Closed Bug 1948939 Opened 5 months ago Closed 5 months ago

Crash in [@ webrender::picture::PicturePrimitive::take_context]

Categories

(Core :: Graphics: WebRender, defect, P1)

Product:
Core
Component:
Graphics: WebRender
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
137 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox-esr128 --- unaffected
firefox135 --- unaffected
firefox136 + fixed
firefox137 + fixed

People

(Reporter: dmeehan, Assigned: ahale)

References

(Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Bug 1948939 - restore render task size logic but also clamp to avoid panic r?gw,#gfx-reviewers
48 bytes, text/x-phabricator-request
dmeehan
: approval-mozilla-beta+
Details | Review

Crash report: https://crash-stats.mozilla.org/report/index/794fe583-a9ad-448a-949c-396530250218

MOZ_CRASH Reason:

task_size 4097x781 must be within max_surface_size 4096

Top 10 frames:

0  XUL  MOZ_Crash(char const*, int, char const*)  mfbt/Assertions.h:337
0  XUL  RustMozCrash  mozglue/static/rust/wrappers.cpp:18
1  XUL  mozglue_static::panic_hook  mozglue/static/rust/lib.rs:102
2  XUL  core::ops::function::Fn::call  /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs:79
3  XUL  <alloc::boxed::Box<F, A> as core::ops::function::Fn<Args>>::call  library/alloc/src/boxed.rs:1986
3  XUL  std::panicking::rust_panic_with_hook  library/std/src/panicking.rs:809
4  XUL  std::panicking::begin_panic_handler::{{closure}}  library/std/src/panicking.rs:674
5  XUL  std::sys::backtrace::__rust_end_short_backtrace  library/std/src/sys/backtrace.rs:170
6  XUL  rust_begin_unwind  library/std/src/panicking.rs:665
7  XUL  core::panicking::panic_fmt  library/core/src/panicking.rs:76

Looks like this started to spike in nightly after Bug 1945041 landed and in beta when it was uplifted.

Flags: needinfo?(ahale)
Crash Signature: [@ webrender::picture::PicturePrimitive::take_context] → [@ webrender::picture::PicturePrimitive::take_context] [@ webrender::picture::get_surface_rects]

The bug is marked as tracked for firefox136 (beta) and tracked for firefox137 (nightly). We have limited time to fix this, the soft freeze is in 8 days. However, the bug still isn't assigned.

:bhood, could you please find an assignee for this tracked bug? Given that it is a regression and we know the cause, we could also simply backout the regressor. If you disagree with the tracking decision, please talk with the release managers.

For more information, please visit BugBot documentation.

Flags: needinfo?(bhood)

:gw could this be triaged?
Next week is RC week for Fx136

Flags: needinfo?(gwatson)

ahale, could you take a look at this?

Severity: -- → S2
Flags: needinfo?(gwatson)
Priority: -- → P1

I'm on it.

Assignee: nobody → ahale
Flags: needinfo?(bhood)
Flags: needinfo?(ahale)
Attachment #9467542 - Attachment description: Bug 1948939 - clamp render task size so we never panic r?gw,#gfx-reviewers → Bug 1948939 - restore render task size logic but also clamp to avoid panic r?gw,#gfx-reviewers
Pushed by ahale@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/6894b28f09d1 restore render task size logic but also clamp to avoid panic r=gw,gfx-reviewers

The patch in comment #5 will probably need a beta uplift, however I have not been able to find a reliable repro case so I'm not confident as to whether this is an optimal solution, it only restores the logic, restores an assert to being a debug_assert (so it won't panic in release if the logic fails) and adds one more safeguard in case the logic fails to achieve the necessary size limiting (which should prevent that debug_assert from ever triggering).

I'll be restoring my revised logic in a follow-up after this bug, because it was better in several ways and necessary for fixing Bug 1918529 again.

Blocks: 1918529
Blocks: 1949632

Comment on attachment 9467542 [details]
Bug 1948939 - restore render task size logic but also clamp to avoid panic r?gw,#gfx-reviewers

Beta/Release Uplift Approval Request

  • User impact if declined/Reason for urgency: Fixes a rare crash that happens unpredictably with animations with filters on high DPI displays, seems to mostly affect Mac and to a lesser extent Linux, where it crashes the whole browser.

While this code is covered by tests, no clear repro case for this exact failure has been identified, so this only restores logic that has shipped previously, and adds a final safeguard to keep it from crashing if that fails.

  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): This restores code that shipped previously, it only adds a safety check to prevent crashing.
  • String changes made/needed:
  • Is Android affected?: Yes
Attachment #9467542 - Flags: approval-mozilla-beta?

https://hg.mozilla.org/mozilla-central/rev/6894b28f09d1

Status: NEW → RESOLVED
Closed: 5 months ago
status-firefox137: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 137 Branch

Comment on attachment 9467542 [details]
Bug 1948939 - restore render task size logic but also clamp to avoid panic r?gw,#gfx-reviewers

Approved for 136.0 RC1

Attachment #9467542 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: