1707181 - Crash in [@ webrender::texture_cache::TextureCache::update] for assertion failed: !params.descriptor.size.is_empty()

Status: RESOLVED FIXED

(Core :: Graphics: WebRender, defect)

Description

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

There seem to be multiple issues with this crash signature. This report has code added in bug 1702228 in the callstack. 7 crashes on 5 installations with the latest Nightly so far.

Crash report: https://crash-stats.mozilla.org/report/index/b10e3267-302c-44bd-9d90-9b6540210423

MOZ_CRASH Reason: assertion failed: !params.descriptor.size.is_empty()

Top 10 frames of crashing thread:

0 libxul.so RustMozCrash mozglue/static/rust/wrappers.cpp:17
1 libxul.so mozglue_static::panic_hook mozglue/static/rust/lib.rs:89
2 libxul.so core::ops::function::Fn::call /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs:70
3 libxul.so std::panicking::rust_panic_with_hook library/std/src/panicking.rs:595
4 libxul.so std::panicking::begin_panic_handler::{{closure}} library/std/src/panicking.rs:495
5 libxul.so std::sys_common::backtrace::__rust_end_short_backtrace library/std/src/sys_common/backtrace.rs:141
6 libxul.so rust_begin_unwind library/std/src/panicking.rs:493
7 libxul.so core::panicking::panic_fmt library/core/src/panicking.rs:92
8 libxul.so core::panicking::panic library/core/src/panicking.rs:50
9 libxul.so webrender::texture_cache::TextureCache::update gfx/wr/webrender/src/texture_cache.rs:1090

Comment 1

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

There are also reports for radial gradients, e.g. bp-ccfca34d-5b8d-4d21-8d96-f5f310210419. The oldest is for 89.0a1 20210418213620 (previous ones got fixed in bug 1700232).

Comment 2

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

One comment mentions https://plainandeasy.com/preferences as a page which reproduces the issue for them. It uses:

:root {
  --app-color-primary: #333;
  --app-color-secondary: #4c4c4c;
}

html,
body {
  background: rgb(80, 80, 80);
  background: radial-gradient(
    var(--app-color-secondary),
    var(--app-color-primary)
  );

Comment 3

[Nicolas Silva [:nical]]

Attachment: WIP: Bug 1707181 - Avoid zero-sized gradient tasks.

Add missing check for linear gradients. Also, instead of just casting to int round out the task size.

Comment 4

[Daniel Holbert [:dholbert]]

I'm hitting this crash reliably with these STR, in a fresh profile:

1. Visit https://nb.fidelity.com/public/nb/401k/home (Mozilla's 401k retirement-savings provider for US employees)
2. Sign in
3. Scroll down (e.g. press downarrow a few times)

Sample crash report: bp-b6adb25d-9566-4dde-a201-2af3c0210426

Comment 5

[Tyson Smith [:tsmith]]

Attachment: testcase.html

This reproduces the issue when run in some circumstances.

I was able to reproduce with Grizzly replay on Ubuntu:

python -m pip install grizzly-framework
python -m grizzly.replay <firefox-bin> testcase.html --xvfb

Comment 6

[Tyson Smith [:tsmith]]

A Pernosco session is available here: https://pernos.co/debug/3hAaE_euguBc19j_KE5Igg/index.html

Comment 7

[Pulsebot]

Pushed by nsilva@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4b7de1b38a00
WIP: Bug 1707181 - Avoid zero-sized gradient tasks. r=gfx-reviewers,lsalzman

Comment 8

[Narcis Beleuzu [:NarcisB]]

https://hg.mozilla.org/mozilla-central/rev/4b7de1b38a00

Comment 9

[Nicolas Silva [:nical]]

Comment on attachment 9218253 [details]
WIP: Bug 1707181 - Avoid zero-sized gradient tasks.

Beta/Release Uplift Approval Request

• User impact if declined: Crashes
• Is this code covered by automated tests?: Yes
• Has the fix been verified in Nightly?: Yes
• Needs manual test from QE?: No
• If yes, steps to reproduce:
• List of other uplifts needed: None
• Risk to taking this patch: Low
• Why is the change risky/not risky? (and alternatives if risky): The patch has been on nightly for a little while without causing extra issues.
• String changes made/needed: None.

Comment 10

[Pascal Chevrel:pascalc]

Nicolas, your patch doesn't graft cleanly to beta, could you provide a rebased patch please? Thanks
(it seems these changes are conflicting with the changes landed in bug 1702228 + https://bugzilla.mozilla.org/show_bug.cgi?id=1702638#c14)

Comment 11

[Nicolas Silva [:nical]]

Attachment: Beta version of the patch

Comment 12

[Pascal Chevrel:pascalc]

Comment on attachment 9221115 [details] [diff] [review]
Beta version of the patch

Approved for 89 beta 11, thanks.

Comment 13

[Pascal Chevrel:pascalc]

https://hg.mozilla.org/releases/mozilla-beta/rev/55e7659797cf

Comment 14

[Atila Butkovits]

Backed out from beta for causing wrench bustages. a=backout

Backout link: https://hg.mozilla.org/releases/mozilla-beta/rev/f551157e2b987091722f80ecd733187c7fccf9a5

Push with failures: https://treeherder.mozilla.org/jobs?repo=mozilla-beta&searchStr=linux%2Cx64%2Cwebrender%2Copt%2Cwebrender%2Cstandalone%2Cwebrender-linux64-release%2Cwrench

Failure log: https://treeherder.mozilla.org/logviewer?job_id=339280614&repo=mozilla-beta&lineNumber=35743
https://treeherder.mozilla.org/logviewer?job_id=339281026&repo=mozilla-beta&lineNumber=364

Comment 15

[Pascal Chevrel:pascalc]

Nicolas, given that bug 1702228 landed in 90 which caused this regression, do you think we need this patch uplifted? Thanks

Comment 16

[Nicolas Silva [:nical]]

This patch fixes the same bug for 3 types of gradients. Two of them were affected in 89 (I think), but the bug was detected in 90 after linear gradient changes.

So I think that we can take this in 89. It's probably not a huge deal because radial and conic gradients are way less common than linear gradients, so even if the bug exist and we don't take the fix in 89, the crash volume might not be high.

Comment 17

[Pascal Chevrel:pascalc]

Given that this is not a big crasher on 89 and that the patch for beta had to be backed out for causing bustages and that the end of early betas is this week, I think it is safer to let it ride the trains, thanks.