Hit MOZ_CRASH(Content-process DrawTargetRecording can't create requested similar drawtarget) at /builds/worker/checkouts/gecko/gfx/2d/DrawTargetRecording.cpp:551
Categories
(Core :: Graphics: WebRender, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox90 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, crash, testcase, Whiteboard: [bugmon:bisected,confirmed])
Crash Data
Attachments
(1 file)
269 bytes,
text/html
|
Details |
Found while fuzzing m-c 20210519-de62b7dc09b8 (--enable-debug --enable-fuzzing)
Hit MOZ_CRASH(Content-process DrawTargetRecording can't create requested similar drawtarget) at /builds/worker/checkouts/gecko/gfx/2d/DrawTargetRecording.cpp:551
#0 0x7f0b36da25c4 in mozilla::gfx::DrawTargetRecording::CreateSimilarDrawTarget(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SurfaceFormat) const src/gfx/2d/DrawTargetRecording.cpp:549:5
#1 0x7f0b3a7c2f21 in nsDisplayBlendMode::Paint(nsDisplayListBuilder*, gfxContext*) src/layout/painting/nsDisplayList.cpp:6217:50
#2 0x7f0b3a7ae6c2 in nsDisplayList::Paint(nsDisplayListBuilder*, gfxContext*, int) src/layout/painting/nsDisplayList.cpp:2457:11
#3 0x7f0b3a7c39e5 in nsDisplayBlendContainer::Paint(nsDisplayListBuilder*, gfxContext*) src/layout/painting/nsDisplayList.cpp:6331:18
#4 0x7f0b3a7ae6c2 in nsDisplayList::Paint(nsDisplayListBuilder*, gfxContext*, int) src/layout/painting/nsDisplayList.cpp:2457:11
#5 0x7f0b3a68058d in operator() /builds/worker/fetches/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/7.4.0/../../../../include/c++/7.4.0/bits/std_function.h:706:14
#6 0x7f0b3a68058d in void mozilla::PaintMaskAndClipPathInternal<std::function<void ()> >(mozilla::SVGIntegrationUtils::PaintFramesParams const&, std::function<void ()> const&) src/layout/svg/SVGIntegrationUtils.cpp:992:3
#7 0x7f0b3a7d5bee in nsDisplayMasksAndClipPaths::PaintWithContentsPaintCallback(nsDisplayListBuilder*, gfxContext*, std::function<void ()> const&) src/layout/painting/nsDisplayList.cpp:9731:3
#8 0x7f0b3a7d5d0c in nsDisplayMasksAndClipPaths::Paint(nsDisplayListBuilder*, gfxContext*) src/layout/painting/nsDisplayList.cpp:9743:3
#9 0x7f0b3a7ae6c2 in nsDisplayList::Paint(nsDisplayListBuilder*, gfxContext*, int) src/layout/painting/nsDisplayList.cpp:2457:11
#10 0x7f0b3a7cee5d in nsDisplayTransform::Paint(nsDisplayListBuilder*, gfxContext*, mozilla::Maybe<mozilla::gfx::PolygonTyped<mozilla::gfx::UnknownUnits> > const&) src/layout/painting/nsDisplayList.cpp:8384:20
#11 0x7f0b3a7ce658 in nsDisplayTransform::Paint(nsDisplayListBuilder*, gfxContext*) src/layout/painting/nsDisplayList.cpp:8353:3
#12 0x7f0b3a7ae6c2 in nsDisplayList::Paint(nsDisplayListBuilder*, gfxContext*, int) src/layout/painting/nsDisplayList.cpp:2457:11
#13 0x7f0b3a7aeb2b in nsDisplayList::PaintRoot(nsDisplayListBuilder*, gfxContext*, unsigned int, mozilla::Maybe<double>) src/layout/painting/nsDisplayList.cpp:2500:5
#14 0x7f0b3a410042 in nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) src/layout/base/nsLayoutUtils.cpp:3492:45
#15 0x7f0b3a7b8f59 in GenerateAndPushTextMask(nsIFrame*, gfxContext*, nsRect const&, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:329:3
#16 0x7f0b3a7b8ac5 in nsDisplayBackgroundImage::PaintInternal(nsDisplayListBuilder*, gfxContext*, nsRect const&, nsRect*) src/layout/painting/nsDisplayList.cpp:4230:10
#17 0x7f0b3700676f in mozilla::layers::PaintItemByDrawTarget(nsDisplayItem*, mozilla::gfx::DrawTarget*, mozilla::gfx::PointTyped<mozilla::LayoutDevicePixel, float> const&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, nsDisplayListBuilder*, mozilla::gfx::SizeTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::Maybe<mozilla::gfx::DeviceColor>&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1984:38
#18 0x7f0b37005a63 in mozilla::layers::WebRenderCommandBuilder::GenerateFallbackData(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*, mozilla::gfx::RectTyped<mozilla::LayoutDevicePixel, float>&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:2253:7
#19 0x7f0b37001511 in mozilla::layers::WebRenderCommandBuilder::PushItemAsImage(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:2547:48
#20 0x7f0b36fffaee in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1772:7
#21 0x7f0b3a7c2bad in CreateWebRenderCommands src/layout/painting/nsDisplayList.cpp:5697:30
#22 0x7f0b3a7c2bad in nsDisplayBlendMode::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:6186:29
#23 0x7f0b370013db in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1649:41
#24 0x7f0b36fffaee in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1772:7
#25 0x7f0b3a7c3b66 in CreateWebRenderCommands src/layout/painting/nsDisplayList.cpp:5697:30
#26 0x7f0b3a7c3b66 in nsDisplayBlendContainer::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:6349:29
#27 0x7f0b370013db in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1649:41
#28 0x7f0b36fffaee in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1772:7
#29 0x7f0b3a7d6975 in CreateWebRenderCommands src/layout/painting/nsDisplayList.cpp:5697:30
#30 0x7f0b3a7d6975 in nsDisplayMasksAndClipPaths::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:9927:25
#31 0x7f0b370013db in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1649:41
#32 0x7f0b36fffaee in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1772:7
#33 0x7f0b3a7ccff6 in nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:8186:30
#34 0x7f0b370013db in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1649:41
#35 0x7f0b36fffaee in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1772:7
#36 0x7f0b3a7c450c in CreateWebRenderCommands src/layout/painting/nsDisplayList.cpp:5697:30
#37 0x7f0b3a7c450c in nsDisplayOwnLayer::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, nsDisplayListBuilder*) src/layout/painting/nsDisplayList.cpp:6495:22
#38 0x7f0b370013db in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, nsDisplayListBuilder*) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1649:41
#39 0x7f0b36fffaee in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(nsDisplayList*, nsDisplayItem*, nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1772:7
#40 0x7f0b36ffe852 in mozilla::layers::WebRenderCommandBuilder::BuildWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, nsDisplayList*, nsDisplayListBuilder*, mozilla::layers::WebRenderScrollData&, WrFiltersHolder&&) src/gfx/layers/wr/WebRenderCommandBuilder.cpp:1569:5
#41 0x7f0b3702a334 in mozilla::layers::WebRenderLayerManager::EndTransactionWithoutLayer(nsDisplayList*, nsDisplayListBuilder*, WrFiltersHolder&&, mozilla::layers::WebRenderBackgroundData*, double) src/gfx/layers/wr/WebRenderLayerManager.cpp:368:30
#42 0x7f0b3a7af138 in nsDisplayList::PaintRoot(nsDisplayListBuilder*, gfxContext*, unsigned int, mozilla::Maybe<double>) src/layout/painting/nsDisplayList.cpp:2544:18
#43 0x7f0b3a410042 in nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) src/layout/base/nsLayoutUtils.cpp:3492:45
#44 0x7f0b3a389297 in mozilla::PresShell::Paint(nsView*, nsRegion const&, mozilla::PaintFlags) src/layout/base/PresShell.cpp:6402:5
#45 0x7f0b3a039551 in nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) src/view/nsViewManager.cpp:459:18
#46 0x7f0b3a03906b in nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) src/view/nsViewManager.cpp:394:22
#47 0x7f0b3a03a5df in nsViewManager::ProcessPendingUpdates() src/view/nsViewManager.cpp:972:5
#48 0x7f0b3a348075 in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsRefreshDriver::IsExtraTick) src/layout/base/nsRefreshDriver.cpp:2431:11
#49 0x7f0b3a34f36a in TickDriver src/layout/base/nsRefreshDriver.cpp:346:13
#50 0x7f0b3a34f36a in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) src/layout/base/nsRefreshDriver.cpp:324:7
#51 0x7f0b3a34f283 in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:340:5
#52 0x7f0b3a34f150 in mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:773:5
#53 0x7f0b3a34e7b8 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:702:16
#54 0x7f0b3a34e09e in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyParentProcessVsync() src/layout/base/nsRefreshDriver.cpp:615:7
#55 0x7f0b3a34db19 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) src/layout/base/nsRefreshDriver.cpp:536:9
#56 0x7f0b39b66436 in mozilla::dom::VsyncChild::RecvNotify(mozilla::VsyncEvent const&, float const&) src/dom/ipc/VsyncChild.cpp:68:15
#57 0x7f0b368b1100 in mozilla::dom::PVsyncChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PVsyncChild.cpp:178:54
#58 0x7f0b3668100c in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBackgroundChild.cpp:6008:32
#59 0x7f0b36307cbe in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2152:25
#60 0x7f0b3630413d in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:2076:9
#61 0x7f0b36305662 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1924:3
#62 0x7f0b363063db in mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1955:13
#63 0x7f0b35a351ee in mozilla::RunnableTask::Run() src/xpcom/threads/TaskController.cpp:482:16
#64 0x7f0b35a12e29 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:766:26
#65 0x7f0b35a11d84 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:621:15
#66 0x7f0b35a11f13 in mozilla::TaskController::ProcessPendingMTTask(bool) src/xpcom/threads/TaskController.cpp:405:36
#67 0x7f0b35a38a59 in operator() src/xpcom/threads/TaskController.cpp:141:37
#68 0x7f0b35a38a59 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_1>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:534:5
#69 0x7f0b35a2496f in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1159:16
#70 0x7f0b35a2b59a in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:548:10
#71 0x7f0b3630d574 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:107:5
#72 0x7f0b36275c37 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:335:10
#73 0x7f0b36275b52 in RunHandler src/ipc/chromium/src/base/message_loop.cc:328:3
#74 0x7f0b36275b52 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:310:3
#75 0x7f0b3a082a08 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#76 0x7f0b3ba27b53 in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:911:20
#77 0x7f0b3630e4ba in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:235:9
#78 0x7f0b36275c37 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:335:10
#79 0x7f0b36275b52 in RunHandler src/ipc/chromium/src/base/message_loop.cc:328:3
#80 0x7f0b36275b52 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:310:3
#81 0x7f0b3ba2776e in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:743:34
#82 0x562599d0eb26 in content_process_main src/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
#83 0x562599d0eb26 in main src/browser/app/nsBrowserApp.cpp:313:18
#84 0x7f0b4bd5e0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#85 0x562599ceb92c in _start (/home/worker/builds/m-c-20210520095745-fuzzing-debug/firefox-bin+0x1592c)
Reporter | ||
Comment 1•3 years ago
|
||
A Pernosco session is available here: https://pernos.co/debug/B1H9a0Mzb-VKqGtA6Y1-yg/index.html
Comment 2•3 years ago
|
||
Bugmon Analysis:
Verified bug as reproducible on mozilla-central 20210520095745-45c659bd4922.
The bug appears to have been introduced in the following build range:
Start: 3557d61e4136ee4e624662dc9c06f9d2cea38ea5 (20210519033212)
End: de62b7dc09b8bfba7cdb04deda52e0b70b7d3f99 (20210519044826)
Pushlog: https://hg.mozilla.org/mozilla-unified/pushloghtml?fromchange=3557d61e4136ee4e624662dc9c06f9d2cea38ea5&tochange=de62b7dc09b8bfba7cdb04deda52e0b70b7d3f99
Updated•3 years ago
|
Comment 3•3 years ago
|
||
Bugmon Analysis
The bug appears to have been fixed in the following build range:
Start: 2b3545abbf55f49144afae64bd9ac4b75d28d817 (20210618033124)
End: d8dea0ed3b970ae1ec4e07b9e21514bc00c8f2ba (20210618033757)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=2b3545abbf55f49144afae64bd9ac4b75d28d817&tochange=d8dea0ed3b970ae1ec4e07b9e21514bc00c8f2ba
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
Comment 4•3 years ago
|
||
This appears to have been fixed by bug 1715803. Closing as our fuzzers stopped seeing this issue after that patch landed.
Description
•