possibly related to https://bugs.chromium.org/p/chromium/issues/detail?id=669775&q=component%3AInternals%3EGPU&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Component%20Status%20Owner%20Summary%20OS%20Modified

At our end, we have mac test machines with Intel graphic cards.
Adding TE-NeedsTriageFromMTV for futher triage

benoit.j.chavailer@, are you able to provide the output of "about:gpu" (type into the address bar) from both the Chrome 55 build where this reproduces and the Chrome 54 build where this does not? This makes diagnosing the issue (and matching your hardware config) easier. Thanks!

senorblanco@, given that this is AMD, I'm guessing we're hitting the MSAA path rendering path. Has anything changed substantially in this path from 54 > 55?

Re: #4: There may have been a refactor or two, but there were no substantial changes, IIRC.

This reproduces on all configurations tested with MSAA forced (Intel / NVidia / AMD). You can reproduce by opening about://flags and setting gpu rasterization to "force enabled for all layers" and GPU Rasterization MSAA Sample Count to "4".

Will bisect.

Please find enclosed the results of about:gpu in 55 and 54 on the same macbook machine

Deleted: chrome 54.txt 7.2 KB

chrome 54.txt 7.2 KB View Download

Deleted: chrome55.txt 5.0 KB

chrome55.txt 5.0 KB View Download

This appears to be a long-standing issue (I've been able to repro back to Chrome 52) - not sure why the reporter is seeing a difference in M54>M55, although I've found that the crash can be a bit flaky on my systems, so it may just be a case of getting lucky.

I can also repro on Windows as well, assuming I force GPU rasterization. It appears that something goes wrong in the GrTessellator causing it to perform runaway allocations. The callstack I get at the point when we crash from OOM is:

 	base.dll!base::win::`anonymous namespace'::ForceCrashOnSigAbort(int __formal) Line 67	C++
 	ucrtbase.dll!raise()	Unknown
 	ucrtbase.dll!abort()	Unknown
 	skia.dll!sk_abort_no_print() Line 32	C++
 	skia.dll!`anonymous namespace'::simplify(`anonymous-namespace'::Vertex * vertices, `anonymous-namespace'::Comparator & c, SkChunkAlloc & alloc) Line 1304	C++
 	skia.dll!`anonymous namespace'::contours_to_polys(`anonymous-namespace'::Vertex * * contours, int contourCnt, SkPath::FillType fillType, const SkRect & pathBounds, bool antialias, SkChunkAlloc & alloc) Line 1670	C++
 	skia.dll!`anonymous namespace'::path_to_polys(const SkPath & path, float tolerance, const SkRect & clipBounds, int contourCnt, SkChunkAlloc & alloc, bool antialias, bool * isLinear) Line 1705	C++
>	skia.dll!GrTessellator::PathToTriangles(const SkPath & path, float tolerance, const SkRect & clipBounds, GrTessellator::VertexAllocator * vertexAllocator, bool antialias, const unsigned int & color, bool canTweakAlphaForCoverage, bool * isLinear) Line 1757	C++
 	skia.dll!TessellatingPathBatch::draw(GrVertexBatch::Target * target, const GrGeometryProcessor * gp) Line 239	C++
 	skia.dll!TessellatingPathBatch::onPrepareDraws(GrVertexBatch::Target * target) Line 306	C++
 	skia.dll!GrVertexBatch::onPrepare(GrBatchFlushState * state) Line 20	C++
 	skia.dll!GrRenderTargetOpList::prepareBatches(GrBatchFlushState * flushState) Line 170	C++
 	skia.dll!GrDrawingManager::internalFlush(GrResourceCache::FlushType type) Line 83	C++
 	skia.dll!GrDrawingManager::prepareSurfaceForExternalIO(GrSurface * surface) Line 142	C++
 	skia.dll!GrRenderTargetContext::prepareForExternalIO() Line 1226	C++
 	skia.dll!SkGpuDevice::flush() Line 1789	C++
 	cc.dll!cc::ResourceProvider::ScopedSkSurfaceProvider::~ScopedSkSurfaceProvider() Line 1198	C++
 	cc.dll!cc::`anonymous namespace'::RasterizePicture(SkPicture * picture, cc::ContextProvider * context_provider, cc::ResourceProvider::ScopedWriteLockGL * resource_lock, bool async_worker_context_enabled, bool use_distance_field_text, bool can_use_lcd_text, int msaa_sample_count, cc::ImageDecodeController * image_decode_controller, bool use_image_hijack_canvas) Line 124	C++
 	cc.dll!cc::GpuRasterBufferProvider::PlaybackOnWorkerThread(cc::ResourceProvider::ScopedWriteLockGL * resource_lock, const gpu::SyncToken & sync_token, bool resource_has_previous_content, const cc::RasterSource * raster_source, const gfx::Rect & raster_full_rect, const gfx::Rect & raster_dirty_rect, unsigned __int64 new_content_id, const gfx::SizeF & scales, const cc::RasterSource::PlaybackSettings & playback_settings) Line 277	C++
 	cc.dll!cc::GpuRasterBufferProvider::RasterBufferImpl::Playback(const cc::RasterSource * raster_source, const gfx::Rect & raster_full_rect, const gfx::Rect & raster_dirty_rect, unsigned __int64 new_content_id, const gfx::SizeF & scales, const cc::RasterSource::PlaybackSettings & playback_settings) Line 156	C++
 	cc.dll!cc::`anonymous namespace'::RasterTaskImpl::RunOnWorkerThread() Line 132	C++
 	content.dll!content::CategorizedWorkerPool::RunTaskInCategoryWithLockAcquired(cc::TaskCategory category) Line 360	C++
 	content.dll!content::CategorizedWorkerPool::RunTaskWithLockAcquired(const std::vector<enum cc::TaskCategory,std::allocator<enum cc::TaskCategory> > & categories) Line 339	C++
 	content.dll!content::CategorizedWorkerPool::Run(const std::vector<enum cc::TaskCategory,std::allocator<enum cc::TaskCategory> > & categories, base::ConditionVariable * has_ready_to_run_tasks_cv) Line 230	C++
 	base.dll!base::SimpleThread::ThreadMain() Line 69	C++
 	base.dll!base::`anonymous namespace'::ThreadFunc(void * params) Line 86	C++
 	kernel32.dll!BaseThreadInitThunk()	Unknown
 	ntdll.dll!RtlUserThreadStart()	Unknown

Let me know if I can provide more details.

Interesting, just want to point out that we could consistently (100%) reproduce on 55 on 3 different machines, and never had it crashed on 54 on 2 different machines

Turning on logging in the tessellator, tt seems to be splitting the same edge over and over again (on its top vertex).

splitting edge (1765 -> 1765.38) at vertex 1765.38 (318.828, 187.53)
removing edge (1765 -> 1765.38) above vertex 1765.38
insert edge (1765 -> 1765.38) above vertex 1765.38
intersecting 1765.38 -> 1766 with 1765 -> 1765.38
found intersection, pt is 318.828, 187.53
splitting edge (1765 -> 1765.38) at vertex 1765.38 (318.828, 187.53)
removing edge (1765 -> 1765.38) above vertex 1765.38
insert edge (1765 -> 1765.38) above vertex 1765.38
intersecting 1765.38 -> 1766 with 1765 -> 1765.38
found intersection, pt is 318.828, 187.53
...

Here is a quick fix which works around the problem. It gets rid of the OOM, but does leave some rendering artifacts. I'm going to see if I can find a fix for the deeper problem, although it could be difficult if it's what I think it is.

Deleted: enclosing-edge-fix.patch 90.1 KB

enclosing-edge-fix.patch 90.1 KB Download

Lowering priority since a fix was committed, though we may do more work here.

A fix was landed, but I can't get the original codepen case to draw anymore (on any browser).

If it still repros, feel free to reopen (or better yet, open a new bug if the repro is different).