Closed
Bug 1535657
Opened 4 years ago
Closed 4 years ago
Hit MOZ_CRASH(called `Option::unwrap()` on a `None` value) at src/libcore/option.rs:355
Categories
(Core :: Graphics: WebRender, defect, P3)
Core
Graphics: WebRender
Tracking
()
RESOLVED
FIXED
mozilla69
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox67 | --- | wontfix |
| firefox68 | --- | wontfix |
| firefox69 | --- | fixed |
People
(Reporter: jkratzer, Assigned: aosmond)
References
(Blocks 3 open bugs)
Details
(Keywords: assertion, regression, testcase)
Crash Data
Attachments
(2 files)
Testcase found while fuzzing mozilla-central rev 4d62ab0e31fd.
Hit MOZ_CRASH(called Option::unwrap() on a None value) at src/libcore/option.rs:355
rax = 0x000055c53b062e40 rdx = 0x0000000000000000
rcx = 0x0000000000000b40 rbx = 0x00007fb9430f3f1a
rsi = 0x00007fb9703af8b0 rdi = 0x00007fb9703ae680
rbp = 0x00007fb9430f3f00 rsp = 0x00007fb9430f3ef0
r8 = 0x00007fb9703af8b0 r9 = 0x00007fb9430fd700
r10 = 0x0000000000000000 r11 = 0x0000000000000000
r12 = 0x0000000000000163 r13 = 0x0000000000000015
r14 = 0x00007fb93a603ca0 r15 = 0x000000000000002b
rip = 0x00007fb962aa06c3
OS|Linux|0.0.0 Linux 4.18.0-16-generic #17~18.04.1-Ubuntu SMP Tue Feb 12 13:35:51 UTC 2019 x86_64
CPU|amd64|family 6 model 94 stepping 3|1
GPU|||
Crash|SIGSEGV /SEGV_MAPERR|0x0|51
51|0|libxul.so|GeckoCrash|hg:hg.mozilla.org/mozilla-central:mfbt/Assertions.h:4d62ab0e31fd6918ca95763914a8bdf41afe757a|314|0x0
51|1|libxul.so|gkrust_shared::panic_hook|hg:hg.mozilla.org/mozilla-central:toolkit/library/rust/shared/lib.rs:4d62ab0e31fd6918ca95763914a8bdf41afe757a|234|0x9
51|2|libxul.so|core::ops::function::Fn::call|git:github.com/rust-lang/rust:src/libcore/ops/function.rs:9fda7c2237db910e41d6a712e9a2139b352e558b|78|0x5
51|3|libxul.so|std::panicking::rust_panic_with_hook|git:github.com/rust-lang/rust:src/libstd/panicking.rs:9fda7c2237db910e41d6a712e9a2139b352e558b|495|0x6
51|4|libxul.so|std::panicking::continue_panic_fmt|git:github.com/rust-lang/rust:src/libstd/panicking.rs:9fda7c2237db910e41d6a712e9a2139b352e558b|398|0x18
51|5|libxul.so|rust_begin_unwind|git:github.com/rust-lang/rust:src/libstd/panicking.rs:9fda7c2237db910e41d6a712e9a2139b352e558b|325|0x5
51|6|libxul.so|core::panicking::panic_fmt|git:github.com/rust-lang/rust:src/libcore/panicking.rs:9fda7c2237db910e41d6a712e9a2139b352e558b|95|0x6
51|7|libxul.so|core::panicking::panic|git:github.com/rust-lang/rust:src/libcore/panicking.rs:9fda7c2237db910e41d6a712e9a2139b352e558b|59|0x6
51|8|libxul.so|<webrender::prim_store::SpaceMapper<F, T>>::map|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/util.rs:4d62ab0e31fd6918ca95763914a8bdf41afe757a|0|0xd
51|9|libxul.so|webrender::picture::PictureUpdateState::update|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/picture.rs:4d62ab0e31fd6918ca95763914a8bdf41afe757a|2771|0x11
51|10|libxul.so|webrender::picture::PictureUpdateState::update|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/picture.rs:4d62ab0e31fd6918ca95763914a8bdf41afe757a|1722|0x1f
51|11|libxul.so|webrender::picture::PictureUpdateState::update|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/picture.rs:4d62ab0e31fd6918ca95763914a8bdf41afe757a|1722|0x1f
51|12|libxul.so|webrender::picture::PictureUpdateState::update|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/picture.rs:4d62ab0e31fd6918ca95763914a8bdf41afe757a|1722|0x1f
51|13|libxul.so|webrender::picture::PictureUpdateState::update|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/picture.rs:4d62ab0e31fd6918ca95763914a8bdf41afe757a|1722|0x1f
51|14|libxul.so|webrender::picture::PictureUpdateState::update_all|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/picture.rs:4d62ab0e31fd6918ca95763914a8bdf41afe757a|1636|0x20
51|15|libxul.so|webrender::frame_builder::FrameBuilder::build|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/frame_builder.rs:4d62ab0e31fd6918ca95763914a8bdf41afe757a|378|0x10
51|16|libxul.so|webrender::render_backend::Document::build_frame|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/render_backend.rs:4d62ab0e31fd6918ca95763914a8bdf41afe757a|509|0x3f
51|17|libxul.so|webrender::render_backend::RenderBackend::update_document|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/render_backend.rs:4d62ab0e31fd6918ca95763914a8bdf41afe757a|1372|0xe
51|18|libxul.so|webrender::render_backend::RenderBackend::process_api_msg|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/render_backend.rs:4d62ab0e31fd6918ca95763914a8bdf41afe757a|1248|0x36
51|19|libxul.so|webrender::render_backend::RenderBackend::run|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/render_backend.rs:4d62ab0e31fd6918ca95763914a8bdf41afe757a|934|0x1d
51|20|libxul.so|std::sys_common::backtrace::__rust_begin_short_backtrace|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/renderer.rs:4d62ab0e31fd6918ca95763914a8bdf41afe757a|2054|0x8
51|21|libxul.so|mozilla::wr::WebRenderMallocEnclosingSizeOf|hg:hg.mozilla.org/mozilla-central:gfx/webrender_bindings/WebRenderAPI.cpp:4d62ab0e31fd6918ca95763914a8bdf41afe757a|31|0x16
51|22|libxul.so|std::__detail::_Hashtable_alloc<std::allocator<std::__detail::_Hash_node<std::pair<unsigned long const, mozilla::wr::WrSpaceAndClip>, false> > >::_M_allocate_buckets(unsigned long)|hg:hg.mozilla.org/mozilla-central:gcc/include/c++/6.4.0/bits/hashtable_policy.h:4d62ab0e31fd6918ca95763914a8bdf41afe757a|1998|0x7
51|23|||||0x7fb943573290
51|24|libxul.so|_fini|||0x2a372dc
51|25|libxul.so|_fini|||0x2a3719c
51|26|libxul.so|_fini|||0x2a36f94
51|27|libGLX.so.0.0.0||||0x6001
51|28|libGLdispatch.so.0.0.0||||0x425e0
Flags: in-testsuite?
|
||
Updated•4 years ago
|
Priority: -- → P3
|
||
Comment 1•4 years ago
|
||
I get a crash from the testcase : https://crash-stats.mozilla.org/report/index/08ee0e73-fa32-47cd-9e20-dfb990190316#tab-bugzilla
Crash Signature: [@ webrender::prim_store::SpaceMapper<T>::map<T> ]
|
||
Updated•4 years ago
|
status-firefox68:
--- → affected
|
||
Comment 2•4 years ago
|
||
Blocks: wr-fuzz, wr-stability
Severity: normal → critical
|
||
Updated•4 years ago
|
Crash Signature: [@ webrender::prim_store::SpaceMapper<T>::map<T> ] → [@ webrender::prim_store::SpaceMapper<T>::map<T>]
[@ webrender::prim_store::SpaceMapper<T>::new<T>]
|
||
Comment 4•4 years ago
|
||
This crash is also showing up under the odd signature [@ <T>::new ].
Crash Signature: [@ webrender::prim_store::SpaceMapper<T>::map<T>]
[@ webrender::prim_store::SpaceMapper<T>::new<T>] → [@ webrender::prim_store::SpaceMapper<T>::map<T>]
[@ webrender::prim_store::SpaceMapper<T>::new<T>][@ <T>::new ]
|
||
Comment 5•4 years ago
|
||
This is the #3 topcrash in the Windows nightly 20190523044159, with 43 crashes in 7 installations.
|
Assignee | |
Comment 6•4 years ago
|
||
mozregression points to bug 1552984 fixing the issue. We should however include the test case as a crashtest.
Depends on: 1552984
|
||
Updated•4 years ago
|
Keywords: regression
|
|
Assignee | |
Comment 7•4 years ago
|
||
|
|
Assignee | |
Comment 8•4 years ago
|
||
Pushed by aosmond@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/7641c71557db Add crashtest which was fixed by bug 1552984. r=gw
|
||
Comment 10•4 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox69:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla69
|
|
||
Updated•4 years ago
|
Assignee: nobody → aosmond
|
||
Updated•4 years ago
|
|
||
Updated•4 years ago
|
status-firefox67:
--- → wontfix
status-firefox-esr60:
--- → unaffected
Flags: in-testsuite? → in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•