Closed Bug 1711133 Opened 3 years ago Closed 2 years ago

high memory usage in [@ webrender_bindings::moz2d_renderer::rasterize_blob]

Categories

(Core :: Graphics: WebRender, defect)

defect

Tracking

()

RESOLVED FIXED
96 Branch
Tracking Status
firefox90 --- wontfix
firefox96 --- fixed

People

(Reporter: tsmith, Assigned: jrmuizel)

References

(Blocks 2 open bugs)

Details

(Keywords: csectype-oom, testcase, Whiteboard: [fuzzblocker])

Attachments

(4 files, 1 obsolete file)

Attached file testcase.html (obsolete) —

Found while fuzzing m-c 20210513-9a633c33737c (--enable-address-sanitizer --enable-fuzzing)

This test case triggers high memory usage and has a negative impact on fuzzing. Multiple instances of fuzzers are run in parallel on a single machine. When this is hit the other instances can crash or report bogus results. Marking as fuzzblocker please prioritize appropriately.

To help catch this issue ASAN_OPTIONS=soft_rss_limit_mb=5000 was used.

==31496==AddressSanitizer: soft rss limit exhausted (5000Mb vs 5017Mb)
=================================================================
==31496==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000001 (pc 0x55698e0b0a18 bp 0x7fa4206f9df0 sp 0x7fa4206f9de0 T41)
==31496==The signal is caused by a WRITE memory access.
==31496==Hint: address points to the zero page.
    #0 0x55698e0b0a18 in mozalloc_abort /gecko/memory/mozalloc/mozalloc_abort.cpp:33:3
    #1 0x55698e0b0baa in mozalloc_handle_oom(unsigned long) /gecko/memory/mozalloc/mozalloc_oom.cpp:51:3
    #2 0x55698e0b0acb in moz_xmalloc /gecko/memory/mozalloc/mozalloc.cpp:54:5
    #3 0x7fa43a543782 in operator new /builds/worker/workspace/obj-build/dist/include/mozilla/cxxalloc.h:33:10
    #4 0x7fa43a543782 in MakeUnique<mozilla::gfx::PathOps, MemReader &> /builds/worker/workspace/obj-build/dist/include/mozilla/UniquePtr.h:609:23
    #5 0x7fa43a543782 in RecordedPathCreation<MemReader> /gecko/gfx/2d/RecordedEventImpl.h:2986:14
    #6 0x7fa43a543782 in DoWithEvent<MemReader> /gecko/gfx/2d/RecordedEventImpl.h:3989:5
    #7 0x7fa43a543782 in mozilla::gfx::InlineTranslator::TranslateRecording(char*, unsigned long) /gecko/gfx/2d/InlineTranslator.cpp:72:20
    #8 0x7fa43b079fa1 in Moz2DRenderCallback /gecko/gfx/webrender_bindings/Moz2DImageRenderer.cpp:427:20
    #9 0x7fa43b079fa1 in wr_moz2d_render_cb /gecko/gfx/webrender_bindings/Moz2DImageRenderer.cpp:471:10
    #10 0x7fa44a25349f in webrender_bindings::moz2d_renderer::rasterize_blob::_$u7b$$u7b$closure$u7d$$u7d$::heaeeae96183e5da9 /gecko/gfx/webrender_bindings/src/moz2d_renderer.rs:644:16
    #11 0x7fa44a25349f in webrender_bindings::moz2d_renderer::autoreleasepool::h7813e85171822065 /gecko/gfx/webrender_bindings/src/moz2d_renderer.rs:625:9
    #12 0x7fa44a25349f in webrender_bindings::moz2d_renderer::rasterize_blob::h018f877d5542471a /gecko/gfx/webrender_bindings/src/moz2d_renderer.rs:642:18
    #13 0x7fa44a25a212 in core::ops::function::Fn::call::hd9357ffaf432a4ea /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs:70:5
    #14 0x7fa44a25a212 in core::ops::function::impls::_$LT$impl$u20$core..ops..function..FnMut$LT$A$GT$$u20$for$u20$$RF$F$GT$::call_mut::hd698dfaee0aca97c /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs:247:13
    #15 0x7fa44a25a212 in core::ops::function::impls::_$LT$impl$u20$core..ops..function..FnOnce$LT$A$GT$$u20$for$u20$$RF$mut$u20$F$GT$::call_once::h534bc5f1cf563b68 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs:280:13
    #16 0x7fa44a25a212 in core::option::Option$LT$T$GT$::map::h5e88740866556319 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/option.rs:453:29
    #17 0x7fa44a25a212 in _$LT$core..iter..adapters..Map$LT$I$C$F$GT$$u20$as$u20$core..iter..traits..iterator..Iterator$GT$::next::h6eecaa98d154f0d7 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/iter/adapters/mod.rs:924:9
    #18 0x7fa44a25a212 in rayon::iter::plumbing::Folder::consume_iter::hec1e668c1f64b16a /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:178:21
    #19 0x7fa44a25a212 in _$LT$rayon..iter..map..MapFolder$LT$C$C$F$GT$$u20$as$u20$rayon..iter..plumbing..Folder$LT$T$GT$$GT$::consume_iter::h1aa5be1a4338e718 /gecko/third_party/rust/rayon/src/iter/map.rs:248:21
    #20 0x7fa44a25a212 in rayon::iter::plumbing::Producer::fold_with::ha6a9b65db01083f8 /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:110:9
    #21 0x7fa44a25a212 in rayon::iter::plumbing::bridge_producer_consumer::helper::hffbf3798f82b15d3 /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:438:13
    #22 0x7fa44a25c31e in rayon::iter::plumbing::bridge_producer_consumer::helper::_$u7b$$u7b$closure$u7d$$u7d$::hc6f8ed9018b2aeaf /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:418:21
    #23 0x7fa44a25c31e in rayon_core::join::join_context::call_a::_$u7b$$u7b$closure$u7d$$u7d$::he699529ca2739774 /gecko/third_party/rust/rayon-core/src/join/mod.rs:124:17
    #24 0x7fa44a25c31e in _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h2cb9f4e942c7b12a /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:322:9
    #25 0x7fa44a25c31e in std::panicking::try::do_call::h996de839d85ee28b /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:381:40
    #26 0x7fa44a25c31e in std::panicking::try::ha774027eb742719d /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:345:19
    #27 0x7fa44a25c31e in std::panic::catch_unwind::he0ca7fffd4bf8936 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:396:14
    #28 0x7fa44a25c31e in rayon_core::unwind::halt_unwinding::ha3ad353aa58b89f1 /gecko/third_party/rust/rayon-core/src/unwind.rs:17:5
    #29 0x7fa44a25c31e in rayon_core::join::join_context::_$u7b$$u7b$closure$u7d$$u7d$::h93e18a5bfcf0f47b /gecko/third_party/rust/rayon-core/src/join/mod.rs:141:24
    #30 0x7fa44a25a79b in rayon_core::registry::in_worker::h4e0582c1e7b825ec /gecko/third_party/rust/rayon-core/src/registry.rs:879:13
    #31 0x7fa44a25a79b in rayon_core::join::join_context::h25152c906481c6c8 /gecko/third_party/rust/rayon-core/src/join/mod.rs:132:5
    #32 0x7fa44a25a79b in rayon::iter::plumbing::bridge_producer_consumer::helper::hffbf3798f82b15d3 /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:416:47
    #33 0x7fa44a25c31e in rayon::iter::plumbing::bridge_producer_consumer::helper::_$u7b$$u7b$closure$u7d$$u7d$::hc6f8ed9018b2aeaf /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:418:21
    #34 0x7fa44a25c31e in rayon_core::join::join_context::call_a::_$u7b$$u7b$closure$u7d$$u7d$::he699529ca2739774 /gecko/third_party/rust/rayon-core/src/join/mod.rs:124:17
    #35 0x7fa44a25c31e in _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h2cb9f4e942c7b12a /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:322:9
    #36 0x7fa44a25c31e in std::panicking::try::do_call::h996de839d85ee28b /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:381:40
    #37 0x7fa44a25c31e in std::panicking::try::ha774027eb742719d /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:345:19
    #38 0x7fa44a25c31e in std::panic::catch_unwind::he0ca7fffd4bf8936 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:396:14
    #39 0x7fa44a25c31e in rayon_core::unwind::halt_unwinding::ha3ad353aa58b89f1 /gecko/third_party/rust/rayon-core/src/unwind.rs:17:5
    #40 0x7fa44a25c31e in rayon_core::join::join_context::_$u7b$$u7b$closure$u7d$$u7d$::h93e18a5bfcf0f47b /gecko/third_party/rust/rayon-core/src/join/mod.rs:141:24
    #41 0x7fa44a25a79b in rayon_core::registry::in_worker::h4e0582c1e7b825ec /gecko/third_party/rust/rayon-core/src/registry.rs:879:13
    #42 0x7fa44a25a79b in rayon_core::join::join_context::h25152c906481c6c8 /gecko/third_party/rust/rayon-core/src/join/mod.rs:132:5
    #43 0x7fa44a25a79b in rayon::iter::plumbing::bridge_producer_consumer::helper::hffbf3798f82b15d3 /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:416:47
    #44 0x7fa44a25c31e in rayon::iter::plumbing::bridge_producer_consumer::helper::_$u7b$$u7b$closure$u7d$$u7d$::hc6f8ed9018b2aeaf /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:418:21
    #45 0x7fa44a25c31e in rayon_core::join::join_context::call_a::_$u7b$$u7b$closure$u7d$$u7d$::he699529ca2739774 /gecko/third_party/rust/rayon-core/src/join/mod.rs:124:17
    #46 0x7fa44a25c31e in _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h2cb9f4e942c7b12a /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:322:9
    #47 0x7fa44a25c31e in std::panicking::try::do_call::h996de839d85ee28b /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:381:40
    #48 0x7fa44a25c31e in std::panicking::try::ha774027eb742719d /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:345:19
    #49 0x7fa44a25c31e in std::panic::catch_unwind::he0ca7fffd4bf8936 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:396:14
    #50 0x7fa44a25c31e in rayon_core::unwind::halt_unwinding::ha3ad353aa58b89f1 /gecko/third_party/rust/rayon-core/src/unwind.rs:17:5
    #51 0x7fa44a25c31e in rayon_core::join::join_context::_$u7b$$u7b$closure$u7d$$u7d$::h93e18a5bfcf0f47b /gecko/third_party/rust/rayon-core/src/join/mod.rs:141:24
    #52 0x7fa44a25a79b in rayon_core::registry::in_worker::h4e0582c1e7b825ec /gecko/third_party/rust/rayon-core/src/registry.rs:879:13
    #53 0x7fa44a25a79b in rayon_core::join::join_context::h25152c906481c6c8 /gecko/third_party/rust/rayon-core/src/join/mod.rs:132:5
    #54 0x7fa44a25a79b in rayon::iter::plumbing::bridge_producer_consumer::helper::hffbf3798f82b15d3 /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:416:47
    #55 0x7fa44a25c31e in rayon::iter::plumbing::bridge_producer_consumer::helper::_$u7b$$u7b$closure$u7d$$u7d$::hc6f8ed9018b2aeaf /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:418:21
    #56 0x7fa44a25c31e in rayon_core::join::join_context::call_a::_$u7b$$u7b$closure$u7d$$u7d$::he699529ca2739774 /gecko/third_party/rust/rayon-core/src/join/mod.rs:124:17
    #57 0x7fa44a25c31e in _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h2cb9f4e942c7b12a /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:322:9
    #58 0x7fa44a25c31e in std::panicking::try::do_call::h996de839d85ee28b /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:381:40
    #59 0x7fa44a25c31e in std::panicking::try::ha774027eb742719d /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:345:19
    #60 0x7fa44a25c31e in std::panic::catch_unwind::he0ca7fffd4bf8936 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:396:14
    #61 0x7fa44a25c31e in rayon_core::unwind::halt_unwinding::ha3ad353aa58b89f1 /gecko/third_party/rust/rayon-core/src/unwind.rs:17:5
    #62 0x7fa44a25c31e in rayon_core::join::join_context::_$u7b$$u7b$closure$u7d$$u7d$::h93e18a5bfcf0f47b /gecko/third_party/rust/rayon-core/src/join/mod.rs:141:24
    #63 0x7fa44a25a79b in rayon_core::registry::in_worker::h4e0582c1e7b825ec /gecko/third_party/rust/rayon-core/src/registry.rs:879:13
    #64 0x7fa44a25a79b in rayon_core::join::join_context::h25152c906481c6c8 /gecko/third_party/rust/rayon-core/src/join/mod.rs:132:5
    #65 0x7fa44a25a79b in rayon::iter::plumbing::bridge_producer_consumer::helper::hffbf3798f82b15d3 /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:416:47
    #66 0x7fa44a254d14 in rayon::iter::plumbing::bridge_producer_consumer::hd7f626addc51d462 /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:397:12
    #67 0x7fa44a254d14 in _$LT$rayon..iter..plumbing..bridge..Callback$LT$C$GT$$u20$as$u20$rayon..iter..plumbing..ProducerCallback$LT$I$GT$$GT$::callback::h1066f1ca953e3bee /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:373:13
    #68 0x7fa44a254d14 in _$LT$rayon..vec..Drain$LT$T$GT$$u20$as$u20$rayon..iter..IndexedParallelIterator$GT$::with_producer::hfafdbc7d61b69f73 /gecko/third_party/rust/rayon/src/vec.rs:130:13
    #69 0x7fa44a254d14 in _$LT$rayon..vec..IntoIter$LT$T$GT$$u20$as$u20$rayon..iter..IndexedParallelIterator$GT$::with_producer::h3897370265938101 /gecko/third_party/rust/rayon/src/vec.rs:64:9
    #70 0x7fa44a254d14 in rayon::iter::plumbing::bridge::h6b16f5030865ebb1 /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:357:12
    #71 0x7fa44a254d14 in _$LT$rayon..vec..IntoIter$LT$T$GT$$u20$as$u20$rayon..iter..ParallelIterator$GT$::drive_unindexed::hfc4a8dcd91099b86 /gecko/third_party/rust/rayon/src/vec.rs:39:9
    #72 0x7fa44a254d14 in _$LT$rayon..iter..map..Map$LT$I$C$F$GT$$u20$as$u20$rayon..iter..ParallelIterator$GT$::drive_unindexed::hf54dcd80e49c3d1c /gecko/third_party/rust/rayon/src/iter/map.rs:49:9
    #73 0x7fa44a254d14 in rayon::iter::collect::special_extend::_$u7b$$u7b$closure$u7d$$u7d$::h994cf3d6acd101f6 /gecko/third_party/rust/rayon/src/iter/collect/mod.rs:40:51
    #74 0x7fa44a254d14 in rayon::iter::collect::Collect$LT$T$GT$::with_consumer::ha07d86cac8fa8d59 /gecko/third_party/rust/rayon/src/iter/collect/mod.rs:93:26
    #75 0x7fa44a254d14 in rayon::iter::collect::special_extend::h47caee32c34d1192 /gecko/third_party/rust/rayon/src/iter/collect/mod.rs:40:5
    #76 0x7fa44a254d14 in rayon::iter::collect::_$LT$impl$u20$rayon..iter..ParallelExtend$LT$T$GT$$u20$for$u20$alloc..vec..Vec$LT$T$GT$$GT$::par_extend::h96861890774727f6 /gecko/third_party/rust/rayon/src/iter/collect/mod.rs:159:17
    #77 0x7fa44a254d14 in rayon::iter::from_par_iter::collect_extended::h48bd7dfffb716cd8 /gecko/third_party/rust/rayon/src/iter/from_par_iter.rs:17:5
    #78 0x7fa44a254d14 in rayon::iter::from_par_iter::_$LT$impl$u20$rayon..iter..FromParallelIterator$LT$T$GT$$u20$for$u20$alloc..vec..Vec$LT$T$GT$$GT$::from_par_iter::h1d70de63033e5129 /gecko/third_party/rust/rayon/src/iter/from_par_iter.rs:30:9
    #79 0x7fa44a254d14 in rayon::iter::ParallelIterator::collect::h557d95d30c04fa84 /gecko/third_party/rust/rayon/src/iter/mod.rs:1973:9
    #80 0x7fa44a254d14 in _$LT$webrender_bindings..moz2d_renderer..Moz2dBlobRasterizer$u20$as$u20$webrender_api..image..AsyncBlobImageRasterizer$GT$::rasterize::_$u7b$$u7b$closure$u7d$$u7d$::h018dd9ed02524685 /gecko/gfx/webrender_bindings/src/moz2d_renderer.rs:602:29
    #81 0x7fa44a254d14 in rayon_core::thread_pool::ThreadPool::install::_$u7b$$u7b$closure$u7d$$u7d$::h23bb4b3176812c33 /gecko/third_party/rust/rayon-core/src/thread_pool/mod.rs:110:40
    #82 0x7fa44a260175 in rayon_core::registry::Registry::in_worker_cold::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::h63fb19572a458e20 /gecko/third_party/rust/rayon-core/src/registry.rs:469:21
    #83 0x7fa44a260175 in _$LT$rayon_core..job..StackJob$LT$L$C$F$C$R$GT$$u20$as$u20$rayon_core..job..Job$GT$::execute::call::_$u7b$$u7b$closure$u7d$$u7d$::hd8e31a7cdc69be58 /gecko/third_party/rust/rayon-core/src/job.rs:113:21
    #84 0x7fa44a260175 in _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::hd7c9a5bd683d436d /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:322:9
    #85 0x7fa44a260175 in std::panicking::try::do_call::hd04ef3b700fcb93a /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:381:40
    #86 0x7fa44a260175 in std::panicking::try::h8114fc01d08ef330 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:345:19
    #87 0x7fa44a260175 in std::panic::catch_unwind::hdeb7600c95c5c0d8 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:396:14
    #88 0x7fa44a260175 in rayon_core::unwind::halt_unwinding::hfd97588133d0bfc5 /gecko/third_party/rust/rayon-core/src/unwind.rs:17:5
    #89 0x7fa44a260175 in _$LT$rayon_core..job..StackJob$LT$L$C$F$C$R$GT$$u20$as$u20$rayon_core..job..Job$GT$::execute::hafc772bd583a4da0 /gecko/third_party/rust/rayon-core/src/job.rs:119:38
    #90 0x7fa447e74702 in rayon_core::job::JobRef::execute::h84ee64a107ae87f4 /gecko/third_party/rust/rayon-core/src/job.rs:59:9
    #91 0x7fa447e74702 in rayon_core::registry::WorkerThread::execute::h501e5788ff35db61 /gecko/third_party/rust/rayon-core/src/registry.rs:753:9
    #92 0x7fa447e74702 in rayon_core::registry::WorkerThread::wait_until_cold::h2fb7488a109d1a57 /gecko/third_party/rust/rayon-core/src/registry.rs:730:17
    #93 0x7fa447e7228c in rayon_core::registry::WorkerThread::wait_until::hf3b852df50792538 /gecko/third_party/rust/rayon-core/src/registry.rs:704:13
    #94 0x7fa447e7228c in rayon_core::registry::main_loop::hcbe8a830a7636ee7 /gecko/third_party/rust/rayon-core/src/registry.rs:837:5
    #95 0x7fa447e7228c in rayon_core::registry::ThreadBuilder::run::h5f3bf6b0baf7fce1 /gecko/third_party/rust/rayon-core/src/registry.rs:56:18
    #96 0x7fa447e702e8 in _$LT$rayon_core..registry..DefaultSpawn$u20$as$u20$rayon_core..registry..ThreadSpawn$GT$::spawn::_$u7b$$u7b$closure$u7d$$u7d$::h2ff7e410b6169672 /gecko/third_party/rust/rayon-core/src/registry.rs:101:20
    #97 0x7fa447e702e8 in std::sys_common::backtrace::__rust_begin_short_backtrace::h6c192e4720b1c0ec /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/sys_common/backtrace.rs:125:18
    #98 0x7fa447e6fe96 in std::thread::Builder::spawn_unchecked::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::h112104375459f419 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/thread/mod.rs:474:17
    #99 0x7fa447e6fe96 in _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h050b89bc87d55ee9 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:322:9
    #100 0x7fa447e6fe96 in std::panicking::try::do_call::hb1c9c62553d93da2 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:381:40
    #101 0x7fa447e6fe96 in std::panicking::try::h3b38abeb6d02d5a0 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:345:19
    #102 0x7fa447e6fe96 in std::panic::catch_unwind::hf4ee6c3d569ac886 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:396:14
    #103 0x7fa447e6fe96 in std::thread::Builder::spawn_unchecked::_$u7b$$u7b$closure$u7d$$u7d$::h36781edff253ac03 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/thread/mod.rs:473:30
    #104 0x7fa447e6fe96 in core::ops::function::FnOnce::call_once$u7b$$u7b$vtable.shim$u7d$$u7d$::h15b7cc511154e052 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs:227:5
    #105 0x7fa44838dd44 in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..FnOnce$LT$Args$GT$$GT$::call_once::h9e7afb7a0a438236 /rustc/74f7e32f43b5fb0f83896d124566d8242eb786b1/library/alloc/src/boxed.rs:1307:9
    #106 0x7fa44838dd44 in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..FnOnce$LT$Args$GT$$GT$::call_once::h70c646c4271337a1 /rustc/74f7e32f43b5fb0f83896d124566d8242eb786b1/library/alloc/src/boxed.rs:1307:9
    #107 0x7fa44838dd44 in std::sys::unix::thread::Thread::new::thread_start::h35d2b8d36f210d02 /rustc/74f7e32f43b5fb0f83896d124566d8242eb786b1/library/std/src/sys/unix/thread.rs:71:17
    #108 0x7fa459df4608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477:8
    #109 0x7fa4599bd292 in clone /build/glibc-eX1tMB/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Flags: in-testsuite?
Whiteboard: [fuzzblocker]
Flags: needinfo?(jmuizelaar)

:jrmuizel, can you comment to the bug?

Blocks: oom-fuzz
Attached file testcase.html
Attachment #9221867 - Attachment is obsolete: true
Attached image chrome.svg
Attached image firefox.svg

We're still seeing this OOM quite frequently. I've profiled this testcase under both Chrome 95.0.4638.69 and mozilla-central rev c8fdcf75317d (20211101). As you can see from the attached screenshots, Chrome does not appear to be affected by using a high CSS scale value.

Currently we're falling back when hitting an uninitialized filter
(e.g. a bad url) and the fallback path just draws nothing. We can
do that just as well by drawing nothing ourselves.

Assignee: nobody → jmuizelaar
Status: NEW → ASSIGNED

The attached patch fixes this particular test case but not the underlying problem. It should at least make the fuzzer work a little harder to rediscover the OOMs

Flags: needinfo?(jmuizelaar)
Pushed by jmuizelaar@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/1a7d83ad692d
Draw nothing for unitialized filters. r=mstange
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 96 Branch

To help us direct our efforts accordingly can you please help categorize the impact of this fix. For example is this likely to benefit end users (improve performance, avoid OOM, etc) or only unblock testing/fuzzing? Thank you!

Flags: needinfo?(jmuizelaar)
Flags: needinfo?(jmuizelaar)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: