(picture-caching) Crash in webrender::prim_store::PrimitiveStore::update_tile_cache

VERIFIED FIXED in Firefox 66

Status

()

defect
P3
critical
VERIFIED FIXED
6 months ago
3 months ago

People

(Reporter: mayankleoboy1, Assigned: gw)

Tracking

(Blocks 2 bugs, {crash, nightly-community, regression})

Trunk
mozilla66
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox-esr60 unaffected, firefox64 unaffected, firefox65 unaffected, firefox66 verified)

Details

(crash signature, )

Reporter

Description

6 months ago
This bug was filed from the Socorro interface and is
report bp-8d97bbf9-83ae-43d5-96b7-692e70181230.
=============================================================

Top 10 frames of crashing thread:

0 xul.dll MOZ_CrashOOL mfbt/Assertions.h:314
1 xul.dll GeckoCrashOOL toolkit/xre/nsAppRunner.cpp:5118
2 xul.dll static void gkrust_shared::panic_hook toolkit/library/rust/shared/lib.rs:232
3 xul.dll static void core::ops::function::Fn::call<fn /libcore/ops/function.rs:78
4 xul.dll static void std::panicking::rust_panic_with_hook src/libstd/panicking.rs:480
5 xul.dll static void std::panicking::continue_panic_fmt src/libstd/panicking.rs:390
6 xul.dll static void std::panicking::rust_begin_panic src/libstd/panicking.rs:325
7 xul.dll static void core::panicking::panic_fmt src/libcore/panicking.rs:77
8 xul.dll static void core::panicking::panic_bounds_check src/libcore/panicking.rs:59
9 xul.dll static void webrender::prim_store::PrimitiveStore::update_tile_cache gfx/wr/webrender/src/prim_store/mod.rs

=============================================================


Dont have exact STR. 
I just enabled picture caching, and then tried to scroll a page full of emojis. Then maybe switched tabs or opened a new tab.
Reporter

Updated

6 months ago
Keywords: crash
Priority: -- → P3
Reporter

Comment 1

6 months ago
slightly better STR:
1. enable wr. enable picture caching
2. Open the attachment.
3. Triple click on the page to select all the emoji.
4. scroll the page down. 
After some time, a crash

https://crash-stats.mozilla.org/report/index/8370c32c-6995-4518-ae19-3621f0181230
As of servo/webrender#3455 no longer drawn on chrome, but can still crash.
Summary: Crash in webrender::prim_store::PrimitiveStore::update_tile_cache → (picture-caching) Crash in webrender::prim_store::PrimitiveStore::update_tile_cache
(In reply to Mayank Bansal from comment #1)
> 3. Triple click on the page to select all the emoji.
> 4. scroll the page down. 
> After some time, a crash

a recent m-c build from bug 1517460 comment 3:
mozregression --launch 76a978035542 --pref gfx.webrender.all:true gfx.webrender.picture-caching:true -a https://bug1493353.bmoattachments.org/attachment.cgi?id=9030975 -B debug
> Hit MOZ_CRASH(index out of bounds: the len is 0 but the index is 18) at libcore/slice/mod.rs:2454


try build from https://github.com/servo/webrender/pull/3459#issuecomment-451067556:
mozregression --repo try --launch a4f08722b5be28da75a52578fbdefe3ddfbf6aaf --pref gfx.webrender.all:true gfx.webrender.picture-caching:true -a https://bug1493353.bmoattachments.org/attachment.cgi?id=9030975 -B debug

-> Can't repro, looks fixed to me.
Assignee: nobody → gwatson
Status: NEW → RESOLVED
Closed: 6 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
Assignee

Comment 6

5 months ago
I _think_ this is probably from testing a build before the fix for this crash landed.

The build id referenced in the crash report above is:

author	Jan de Mooij <jdemooij@mozilla.com>
	Fri, 04 Jan 2019 17:47:39 +0000 (2 days ago)
changeset 452561 	4b3fc8b91280

But the fix for this panic didn't land until after that in m-c, as part of:

changeset:   452645:e0e9c4425d13
date:        Sat Jan 05 21:15:35 2019 +0000

I've tested with that URL locally with current m-c and I can't reproduce the panic, which looks like exactly the same call stack as what the fix applies to.

So, hopefully, this is a case of seeing the crash on a build earlier than when the fix landed.
Flags: needinfo?(mayankleoboy1)
Reporter

Comment 7

5 months ago
Yes, I cant repro with the latest nightly.
Status: REOPENED → RESOLVED
Closed: 6 months ago5 months ago
Flags: needinfo?(mayankleoboy1)
Resolution: --- → FIXED
Flags: qe-verify+

I have managed to reproduce the issue using Fx 66.0a1 buildID: 20181229214252 only on Ubuntu 16.04 environment. On macOS 10.14 and Windows 10 x64 the crash couldn't be reproduced, but the tab bar presented glitchy/flickering behavior.

The issue is verified fixed using Fx 66.0b13 on macOS 10.14, Windows 10 x64 and Ubuntu 16.04. On Ubuntu, the browser no longer crashes and on Windows and Mac the tab bar no longer flickers or displays the smiley page as the tab background.

Status: RESOLVED → VERIFIED
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.