Open
Bug 1711602
Opened 2 years ago
Updated 1 year ago
Assertion failure: false, at src/gfx/webrender_bindings/Moz2DImageRenderer.cpp:430
Categories
(Core :: Graphics: WebRender, defect)
Core
Graphics: WebRender
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox90 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 3 open bugs)
Details
(Keywords: testcase)
Attachments
(3 files)
b5df533a4222f126a77c9c8688fdae3008c8e8d4.svg
Found while fuzzing m-c 20210514-ef13365d8188 (--enable-address-sanitizer --enable-fuzzing)
To help catch this issue ASAN_OPTIONS=max_allocation_size_mb=512 was used.
Assertion failure: false, at /builds/worker/checkouts/gecko/gfx/webrender_bindings/Moz2DImageRenderer.cpp:430
==30777==WARNING: AddressSanitizer failed to allocate 0x288a9b28 bytes
=================================================================
==30777==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000001 (pc 0x7f01f590714d bp 0x7f01dc72cef0 sp 0x7f01dc72bbc0 T34)
==30777==The signal is caused by a WRITE memory access.
==30777==Hint: address points to the zero page.
==30777==WARNING: AddressSanitizer failed to allocate 0x288a9b28 bytes
#0 0x7f01f590714d in Moz2DRenderCallback /gecko/gfx/webrender_bindings/Moz2DImageRenderer.cpp:430:7
#1 0x7f01f590714d in wr_moz2d_render_cb /gecko/gfx/webrender_bindings/Moz2DImageRenderer.cpp:471:10
#2 0x7f0204af6c0f in webrender_bindings::moz2d_renderer::rasterize_blob::_$u7b$$u7b$closure$u7d$$u7d$::heaeeae96183e5da9 /gecko/gfx/webrender_bindings/src/moz2d_renderer.rs:644:16
#3 0x7f0204af6c0f in webrender_bindings::moz2d_renderer::autoreleasepool::h7813e85171822065 /gecko/gfx/webrender_bindings/src/moz2d_renderer.rs:625:9
#4 0x7f0204af6c0f in webrender_bindings::moz2d_renderer::rasterize_blob::h018f877d5542471a /gecko/gfx/webrender_bindings/src/moz2d_renderer.rs:642:18
#5 0x7f0204afd982 in core::ops::function::Fn::call::hd9357ffaf432a4ea /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs:70:5
#6 0x7f0204afd982 in core::ops::function::impls::_$LT$impl$u20$core..ops..function..FnMut$LT$A$GT$$u20$for$u20$$RF$F$GT$::call_mut::hd698dfaee0aca97c /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs:247:13
#7 0x7f0204afd982 in core::ops::function::impls::_$LT$impl$u20$core..ops..function..FnOnce$LT$A$GT$$u20$for$u20$$RF$mut$u20$F$GT$::call_once::h534bc5f1cf563b68 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs:280:13
#8 0x7f0204afd982 in core::option::Option$LT$T$GT$::map::h5e88740866556319 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/option.rs:453:29
#9 0x7f0204afd982 in _$LT$core..iter..adapters..Map$LT$I$C$F$GT$$u20$as$u20$core..iter..traits..iterator..Iterator$GT$::next::h6eecaa98d154f0d7 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/iter/adapters/mod.rs:924:9
#10 0x7f0204afd982 in rayon::iter::plumbing::Folder::consume_iter::hec1e668c1f64b16a /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:178:21
#11 0x7f0204afd982 in _$LT$rayon..iter..map..MapFolder$LT$C$C$F$GT$$u20$as$u20$rayon..iter..plumbing..Folder$LT$T$GT$$GT$::consume_iter::h1aa5be1a4338e718 /gecko/third_party/rust/rayon/src/iter/map.rs:248:21
#12 0x7f0204afd982 in rayon::iter::plumbing::Producer::fold_with::ha6a9b65db01083f8 /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:110:9
#13 0x7f0204afd982 in rayon::iter::plumbing::bridge_producer_consumer::helper::hffbf3798f82b15d3 /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:438:13
#14 0x7f0204affa8e in rayon::iter::plumbing::bridge_producer_consumer::helper::_$u7b$$u7b$closure$u7d$$u7d$::hc6f8ed9018b2aeaf /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:418:21
#15 0x7f0204affa8e in rayon_core::join::join_context::call_a::_$u7b$$u7b$closure$u7d$$u7d$::he699529ca2739774 /gecko/third_party/rust/rayon-core/src/join/mod.rs:124:17
#16 0x7f0204affa8e in _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h2cb9f4e942c7b12a /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:322:9
#17 0x7f0204affa8e in std::panicking::try::do_call::h996de839d85ee28b /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:381:40
#18 0x7f0204affa8e in std::panicking::try::ha774027eb742719d /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:345:19
#19 0x7f0204affa8e in std::panic::catch_unwind::he0ca7fffd4bf8936 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:396:14
#20 0x7f0204affa8e in rayon_core::unwind::halt_unwinding::ha3ad353aa58b89f1 /gecko/third_party/rust/rayon-core/src/unwind.rs:17:5
#21 0x7f0204affa8e in rayon_core::join::join_context::_$u7b$$u7b$closure$u7d$$u7d$::h93e18a5bfcf0f47b /gecko/third_party/rust/rayon-core/src/join/mod.rs:141:24
#22 0x7f0204afdf0b in rayon_core::registry::in_worker::h4e0582c1e7b825ec /gecko/third_party/rust/rayon-core/src/registry.rs:879:13
#23 0x7f0204afdf0b in rayon_core::join::join_context::h25152c906481c6c8 /gecko/third_party/rust/rayon-core/src/join/mod.rs:132:5
#24 0x7f0204afdf0b in rayon::iter::plumbing::bridge_producer_consumer::helper::hffbf3798f82b15d3 /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:416:47
#25 0x7f0204affa8e in rayon::iter::plumbing::bridge_producer_consumer::helper::_$u7b$$u7b$closure$u7d$$u7d$::hc6f8ed9018b2aeaf /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:418:21
#26 0x7f0204affa8e in rayon_core::join::join_context::call_a::_$u7b$$u7b$closure$u7d$$u7d$::he699529ca2739774 /gecko/third_party/rust/rayon-core/src/join/mod.rs:124:17
#27 0x7f0204affa8e in _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h2cb9f4e942c7b12a /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:322:9
#28 0x7f0204affa8e in std::panicking::try::do_call::h996de839d85ee28b /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:381:40
#29 0x7f0204affa8e in std::panicking::try::ha774027eb742719d /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:345:19
#30 0x7f0204affa8e in std::panic::catch_unwind::he0ca7fffd4bf8936 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:396:14
#31 0x7f0204affa8e in rayon_core::unwind::halt_unwinding::ha3ad353aa58b89f1 /gecko/third_party/rust/rayon-core/src/unwind.rs:17:5
#32 0x7f0204affa8e in rayon_core::join::join_context::_$u7b$$u7b$closure$u7d$$u7d$::h93e18a5bfcf0f47b /gecko/third_party/rust/rayon-core/src/join/mod.rs:141:24
#33 0x7f0204afdf0b in rayon_core::registry::in_worker::h4e0582c1e7b825ec /gecko/third_party/rust/rayon-core/src/registry.rs:879:13
#34 0x7f0204afdf0b in rayon_core::join::join_context::h25152c906481c6c8 /gecko/third_party/rust/rayon-core/src/join/mod.rs:132:5
#35 0x7f0204afdf0b in rayon::iter::plumbing::bridge_producer_consumer::helper::hffbf3798f82b15d3 /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:416:47
#36 0x7f0204affa8e in rayon::iter::plumbing::bridge_producer_consumer::helper::_$u7b$$u7b$closure$u7d$$u7d$::hc6f8ed9018b2aeaf /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:418:21
#37 0x7f0204affa8e in rayon_core::join::join_context::call_a::_$u7b$$u7b$closure$u7d$$u7d$::he699529ca2739774 /gecko/third_party/rust/rayon-core/src/join/mod.rs:124:17
#38 0x7f0204affa8e in _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h2cb9f4e942c7b12a /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:322:9
#39 0x7f0204affa8e in std::panicking::try::do_call::h996de839d85ee28b /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:381:40
#40 0x7f0204affa8e in std::panicking::try::ha774027eb742719d /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:345:19
#41 0x7f0204affa8e in std::panic::catch_unwind::he0ca7fffd4bf8936 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:396:14
#42 0x7f0204affa8e in rayon_core::unwind::halt_unwinding::ha3ad353aa58b89f1 /gecko/third_party/rust/rayon-core/src/unwind.rs:17:5
#43 0x7f0204affa8e in rayon_core::join::join_context::_$u7b$$u7b$closure$u7d$$u7d$::h93e18a5bfcf0f47b /gecko/third_party/rust/rayon-core/src/join/mod.rs:141:24
#44 0x7f0204afdf0b in rayon_core::registry::in_worker::h4e0582c1e7b825ec /gecko/third_party/rust/rayon-core/src/registry.rs:879:13
#45 0x7f0204afdf0b in rayon_core::join::join_context::h25152c906481c6c8 /gecko/third_party/rust/rayon-core/src/join/mod.rs:132:5
#46 0x7f0204afdf0b in rayon::iter::plumbing::bridge_producer_consumer::helper::hffbf3798f82b15d3 /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:416:47
#47 0x7f0204affa8e in rayon::iter::plumbing::bridge_producer_consumer::helper::_$u7b$$u7b$closure$u7d$$u7d$::hc6f8ed9018b2aeaf /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:418:21
#48 0x7f0204affa8e in rayon_core::join::join_context::call_a::_$u7b$$u7b$closure$u7d$$u7d$::he699529ca2739774 /gecko/third_party/rust/rayon-core/src/join/mod.rs:124:17
#49 0x7f0204affa8e in _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h2cb9f4e942c7b12a /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:322:9
#50 0x7f0204affa8e in std::panicking::try::do_call::h996de839d85ee28b /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:381:40
#51 0x7f0204affa8e in std::panicking::try::ha774027eb742719d /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:345:19
#52 0x7f0204affa8e in std::panic::catch_unwind::he0ca7fffd4bf8936 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:396:14
#53 0x7f0204affa8e in rayon_core::unwind::halt_unwinding::ha3ad353aa58b89f1 /gecko/third_party/rust/rayon-core/src/unwind.rs:17:5
#54 0x7f0204affa8e in rayon_core::join::join_context::_$u7b$$u7b$closure$u7d$$u7d$::h93e18a5bfcf0f47b /gecko/third_party/rust/rayon-core/src/join/mod.rs:141:24
#55 0x7f0204afdf0b in rayon_core::registry::in_worker::h4e0582c1e7b825ec /gecko/third_party/rust/rayon-core/src/registry.rs:879:13
#56 0x7f0204afdf0b in rayon_core::join::join_context::h25152c906481c6c8 /gecko/third_party/rust/rayon-core/src/join/mod.rs:132:5
#57 0x7f0204afdf0b in rayon::iter::plumbing::bridge_producer_consumer::helper::hffbf3798f82b15d3 /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:416:47
#58 0x7f0204b00967 in rayon::iter::plumbing::bridge_producer_consumer::helper::_$u7b$$u7b$closure$u7d$$u7d$::hbae1a4deb6e0c8b8 /gecko/third_party/rust/rayon/src/iter/plumbing/mod.rs:427:21
#59 0x7f0204b00967 in rayon_core::join::join_context::call_b::_$u7b$$u7b$closure$u7d$$u7d$::h3ceecd3c3c2dae59 /gecko/third_party/rust/rayon-core/src/join/mod.rs:129:25
#60 0x7f0204b00967 in _$LT$rayon_core..job..StackJob$LT$L$C$F$C$R$GT$$u20$as$u20$rayon_core..job..Job$GT$::execute::call::_$u7b$$u7b$closure$u7d$$u7d$::hbb76942cb8dc98d7 /gecko/third_party/rust/rayon-core/src/job.rs:113:21
#61 0x7f0204b00967 in _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h8bcdb40b617564ea /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:322:9
#62 0x7f0204b00967 in std::panicking::try::do_call::h56b5c36c524d12e7 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:381:40
#63 0x7f0204b00967 in std::panicking::try::hb8efff6857db3a06 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:345:19
#64 0x7f0204b00967 in std::panic::catch_unwind::h259a6c14c4cba13e /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:396:14
#65 0x7f0204b00967 in rayon_core::unwind::halt_unwinding::h232043ae0e93e1df /gecko/third_party/rust/rayon-core/src/unwind.rs:17:5
#66 0x7f0204b00967 in _$LT$rayon_core..job..StackJob$LT$L$C$F$C$R$GT$$u20$as$u20$rayon_core..job..Job$GT$::execute::hd8997bb0ce1386fd /gecko/third_party/rust/rayon-core/src/job.rs:119:38
#67 0x7f0202717f22 in rayon_core::job::JobRef::execute::h84ee64a107ae87f4 /gecko/third_party/rust/rayon-core/src/job.rs:59:9
#68 0x7f0202717f22 in rayon_core::registry::WorkerThread::execute::h501e5788ff35db61 /gecko/third_party/rust/rayon-core/src/registry.rs:753:9
#69 0x7f0202717f22 in rayon_core::registry::WorkerThread::wait_until_cold::h2fb7488a109d1a57 /gecko/third_party/rust/rayon-core/src/registry.rs:730:17
#70 0x7f0202715aac in rayon_core::registry::WorkerThread::wait_until::hf3b852df50792538 /gecko/third_party/rust/rayon-core/src/registry.rs:704:13
#71 0x7f0202715aac in rayon_core::registry::main_loop::hcbe8a830a7636ee7 /gecko/third_party/rust/rayon-core/src/registry.rs:837:5
#72 0x7f0202715aac in rayon_core::registry::ThreadBuilder::run::h5f3bf6b0baf7fce1 /gecko/third_party/rust/rayon-core/src/registry.rs:56:18
#73 0x7f0202713b08 in _$LT$rayon_core..registry..DefaultSpawn$u20$as$u20$rayon_core..registry..ThreadSpawn$GT$::spawn::_$u7b$$u7b$closure$u7d$$u7d$::h2ff7e410b6169672 /gecko/third_party/rust/rayon-core/src/registry.rs:101:20
#74 0x7f0202713b08 in std::sys_common::backtrace::__rust_begin_short_backtrace::h6c192e4720b1c0ec /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/sys_common/backtrace.rs:125:18
#75 0x7f02027136b6 in std::thread::Builder::spawn_unchecked::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::h112104375459f419 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/thread/mod.rs:474:17
#76 0x7f02027136b6 in _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h050b89bc87d55ee9 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:322:9
#77 0x7f02027136b6 in std::panicking::try::do_call::hb1c9c62553d93da2 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:381:40
#78 0x7f02027136b6 in std::panicking::try::h3b38abeb6d02d5a0 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:345:19
#79 0x7f02027136b6 in std::panic::catch_unwind::hf4ee6c3d569ac886 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:396:14
#80 0x7f02027136b6 in std::thread::Builder::spawn_unchecked::_$u7b$$u7b$closure$u7d$$u7d$::h36781edff253ac03 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/thread/mod.rs:473:30
#81 0x7f02027136b6 in core::ops::function::FnOnce::call_once$u7b$$u7b$vtable.shim$u7d$$u7d$::h15b7cc511154e052 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs:227:5
#82 0x7f0202c31564 in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..FnOnce$LT$Args$GT$$GT$::call_once::h9e7afb7a0a438236 /rustc/74f7e32f43b5fb0f83896d124566d8242eb786b1/library/alloc/src/boxed.rs:1307:9
#83 0x7f0202c31564 in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..FnOnce$LT$Args$GT$$GT$::call_once::h70c646c4271337a1 /rustc/74f7e32f43b5fb0f83896d124566d8242eb786b1/library/alloc/src/boxed.rs:1307:9
#84 0x7f0202c31564 in std::sys::unix::thread::Thread::new::thread_start::h35d2b8d36f210d02 /rustc/74f7e32f43b5fb0f83896d124566d8242eb786b1/library/std/src/sys/unix/thread.rs:71:17
#85 0x7f021469f608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477:8
#86 0x7f0214268292 in clone /build/glibc-eX1tMB/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Flags: in-testsuite?
|
Reporter | |
Comment 1•2 years ago
|
||
|
|
Reporter | |
Comment 2•2 years ago
|
||
A Pernosco session is available here: https://pernos.co/debug/J6HGoQ_-J8wt8xCObZobGA/index.html
|
||
Comment 3•2 years ago
•
|
||
[deleted]
|
|
||
Comment 4•2 years ago
•
|
||
[deleted]
|
|
||
Comment 5•2 years ago
|
||
Okay, now that I've got my ASAN build done properly, I can reproduce this in ef13365d8188 on Fedora 33.
|
|
||
Comment 6•2 years ago
|
||
And I can reproduce with the attached .mozconfig file on b64759becddf (m-c Tue Oct 5).
|
|
||
Comment 7•2 years ago
|
||
|
|
||
Updated•2 years ago
|
Severity: -- → S3
Flags: needinfo?(dmalyshau)
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
You need to log in
before you can comment on or make changes to this bug.
Description
•