Open
Bug 1765904
Opened 3 years ago
Updated 10 months ago
Hit MOZ_CRASH(assertion failed: self.has_font(font.font_key)) at gfx/wr/webrender/src/glyph_rasterizer/mod.rs:73
Categories
(Core :: Graphics: WebRender, defect)
Core
Graphics: WebRender
Tracking
()
REOPENED
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(4 keywords, Whiteboard: [bugmon:bisected,confirmed])
Attachments
(1 file)
|
1.23 KB,
text/html
|
Details |
Found while fuzzing m-c 20220420-a33cd50e2f73 (--enable-debug --enable-fuzzing)
The attached test case is not 100% reliable it may take a few attempts to reproduce the issue (usually within 5). It also requires a --enable-fuzzing build because it makes use of FuzzingFunctions.memoryPressure().
To reproduce via Grizzly Replay:
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.html --repeat 10 --relaunch 1
Hit MOZ_CRASH(assertion failed: self.has_font(font.font_key)) at gfx/wr/webrender/src/glyph_rasterizer/mod.rs:73
#0 0x7f622596fef0 in MOZ_Crash /builds/worker/workspace/obj-build/dist/include/mozilla/Assertions.h:261:3
#1 0x7f622596fef0 in RustMozCrash /gecko/mozglue/static/rust/wrappers.cpp:18:3
#2 0x7f622596f516 in mozglue_static::panic_hook::hbabeaf6d033978a2 /gecko/mozglue/static/rust/lib.rs:91:9
#3 0x7f622596ea35 in core::ops::function::Fn::call::h2e66ea81006e3482 /builds/worker/fetches/rust/library/core/src/ops/function.rs:70:5
#4 0x7f6228a26745 in std::panicking::rust_panic_with_hook::ha5b022af6db450bf (/home/worker/builds/m-c-20220420215300-fuzzing-asan-opt/libxul.so+0x1f88d745)
#5 0x7f6228a34931 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::h047793a3a1b79e4c std.44d4124d-cgu.4
#6 0x7f6228a33dc3 in std::sys_common::backtrace::__rust_end_short_backtrace::h901cddcf8e784223 crtstuff.c
#7 0x7f6228a26241 in rust_begin_unwind (/home/worker/builds/m-c-20220420215300-fuzzing-asan-opt/libxul.so+0x1f88d241)
#8 0x7f62118fca50 in core::panicking::panic_fmt::hba17afda0a601067 (/home/worker/builds/m-c-20220420215300-fuzzing-asan-opt/libxul.so+0x8763a50)
#9 0x7f62118fc99c in core::panicking::panic::hd7b0881940dfa706 (/home/worker/builds/m-c-20220420215300-fuzzing-asan-opt/libxul.so+0x876399c)
#10 0x7f6223e6f3c5 in webrender::glyph_rasterizer::GlyphRasterizer::request_glyphs::h4f963bf92c2e77ab /gecko/gfx/wr/webrender/src/glyph_rasterizer/mod.rs:73:9
#11 0x7f622404b9e7 in webrender::resource_cache::ResourceCache::request_glyphs::h0739d27886891e35 /gecko/gfx/wr/webrender/src/resource_cache.rs:1105:9
#12 0x7f622404b9e7 in webrender::prim_store::text_run::TextRunPrimitive::request_resources::hd2b568d7ee7553cf /gecko/gfx/wr/webrender/src/prim_store/text_run.rs:482:9
#13 0x7f6223fafdd7 in webrender::prepare::prepare_interned_prim_for_render::h0fe24097019c1c98 /gecko/gfx/wr/webrender/src/prepare.rs:377:13
#14 0x7f6223f952d5 in webrender::prepare::prepare_prim_for_render::hb4f673f279a9839a /gecko/gfx/wr/webrender/src/prepare.rs:218:5
#15 0x7f6223f952d5 in webrender::prepare::prepare_primitives::hfae0d9a31c070810 /gecko/gfx/wr/webrender/src/prepare.rs:74:20
#16 0x7f6223e4978d in webrender::frame_builder::FrameBuilder::build_layer_screen_rects_and_cull_layers::hd07ba357b9208f59 /gecko/gfx/wr/webrender/src/frame_builder.rs:433:17
#17 0x7f6223e4978d in webrender::frame_builder::FrameBuilder::build::h64587b6a6aa516b1 /gecko/gfx/wr/webrender/src/frame_builder.rs:529:9
#18 0x7f62240637f7 in webrender::render_backend::Document::build_frame::h669a6c3681208acb /gecko/gfx/wr/webrender/src/render_backend.rs:493:25
#19 0x7f62240abe72 in webrender::render_backend::RenderBackend::update_document::hab939172d2b73167 /gecko/gfx/wr/webrender/src/render_backend.rs:1385:41
#20 0x7f62240875dd in webrender::render_backend::RenderBackend::prepare_transactions::h5b679dccf114893f /gecko/gfx/wr/webrender/src/render_backend.rs:1234:28
#21 0x7f62240875dd in webrender::render_backend::RenderBackend::process_api_msg::h343174545c86a662 /gecko/gfx/wr/webrender/src/render_backend.rs:1087:17
#22 0x7f6224154b29 in webrender::render_backend::RenderBackend::run::h595db03f8e723007 /gecko/gfx/wr/webrender/src/render_backend.rs:751:21
#23 0x7f6224154b29 in webrender::renderer::Renderer::new::_$u7b$$u7b$closure$u7d$$u7d$::hb88652f8528671c9 /gecko/gfx/wr/webrender/src/renderer/mod.rs:1337:13
#24 0x7f6224154b29 in std::sys_common::backtrace::__rust_begin_short_backtrace::h81063c886e3a7d9b /builds/worker/fetches/rust/library/std/src/sys_common/backtrace.rs:123:18
#25 0x7f622372839d in std::thread::Builder::spawn_unchecked::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::h53e03bedcd9a8100 /builds/worker/fetches/rust/library/std/src/thread/mod.rs:477:17
#26 0x7f622372839d in _$LT$core..panic..unwind_safe..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h8520b0074aa41e50 /builds/worker/fetches/rust/library/core/src/panic/unwind_safe.rs:271:9
#27 0x7f622372839d in std::panicking::try::do_call::hd65820a135b33d67 /builds/worker/fetches/rust/library/std/src/panicking.rs:406:40
#28 0x7f622372839d in std::panicking::try::h7bdb626f4d9e6f18 /builds/worker/fetches/rust/library/std/src/panicking.rs:370:19
#29 0x7f622372839d in std::panic::catch_unwind::h93d1417fa849128d /builds/worker/fetches/rust/library/std/src/panic.rs:133:14
#30 0x7f622372839d in std::thread::Builder::spawn_unchecked::_$u7b$$u7b$closure$u7d$$u7d$::h36d2e54fccc20401 /builds/worker/fetches/rust/library/std/src/thread/mod.rs:476:30
#31 0x7f622372839d in core::ops::function::FnOnce::call_once$u7b$$u7b$vtable.shim$u7d$$u7d$::h163408733e963932 /builds/worker/fetches/rust/library/core/src/ops/function.rs:227:5
#32 0x7f6228a20292 in std::sys::unix::thread::Thread::new::thread_start::hea5bd76ff79c6284 std.44d4124d-cgu.14
#33 0x7f62379e2608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477:8
#34 0x7f62375a9162 in __clone /build/glibc-sMfBJT/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Reporter | |
Comment 1•3 years ago
•
|
||
A Pernosco session is available here: https://pernos.co/debug/ElMgGfQ8OtMoCWzGpYt94w/index.html
|
||
Comment 2•3 years ago
|
||
Bugmon Analysis
Verified bug as reproducible on mozilla-central 20220422033915-e54b77f74624.
Unable to bisect testcase (Testcase reproduces on start build!):
Start: 9b7bac5af873863628d90e89299a813228ddbb83 (20210423095101)
End: a33cd50e2f73a5626864cd88e14d9fbd2ab158c2 (20220420215300)
BuildFlags: BuildFlags(asan=False, tsan=False, debug=True, fuzzing=True, coverage=False, valgrind=False, no_opt=False, fuzzilli=False)
Whiteboard: [bugmon:bisected,confirmed]
|
||
Comment 3•2 years ago
|
||
Can you try debugging this when you get a chance?
Severity: S2 → S3
Flags: needinfo?(lsalzman)
|
|
Reporter | |
Comment 4•2 years ago
|
||
FWIW: This was last reported by fuzzers targeting m-c 20220925-94436fdd766d. I am no longer able to reproduce the issue with the attached test case.
|
||
Updated•2 years ago
|
Status: NEW → RESOLVED
Closed: 2 years ago
Flags: needinfo?(lsalzman)
Resolution: --- → WORKSFORME
|
|
||
Comment 5•2 years ago
|
||
No valid actions for resolution (WORKSFORME).
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
Keywords: bugmon
|
|
Reporter | |
Comment 6•10 months ago
•
|
||
Crash explorer discovered that this is in fact still reproducible (m-c 20241217-10fe3e4fee81) with the attached test case.
Here is an updated Pernosco session: https://pernos.co/debug/4MK4_-kjbiuAdEfF9C4A5g/index.html
Status: RESOLVED → REOPENED
status-firefox135:
--- → affected
Keywords: pernosco
Resolution: WORKSFORME → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•