Closed Bug 1516543 Opened 6 years ago Closed 6 years ago

Assertion crash in Skia under Windows AArch64

Categories

(Core :: Graphics, defect, P3)

Product:
Core
Component:
Graphics
Platform:
ARM64
Windows
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: gsvelto, Unassigned)

References

(Blocks 1 open bug)

Details

I've been running a Windows AArch64 debug build and I often hit this assertion in content processes: https://searchfox.org/mozilla-central/source/gfx/skia/skia/include/private/SkPathRef.h#320 I get this output on the console right before the assertion: bad SkPathRef bounds: 329,867 9 335,867 15 332,866 9 334,523 9 335,866 10,3431 335,866 12 335,866 13,6569 334,523 15 332,866 15 331,21 14,9992 329,867 13,6565 *** bounds do not contain: 329,866 12 329,866 10,3431 331,21 9 332,866 9 c:\users\gsvelto\projects\mozilla-central\gfx\skia\skia\include\core\../private/SkPathRef.h(320): fatal error: "assert(this->isValid())" Abort from sk_abort Hit MOZ_CRASH() at c:/Users/gsvelto/projects/mozilla-central/memory/mozalloc/mozalloc_abort.cpp:33
To trigger this bug it's sufficient to navigate with a debug build to this page: https://setphaserstostun.org I've managed to grab a crash report: https://crash-stats.mozilla.com/report/index/bf321880-a8bc-447e-8e46-2f0b20181227 Socorro isn't processing Windows AArch64 crashes correctly yet so I'll process the dump manually and extract a stack trace.
Here's the full stack trace: Thread 0 (crashed) 0 mozglue.dll + 0x31fc0 1 mozglue.dll + 0x31fbc 2 xul.dll!sk_abort_no_print() [skmemory_mozalloc.cpp : 24 + 0x10] 3 xul.dll!SkPathRef::CreateTransformedCopy(sk_sp<SkPathRef> *,SkPathRef const &,SkMatrix const &) [skpathref.cpp : 254 + 0x24] 4 xul.dll!SkPath::transform(SkMatrix const &,SkPath *) [skpath.cpp : 1836 + 0xc] 5 xul.dll!SkDraw::drawPath(SkPath const &,SkPaint const &,SkMatrix const *,bool,bool,SkBlitter *) [skdraw.cpp : 1112 + 0xc] 6 xul.dll!SkBitmapDevice::drawPath(SkPath const &,SkPaint const &,bool) [skbitmapdevice.cpp : 417 + 0x18] 7 xul.dll!SkCanvas::onDrawPath(SkPath const &,SkPaint const &) [skcanvas.cpp : 2135 + 0x5c] 8 xul.dll!SkCanvas::drawPath(SkPath const &,SkPaint const &) [skcanvas.cpp : 1697 + 0x14] 9 xul.dll!mozilla::gfx::DrawTargetSkia::Fill(mozilla::gfx::Path const *,mozilla::gfx::Pattern const &,mozilla::gfx::DrawOptions const &) [drawtargetskia.cpp : 921 + 0xc] 10 xul.dll!mozilla::SVGGeometryFrame::Render(gfxContext *,unsigned int,mozilla::gfx::BaseMatrix<double> const &,mozilla::image::imgDrawingParams &) [svggeometryframe.cpp : 702 + 0xc] 11 xul.dll!mozilla::SVGGeometryFrame::PaintSVG(gfxContext &,mozilla::gfx::BaseMatrix<double> const &,mozilla::image::imgDrawingParams &,mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const *) [svggeometryframe.cpp : 263 + 0x14] 12 xul.dll!nsDisplaySVGGeometry::Paint(nsDisplayListBuilder *,gfxContext *) [svggeometryframe.cpp : 122 + 0x8] 13 xul.dll!mozilla::FrameLayerBuilder::PaintItems(std::vector<mozilla::AssignedDisplayItem,std::allocator<mozilla::AssignedDisplayItem> > &,mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const &,gfxContext *,nsDisplayListBuilder *,nsPresContext *,mozilla::gfx::IntPointTyped<mozilla::gfx::UnknownUnits> const &,float,float) [framelayerbuilder.cpp : 7037 + 0x14] 14 xul.dll!mozilla::FrameLayerBuilder::DrawPaintedLayer(mozilla::layers::PaintedLayer *,gfxContext *,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,mozilla::layers::DrawRegionClip,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,void *) [framelayerbuilder.cpp : 7194 + 0x2c] 15 xul.dll!mozilla::layers::BasicPaintedLayer::PaintThebes(gfxContext *,mozilla::layers::Layer *,void (*)(mozilla::layers::PaintedLayer *,gfxContext *,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,mozilla::layers::DrawRegionClip,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,void *),void *) [basicpaintedlayer.cpp : 92 + 0x28] 16 xul.dll!mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext &,gfxContext *) [basiclayermanager.cpp : 685 + 0x18] 17 xul.dll!mozilla::layers::BasicLayerManager::PaintLayer(gfxContext *,mozilla::layers::Layer *,void (*)(mozilla::layers::PaintedLayer *,gfxContext *,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,mozilla::layers::DrawRegionClip,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,void *),void *) [basiclayermanager.cpp : 851 + 0x18] 18 xul.dll!mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext &,gfxContext *) [basiclayermanager.cpp : 708 + 0x10] 19 xul.dll!mozilla::layers::BasicLayerManager::PaintLayer(gfxContext *,mozilla::layers::Layer *,void (*)(mozilla::layers::PaintedLayer *,gfxContext *,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,mozilla::layers::DrawRegionClip,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,void *),void *) [basiclayermanager.cpp : 851 + 0x18] 20 xul.dll!mozilla::layers::BasicLayerManager::EndTransactionInternal(void (*)(mozilla::layers::PaintedLayer *,gfxContext *,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,mozilla::layers::DrawRegionClip,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,void *),void *,mozilla::layers::LayerManager::EndTransactionFlags) [basiclayermanager.cpp : 602 + 0x14] 21 xul.dll!nsDisplayList::PaintRoot(nsDisplayListBuilder *,gfxContext *,unsigned int) [nsdisplaylist.cpp : 2723 + 0x1c] 22 xul.dll!nsLayoutUtils::PaintFrame(gfxContext *,nsIFrame *,nsRegion const &,unsigned int,nsDisplayListBuilderMode,nsLayoutUtils::PaintFrameFlags) [nslayoututils.cpp : 3786 + 0x14] 23 xul.dll!mozilla::PresShell::RenderDocument(nsRect const &,unsigned int,unsigned int,gfxContext *) [presshell.cpp : 4498 + 0x64] 24 xul.dll!mozilla::image::SVGDrawingCallback::operator()(gfxContext *,mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits,double> const &,mozilla::gfx::SamplingFilter,mozilla::gfx::BaseMatrix<double> const &) [vectorimage.cpp : 303 + 0x24] 25 xul.dll!gfxCallbackDrawable::Draw(gfxContext *,mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits,double> const &,mozilla::gfx::ExtendMode,mozilla::gfx::SamplingFilter,double,mozilla::gfx::BaseMatrix<double> const &) [gfxdrawable.cpp : 146 + 0x18] 26 xul.dll!gfxUtils::DrawPixelSnapped(gfxContext *,gfxDrawable *,mozilla::gfx::SizeTyped<mozilla::gfx::UnknownUnits,double> const &,mozilla::image::ImageRegion const &,mozilla::gfx::SurfaceFormat,mozilla::gfx::SamplingFilter,unsigned int,double,bool) [gfxutils.cpp : 554 + 0x3c] 27 xul.dll!mozilla::image::imgFrame::InitWithDrawable(gfxDrawable *,mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const &,mozilla::gfx::SurfaceFormat,mozilla::gfx::SamplingFilter,unsigned int,mozilla::gfx::BackendType) [imgframe.cpp : 436 + 0x74] 28 xul.dll!mozilla::image::VectorImage::CreateSurface(mozilla::image::SVGDrawingParameters const &,gfxDrawable *,bool &) [vectorimage.cpp : 1109 + 0x1c] 29 xul.dll!mozilla::image::VectorImage::Draw(gfxContext *,mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const &,mozilla::image::ImageRegion const &,unsigned int,mozilla::gfx::SamplingFilter,mozilla::Maybe<mozilla::SVGImageContext> const &,unsigned int,float) [vectorimage.cpp : 982 + 0x14] 30 xul.dll!static mozilla::image::ImgDrawResult DrawImageInternal(class gfxContext & const, class nsPresContext *, class imgIContainer *, const mozilla::gfx::SamplingFilter, const struct nsRect & const, const struct nsRect & const, const struct nsPoint & const, const struct nsRect & const, const class mozilla::Maybe<mozilla::SVGImageContext> & const, unsigned int, mozilla::gfx::ExtendMode, float) [nslayoututils.cpp : 6580 + 0x38] 31 xul.dll!nsLayoutUtils::DrawBackgroundImage(gfxContext &,nsIFrame *,nsPresContext *,imgIContainer *,mozilla::gfx::IntSizeTyped<mozilla::CSSPixel> const &,mozilla::gfx::SamplingFilter,nsRect const &,nsRect const &,nsSize const &,nsPoint const &,nsRect const &,unsigned int,mozilla::gfx::ExtendMode,float) [nslayoututils.cpp : 6823 + 0x3c] 32 xul.dll!mozilla::nsImageRenderer::Draw(nsPresContext *,gfxContext &,nsRect const &,nsRect const &,nsRect const &,nsPoint const &,nsSize const &,mozilla::gfx::IntRectTyped<mozilla::CSSPixel> const &,float) [nsimagerenderer.cpp : 458 + 0x58] 33 xul.dll!mozilla::nsImageRenderer::DrawLayer(nsPresContext *,gfxContext &,nsRect const &,nsRect const &,nsPoint const &,nsRect const &,nsSize const &,float) [nsimagerenderer.cpp : 703 + 0x6c] 34 xul.dll!nsCSSRendering::PaintStyleImageLayerWithSC(nsCSSRendering::PaintBGParams const &,gfxContext &,mozilla::ComputedStyle *,nsStyleBorder const &) [nscssrendering.cpp : 2606 + 0x40] 35 xul.dll!nsCSSRendering::PaintStyleImageLayer(nsCSSRendering::PaintBGParams const &,gfxContext &) [nscssrendering.cpp : 1836 + 0x18] 36 xul.dll!nsDisplayBackgroundImage::PaintInternal(nsDisplayListBuilder *,gfxContext *,nsRect const &,nsRect *) [nsdisplaylist.cpp : 4142 + 0xc] 37 xul.dll!mozilla::FrameLayerBuilder::PaintItems(std::vector<mozilla::AssignedDisplayItem,std::allocator<mozilla::AssignedDisplayItem> > &,mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const &,gfxContext *,nsDisplayListBuilder *,nsPresContext *,mozilla::gfx::IntPointTyped<mozilla::gfx::UnknownUnits> const &,float,float) [framelayerbuilder.cpp : 7037 + 0x14] 38 xul.dll!mozilla::FrameLayerBuilder::DrawPaintedLayer(mozilla::layers::PaintedLayer *,gfxContext *,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,mozilla::layers::DrawRegionClip,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,void *) [framelayerbuilder.cpp : 7194 + 0x2c] 39 xul.dll!mozilla::layers::ClientPaintedLayer::RenderLayerWithReadback(mozilla::layers::ReadbackProcessor *) [clientpaintedlayer.cpp : 150 + 0x20] 40 xul.dll!mozilla::layers::ClientContainerLayer::RenderLayer() [clientcontainerlayer.h : 53 + 0x10] 41 xul.dll!mozilla::layers::ClientContainerLayer::RenderLayer() [clientcontainerlayer.h : 53 + 0x10] 42 xul.dll!mozilla::layers::ClientContainerLayer::RenderLayer() [clientcontainerlayer.h : 53 + 0x10] 43 xul.dll!mozilla::layers::ClientLayerManager::EndTransactionInternal(void (*)(mozilla::layers::PaintedLayer *,gfxContext *,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,mozilla::layers::DrawRegionClip,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,void *),void *,mozilla::layers::LayerManager::EndTransactionFlags) [clientlayermanager.cpp : 324 + 0x0] 44 xul.dll!mozilla::layers::ClientLayerManager::EndTransaction(void (*)(mozilla::layers::PaintedLayer *,gfxContext *,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,mozilla::layers::DrawRegionClip,mozilla::gfx::IntRegionTyped<mozilla::gfx::UnknownUnits> const &,void *),void *,mozilla::layers::LayerManager::EndTransactionFlags) [clientlayermanager.cpp : 373 + 0x10] 45 xul.dll!nsDisplayList::PaintRoot(nsDisplayListBuilder *,gfxContext *,unsigned int) [nsdisplaylist.cpp : 2723 + 0x1c] 46 xul.dll!nsLayoutUtils::PaintFrame(gfxContext *,nsIFrame *,nsRegion const &,unsigned int,nsDisplayListBuilderMode,nsLayoutUtils::PaintFrameFlags) [nslayoututils.cpp : 3786 + 0x14] 47 xul.dll!mozilla::PresShell::Paint(nsView *,nsRegion const &,unsigned int) [presshell.cpp : 6027 + 0x14] 48 xul.dll!nsViewManager::ProcessPendingUpdatesPaint(nsIWidget *) [nsviewmanager.cpp : 461 + 0x24] 49 xul.dll!nsViewManager::ProcessPendingUpdatesForView(nsView *,bool) [nsviewmanager.cpp : 396 + 0x8] 50 xul.dll!nsViewManager::ProcessPendingUpdates() [nsviewmanager.cpp : 1030 + 0xc] 51 xul.dll!nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>,mozilla::TimeStamp) [nsrefreshdriver.cpp : 1957 + 0x8] 52 xul.dll!mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>,mozilla::TimeStamp,nsTArray<RefPtr<nsRefreshDriver> > &) [nsrefreshdriver.cpp : 304 + 0x18] 53 xul.dll!mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>,mozilla::TimeStamp) [nsrefreshdriver.cpp : 321 + 0x24] 54 xul.dll!mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>,mozilla::TimeStamp) [nsrefreshdriver.cpp : 646 + 0x20] 55 xul.dll!mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run() [nsrefreshdriver.cpp : 487 + 0x24] 56 xul.dll!nsThread::ProcessNextEvent(bool,bool *) [nsthread.cpp : 1157 + 0x10] 57 xul.dll!NS_ProcessNextEvent(nsIThread *,bool) [nsthreadutils.cpp : 468 + 0x14] 58 xul.dll!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate *) [messagepump.cpp : 89 + 0x8] 59 xul.dll!MessageLoop::RunInternal() [message_loop.cc : 314 + 0x14] 60 xul.dll!MessageLoop::RunHandler() [message_loop.cc : 307 + 0x4] 61 xul.dll!MessageLoop::Run() [message_loop.cc : 289 + 0x4] 62 xul.dll!nsBaseAppShell::Run() [nsbaseappshell.cpp : 137 + 0x4] 63 xul.dll!nsAppShell::Run() [nsappshell.cpp : 409 + 0x4] 64 xul.dll!nsAppStartup::Run() [nsappstartup.cpp : 271 + 0x10] 65 xul.dll!XREMain::XRE_mainRun() [nsapprunner.cpp : 4616 + 0x10] 66 xul.dll!XREMain::XRE_main(int,char * * const,mozilla::BootstrapConfig const &) [nsapprunner.cpp : 4754 + 0x4] 67 xul.dll!XRE_main(int,char * * const,mozilla::BootstrapConfig const &) [nsapprunner.cpp : 4839 + 0x10]
My build is a plain debug build with WebRTC disabled and compiled with cl.exe. MSVC version is 14.16.27023 and Windows SDK version is 10.0.17134.0. The machine used for testing is a Yoga 630.
> bad SkPathRef bounds: 329,867 9 335,867 15 ... > *** bounds do not contain: 329,866 12 It's close... could be some floating point inaccuracy having accumulated? (I assume the comma is a decimal separator)
(In reply to David Major [:dmajor] from comment #4) > (I assume the comma is a decimal separator) Yeah, they're floating-point value printed out in my (non-US) locale.
I've just tripped on another Skia assertion here: https://searchfox.org/mozilla-central/rev/8a135a9c5a96b59269f544fcaee76d8fd5a7026a/gfx/skia/skia/src/core/SkPathRef.cpp#253 Probably the same thing. If this is about architecture-specific floating-point rounding modes debugging it is going to be really fun.
I've tried disabling the assertion and I run into Skia crashes even then. Since this doesn't happen in non-debug build then this is probably caused by code-generation. Whatever floating-point sequence is being generated in my debug build is exhibiting this issue. It will be interesting to see if the same happens once we're able to build with clang-cl.
(In reply to Gabriele Svelto [:gsvelto] from comment #7) > I've tried disabling the assertion and I run into Skia crashes even then. Interesting. I haven't run into any crashes after I locally turned SkPathRef::validate() into a no-op. Can you share some of the stacks?
(In reply to David Major [:dmajor] from comment #8) > Interesting. I haven't run into any crashes after I locally turned > SkPathRef::validate() into a no-op. Can you share some of the stacks? Now that you mention it I'm not sure they're really Skia crashes. They just happen under the same conditions of the Skia crashes but since I've been unable to generate minidumps for content process crashes yet I can't be sure.
(In reply to Gabriele Svelto [:gsvelto] from comment #9) > Now that you mention it I'm not sure they're really Skia crashes. They just > happen under the same conditions of the Skia crashes but since I've been > unable to generate minidumps for content process crashes yet I can't be sure. If you run under a debugger that is set to debug child processes (e.g. `windbg -o`), is it able to trap the content process crashes?
The skia asserts don't happen on my clang build, so hopefully this bug will disappear on its own.
Priority: -- → P3

This appears to have been a compiler-related issue, fixed by switching to clang.

Status: NEW → RESOLVED
Closed: 6 years ago
Depends on: 1521129
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.