needed
Whiteboard: [rca: coding error]
Keywords: rca-needed
You need to log in before you can comment on or make changes to this bug.