Closed Bug 1796882 Opened 3 years ago Closed 3 months ago

Crash in [@ webrender_api::_DERIVE_peek_poke_Peek_FOR_PropertyBinding::impl$0::peek_from]

Categories

(Core :: Graphics: WebRender, defect)

Product:
Core
Component:
Graphics: WebRender
Version:
Firefox 106
Platform:
Desktop
Windows
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox108 --- affected

People

(Reporter: ash153311, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/5baf2553-09dd-4679-a4df-f8a470221022

MOZ_CRASH Reason: WRDL: memory corruption detected while parsing PropertyBinding - enum tag should be <= 1, but was 35

Top 10 frames of crashing thread:

0 xul.dll MOZ_Crash mfbt/Assertions.h:261
0 xul.dll RustMozCrash mozglue/static/rust/wrappers.cpp:17
1 xul.dll mozglue_static::panic_hook mozglue/static/rust/lib.rs:91
2 xul.dll core::ops::function::Fn::call<void  ../a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/core/src/ops/function.rs:248
3 xul.dll std::panicking::rust_panic_with_hook library/std/src/panicking.rs:702
4 xul.dll std::panicking::begin_panic_handler::closure$0 library/std/src/panicking.rs:588
5 xul.dll std::sys_common::backtrace::__rust_end_short_backtrace<std::panicking::begin_panic_handler::closure_env$0, never$> library/std/src/sys_common/backtrace.rs:138
6 xul.dll std::panicking::begin_panic_handler library/std/src/panicking.rs:584
7 xul.dll core::panicking::panic_fmt library/core/src/panicking.rs:142
8 xul.dll webrender_api::_DERIVE_peek_poke_Peek_FOR_PropertyBinding::impl$0::peek_from gfx/wr/webrender_api/src/lib.rs:422

The Bugbug bot thinks this bug should belong to the 'Core::Graphics: WebRender' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: General → Graphics: WebRender

Crash on 106, numbers look low.

Tim, is this your area nowadays?

Severity: -- → S3
Flags: needinfo?(tnikkel)

Nical might be better to take a first look?

Flags: needinfo?(tnikkel) → needinfo?(nical.bugzilla)

Another odd crash.

The crashing code is autogenerated serialization/desrialization code in peek-poke, the stack seems to always point to deserializing the color member of RectangleDisplayItem (which is a very common item). An assertion catches an unexpected enum determinant value in the byte stream.
The crash started in 106, peek-poke's code has not changed since version 95.
According to https://firefox-source-docs.mozilla.org/writing-rust-code/update-policy.html we didn't update rustc in 106, if it was a miscompilation it should have happened in 105 as well.

The crash affects a variety of CPU models (not a potential AMD issue like we have seen recently).

Because of the low volume and the fact that the crash is properly caught by an assertion, I'm inclined to not bump this up the priority lists for now, but I don't like the look of it.

Flags: needinfo?(nical.bugzilla)
Version: Firefox 108 → Firefox 106

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 3 months ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.