Open Bug 1825255 Opened 2 years ago Updated 2 years ago

AddressSanitizer: SEGV /builds/worker/checkouts/gecko/gfx/2d/DrawTargetRecording.cpp:618:5

Categories

(Core :: Graphics, defect)

Firefox 111
defect

Tracking

()

People

(Reporter: 2366719611, Unassigned)

References

Details

Crash Data

Attachments

(1 file)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36

Steps to reproduce:

open the attached html file.

Actual results:

the firefox crashed.
log:
AddressSanitizer:DEADLYSIGNAL

==4169664==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000001 (pc 0x7fd6a1ebe696 bp 0x7ffcac9e7f90 sp 0x7ffcac9e7e00 T0)
==4169664==The signal is caused by a WRITE memory access.
==4169664==Hint: address points to the zero page.
#0 0x7fd6a1ebe696 in mozilla::gfx::DrawTargetRecording::CreateSimilarDrawTarget(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SurfaceFormat) const /builds/worker/checkouts/gecko/gfx/2d/DrawTargetRecording.cpp:618:5
#1 0x7fd6a8fdf4b3 in mozilla::nsImageRenderer::Draw(nsPresContext*, gfxContext&, nsRect const&, nsRect const&, nsRect const&, nsPoint const&, nsSize const&, mozilla::gfx::IntRectTyped<mozilla::CSSPixel> const&, float) /builds/worker/checkouts/gecko/layout/painting/nsImageRenderer.cpp:487:55
#2 0x7fd6a8fe2e3e in mozilla::nsImageRenderer::DrawLayer(nsPresContext*, gfxContext&, nsRect const&, nsRect const&, nsPoint const&, nsRect const&, nsSize const&, float) /builds/worker/checkouts/gecko/layout/painting/nsImageRenderer.cpp:764:10
#3 0x7fd6a8f15dbf in nsCSSRendering::PaintStyleImageLayerWithSC(nsCSSRendering::PaintBGParams const&, gfxContext&, mozilla::ComputedStyle const*, nsStyleBorder const&) /builds/worker/checkouts/gecko/layout/painting/nsCSSRendering.cpp:2597:38
#4 0x7fd6a8d691f2 in mozilla::PaintMaskSurface(mozilla::SVGIntegrationUtils::PaintFramesParams const&, mozilla::gfx::DrawTarget*, float, mozilla::ComputedStyle const*, nsTArray<mozilla::SVGMaskFrame*> const&, nsPoint const&) /builds/worker/checkouts/gecko/layout/svg/SVGIntegrationUtils.cpp:512:35
#5 0x7fd6a8d6a2c4 in CreateAndPaintMaskSurface /builds/worker/checkouts/gecko/layout/svg/SVGIntegrationUtils.cpp:583:25
#6 0x7fd6a8d6a2c4 in void mozilla::PaintMaskAndClipPathInternal<std::function<void ()>>(mozilla::SVGIntegrationUtils::PaintFramesParams const&, std::function<void ()> const&) /builds/worker/checkouts/gecko/layout/svg/SVGIntegrationUtils.cpp:833:37
#7 0x7fd6a8f94ca2 in mozilla::nsDisplayMasksAndClipPaths::PaintWithContentsPaintCallback(mozilla::nsDisplayListBuilder*, gfxContext*, std::function<void ()> const&) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:7977:3
#8 0x7fd6a2486a7a in mozilla::layers::Grouper::PaintContainerItem(mozilla::layers::DIGroup*, mozilla::nsDisplayItem*, mozilla::layers::BlobItemData*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, bool, mozilla::nsDisplayList*, gfxContext*, mozilla::layers::WebRenderDrawEventRecorder*, mozilla::layers::RenderRootStateManager*, mozilla::wr::IpcResourceUpdateQueue&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1013:19
#9 0x7fd6a2488270 in mozilla::layers::DIGroup::PaintItemRange(mozilla::layers::Grouper*, mozilla::LinkedListIterator<mozilla::nsDisplayItem*>, mozilla::LinkedListIterator<mozilla::nsDisplayItem*>, gfxContext*, mozilla::layers::WebRenderDrawEventRecorder*, mozilla::layers::RenderRootStateManager*, mozilla::wr::IpcResourceUpdateQueue&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:835:19
#10 0x7fd6a248c0de in mozilla::layers::DIGroup::EndGroup(mozilla::layers::WebRenderLayerManager*, mozilla::nsDisplayListBuilder*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::Grouper*, mozilla::LinkedListIterator<mozilla::nsDisplayItem*>, mozilla::LinkedListIterator<mozilla::nsDisplayItem*>) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:675:5
#11 0x7fd6a2489afa in mozilla::layers::Grouper::ConstructGroups(mozilla::nsDisplayListBuilder*, mozilla::layers::WebRenderCommandBuilder*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::DIGroup*, mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::layers::StackingContextHelper const&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1415:17
#12 0x7fd6a2490c9e in mozilla::layers::WebRenderCommandBuilder::DoGroupingForDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1680:5
#13 0x7fd6a2492b7e in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1914:5
#14 0x7fd6a8f86fdd in mozilla::nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:6704:30
#15 0x7fd6a248968d in mozilla::layers::Grouper::ConstructGroups(mozilla::nsDisplayListBuilder*, mozilla::layers::WebRenderCommandBuilder*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::DIGroup*, mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::layers::StackingContextHelper const&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1391:40
#16 0x7fd6a2490c9e in mozilla::layers::WebRenderCommandBuilder::DoGroupingForDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1680:5
#17 0x7fd6a2492b7e in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1914:5
#18 0x7fd6a8f75ab5 in mozilla::nsDisplayWrapList::CreateWebRenderCommandsNewClipListOption(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*, bool) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:4636:30
#19 0x7fd6a8f99cb3 in mozilla::nsDisplaySVGWrapper::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:8467:10
#20 0x7fd6a249581d in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1825:41
#21 0x7fd6a2493e9c in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2091:7
#22 0x7fd6a8f86fdd in mozilla::nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:6704:30
#23 0x7fd6a249581d in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1825:41
#24 0x7fd6a2493e9c in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2091:7
#25 0x7fd6a8f75ab5 in mozilla::nsDisplayWrapList::CreateWebRenderCommandsNewClipListOption(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*, bool) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:4636:30
#26 0x7fd6a8f964d7 in mozilla::nsDisplayMasksAndClipPaths::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:8184:3
#27 0x7fd6a249581d in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1825:41
#28 0x7fd6a2493e9c in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2091:7
#29 0x7fd6a8f86fdd in mozilla::nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:6704:30
#30 0x7fd6a249581d in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1825:41
#31 0x7fd6a2493e9c in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2091:7
#32 0x7fd6a8f75ab5 in mozilla::nsDisplayWrapList::CreateWebRenderCommandsNewClipListOption(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*, bool) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:4636:30
#33 0x7fd6a8f964d7 in mozilla::nsDisplayMasksAndClipPaths::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:8184:3
#34 0x7fd6a249581d in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1825:41
#35 0x7fd6a2493e9c in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2091:7
#36 0x7fd6a8f86fdd in mozilla::nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:6704:30
#37 0x7fd6a249581d in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1825:41
#38 0x7fd6a2493e9c in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2091:7
#39 0x7fd6a8f75ab5 in mozilla::nsDisplayWrapList::CreateWebRenderCommandsNewClipListOption(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*, bool) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:4636:30
#40 0x7fd6a8f964d7 in mozilla::nsDisplayMasksAndClipPaths::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:8184:3
#41 0x7fd6a249581d in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1825:41
#42 0x7fd6a2493e9c in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2091:7
#43 0x7fd6a8f86fdd in mozilla::nsDisplayTransform::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:6704:30
#44 0x7fd6a249581d in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1825:41
#45 0x7fd6a2493e9c in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2091:7
#46 0x7fd6a8f75ab5 in mozilla::nsDisplayWrapList::CreateWebRenderCommandsNewClipListOption(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*, bool) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:4636:30
#47 0x7fd6a8f7b0d1 in CreateWebRenderCommands /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.h:4965:12
#48 0x7fd6a8f7b0d1 in mozilla::nsDisplayOwnLayer::CreateWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::layers::RenderRootStateManager*, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:5275:22
#49 0x7fd6a249581d in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands(mozilla::nsDisplayItem*, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::layers::StackingContextHelper const&, mozilla::nsDisplayListBuilder*) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1825:41
#50 0x7fd6a2493e9c in mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList(mozilla::nsDisplayList*, mozilla::nsDisplayItem*, mozilla::nsDisplayListBuilder*, mozilla::layers::StackingContextHelper const&, mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, bool) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:2091:7
#51 0x7fd6a24920b7 in mozilla::layers::WebRenderCommandBuilder::BuildWebRenderCommands(mozilla::wr::DisplayListBuilder&, mozilla::wr::IpcResourceUpdateQueue&, mozilla::nsDisplayList*, mozilla::nsDisplayListBuilder*, mozilla::layers::WebRenderScrollData&, WrFiltersHolder&&) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderCommandBuilder.cpp:1746:5
#52 0x7fd6a24ac6bc in mozilla::layers::WebRenderLayerManager::EndTransactionWithoutLayer(mozilla::nsDisplayList*, mozilla::nsDisplayListBuilder*, WrFiltersHolder&&, mozilla::layers::WebRenderBackgroundData*, double) /builds/worker/checkouts/gecko/gfx/layers/wr/WebRenderLayerManager.cpp:362:30
#53 0x7fd6a8f5b1dd in mozilla::nsDisplayList::PaintRoot(mozilla::nsDisplayListBuilder*, gfxContext*, unsigned int, mozilla::Maybe<double>) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:2302:18
#54 0x7fd6a88db2d4 in nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, mozilla::nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) /builds/worker/checkouts/gecko/layout/base/nsLayoutUtils.cpp:3413:9
#55 0x7fd6a87e9322 in mozilla::PresShell::PaintInternal(nsView*, mozilla::PaintInternalFlags) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:6465:5
#56 0x7fd6a806aef4 in nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) /builds/worker/checkouts/gecko/view/nsViewManager.cpp:433:18
#57 0x7fd6a806a6a4 in nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) /builds/worker/checkouts/gecko/view/nsViewManager.cpp:368:22
#58 0x7fd6a806c4a9 in nsViewManager::ProcessPendingUpdates() /builds/worker/checkouts/gecko/view/nsViewManager.cpp:941:5
#59 0x7fd6a876214b in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsRefreshDriver::IsExtraTick) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:2800:11
#60 0x7fd6a876e5e6 in TickDriver /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:373:13
#61 0x7fd6a876e5e6 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver>>&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:351:7
#62 0x7fd6a876e34e in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:367:5
#63 0x7fd6a876e0d5 in mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:911:5
#64 0x7fd6a876d38f in mozilla::VsyncRefreshDriverTimer::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:825:5
#65 0x7fd6a876c621 in mozilla::VsyncRefreshDriverTimer::NotifyVsyncOnMainThread(mozilla::VsyncEvent const&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:746:5
#66 0x7fd6a876bcdd in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsyncTimerOnMainThread() /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:592:14
#67 0x7fd6a876b8d8 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:549:9
#68 0x7fd6a739fa78 in mozilla::dom::VsyncMainChild::RecvNotify(mozilla::VsyncEvent const&, float const&) /builds/worker/checkouts/gecko/dom/ipc/VsyncMainChild.cpp:66:15
#69 0x7fd6a77a4ba3 in mozilla::dom::PVsyncChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PVsyncChild.cpp:228:78
#70 0x7fd6a16da584 in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBackgroundChild.cpp:6305:32
#71 0x7fd6a16505ff in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1800:25
#72 0x7fd6a164e255 in mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::UniquePtr<IPC::Message, mozilla::DefaultDelete<IPC::Message>>) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1725:9
#73 0x7fd6a164eb9a in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1525:3
#74 0x7fd6a164f6f4 in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1623:14
#75 0x7fd6a003711a in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:539:16
#76 0x7fd6a0034a68 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:852:26
#77 0x7fd6a00320a8 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:684:15
#78 0x7fd6a00327d0 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:462:36
#79 0x7fd6a003c1e1 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:188:37
#80 0x7fd6a003c1e1 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_2>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:546:5
#81 0x7fd6a005ddf8 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1225:16
#82 0x7fd6a0067f54 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:477:10
#83 0x7fd6a1656638 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:85:21
#84 0x7fd6a14fb5f7 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:381:10
#85 0x7fd6a14fb5f7 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374:3
#86 0x7fd6a14fb5f7 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356:3
#87 0x7fd6a8154fe9 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:148:27
#88 0x7fd6ac6249c8 in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:738:20
#89 0x7fd6a14fb5f7 in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:381:10
#90 0x7fd6a14fb5f7 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374:3
#91 0x7fd6a14fb5f7 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356:3
#92 0x7fd6ac624223 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:671:34
#93 0x560283e5f3f4 in content_process_main(mozilla::Bootstrap*, int, char**) /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
#94 0x560283e5f8a2 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:353:18
#95 0x7fd6b9920082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
#96 0x560283d9de78 in _start (/root/browser/latest/firefox/m-r-20230321111920-asan-opt/firefox+0x104e78) (BuildId: 4c0db819562949163d0c9839da29e00eec0409b1)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /builds/worker/checkouts/gecko/gfx/2d/DrawTargetRecording.cpp:618:5 in mozilla::gfx::DrawTargetRecording::CreateSimilarDrawTarget(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SurfaceFormat) const
==4169664==ABORTING
A content process crashed and MOZ_CRASHREPORTER_SHUTDOWN is set, shutting down

Expected results:

the firefox should not crash.

The Bugbug bot thinks this bug should belong to the 'Core::Graphics' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Graphics
Product: Firefox → Core
Crash Signature: [@ mozilla::gfx::DrawTargetRecording::CreateSimilarDrawTarget ]
See Also: → 1757003, 1771782, 1716482

I get crash from the attached testcase on the latest Win11x64 Nightly.

Status: UNCONFIRMED → NEW
Ever confirmed: true

When I tested, size of tmpDTRect was (3178496, 884736). Then CreateSimilarDrawTarget() was failed.

:tnikkel, can you comment to the bug?

Severity: -- → S3
Flags: needinfo?(tnikkel)

Hi, it has been two weeks, how’s everything going?

Looks like the same issue as one of the see also bugs, specifically bug 1757003 or bug 1716482.

Flags: needinfo?(tnikkel)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: