Created attachment 8808620 [details] stack found via bughunter and reproduced on latest windows opt and debug tinderbox trunk builds. Crash at [@ memcpy | rx::Buffer11::BufferStorage::setData ] Steps to reproduce: -> Load https://floooh.github.io/oryol-webgl2/asmjs/PackedNormals.html --> Crash on opt and debug Bughunter rated this high to medium exploitable - windows only and so far only on trunk builds (aurora builds crash with https://crash-stats.mozilla.com/report/index/d1d068a7-b111-4fdf-af5b-5e5b52161108 no idea if this related or a different bug) opt crash report https://crash-stats.mozilla.com/report/index/70ad7dec-f89f-4b06-b26c-c329c2161108
[Tracking Requested - why for this release]: affects at least trunk opt and debug builds (aurora crashes too but not sure if this is this regression here) Milan, Jeff: could you take a look, thanks!
Regression range: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=4ebed327385b6827b9275c21e29f23b13aa92457&tochange=fa9844b0dee37aeb4c94d027f7c68a94721db320 Confirmed that it reproduces on 50 as well if webgl2 is preffed on. I *think* we're planning to disable on 51 as well?
It actually needs WebGL2 pref'd on?
(In reply to Milan Sreckovic [:milan] from comment #3) > It actually needs WebGL2 pref'd on? Correct. No crashes with WebGL2 off (even on nightly). Bisected locally to rev 7a6514210303. https://hg.mozilla.org/integration/mozilla-inbound/rev/7a6514210303
(In reply to Ryan VanderMeulen [:RyanVM] from comment #2) > Regression range: > https://hg.mozilla.org/integration/mozilla-inbound/ > pushloghtml?fromchange=4ebed327385b6827b9275c21e29f23b13aa92457&tochange=fa98 > 44b0dee37aeb4c94d027f7c68a94721db320 > > Confirmed that it reproduces on 50 as well if webgl2 is preffed on. I > *think* we're planning to disable on 51 as well? We are not. We need to fix this in 51. I'll take a look.
Track 51+/52+ as regression and Web GL 2 issue.
I'm 80% sure this is bug 1316533.
(In reply to Jeff Gilbert [:jgilbert] from comment #7) > I'm 80% sure this is bug 1316533. Specifically, this is a bug in ANGLE. We're looking to update ANGLE in 52 and 53. We're going to look at cherry-picking a couple csets for 51, but likely taking the ANGLE update on 51 after it bakes on Aurora52 for a bit.
This appears to be fixed in Nightly 53 now. Bug 1319004 updated ANGLE, and should eventually be headed out to 51, but at least to 52.