Closed Bug 1582975 Opened 4 years ago Closed 4 years ago

Crash in [@ webrender::prim_store::PrimitiveStore::update_visibility]


(Core :: Graphics: WebRender, defect, P2)




Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- disabled
firefox69 --- wontfix
firefox70 --- wontfix
firefox71 --- fixed


(Reporter: emilio, Assigned: aosmond)




(Keywords: crash, regression, regressionwindow-wanted)

Crash Data


(1 file)

This bug is for crash report bp-0b64084b-fec2-4ad9-9319-a54380190921.

Top 10 frames of crashing thread:

0 gkrust_shared::panic_hook mfbt/Assertions.h:313
1 core::ops::function::Fn::call src/libcore/ops/
2 std::panicking::rust_panic_with_hook src/libstd/
3 std::panicking::begin_panic src/libstd/
4 webrender::prim_store::PrimitiveStore::update_visibility gfx/wr/webrender/src/
5 webrender::prim_store::PrimitiveStore::update_visibility gfx/wr/webrender/src/prim_store/
6 webrender::prim_store::PrimitiveStore::update_visibility gfx/wr/webrender/src/prim_store/
7 webrender::frame_builder::FrameBuilder::build_layer_screen_rects_and_cull_layers gfx/wr/webrender/src/
8 webrender::frame_builder::FrameBuilder::build gfx/wr/webrender/src/
9 webrender::render_backend::Document::build_frame gfx/wr/webrender/src/

I'm crashing all the time with this when scrolling treeherder, so something like opening this link and scrolling down.

For some reason the url in the crash report is about:newtab. That looks bad.

Message is:

assertion failed: tile_offset.y < self.y.tile_range.end

Maybe the recent snapping changes?

Flags: needinfo?(aosmond)
Has STR: --- → yes
Keywords: regression
OS: Linux → All
Priority: -- → P2
Hardware: Unspecified → All

I'm hitting this all the time on Treeherder and it's becoming really annoying (I know I can turn off WebRender..). If we can't fix this week, is there a regressing patch we should consider backing out?

Nical, this is your assert. Thoughts?

Flags: needinfo?(nical.bugzilla)

Looks like the uptick began on September 18/19th, around when bug 1570081 landed, and I see that changed the tile calculations.

Flags: needinfo?(aosmond)

Crash reports suggest 20190918100042 is the exact build where the uptick began, same as bug 1570081. Looks like the most likely candidate from the pushlog:

Priority: P2 → P1
Regressed by: 1570081
Priority: P1 → P2

I'm guessing specifically is the part that introduced the problem.

This line should prevent the y tile offset from overflowing:

The fact that it didn't save us suggests that the initial current tile is outside the bounds.

The updated visible rect feeds into this calculation:

Maybe the new start/end don't result in a contiguous range.

I managed to reproduce in a CI build with a new assert to confirm my suspicion:

Pushed by
Ensure that we don't attempt to iterate over image tiles outside the range. r=jrmuizel
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
Assignee: nobody → aosmond
Flags: needinfo?(nical.bugzilla)
Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.