Closed
Bug 1619324
Opened 4 years ago
Closed 4 years ago
Hit MOZ_CRASH(explicit panic) at gfx/wr/webrender/src/render_task.rs:37
Categories
(Core :: Graphics: WebRender, defect, P3)
Core
Graphics: WebRender
Tracking
()
RESOLVED
FIXED
mozilla75
| Tracking | Status | |
|---|---|---|
| firefox-esr68 | --- | unaffected |
| firefox74 | --- | wontfix |
| firefox75 | --- | fixed |
People
(Reporter: jkratzer, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase, Whiteboard: [bugmon:confirmed])
Crash Data
Attachments
(2 files)
Testcase found while fuzzing mozilla-central rev 51efc4b931f7 (built with --enable-debug).
Hit MOZ_CRASH(explicit panic) at gfx/wr/webrender/src/render_task.rs:37
rax = 0x0000563274c57380 rdx = 0x0000000000000000
rcx = 0x0000000000000b40 rbx = 0x00007fa73ebecb5a
rsi = 0x00007fa766da58b0 rdi = 0x00007fa766da4680
rbp = 0x00007fa73ebec940 rsp = 0x00007fa73ebec930
r8 = 0x00007fa766da58b0 r9 = 0x00007fa73ebfd700
r10 = 0x0000000000000000 r11 = 0x0000000000000000
r12 = 0x0000000000000025 r13 = 0x0000000000000023
r14 = 0x00007fa75b9aa112 r15 = 0x000000000000000e
rip = 0x00007fa75512f063
OS|Linux|0.0.0 Linux 5.3.0-28-generic #30~18.04.1-Ubuntu SMP Fri Jan 17 06:14:09 UTC 2020 x86_64
CPU|amd64|family 6 model 94 stepping 3|8
GPU|||
Crash|SIGSEGV|0x0|39
39|0|libxul.so|RustMozCrash|hg:hg.mozilla.org/mozilla-central:mozglue/static/rust/wrappers.cpp:51efc4b931f748899be0fa3c9603fc4e07b668b6|17|0x15
39|1|libxul.so|mozglue_static::panic_hook|hg:hg.mozilla.org/mozilla-central:mozglue/static/rust/lib.rs:51efc4b931f748899be0fa3c9603fc4e07b668b6|89|0x9
39|2|libxul.so|core::ops::function::Fn::call|git:github.com/rust-lang/rust:src/libcore/ops/function.rs:f3e1a954d2ead4e2fc197c7da7d71e6c61bad196|72|0xc
39|3|libxul.so|std::panicking::rust_panic_with_hook|git:github.com/rust-lang/rust:src/libstd/panicking.rs:f3e1a954d2ead4e2fc197c7da7d71e6c61bad196|475|0x6
39|4|libxul.so|std::panicking::begin_panic|git:github.com/rust-lang/rust:src/libstd/panicking.rs:f3e1a954d2ead4e2fc197c7da7d71e6c61bad196|404|0x8
39|5|libxul.so|webrender::render_task_cache::RenderTaskCache::request_render_task|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/render_task.rs:51efc4b931f748899be0fa3c9603fc4e07b668b6|37|0x18
39|6|libxul.so|webrender::prim_store::PrimitiveStore::prepare_prim_for_render|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/resource_cache.rs:51efc4b931f748899be0fa3c9603fc4e07b668b6|595|0xb
39|7|libxul.so|webrender::prim_store::PrimitiveStore::prepare_primitives|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/prim_store/mod.rs:51efc4b931f748899be0fa3c9603fc4e07b668b6|2866|0x23
39|8|libxul.so|webrender::prim_store::PrimitiveStore::prepare_prim_for_render|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/prim_store/mod.rs:51efc4b931f748899be0fa3c9603fc4e07b668b6|2755|0x2e
39|9|libxul.so|webrender::prim_store::PrimitiveStore::prepare_primitives|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/prim_store/mod.rs:51efc4b931f748899be0fa3c9603fc4e07b668b6|2866|0x23
39|10|libxul.so|webrender::frame_builder::FrameBuilder::build|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/frame_builder.rs:51efc4b931f748899be0fa3c9603fc4e07b668b6|466|0x3c
39|11|libxul.so|webrender::render_backend::Document::build_frame|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/render_backend.rs:51efc4b931f748899be0fa3c9603fc4e07b668b6|559|0x21
39|12|libxul.so|webrender::render_backend::RenderBackend::update_document|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/render_backend.rs:51efc4b931f748899be0fa3c9603fc4e07b668b6|1585|0x1d
39|13|libxul.so|webrender::render_backend::RenderBackend::process_api_msg|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/render_backend.rs:51efc4b931f748899be0fa3c9603fc4e07b668b6|1304|0x339
39|14|libxul.so|webrender::render_backend::RenderBackend::process_api_msg|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/render_backend.rs:51efc4b931f748899be0fa3c9603fc4e07b668b6|1304|0x2a
39|15|libxul.so|alloc::raw_vec::RawVec<T,A>::reserve|git:github.com/rust-lang/rust:src/liballoc/raw_vec.rs:f3e1a954d2ead4e2fc197c7da7d71e6c61bad196|520|0xe
39|16|libxul.so|webrender::hit_test::HitTester::new|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/hit_test.rs:51efc4b931f748899be0fa3c9603fc4e07b668b6|231|0x10
39|17|firefox-bin|AutoLock<Mutex>::~AutoLock()|hg:hg.mozilla.org/mozilla-central:memory/build/Mutex.h:51efc4b931f748899be0fa3c9603fc4e07b668b6|121|0x12
39|18|firefox-bin|AutoLock<Mutex>::~AutoLock()|hg:hg.mozilla.org/mozilla-central:memory/build/Mutex.h:51efc4b931f748899be0fa3c9603fc4e07b668b6|121|0x12
39|19|firefox-bin|arena_dalloc|hg:hg.mozilla.org/mozilla-central:memory/build/mozjemalloc.cpp:51efc4b931f748899be0fa3c9603fc4e07b668b6|3366|0x8
39|20|firefox-bin|AutoLock<Mutex>::~AutoLock()|hg:hg.mozilla.org/mozilla-central:memory/build/Mutex.h:51efc4b931f748899be0fa3c9603fc4e07b668b6|121|0x12
39|21|firefox-bin|arena_dalloc|hg:hg.mozilla.org/mozilla-central:memory/build/mozjemalloc.cpp:51efc4b931f748899be0fa3c9603fc4e07b668b6|3366|0x8
39|22|firefox-bin|arena_t::MallocSmall(unsigned long, bool)|hg:hg.mozilla.org/mozilla-central:memory/build/mozjemalloc.cpp:51efc4b931f748899be0fa3c9603fc4e07b668b6|2865|0xb
39|23|firefox-bin|Allocator<MozJemallocBase>::free(void*)|hg:hg.mozilla.org/mozilla-central:memory/build/malloc_decls.h:51efc4b931f748899be0fa3c9603fc4e07b668b6|54|0x2b
39|24|firefox-bin|PageFree|hg:hg.mozilla.org/mozilla-central:memory/replace/phc/PHC.cpp:51efc4b931f748899be0fa3c9603fc4e07b668b6|1122|0x8
39|25|firefox-bin|replace_free|hg:hg.mozilla.org/mozilla-central:memory/replace/phc/PHC.cpp:51efc4b931f748899be0fa3c9603fc4e07b668b6|1155|0x33
39|26|firefox-bin|replace_free|hg:hg.mozilla.org/mozilla-central:memory/replace/phc/PHC.cpp:51efc4b931f748899be0fa3c9603fc4e07b668b6|1155|0x33
39|27|libxul.so|webrender::render_backend::RenderBackend::update_document|hg:hg.mozilla.org/mozilla-central:gfx/wr/webrender/src/render_backend.rs:51efc4b931f748899be0fa3c9603fc4e07b668b6|1669|0x97
Flags: in-testsuite?
|
Reporter | |
Comment 1•4 years ago
|
||
|
|
Reporter | |
Comment 2•4 years ago
|
||
BugMon: Verified bug as reproducible on 51efc4b931f7
|
|
Reporter | |
Comment 3•4 years ago
|
||
BugMon: Reduced build range to...
> Start: ac63c8962183502a4b0ec32222efc67d3841d157 (20191107230801)
> End: dff542b772e590137a2e3d9785f5c32878f256f1 (20191108052104)
> Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=ac63c8962183502a4b0ec32222efc67d3841d157&tochange=dff542b772e590137a2e3d9785f5c32878f256f1|
|
Reporter | |
Updated•4 years ago
|
Whiteboard: [bugmon:confirm] → [bugmon:confirmed]
|
||
Comment 4•4 years ago
|
||
probably a dupe of bug 1618939
Crash Signature: [@ webrender::render_task::render_task_sanity_check ]
Flags: needinfo?(jkratzer)
See Also: → 1618939
|
|
Reporter | |
Comment 5•4 years ago
|
||
Could it be the same issue considering that the bisection ranges are different?
Flags: needinfo?(jkratzer)
|
||
Comment 6•4 years ago
|
||
jessie: not sure how to prioritize canvas performance issues
Flags: needinfo?(jbonisteel)
|
||
Comment 8•4 years ago
|
||
The priority flag is not set for this bug.
:jbonisteel, could you have a look please?
For more information, please visit auto_nag documentation.
Flags: needinfo?(jbonisteel)
|
||
Comment 9•4 years ago
|
||
Bert, does this look like a dupe of bug 1618939?
Flags: needinfo?(jbonisteel) → needinfo?(bpeers)
Priority: -- → P3
|
||
Comment 10•4 years ago
|
||
Yes, good catch!
https://hg.mozilla.org/integration/autoland/rev/14caf2826f00
Status: NEW → RESOLVED
Closed: 4 years ago
Flags: needinfo?(bpeers)
Resolution: --- → FIXED
|
||
Updated•4 years ago
|
status-firefox74:
--- → wontfix
status-firefox-esr68:
--- → unaffected
Flags: in-testsuite? → in-testsuite+
Target Milestone: --- → mozilla75
You need to log in
before you can comment on or make changes to this bug.
Description
•