Reduced with m-c: BuildID=20181210160334 SourceStamp=68151063d1c63ce445d67aa743a018d7f66fbb4d Hit MOZ_CRASH(index out of bounds: the len is 0 but the index is 0) at libcore/slice/mod.rs:2052 #0 MOZ_CrashOOL(char const*, int, char const*) src/obj-firefox/dist/include/mozilla/Assertions.h:314:3 #1 GeckoCrashOOL src/toolkit/xre/nsAppRunner.cpp:5124:3 #2 gkrust_shared::panic_hook::h80f9b4ed5c0796b3 src/toolkit/library/rust/shared/lib.rs:234:8 #3 core::ops::function::Fn::call::hac0477c01f4e8ad0 src/libcore/ops/function.rs:78:4 #4 std::panicking::rust_panic_with_hook::h0e12cb2fc86d00fa /rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libstd/panicking.rs:481:16 #5 std::panicking::continue_panic_fmt::h141671b29fe0e27d /rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libstd/panicking.rs:391:4 #6 rust_begin_unwind /rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libstd/panicking.rs:326:4 #7 core::panicking::panic_fmt::h429a06507aba9228 /rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libcore/panicking.rs:77:13 #8 core::panicking::panic_bounds_check::h8e752fa77de3cffe /rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libcore/panicking.rs:59:4 #9 webrender::tiling::RenderPass::build::hb5f0796adecd44b7 src/gfx/wr/webrender/src/tiling.rs #10 webrender::frame_builder::FrameBuilder::build::hf51392b57845c8fe src/gfx/wr/webrender/src/frame_builder.rs:467 #11 webrender::render_backend::Document::build_frame::habd8b995b33bfbc6 src/gfx/wr/webrender/src/render_backend.rs:452:24 #12 webrender::render_backend::RenderBackend::update_document::hf81d6f0b29a2b8e1 src/gfx/wr/webrender/src/render_backend.rs:1291:40 #13 webrender::render_backend::RenderBackend::prepare_transaction::h8e33f2ac22571c2f src/gfx/wr/webrender/src/render_backend.rs:1148:12 #14 webrender::render_backend::RenderBackend::process_api_msg::h3d68a9e92dad4805 src/gfx/wr/webrender/src/render_backend.rs:1083 #15 webrender::render_backend::RenderBackend::run::h9745523df5a862a0 src/gfx/wr/webrender/src/render_backend.rs:858:20 #16 webrender::renderer::Renderer::new::_$u7b$$u7b$closure$u7d$$u7d$::hb5a5e44a298f1c68 src/gfx/wr/webrender/src/renderer.rs:1963:12 #17 std::sys_common::backtrace::__rust_begin_short_backtrace::h52306ce0db85680b src/libstd/sys_common/backtrace.rs:136 #18 std::thread::Builder::spawn::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::hf190f06e7ae1328c src/libstd/thread/mod.rs:409:20 #19 _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h943cb4428de85bf7 src/libstd/panic.rs:313 #20 std::panicking::try::do_call::h4ce4e739a5dd0632 (.llvm.7691925630118174454) src/libstd/panicking.rs:310 #21 __rust_maybe_catch_panic /rustc/da5f414c2c0bfe5198934493f04c676

This appears to be a crash in the new texture allocator logic, I think. I can reproduce the crash with the above test case, at tiling.rs:246, which is: self.targets[free_rect_slice.0 as usize] .add_used(DeviceIntRect::new(origin, alloc_size)); Dzmitry, could you take a look at this? It should hopefully be easy to fix as the test case above is a reliable repro.

The possible case not handled is allocation of 0 sized target when there is nothing previously allocated. Fixing it now...

Fix is in flight (to upstream WR). Also, thanks for the great repro case!

We should land the testcase as a crashtest in this bug.

Pushed by jmuizelaar@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/f0bf0b42b3cf Add crash test.