Open
Bug 1705266
Opened 4 years ago
Updated 10 months ago
Hit MOZ_CRASH(explicit panic) at gfx/wr/webrender/src/render_task.rs:42
Categories
(Core :: Graphics: WebRender, defect)
Core
Graphics: WebRender
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox89 | --- | wontfix |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: assertion, crash, testcase, Whiteboard: [bugmon:bisected,confirmed])
Attachments
(2 files)
First found while fuzzing m-c 20210413-67318cc7d1cc (--enable-debug --enable-fuzzing)
This test case makes use of printPreview() which requires a fuzzing build with pref fuzzing.enabled=true. I assume there is another way to trigger this but not sure off the top of my head.
Hit MOZ_CRASH(explicit panic) at gfx/wr/webrender/src/render_task.rs:42
#0 0x7febde07c465 in MOZ_Crash /builds/worker/workspace/obj-build/dist/include/mozilla/Assertions.h:246:3
#1 0x7febde07c465 in RustMozCrash /builds/worker/checkouts/gecko/mozglue/static/rust/wrappers.cpp:17:3
#2 0x7febde07c414 in mozglue_static::panic_hook::h99e59ae8464cffce /builds/worker/checkouts/gecko/mozglue/static/rust/lib.rs:89:9
#3 0x7febde07bdeb in core::ops::function::Fn::call::hb3ebde122b59edf5 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs:70:5
#4 0x7febdf08ea45 in std::panicking::rust_panic_with_hook::h71e6a073d87de1f5 /rustc/2fd73fabe469357a12c2c974c140f67e7cdd76d0/library/std/src/panicking.rs:595:17
#5 0x7febdd7d4b95 in std::panicking::begin_panic::_$u7b$$u7b$closure$u7d$$u7d$::h38ae6f62cf0c185d /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:520:9
#6 0x7febdd7c5c1f in std::sys_common::backtrace::__rust_end_short_backtrace::h7e2746b2a25ccd90 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/sys_common/backtrace.rs:141:18
#7 0x7febdd7d4b5e in std::panicking::begin_panic::hfc03cde341b40800 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:519:12
#8 0x7febdd995df2 in webrender::picture::PicturePrimitive::take_context::haffa23f34ebca5f6 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/picture.rs
#9 0x7febdd9a4583 in webrender::prepare::prepare_prim_for_render::h0a694df3981400c9 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:170:15
#10 0x7febdd9a4583 in webrender::prepare::prepare_primitives::h449a5bdee859f356 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:116:16
#11 0x7febdd945332 in webrender::frame_builder::FrameBuilder::build_layer_screen_rects_and_cull_layers::h97bca849e81221c3 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/frame_builder.rs:482:17
#12 0x7febdd945332 in webrender::frame_builder::FrameBuilder::build::h3bf43a5bd3ead318 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/frame_builder.rs:574:9
#13 0x7febdd9cde47 in webrender::render_backend::Document::build_frame::h16f61c5110094dfe /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:626:25
#14 0x7febdd9df383 in webrender::render_backend::RenderBackend::update_document::h3261e84ba2b4aec0 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:1556:41
#15 0x7febdd9d56b6 in webrender::render_backend::RenderBackend::prepare_transactions::hc00182363586dcd4 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:1408:28
#16 0x7febdd9d56b6 in webrender::render_backend::RenderBackend::process_api_msg::h5b28bd2de2afdd0a /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:1261:17
#17 0x7febdd7c6a49 in webrender::render_backend::RenderBackend::run::h7f4cbbe2ecba02a2 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:909:21
#18 0x7febdd7c6a49 in webrender::renderer::Renderer::new::_$u7b$$u7b$closure$u7d$$u7d$::h17544c4b55264a8e /builds/worker/checkouts/gecko/gfx/wr/webrender/src/renderer/mod.rs:1285:13
#19 0x7febdd7c6a49 in std::sys_common::backtrace::__rust_begin_short_backtrace::ha1d3b7e6a58e9161 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/sys_common/backtrace.rs:125:18
#20 0x7febdd7e8449 in std::thread::Builder::spawn_unchecked::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::hca00fb971ab6655f /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/thread/mod.rs:474:17
#21 0x7febdd7e8449 in _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h8bb23e0206900091 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:344:9
#22 0x7febdd7e8449 in std::panicking::try::do_call::hf6798e7b0859edca /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:379:40
#23 0x7febdd7e8449 in std::panicking::try::ha37a570903fe5af9 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panicking.rs:343:19
#24 0x7febdd7e8449 in std::panic::catch_unwind::h4c53a488c053c07d /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/panic.rs:431:14
#25 0x7febdd7e8449 in std::thread::Builder::spawn_unchecked::_$u7b$$u7b$closure$u7d$$u7d$::h2f8650268659bc1e /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/thread/mod.rs:473:30
#26 0x7febdd7e8449 in core::ops::function::FnOnce::call_once$u7b$$u7b$vtable.shim$u7d$$u7d$::h0d2fc460a30ad122 /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs:227:5
#27 0x7febdf09f039 in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..FnOnce$LT$Args$GT$$GT$::call_once::h61144a2be4ee36d8 /rustc/2fd73fabe469357a12c2c974c140f67e7cdd76d0/library/alloc/src/boxed.rs:1521:9
#28 0x7febdf09f039 in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..FnOnce$LT$Args$GT$$GT$::call_once::hcf5d395fdd120c17 /rustc/2fd73fabe469357a12c2c974c140f67e7cdd76d0/library/alloc/src/boxed.rs:1521:9
#29 0x7febdf09f039 in std::sys::unix::thread::Thread::new::thread_start::hb5e40d3d934ebb7a /rustc/2fd73fabe469357a12c2c974c140f67e7cdd76d0/library/std/src/sys/unix/thread.rs:71:17
#30 0x7febec226608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477:8
#31 0x7febebdef292 in clone /build/glibc-eX1tMB/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Reporter | |
Comment 1•4 years ago
|
||
|
||
Comment 2•4 years ago
|
||
Bugmon Analysis:
Verified bug as reproducible on mozilla-central 20210415040011-3b9876116bf1.
The bug appears to have been introduced in the following build range:
Start: 4c1ad70633ff2547538a471dfe77f73c6b0553a8 (20210401164033)
End: 8badf00b02befacefd5cea5c7d02e3e2189d2af0 (20210401174937)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=4c1ad70633ff2547538a471dfe77f73c6b0553a8&tochange=8badf00b02befacefd5cea5c7d02e3e2189d2af0
Whiteboard: [bugmon:bisected,confirmed]
|
||
Updated•4 years ago
|
Blocks: gfx-triage
|
|
||
Updated•4 years ago
|
Severity: -- → S4
|
|
||
Updated•4 years ago
|
No longer blocks: gfx-triage
Flags: needinfo?(nical.bugzilla)
|
||
Updated•4 years ago
|
|
|
||
Comment 3•3 years ago
|
||
Bugmon Analysis
Testcase crashes using the initial build (mozilla-central 20210413093459-67318cc7d1cc) but not with tip (mozilla-central 20220318212951-63e3e58c38ba.)
The bug appears to have been fixed in the following build range:
Start: f82c4fff86642fb89c830e03a5375aef17017272 (20220313212642)
End: 1ed627ed104111b9cd99b5952fa0264f5889dac6 (20220313201657)
Pushlog: https://hg.mozilla.org/mozilla-unified/pushloghtml?fromchange=f82c4fff86642fb89c830e03a5375aef17017272&tochange=1ed627ed104111b9cd99b5952fa0264f5889dac6
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
Keywords: bugmon
|
||
Updated•3 years ago
|
Flags: needinfo?(nical.bugzilla)
You need to log in
before you can comment on or make changes to this bug.
Description
•