Open
Bug 1845202
Opened 1 year ago
Updated 2 days ago
Hit MOZ_CRASH(called `Option::unwrap()` on a `None` value) at /builds/worker/checkouts/gecko/third_party/rust/euclid/src/size.rs:323
Categories
(Core :: Graphics: WebRender, defect)
Core
Graphics: WebRender
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox-esr102 | --- | unaffected |
| firefox-esr115 | --- | wontfix |
| firefox115 | --- | wontfix |
| firefox116 | --- | wontfix |
| firefox117 | --- | fix-optional |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: assertion, regression, testcase, Whiteboard: [bugmon:bisected,confirmed])
Attachments
(1 file)
|
330 bytes,
text/html
|
Details |
Found while fuzzing m-c 20230723-ec054fe362b6 (--enable-debug --enable-fuzzing)
To reproduce via Grizzly Replay:
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.html
Hit MOZ_CRASH(called Option::unwrap() on a None value) at /builds/worker/checkouts/gecko/third_party/rust/euclid/src/size.rs:323
#0 0x7f8bb4b69145 in MOZ_Crash /builds/worker/workspace/obj-build/dist/include/mozilla/Assertions.h:281:3
#1 0x7f8bb4b69145 in RustMozCrash /builds/worker/checkouts/gecko/mozglue/static/rust/wrappers.cpp:18:3
#2 0x7f8bb4b690d6 in mozglue_static::panic_hook::ha6bfb9e7df0487c1 /builds/worker/checkouts/gecko/mozglue/static/rust/lib.rs:96:9
#3 0x7f8bb4b68adb in core::ops::function::Fn::call::h32557a407c48d309 /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/ops/function.rs:79:5
#4 0x7f8bb5a960dc in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..Fn$LT$Args$GT$$GT$::call::h0be7fc2421582b49 /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/alloc/src/boxed.rs:1999:9
#5 0x7f8bb5a960dc in std::panicking::rust_panic_with_hook::h82ebcd5d5ed2fad4 /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/panicking.rs:709:13
#6 0x7f8bb5a95e30 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::h810bed8ecbe66f1a /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/panicking.rs:595:13
#7 0x7f8bb5a932f5 in std::sys_common::backtrace::__rust_end_short_backtrace::h1410008071796261 /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/sys_common/backtrace.rs:151:18
#8 0x7f8bb5a95bc1 in rust_begin_unwind /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/panicking.rs:593:5
#9 0x7f8bb5aeec22 in core::panicking::panic_fmt::ha0a42a25e0cf258d /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/panicking.rs:67:14
#10 0x7f8bb5aeecb2 in core::panicking::panic::ha338a74a5d65bf6f /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/panicking.rs:117:5
#11 0x7f8bb463a851 in webrender::clip::ClipNode::update::he29b73129622fd7e /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/option.rs
#12 0x7f8bb463c72f in webrender::clip::ClipStore::build_clip_chain_instance::h0fe503218db89b55 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/clip.rs:1427:21
#13 0x7f8bb47d3bbd in webrender::visibility::update_prim_visibility::h15b2dab25ad0f9e2 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/visibility.rs:286:30
#14 0x7f8bb47d3f39 in webrender::visibility::update_prim_visibility::h15b2dab25ad0f9e2 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/visibility.rs:246:17
#15 0x7f8bb47d3f39 in webrender::visibility::update_prim_visibility::h15b2dab25ad0f9e2 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/visibility.rs:246:17
#16 0x7f8bb467e2c0 in webrender::frame_builder::FrameBuilder::build_layer_screen_rects_and_cull_layers::ha8f807c2de2dc1ae /builds/worker/checkouts/gecko/gfx/wr/webrender/src/frame_builder.rs:379:25
#17 0x7f8bb467e2c0 in webrender::frame_builder::FrameBuilder::build::hf4ab871a4670b174 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/frame_builder.rs:559:9
#18 0x7f8bb46debf4 in webrender::render_backend::Document::build_frame::h08524c53942135b0 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:515:25
#19 0x7f8bb46f65eb in webrender::render_backend::RenderBackend::update_document::h9d647b155a735830 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:1429:41
#20 0x7f8bb46ecc20 in webrender::render_backend::RenderBackend::prepare_transactions::h0c7ac9b4c9c1a780 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:1273:28
#21 0x7f8bb46ecc20 in webrender::render_backend::RenderBackend::process_api_msg::h3b6ac454f18b9d6b /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:1126:17
#22 0x7f8bb44ae931 in webrender::render_backend::RenderBackend::run::h412e57a3aaa026c3 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/render_backend.rs:777:21
#23 0x7f8bb44ae931 in webrender::renderer::init::create_webrender_instance::_$u7b$$u7b$closure$u7d$$u7d$::h54e33279b7082724 /builds/worker/checkouts/gecko/gfx/wr/webrender/src/renderer/init.rs:685:9
#24 0x7f8bb44ae931 in std::sys_common::backtrace::__rust_begin_short_backtrace::hc6f61f7f7460f566 /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/sys_common/backtrace.rs:135:18
#25 0x7f8bb44bd292 in std::thread::Builder::spawn_unchecked_::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::h7af6249b4722fd3d /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/thread/mod.rs:529:17
#26 0x7f8bb44bd292 in _$LT$core..panic..unwind_safe..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h28ed91331a732712 /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/panic/unwind_safe.rs:271:9
#27 0x7f8bb44bd292 in std::panicking::try::do_call::h244d8373f833e2ed /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/panicking.rs:500:40
#28 0x7f8bb44bd292 in std::panicking::try::heb646d7ca99bfac3 /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/panicking.rs:464:19
#29 0x7f8bb44bd292 in std::panic::catch_unwind::h6679809f86982d06 /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/panic.rs:142:14
#30 0x7f8bb44bd292 in std::thread::Builder::spawn_unchecked_::_$u7b$$u7b$closure$u7d$$u7d$::hd870008ce2f07f3f /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/thread/mod.rs:528:30
#31 0x7f8bb44bd292 in core::ops::function::FnOnce::call_once$u7b$$u7b$vtable.shim$u7d$$u7d$::hbcc71270a0721734 /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/ops/function.rs:250:5
#32 0x7f8bb5aa0604 in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..FnOnce$LT$Args$GT$$GT$::call_once::h9adfc2ae43657457 /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/alloc/src/boxed.rs:1985:9
#33 0x7f8bb5aa0604 in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..FnOnce$LT$Args$GT$$GT$::call_once::h14fefbfa7b574396 /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/alloc/src/boxed.rs:1985:9
#34 0x7f8bb5aa0604 in std::sys::unix::thread::Thread::new::thread_start::ha211bb47f6f5cedc /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/sys/unix/thread.rs:108:17
#35 0x7f8bc0894b42 in start_thread nptl/pthread_create.c:442:8
#36 0x7f8bc09269ff misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
Flags: in-testsuite?
|
||
Comment 1•1 year ago
|
||
Verified bug as reproducible on mozilla-central 20230724215726-12931a93e28c.
The bug appears to have been introduced in the following build range:
Start: 91a9bbbe6bea41de5be2721f17cca52ba7986c8e (20221219162526)
End: 6833706c10e20645fb36fd629052ee83df990100 (20221219153214)
Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=91a9bbbe6bea41de5be2721f17cca52ba7986c8e&tochange=6833706c10e20645fb36fd629052ee83df990100
Keywords: regression
Whiteboard: [bugmon:bisected,confirmed]
|
||
Updated•1 year ago
|
status-firefox115:
--- → wontfix
status-firefox116:
--- → wontfix
status-firefox-esr102:
--- → unaffected
status-firefox-esr115:
--- → wontfix
|
||
Comment 2•1 year ago
|
||
The severity field is not set for this bug.
:gw, could you have a look please?
For more information, please visit BugBot documentation.
Flags: needinfo?(gwatson)
|
||
Updated•1 year ago
|
Severity: -- → S3
Flags: needinfo?(gwatson)
|
|
||
Comment 3•2 days ago
|
||
Testcase crashes using the initial build (mozilla-central 20230916091445-10a16ed7ab96) but not with tip (mozilla-central 20240913214507-b91e1b615932.)
Unable to bisect testcase (End build crashes!):
Start: 10a16ed7ab96f82333671271e198f19ce031f38a (20230916091445)
End: b91e1b6159328dbc393bbd4f31ae04146a6a1879 (20240913214507)
BuildFlags: BuildFlags(asan=False, tsan=False, debug=True, fuzzing=True, coverage=False, valgrind=False, no_opt=False, fuzzilli=False, nyx=False)
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
Keywords: bugmon
You need to log in
before you can comment on or make changes to this bug.
Description
•