Closed
Bug 1825450
Opened 2 years ago
Closed 2 years ago
Hit MOZ_CRASH(called `Option::unwrap()` on a `None` value) at /builds/worker/checkouts/gecko/third_party/rust/euclid/src/size.rs:323
Categories
(Core :: Graphics: WebRender, defect)
Core
Graphics: WebRender
Tracking
()
People
(Reporter: tsmith, Assigned: gw)
References
(Blocks 2 open bugs, Regression)
Details
(Keywords: assertion, regression, testcase, Whiteboard: [bugmon:bisected,confirmed])
Crash Data
Attachments
(2 files)
Found while fuzzing m-c 20230328-aff0b6424701 (--enable-debug --enable-fuzzing)
To reproduce via Grizzly Replay:
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.html
Hit MOZ_CRASH(called Option::unwrap() on a None value) at /builds/worker/checkouts/gecko/third_party/rust/euclid/src/size.rs:323
#0 0x7f6baffd5dd9 in MOZ_Crash /builds/worker/workspace/obj-build/dist/include/mozilla/Assertions.h:261:3
#1 0x7f6baffd5dd9 in RustMozCrash /builds/worker/checkouts/gecko/mozglue/static/rust/wrappers.cpp:18:3
#2 0x7f6baffd5c94 in mozglue_static::panic_hook::h3420e4f880ad7531 /builds/worker/checkouts/gecko/mozglue/static/rust/lib.rs:91:9
#3 0x7f6baffd41a5 in core::ops::function::Fn::call::h247797f985b0b6d4 /builds/worker/fetches/rust/library/core/src/ops/function.rs:79:5
#4 0x7f6bb3a2d36c in std::panicking::rust_panic_with_hook::h934183cdc907cdb7 (/home/user/workspace/browsers/m-c-20230329095653-fuzzing-asan-opt/libxul.so+0x28a2d36c) (BuildId: c8c8bccd293a89e4489fbb80df50b4c651e49185)
#5 0x7f6bb3a61f81 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::ha4717e10b670239c std.68dc465f-cgu.9
#6 0x7f6bb3a60e6b in std::sys_common::backtrace::__rust_end_short_backtrace::h41e12fc2b4f363e6 std.68dc465f-cgu.9
#7 0x7f6bb3a2ced1 in rust_begin_unwind (/home/user/workspace/browsers/m-c-20230329095653-fuzzing-asan-opt/libxul.so+0x28a2ced1) (BuildId: c8c8bccd293a89e4489fbb80df50b4c651e49185)
#8 0x7f6bb3aaed92 in core::panicking::panic_fmt::ha3b610cb064485dc (/home/user/workspace/browsers/m-c-20230329095653-fuzzing-asan-opt/libxul.so+0x28aaed92) (BuildId: c8c8bccd293a89e4489fbb80df50b4c651e49185)
#9 0x7f6bb3aaee2c in core::panicking::panic::h7aefa70a10d18b3a (/home/user/workspace/browsers/m-c-20230329095653-fuzzing-asan-opt/libxul.so+0x28aaee2c) (BuildId: c8c8bccd293a89e4489fbb80df50b4c651e49185)
#10 0x7f6baeb50277 in webrender::picture::PicturePrimitive::take_context::h8af79336a98cda27 /builds/worker/fetches/rust/library/core/src/option.rs
#11 0x7f6baeb89167 in webrender::prepare::prepare_prim_for_render::h5a295e42d27e47af /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:160:15
#12 0x7f6baeb89167 in webrender::prepare::prepare_primitives::hb5b1d3ba25d05ab7 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:80:17
#13 0x7f6baeb892c9 in webrender::prepare::prepare_prim_for_render::h5a295e42d27e47af /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:170:17
#14 0x7f6baeb892c9 in webrender::prepare::prepare_primitives::hb5b1d3ba25d05ab7 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:80:17
#15 0x7f6baeb892c9 in webrender::prepare::prepare_prim_for_render::h5a295e42d27e47af /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:170:17
#16 0x7f6baeb892c9 in webrender::prepare::prepare_primitives::hb5b1d3ba25d05ab7 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:80:17
#17 0x7f6baeb892c9 in webrender::prepare::prepare_prim_for_render::h5a295e42d27e47af /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:170:17
#18 0x7f6baeb892c9 in webrender::prepare::prepare_primitives::hb5b1d3ba25d05ab7 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:80:17
#19 0x7f6baeb892c9 in webrender::prepare::prepare_prim_for_render::h5a295e42d27e47af /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:170:17
#20 0x7f6baeb892c9 in webrender::prepare::prepare_primitives::hb5b1d3ba25d05ab7 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/prepare.rs:80:17
#21 0x7f6baea949bb in webrender::frame_builder::FrameBuilder::build_layer_screen_rects_and_cull_layers::h7c45a802ef3add20 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/frame_builder.rs:435:17
#22 0x7f6baea949bb in webrender::frame_builder::FrameBuilder::build::h0753bf54eeb3dd3c /builds/worker/checkouts/gecko/gfx/wr/webrender/src/frame_builder.rs:535:9
#23 0x7f6baec39ede in webrender::render_backend::Document::build_frame::hf11f603e86f08558 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:515:25
#24 0x7f6baec87d1e in webrender::render_backend::RenderBackend::update_document::ha258cea53df80039 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:1425:41
#25 0x7f6baec6896f in webrender::render_backend::RenderBackend::prepare_transactions::h0cc12abd56ff875f /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:1269:28
#26 0x7f6baec6896f in webrender::render_backend::RenderBackend::process_api_msg::hd852ee5203775988 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:1122:17
#27 0x7f6bae2f2bc9 in webrender::render_backend::RenderBackend::run::h5ae8ed46d2b4c803 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:773:21
#28 0x7f6bae2f2bc9 in webrender::renderer::init::create_webrender_instance::_$u7b$$u7b$closure$u7d$$u7d$::h1fc10d0fa3155596 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/renderer/init.rs:685:9
#29 0x7f6bae2f2bc9 in std::sys_common::backtrace::__rust_begin_short_backtrace::hc3b114c94cb47b95 /builds/worker/fetches/rust/library/std/src/sys_common/backtrace.rs:121:18
#30 0x7f6bae34d9ab in std::thread::Builder::spawn_unchecked_::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::h82738137b36f3e11 /builds/worker/fetches/rust/library/std/src/thread/mod.rs:558:17
#31 0x7f6bae34d9ab in _$LT$core..panic..unwind_safe..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h3742b9898e95141f /builds/worker/fetches/rust/library/core/src/panic/unwind_safe.rs:271:9
#32 0x7f6bae34d9ab in std::panicking::try::do_call::h6b91d293ec80a82b /builds/worker/fetches/rust/library/std/src/panicking.rs:483:40
#33 0x7f6bae34d9ab in std::panicking::try::h8baa3a708934dec8 /builds/worker/fetches/rust/library/std/src/panicking.rs:447:19
#34 0x7f6bae34d9ab in std::panic::catch_unwind::h10be9d05e45f61da /builds/worker/fetches/rust/library/std/src/panic.rs:140:14
#35 0x7f6bae34d9ab in std::thread::Builder::spawn_unchecked_::_$u7b$$u7b$closure$u7d$$u7d$::hcd4c9bd524cc9eeb /builds/worker/fetches/rust/library/std/src/thread/mod.rs:557:30
#36 0x7f6bae34d9ab in core::ops::function::FnOnce::call_once$u7b$$u7b$vtable.shim$u7d$$u7d$::h288d2dd8b6b5bdb7 /builds/worker/fetches/rust/library/core/src/ops/function.rs:250:5
#37 0x7f6bb3a63482 in std::sys::unix::thread::Thread::new::thread_start::h15bd3d89842cf77f std.68dc465f-cgu.9
#38 0x7f6bbf094b42 in start_thread nptl/pthread_create.c:442:8
#39 0x7f6bbf1269ff misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
Flags: in-testsuite?
|
Reporter | |
Updated•2 years ago
|
Crash Signature: [@ webrender::picture::PicturePrimitive::take_context ]
|
||
Updated•2 years ago
|
Blocks: wr-stability
|
|
||
Updated•2 years ago
|
Severity: -- → S3
|
Assignee | |
Updated•2 years ago
|
Assignee: nobody → gwatson
Flags: needinfo?(gwatson)
|
||
Comment 2•2 years ago
|
||
MOZ_DISABLE_CONTENT_SANDBOX=1 mozregression --good 2021-05-01 --bad 2023-03-29 -a https://bugzilla.mozilla.org/attachment.cgi?id=9325878
11:03.74 INFO: Last good revision: 01d5f09a02bfe727760cb8498fd866dbdaaff9d4
11:03.74 INFO: First bad revision: 5ccaf8100f7912e55bb98cc1951d57df9c4dd511
11:03.74 INFO: Pushlog:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=01d5f09a02bfe727760cb8498fd866dbdaaff9d4&tochange=5ccaf8100f7912e55bb98cc1951d57df9c4dd511
5ccaf8100f7912e55bb98cc1951d57df9c4dd511 Glenn Watson — Bug 1766017 - Do a better job of clipping off-screen surface allocation sizes r=gfx-reviewers,lsalzman
status-firefox111:
--- → wontfix
status-firefox112:
--- → affected
status-firefox-esr102:
--- → affected
Keywords: regression
OS: Unspecified → All
Regressed by: 1766017
Hardware: Unspecified → All
|
||
Comment 3•2 years ago
|
||
Verified bug as reproducible on mozilla-central 20230330150905-b80334ae642d.
The bug appears to have been introduced in the following build range:
Start: d7ad2eff79c5401a961858021ffdbf727e9b79ff (20220426072839)
End: bc6e0a6f3cbce9a2a6bfee5a67791046a0935f7a (20220426095745)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=d7ad2eff79c5401a961858021ffdbf727e9b79ff&tochange=bc6e0a6f3cbce9a2a6bfee5a67791046a0935f7a
Whiteboard: [bugmon:bisected,confirmed]
|
||
Updated•2 years ago
|
|
|
||
Comment 4•2 years ago
|
||
Bugmon was unable reproduce this issue.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
Keywords: bugmon
|
||
Comment 5•2 years ago
|
||
A change to the Taskcluster build definitions over the weekend caused Bugmon to fail when reproducing issues. This issue has been corrected. Re-enabling bugmon.
Keywords: bugmon
|
|
Assignee | |
Comment 6•2 years ago
|
||
Pushed by gwatson@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a83043c7ab51
Ensure device pixel scale for surfaces can't become infinite r=gfx-reviewers,lsalzman
|
||
Comment 8•2 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox117:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 117 Branch
|
|
||
Comment 9•2 years ago
|
||
Verified bug as fixed on rev mozilla-central 20230710094014-aaa3698312c5.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
status-firefox115:
--- → wontfix
status-firefox116:
--- → fix-optional
Flags: in-testsuite? → in-testsuite+
|
||
Comment 10•2 years ago
|
||
The patch landed in nightly and beta is affected.
:gw, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox116towontfix.
For more information, please visit BugBot documentation.
Flags: needinfo?(gwatson)
|
|
Assignee | |
Updated•2 years ago
|
Flags: needinfo?(gwatson)
|
|
||
Updated•2 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•