Crash in [@ webrender::visibility::update_primitive_visibility]
Categories
(Core :: Graphics: WebRender, defect, P3)
Tracking
()
People
(Reporter: mccr8, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/cfba5755-4cf1-4349-9f05-8cc2c0210319
MOZ_CRASH Reason: index out of bounds: the len is 16 but the index is 4294967295
Top 10 frames of crashing thread:
0 xul.dll RustMozCrash mozglue/static/rust/wrappers.cpp:16
1 xul.dll mozglue_static::panic_hook mozglue/static/rust/lib.rs:89
2 xul.dll core::ops::function::Fn::call<fn ../cb75ad5db02783e8b0222fee363c5f63f7e2cf5b/library/core/src/ops/function.rs:227
3 xul.dll std::panicking::rust_panic_with_hook ../cb75ad5db02783e8b0222fee363c5f63f7e2cf5b//library/std/src/panicking.rs:595
4 xul.dll std::panicking::begin_panic_handler::{{closure}} ../cb75ad5db02783e8b0222fee363c5f63f7e2cf5b//library/std/src/panicking.rs:497
5 xul.dll std::sys_common::backtrace::__rust_end_short_backtrace<closure-0, !> ../cb75ad5db02783e8b0222fee363c5f63f7e2cf5b//library/std/src/sys_common/backtrace.rs:141
6 xul.dll std::panicking::begin_panic_handler ../cb75ad5db02783e8b0222fee363c5f63f7e2cf5b//library/std/src/panicking.rs:493
7 xul.dll core::panicking::panic_fmt ../cb75ad5db02783e8b0222fee363c5f63f7e2cf5b//library/core/src/panicking.rs:92
8 xul.dll core::panicking::panic_bounds_check ../cb75ad5db02783e8b0222fee363c5f63f7e2cf5b//library/core/src/panicking.rs:69
9 xul.dll webrender::visibility::update_primitive_visibility gfx/wr/webrender/src/visibility.rs:319
Looks like the index is -1? Not super high volume, but there are a couple of install times.
|
||
Updated•4 years ago
|
|
||
Updated•4 years ago
|
|
|
||
Comment 1•4 years ago
•
|
||
There are two distinct signatures here, representing half of the distribution:
As reported, we see:
https://crash-stats.mozilla.org/report/index/5a911c1e-4bc4-4d1f-8adf-ffcfe0210322
And an assertion called `Option::unwrap()` on a `None` value:
https://crash-stats.mozilla.org/report/index/c679a1e1-8c0d-479b-90c4-7a4820210325
|
|
||
Updated•4 years ago
|
|
||
Comment 2•4 years ago
|
||
Do we have any URLs or possible repro steps for this?
|
|
||
Comment 3•4 years ago
|
||
Nothing stands out. about:newtab, about:blank, YouTube, Reddit, etc. Seems like it could happen anywhere based on that.
|
|
||
Comment 4•3 years ago
|
||
Taking another look at this. It's a bit confusing since there are (have been) several different crashes getting correlated to the same signature.
All the most recent ones seem to be a panic, but the panic string doesn't seem to show up in the crash reports. From looking at the line numbers, there is only one panic I can see, but I can't see how that could occur given the caller. So we'll need some detailed repro and/or URLs to have a chance of diagnosing the most recent reports.
|
Reporter | |
Comment 5•3 years ago
|
||
(In reply to Glenn Watson [:gw] from comment #4)
All the most recent ones seem to be a panic, but the panic string doesn't seem to show up in the crash reports.
You need protected data access on crash-stats to see the panic string, so you need to either get access yourself following the procedure on that page, or you can ask somebody else to get the strings for you.
Looking at a few recent Nightly crashes with this signature:
bp-c5971584-0292-4bd6-83ca-0e8b80211126
"index out of bounds: the len is 1059 but the index is 8816"
bp-08ad1649-572c-4379-ac2d-9f2640211125
"assertion failed: spatial_tree.is_ancestor(node.spatial_node_index, prim_spatial_node_index)"
|
|
||
Comment 6•3 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #5)
(In reply to Glenn Watson [:gw] from comment #4)
All the most recent ones seem to be a panic, but the panic string doesn't seem to show up in the crash reports.
You need protected data access on crash-stats to see the panic string, so you need to either get access yourself following the procedure on that page, or you can ask somebody else to get the strings for you.
Looking at a few recent Nightly crashes with this signature:
bp-c5971584-0292-4bd6-83ca-0e8b80211126
"index out of bounds: the len is 1059 but the index is 8816"bp-08ad1649-572c-4379-ac2d-9f2640211125
"assertion failed: spatial_tree.is_ancestor(node.spatial_node_index, prim_spatial_node_index)"
Is that something that's recently changed or something that is per-bug? I've definitely seen crash reports previously where I could see the content of the panic string...
|
|
||
Comment 7•3 years ago
|
||
Hmm, interesting, it seems to not be related to protected data access, but only affect some of the crash reports, I think?
If I browse to [1], not logged in, the first couple of crashes [2], [3] I can see the MOZ_CRASH Reason (Sanitized) string but the 3 after that ([4], [5], [6]) I can't see any crash reason string. Does that seem unexpected to you? (they are same platform / process for each of those crashes).
[2] https://crash-stats.mozilla.org/report/index/3bc25ec3-8484-4c3b-b8f4-b74070211128
[3] https://crash-stats.mozilla.org/report/index/c8344aa7-120f-42d2-ac6f-7adb00211128
[4] https://crash-stats.mozilla.org/report/index/fc45964c-7b32-44e5-b847-8ef180211128
[5] https://crash-stats.mozilla.org/report/index/b39dcacd-1609-41ce-924b-b4e5c0211128
[6] https://crash-stats.mozilla.org/report/index/a99be419-10e1-4a7c-8492-d569c0211127
|
|
Reporter | |
Comment 8•3 years ago
|
||
The reports in 4, 5 and 6 don't crash reasons for me, either, so I guess the crash report just doesn't have them. Maybe something went wrong with the crash reporter.
It looks like the crash reports I linked actually do have sanitized crash reasons. I thought it used to show both sanitized and raw if you had data access, but looking at it now it seems to only show raw, so I was just confused there.
|
|
||
Comment 9•3 years ago
|
||
OK, I'll see if we can work out what might cause the ones where we do have reasons available, thanks!
|
|
||
Comment 10•3 years ago
|
||
I believe the remaining crashes with this signature will be resolved by the fix in https://bugzilla.mozilla.org/show_bug.cgi?id=1745775
|
||
Comment 11•2 years ago
|
||
The bug is linked to a topcrash signature, which matches the following criterion:
- Top 5 GPU process crashes on release
:gw, could you consider increasing the severity of this top-crash bug?
For more information, please visit auto_nag documentation.
|
|
||
Comment 12•2 years ago
|
||
There seems to have been a spike in crashes recently, but all on old versions of Firefox? Doesn't seem to be any crashes in recent versions of Firefox, is that right?
|
|
||
Comment 13•2 years ago
|
||
Based on the topcrash criteria, the crash signature linked to this bug is not a topcrash signature anymore.
For more information, please visit auto_nag documentation.
|
||
Comment 14•2 years ago
|
||
Yeah, maybe we should ignore really old versions (we are currently filtering just by channel). I filed https://github.com/mozilla/relman-auto-nag/issues/1675.
Description
•