Closed Bug 1582645 Opened 1 year ago Closed 1 year ago

Crash in [@ webrender_bindings::moz2d_renderer::BlobReader::read_entry]


(Core :: Graphics: WebRender, defect, P1)

Windows 10



Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- unaffected
firefox69 --- unaffected
firefox70 --- unaffected
firefox71 blocking fixed


(Reporter: pascalc, Assigned: jrmuizel)




(Keywords: crash, regression, regressionwindow-wanted, Whiteboard: [rca: coding error])

Crash Data


(3 files, 1 obsolete file)

This bug is for crash report bp-1d03375a-1d36-415b-9b7e-d44250190919.

Top 10 frames of crashing thread:

0 xul.dll GeckoCrash toolkit/xre/nsAppRunner.cpp:5117
1 xul.dll static void gkrust_shared::panic_hook toolkit/library/rust/shared/
2 xul.dll static void core::ops::function::Fn::call<fn src/libcore/ops/
3 xul.dll static void std::panicking::rust_panic_with_hook src/libstd/
4 xul.dll static <NoType> std::panicking::begin_panic<str*> src/libstd/
5 xul.dll static struct webrender_bindings::moz2d_renderer::Entry webrender_bindings::moz2d_renderer::BlobReader::read_entry gfx/webrender_bindings/src/
6 xul.dll static void webrender_bindings::moz2d_renderer::{{impl}}::update gfx/webrender_bindings/src/
7 xul.dll static void webrender::resource_cache::ResourceCache::pre_scene_building_update gfx/wr/webrender/src/
8 xul.dll static union core::option::Option<alloc::boxed::Box<webrender::scene_builder_thread::Transaction>> core::iter::adapters::{{impl}}::next<alloc::boxed::Box<webrender::scene_builder_thread::Transaction>, core::iter::adapters::zip::Zip<core::slice::Iter<webrender_api::api::DocumentId>, alloc::vec::Drain<webrender_api::api::TransactionMsg>>, closure> src/libcore/iter/adapters/
9 xul.dll static union webrender::render_backend::RenderBackendStatus webrender::render_backend::RenderBackend::process_api_msg gfx/wr/webrender/src/

Calixte, could you identify the source of this regression with Clouseau please? Thanks

Flags: needinfo?(cdenizet)

Bug 1570081 landed in that build (20190918100042).

Flags: needinfo?(nical.bugzilla)
Regressed by: 1570081

Jeff is the most knowledgeable about the blob serialization code.

Flags: needinfo?(nical.bugzilla) → needinfo?(jmuizelaar)

This could also be bug 1570435 or bug 1581953

Blocks: wr-71
Flags: needinfo?(jmuizelaar)
Priority: -- → P1

According to clouseau, it could be bug 1570435.

Flags: needinfo?(cdenizet)

I can reproduce this on

It looks like this is caused by We ignore the update with an empty visible rect. The next time we go round, we use the empty visible rect on content side, but the previous visible rect in the blob merging.

Nical, do you recall why this change was needed?

Flags: needinfo?(nical.bugzilla)

I don't remember exactly which but there are a bunch of places that break with sizes equal to zero in webrender (some divisions, assertions here and there).
We could make webrender robust against these (I don't think it would be difficult). At the time it seemd straightforward to not add something to the display list when we know it won't be rendered, but I didn't anticipate it would break the flow of creating and updating resources.

Flags: needinfo?(nical.bugzilla)
Attached file A test case that shows the problem (obsolete) —
Attached file svg-empty.html

A further reduced test case

Attachment #9095030 - Attachment is obsolete: true

This avoids us setting when we don't send it. e.g. When it's empty.

Thanks for jumping on this, Jeff.

Assignee: nobody → jmuizelaar

I ran into some reftest failures on try that I'm still trying to figure out.

Depends on: 1584316

I experienced two crashes in Nightly when using Google docs (slides) on MacOS. My crash report linked to this bug.

Here's a crash report if it helps.

Pushed by
Only set mLastVisibleRect after we've sent it to WebRender. r=nical
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71

I've been having crashes while using Discord since 2019-09-27, running up to date Arch Linux. Worth noting is that I disable the GPU process to work around bug 1572625, and the crash is basically impossible to reproduce if I enable it again (maybe it's crashing silently in the background?).
Crash report:
The regression window I found with mozregression seems to point to the fix for this bug:

Backed out changeset 43ac974f69db (bug 1582645) for increasing the crash volume


Resolution: FIXED → ---
Target Milestone: mozilla71 → ---

Dan, do you have any idea what in Discord was triggering the issue? i.e. what were your steps to reproduce when running the regression window?

Flags: needinfo?(streetwalkermc)

I was able to reproduce on

Flags: needinfo?(jmuizelaar)

(In reply to Jeff Muizelaar [:jrmuizel] from comment #22)

Dan, do you have any idea what in Discord was triggering the issue? i.e. what were your steps to reproduce when running the regression window?

I'm not entirely sure, sometimes it crashes on its own and sometimes when I type into the message box. Either way, it happens really fast. With mozregression, I was only able to get a full browser crash with --pref layers.gpu-process.enabled:false. I've seen a lag spike once without (GPU process crashing in the background?), but I have no idea how to get debugging information in that case.

Flags: needinfo?(streetwalkermc)
Regressions: 1584592
Pushed by
Only set mLastVisibleRect after we've sent it to WebRender. r=nical
Attachment #9097466 - Attachment description: Bug 1582645. Add crash test → Bug 1582645. Add crash test to manifest.
Closed: 1 year ago1 year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71

This bug has been identified as part of a pilot on determining root causes of blocking and dot release drivers.

It needs a root-cause set for it. Please see the list at

Add the root cause as a whiteboard tag in the form [rca - <cause> ] and remove the rca-needed keyword.

If you have questions, please contact :tmaity.

Keywords: rca-needed
Whiteboard: [rca: coding error]
Keywords: rca-needed
You need to log in before you can comment on or make changes to this bug.