backdrop-filter: stack-overflow in [@ webrender::prepare::prepare_prim_for_render]
Categories
(Core :: Graphics: WebRender, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr68 | --- | unaffected |
firefox-esr78 | --- | disabled |
firefox-esr91 | --- | disabled |
firefox78 | --- | disabled |
firefox79 | --- | disabled |
firefox80 | --- | disabled |
firefox83 | --- | disabled |
firefox84 | --- | disabled |
firefox85 | --- | disabled |
firefox92 | --- | disabled |
firefox93 | --- | disabled |
firefox94 | --- | disabled |
firefox95 | --- | disabled |
People
(Reporter: tsmith, Assigned: gw)
References
(Blocks 4 open bugs)
Details
(Keywords: crash, regression, testcase)
Attachments
(2 files)
==222263==ERROR: AddressSanitizer: stack-overflow on address 0x7f2dc2db6ff8 (pc 0x7f2de417b05c bp 0x7f2dc2db7020 sp 0x7f2dc2db7000 T14)
#0 0x7f2de417b05b in webrender::space::SpaceMapper$LT$F$C$T$GT$::map::h67ab817b1bbd57b0 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/space.rs:112
#1 0x7f2de41a6b8e in webrender::picture::get_raster_rects::hdfff1b96a2876a80 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/picture.rs:7130:32
#2 0x7f2de4147597 in webrender::picture::PicturePrimitive::take_context::h2521a7d68bbd93a6 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/picture.rs:4823:57
#3 0x7f2de4152438 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:144:22
#4 0x7f2de4152438 in webrender::prepare::prepare_primitives::h00884481759e1d47 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:95:15
#5 0x7f2de41525e1 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:190:12
#6 0x7f2de41525e1 in webrender::prepare::prepare_primitives::h00884481759e1d47 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:95:15
#7 0x7f2de41525e1 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:190:12
#8 0x7f2de41525e1 in webrender::prepare::prepare_primitives::h00884481759e1d47 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:95:15
#9 0x7f2de41525e1 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:190:12
...
Reporter | ||
Comment 1•4 years ago
|
||
Comment 2•4 years ago
|
||
Gnome X11, GTX1060, Debian Testing
The GPU process crashes without report.
good: no crash
bad: crash
mozregression --good 2019-12-01 --bad 2020-01-15 --pref gfx.webrender.all:true layout.css.backdrop-filter.enabled:true layers.gpu-process.enabled:false -a https://bug1651258.bmoattachments.org/attachment.cgi?id=9162033
5:42.57 INFO: Last good revision: 08056399677f857d6f2b8189532cb28cde666a81
5:42.57 INFO: First bad revision: b5c8349e4e351559e92ff2704b0f36033395b24a
5:42.57 INFO: Pushlog:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=08056399677f857d6f2b8189532cb28cde666a81&tochange=b5c8349e4e351559e92ff2704b0f36033395b24a
b5c8349e4e351559e92ff2704b0f36033395b24a Mats Palmgren — Bug 1602430 - Apply min/max-height correctly for fragmented boxes with no height specified. r=TYLin
44689b5ff306b9ebee413c4e0f0a32f88204ae5c Mats Palmgren — Bug 1574046 - Wallpaper the effect of this bug in nsBlockFrame::ComputeFinalSize. r=TYLin
Comment 3•4 years ago
|
||
We should be able to fix this by removing the recursion from https://searchfox.org/mozilla-central/source/gfx/wr/webrender/src/prepare.rs#46.
Adding this to triage so we can discuss priority.
Updated•4 years ago
|
Updated•4 years ago
|
Updated•4 years ago
|
Updated•4 years ago
|
Updated•4 years ago
|
Comment 4•4 years ago
|
||
This still crashes without generating a crash report.
Updated•4 years ago
|
Assignee | ||
Updated•4 years ago
|
Updated•4 years ago
|
Comment 5•4 years ago
|
||
Reproduced, we do not seem to hit any display list building asserts.
Comment 6•3 years ago
|
||
Debian Testing, Macbook Pro: Does not seem to crash anymore, but the whole browser hangs for seconds.
Comment 7•3 years ago
|
||
Setting firefox94 to affected due to bug 1578503 comment 14.
Updated•3 years ago
|
Updated•3 years ago
|
Comment 8•2 years ago
|
||
For what it's worth, I cannot reproduce this crash trying the attached test case with gfx.webrender.all
, layout.css.backdrop-filter.enabled
set to true
and layers.gpu-process.enabled
set to false
. I've tested this using Nightly 102.0a1 (2022-05-30) on Windows 11.
I've also run mozregression, which only spit out that the crash stopped occurring after bug 1741779, of course. Though obviously it didn't re-occur after re-enabling the feature.
Tyson, can you confirm that?
Sebastian
Reporter | ||
Comment 9•2 years ago
|
||
I am also unable to reproduce the issue with the attached test case. It was last reported by fuzzers targeting m-c 20211121-dfb1c3b5cd6d which seems to track with the timeline.
Comment 10•2 years ago
|
||
So I guess we can close this bug then, right?
Sebastian
Reporter | ||
Comment 11•2 years ago
|
||
Yes :)
Comment 12•6 months ago
•
|
||
This testcase crashes Firefox (and often the whole machine) for me. I am reopening this bug, but please close as appropriate.
https://crash-stats.mozilla.org/report/index/378624a9-aaa8-4158-8727-cd8530240317
Updated•6 months ago
|
Assignee | ||
Updated•6 months ago
|
Assignee | ||
Updated•6 months ago
|
Description
•