Closed Bug 1507017 Opened 1 year ago Closed 1 year ago

Crash in webrender::batch::AlphaBatchBuilder::add_prim_to_batch (youtube)

Categories

(Core :: Graphics: WebRender, defect, P2, critical)

Unspecified
Windows 10
defect

Tracking

()

RESOLVED FIXED
Tracking Status
firefox-esr60 --- unaffected
firefox63 --- unaffected
firefox64 --- unaffected
firefox65 --- wontfix
firefox66 --- fixed

People

(Reporter: marcia, Assigned: gw)

References

(Blocks 2 open bugs)

Details

(Keywords: crash, regression)

Crash Data

This bug was filed from the Socorro interface and is
report bp-1d68fec8-1c3e-424f-81cf-7b6b70181113.
=============================================================

Seen while looking at crash stats: https://bit.ly/2FiECnD. Crashes started using 20181112220107. Looks as if maybe this was fallout due to the WR update, bug 1506494.

Top 10 frames of crashing thread:

0 xul.dll static void std::panicking::rust_panic_with_hook /rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libstd/panicking.rs
1 xul.dll static void std::panicking::continue_panic_fmt /rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libstd/panicking.rs:391
2 xul.dll static void std::panicking::rust_begin_panic /rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libstd/panicking.rs:326
3 xul.dll static void core::panicking::panic_fmt /rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libcore/panicking.rs:77
4 xul.dll static void core::panicking::panic_bounds_check /rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libcore/panicking.rs:59
5 xul.dll static void webrender::batch::AlphaBatchBuilder::add_prim_to_batch gfx/webrender/src/batch.rs:541
6 xul.dll static void webrender::batch::AlphaBatchBuilder::add_prim_to_batch gfx/webrender/src/batch.rs:1197
7 xul.dll static void webrender::batch::AlphaBatchBuilder::add_prim_to_batch gfx/webrender/src/batch.rs:1197
8 xul.dll static void webrender::tiling::{{impl}}::build gfx/webrender/src/tiling.rs:447
9 xul.dll static struct webrender::tiling::Frame webrender::frame_builder::FrameBuilder::build gfx/webrender/src/frame_builder.rs:416

=============================================================
Glenn -- can you take a look?  Is it fallout from your update?
Flags: needinfo?(gwatson)
Priority: -- → P2
Yep, this does appear to be caused by the patch referenced above.

I'm not sure if it's possible to fix without a repro URL, but I'll take a look today and see.
Flags: needinfo?(gwatson)
Assignee: nobody → gwatson
From a manual inspection of the code, I couldn't see any obvious bugs that would cause this to occur, so we'll probably need a repro case to actually see what is happening.
Looks like right now, there are no URLs showing for any of the crashes. 43 crashes so far. Here are some of the addon correlations:

(56.52% in signature vs 06.88% overall) Addon "HTTPS Everywhere" = true
(47.83% in signature vs 06.87% overall) Addon "Privacy Badger" = true
(43.48% in signature vs 04.68% overall) Addon "Decentraleyes" = true
(43.48% in signature vs 05.11% overall) Addon "Reddit Enhancement Suite" = true
(39.13% in signature vs 03.41% overall) Addon "NoScript Security Suite" = true
(34.78% in signature vs 00.04% overall) Addon "Limit Tabs" = true
(34.78% in signature vs 00.23% overall) Addon "Night Mode Pro" = true
(39.13% in signature vs 04.22% overall) Addon "Greasemonkey" = true
(34.78% in signature vs 03.27% overall) Addon "NoScript Security Suite" Version = 10.1.9.9
GPU process crash reports pretty much never have a URL.
Now that bug 1505954 is deployed the mangled signature frame shouldn't matter, since there's a sentinel frame further down the stack that we'll use to get a proper signature.
Glenn, based on comments 6 and 7 from my reading this appears that we can now get more information on this crash? If so, could you take another look at it?
Flags: needinfo?(gwatson)
I don't think so (but could easily be misunderstanding).

All the crashes in C6 appear to be from somewhere in the moz2d blob image handler, which seem different to the crash stack above?

I don't think we have a URL / repro and I still haven't been able to repro locally yet.
Flags: needinfo?(gwatson)
Hi, so I was in about:support looking at 2 crashes from last night (https://crash-stats.mozilla.com/report/index/35ac902b-190f-4cbf-9175-5141c0181129 - is one of them) and found this bug report from there, this crash happens for me basically every time I try to watch this video (https://www.youtube.com/watch?v=K2IOZ-5Nk5k) in 4K 60FPS, full screen.
Summary: Crash in webrender::batch::AlphaBatchBuilder::add_prim_to_batch → Crash in webrender::batch::AlphaBatchBuilder::add_prim_to_batch (youtube)
I finally managed to repro this on https://www.youtube.com/watch?v=K2IOZ-5Nk5k - I am looking into it now.
I hit this when changing months in Google Calendar's month view.
Fix is https://github.com/servo/webrender/pull/3436 - should make its way into the next WR update / nightly.
This should be in the latest Nightly, can you please verify that it fixes your STR?
Flags: needinfo?(hgallagher)
Ya this seems to have fixed it for me, I watched that video for about a minute in 4K and no crash...use to crash within a couple of seconds
Flags: needinfo?(hgallagher)
Great, thanks for checking!
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
No problem, anytime :-)
Doesn't appear to be a very high volume crash for the Beta users opted into the WR experiments. I think this can just ride the trains.
You need to log in before you can comment on or make changes to this bug.