Closed Bug 1798807 Opened 2 years ago Closed 8 days ago

Hit MOZ_CRASH(assertion failed: task_size.width <= max_surface_size as i32) at gfx/wr/webrender/src/picture.rs:7257

Categories

(Core :: Graphics: WebRender, defect)

Product:
Core
Component:
Graphics: WebRender
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1941838
Tracking Flags:
Tracking Status
firefox-esr102 --- wontfix
firefox106 --- wontfix
firefox107 --- wontfix
firefox108 --- wontfix
firefox109 --- wontfix

People

(Reporter: tsmith, Assigned: gw)

References

(Blocks 2 open bugs, Regression)

Details

(Keywords: assertion, regression, testcase, Whiteboard: [bugmon:bisected,confirmed])

Attachments

(1 file)

testcase.html
391 bytes, text/html
Details
Attached file testcase.html

Found while fuzzing m-c 20221030-18c629b7b3b5 (--enable-debug --enable-fuzzing)

To reproduce via Grizzly Replay:

$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.html --headless

Hit MOZ_CRASH(assertion failed: task_size.width <= max_surface_size as i32) at gfx/wr/webrender/src/picture.rs:7257

#0 0x7fe33bf4fe05 in MOZ_Crash /builds/worker/workspace/obj-build/dist/include/mozilla/Assertions.h:261:3
#1 0x7fe33bf4fe05 in RustMozCrash /builds/worker/checkouts/gecko/mozglue/static/rust/wrappers.cpp:18:3
#2 0x7fe33bf4fd88 in mozglue_static::panic_hook::h78973aca7351e0a7 /builds/worker/checkouts/gecko/mozglue/static/rust/lib.rs:91:9
#3 0x7fe33bf4f80b in core::ops::function::Fn::call::h39922ba40a8415bd /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/core/src/ops/function.rs:77:5
#4 0x7fe33cef6729 in std::panicking::rust_panic_with_hook::hf26e9d4f97b40096 /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/panicking.rs:702:17
#5 0x7fe33cef6528 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::hfab912107608087a /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/panicking.rs:586:13
#6 0x7fe33cef3823 in std::sys_common::backtrace::__rust_end_short_backtrace::h434b685ce8d9965b /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/sys_common/backtrace.rs:138:18
#7 0x7fe33cef6298 in rust_begin_unwind /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/panicking.rs:584:5
#8 0x7fe332244f52 in core::panicking::panic_fmt::ha6dc7f2ab2479463 /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/core/src/panicking.rs:142:14
#9 0x7fe332244e1c in core::panicking::panic::hb3ad04c589a0e3c8 /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/core/src/panicking.rs:48:5
#10 0x7fe33ba7570f in webrender::picture::get_surface_rects::h950b02bb6abdfbe0 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/picture.rs:7257:5
#11 0x7fe33ba7570f in webrender::picture::PicturePrimitive::take_context::h19766400982b4e46 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/picture.rs:5320:43
#12 0x7fe33ba836f7 in webrender::prepare::prepare_prim_for_render::h1f6121429c214f21 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:138:15
#13 0x7fe33ba836f7 in webrender::prepare::prepare_primitives::hdcc98984da3878fc /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:75:45
#14 0x7fe33ba837ed in webrender::prepare::prepare_prim_for_render::h1f6121429c214f21 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:148:17
#15 0x7fe33ba837ed in webrender::prepare::prepare_primitives::hdcc98984da3878fc /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:75:45
#16 0x7fe33ba837ed in webrender::prepare::prepare_prim_for_render::h1f6121429c214f21 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:148:17
#17 0x7fe33ba837ed in webrender::prepare::prepare_primitives::hdcc98984da3878fc /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:75:45
#18 0x7fe33ba837ed in webrender::prepare::prepare_prim_for_render::h1f6121429c214f21 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:148:17
#19 0x7fe33ba837ed in webrender::prepare::prepare_primitives::hdcc98984da3878fc /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:75:45
#20 0x7fe33ba837ed in webrender::prepare::prepare_prim_for_render::h1f6121429c214f21 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:148:17
#21 0x7fe33ba837ed in webrender::prepare::prepare_primitives::hdcc98984da3878fc /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:75:45
#22 0x7fe33ba837ed in webrender::prepare::prepare_prim_for_render::h1f6121429c214f21 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:148:17
#23 0x7fe33ba837ed in webrender::prepare::prepare_primitives::hdcc98984da3878fc /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:75:45
#24 0x7fe33ba837ed in webrender::prepare::prepare_prim_for_render::h1f6121429c214f21 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:148:17
#25 0x7fe33ba837ed in webrender::prepare::prepare_primitives::hdcc98984da3878fc /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:75:45
#26 0x7fe33ba30673 in webrender::frame_builder::FrameBuilder::build_layer_screen_rects_and_cull_layers::h599b165dc9688400 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/frame_builder.rs:416:17
#27 0x7fe33ba30673 in webrender::frame_builder::FrameBuilder::build::h38bff208df1307d3 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/frame_builder.rs:516:9
#28 0x7fe33baa7966 in webrender::render_backend::Document::build_frame::hd56248b16c4cda92 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:515:25
#29 0x7fe33bab869c in webrender::render_backend::RenderBackend::update_document::h88dbb437ad4129b2 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:1406:41
#30 0x7fe33baaf456 in webrender::render_backend::RenderBackend::prepare_transactions::hfe0a37218ce8b7d2 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:1250:28
#31 0x7fe33baaf456 in webrender::render_backend::RenderBackend::process_api_msg::he203fda4984968b6 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:1103:17
#32 0x7fe33b8c13bc in webrender::render_backend::RenderBackend::run::hbee754a7ac2ad422 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:773:21
#33 0x7fe33b8c13bc in webrender::renderer::init::create_webrender_instance::_$u7b$$u7b$closure$u7d$$u7d$::he8b83f059fe6f1e8 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/renderer/init.rs:678:9
#34 0x7fe33b8c13bc in std::sys_common::backtrace::__rust_begin_short_backtrace::habb0a53e05b2fb3a /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/sys_common/backtrace.rs:122:18
#35 0x7fe33b8e1c0e in std::thread::Builder::spawn_unchecked_::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::h33f52b4cb83bbce3 /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/thread/mod.rs:505:17
#36 0x7fe33b8e1c0e in _$LT$core..panic..unwind_safe..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h9f2c38ca149dbb53 /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/core/src/panic/unwind_safe.rs:271:9
#37 0x7fe33b8e1c0e in std::panicking::try::do_call::hacd1727d5a5b74f4 /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/panicking.rs:492:40
#38 0x7fe33b8e1c0e in std::panicking::try::h628a86fd2c542ba6 /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/panicking.rs:456:19
#39 0x7fe33b8e1c0e in std::panic::catch_unwind::h96a90230115f1a57 /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/panic.rs:137:14
#40 0x7fe33b8e1c0e in std::thread::Builder::spawn_unchecked_::_$u7b$$u7b$closure$u7d$$u7d$::h29a1f459e24c4851 /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/thread/mod.rs:504:30
#41 0x7fe33b8e1c0e in core::ops::function::FnOnce::call_once$u7b$$u7b$vtable.shim$u7d$$u7d$::h972a1a76adc52e93 /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/core/src/ops/function.rs:248:5
#42 0x7fe33cf00822 in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..FnOnce$LT$Args$GT$$GT$::call_once::h56d5fc072706762b /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/alloc/src/boxed.rs:1935:9
#43 0x7fe33cf00822 in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..FnOnce$LT$Args$GT$$GT$::call_once::h41deef8e33b824bb /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/alloc/src/boxed.rs:1935:9
#44 0x7fe33cf00822 in std::sys::unix::thread::Thread::new::thread_start::ha6436304a1170bba /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/sys/unix/thread.rs:108:17
#45 0x7fe3497f8608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477:8
#46 0x7fe3493bf132 in __clone /build/glibc-SzIz7B/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Flags: in-testsuite?

A Pernosco session is available here: https://pernos.co/debug/QPL6CHzLD6Yt5aGkts1mCw/index.html

Verified bug as reproducible on mozilla-central 20221102174350-6d65bca9434c.
The bug appears to have been introduced in the following build range:

Start: cd1ca5184c73edfc4af351ad4c89ea994311625b (20220228215749)
End: 9f3cb0197f1ff639627e97ea474596fc6ccb2a1f (20220228232435)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=cd1ca5184c73edfc4af351ad4c89ea994311625b&tochange=9f3cb0197f1ff639627e97ea474596fc6ccb2a1f

Keywords: regression
Whiteboard: [bugmon:bisected,confirmed]
Regressed by: 1757002

Set release status flags based on info from the regressing bug 1757002

:gw, since you are the author of the regressor, bug 1757002, could you take a look? Also, could you set the severity field?

For more information, please visit auto_nag documentation.

status-firefox106: --- → affected
status-firefox107: --- → affected
status-firefox-esr102: --- → affected
Flags: needinfo?(gwatson)
Assignee: nobody → gwatson
Flags: needinfo?(gwatson)

Set release status flags based on info from the regressing bug 1757002

The severity field is not set for this bug.
:gw, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(gwatson)
Severity: -- → S3
Flags: needinfo?(gwatson)

Bugmon was unable reproduce this issue.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.

Keywords: bugmon
Keywords: bugmon

A change to the Taskcluster build definitions over the weekend caused Bugmon to fail when reproducing issues. This issue has been corrected. Re-enabling bugmon.

I'm unable to reproduce this - Tyson, are you still able to repro this one?

Flags: needinfo?(twsmith)

(In reply to Glenn Watson [:gw] from comment #8)

I'm unable to reproduce this - Tyson, are you still able to repro this one?

I am able to repro (m-c 20230629-e784085dfb50) but only when using --xvfb or --headless. So I'm guessing window size might be important.

Flags: needinfo?(twsmith)
Blocks: wr-fuzz

Testcase crashes using the initial build (mozilla-central 20240202094312-dd4c0135beb5) but not with tip (mozilla-central 20250131212813-935aaee05e86.)

The bug appears to have been fixed in the following build range:

Start: db9c7a769093ebcfa9fcc4c0b1728132666565d7 (20250129132901)
End: b6a132edccee6a6842b7d20e7cd57dc1dcd502fb (20250129073904)
Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=db9c7a769093ebcfa9fcc4c0b1728132666565d7&tochange=b6a132edccee6a6842b7d20e7cd57dc1dcd502fb

gw, can you confirm that the above bisection range is responsible for fixing this issue?
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.

Flags: needinfo?(gwatson)
Keywords: bugmon

Fixed by bug 1941838?

Yes, it seems like that is a plausible fix.

Status: NEW → RESOLVED
Closed: 8 days ago
Duplicate of bug: 1941838
Flags: needinfo?(gwatson)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: