Hit MOZ_CRASH(called Option::unwrap() on a None value) at /builds/worker/checkouts/gecko/third_party/rust/euclid/src/point.rs:393

#0 0x7f5158847d7a in RustMozCrash (/home/worker/builds/m-c-20200709040358-fuzzing-asan-opt/libxul.so+0x1451fd7a)
#1 0x7f51573d023c in mozglue_static::panic_hook::h49c6b7e77d9abe99 /gecko/mozglue/static/rust/lib.rs:89:8
#2 0x7f51573d010b in core::ops::function::Fn::call::h486500c193845745 /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/libcore/ops/function.rs:72:4
#3 0x7f5157971be3 in std::panicking::rust_panic_with_hook::hb976084785e50594 /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/libstd/panicking.rs:474:16
#4 0x7f51579719c9 in rust_begin_unwind /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/libstd/panicking.rs:378:4
#5 0x7f5156a9704f in core::panicking::panic_fmt::h45f7d6868edb5678 /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/libcore/panicking.rs:85:13
#6 0x7f5156a96e6b in core::panicking::panic::h0fd4184f909d9498 /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/libcore/panicking.rs:52:4
#7 0x7f515846cf28 in webrender::picture::PicturePrimitive::take_context::h2521a7d68bbd93a6 /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/libcore/option.rs
#8 0x7f515846dc6b in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:147:22
#9 0x7f515846dc6b in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#10 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#11 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#12 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#13 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#14 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#15 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#16 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#17 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#18 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#19 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#20 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#21 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#22 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#23 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#24 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#25 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#26 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#27 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#28 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#29 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#30 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#31 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#32 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#33 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#34 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#35 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#36 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#37 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#38 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#39 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#40 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#41 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#42 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#43 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#44 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#45 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#46 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#47 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#48 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#49 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#50 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#51 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#52 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#53 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#54 0x7f515846de90 in webrender::prepare::prepare_prim_for_render::hfea3b496acb78c4c /gecko/gfx/wr/webrender/src/prepare.rs:193:12
#55 0x7f515846de90 in webrender::prepare::prepare_primitives::h00884481759e1d47 /gecko/gfx/wr/webrender/src/prepare.rs:98:15
#56 0x7f51584588cd in webrender::frame_builder::FrameBuilder::build_layer_screen_rects_and_cull_layers::hdbdafba07c5a2818 /gecko/gfx/wr/webrender/src/frame_builder.rs:433:12
#57 0x7f51584588cd in webrender::frame_builder::FrameBuilder::build::h0e316e0d138fd090 /gecko/gfx/wr/webrender/src/frame_builder.rs:546:34
#58 0x7f5158443e5c in webrender::render_backend::Document::build_frame::ha5fbd7ed4dc08b86 /gecko/gfx/wr/webrender/src/render_backend.rs:649:24
#59 0x7f5158435579 in webrender::render_backend::RenderBackend::update_document::h59eb76ffe2d54dc4 /gecko/gfx/wr/webrender/src/render_backend.rs:1609:40
#60 0x7f51584315e0 in webrender::render_backend::RenderBackend::prepare_transactions::hae27fae451469bca /gecko/gfx/wr/webrender/src/render_backend.rs:1446:31
#61 0x7f51584315e0 in webrender::render_backend::RenderBackend::process_api_msg::h6773c3d4fe973c27 /gecko/gfx/wr/webrender/src/render_backend.rs:1389:16
#62 0x7f515841bd95 in webrender::render_backend::RenderBackend::run::ha9994e75978df9b4 /gecko/gfx/wr/webrender/src/render_backend.rs:1013:20
#63 0x7f5158416388 in webrender::renderer::Renderer::new::_$u7b$$u7b$closure$u7d$$u7d$::ha83aabab8cff91ca /gecko/gfx/wr/webrender/src/renderer.rs:2629:12
#64 0x7f5158416388 in std::sys_common::backtrace::__rust_begin_short_backtrace::h338c3b6f227cbc73 /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/libstd/sys_common/backtrace.rs:130:4
#65 0x7f51584159ad in std::thread::Builder::spawn_unchecked::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::h24989f571fd7dc4d /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/libstd/thread/mod.rs:475:16
#66 0x7f51584159ad in _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::ha28cee2f14347c46 /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/libstd/panic.rs:318:8
#67 0x7f51584159ad in std::panicking::try::do_call::h5a67ad17d9149a22 /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/libstd/panicking.rs:303:39
#68 0x7f51584159ad in __rust_maybe_catch_panic /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/libpanic_abort/lib.rs:30:4
#69 0x7f51584159ad in std::panicking::try::h5de4d66cd712ff59 /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/libstd/panicking.rs:281:12
#70 0x7f51584159ad in std::panic::catch_unwind::h70fe94df26504fbf /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/libstd/panic.rs:394:13
#71 0x7f51584159ad in std::thread::Builder::spawn_unchecked::_$u7b$$u7b$closure$u7d$$u7d$::h7f6186accc6d77b1 /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/libstd/thread/mod.rs:474:29
#72 0x7f51584159ad in core::ops::function::FnOnce::call_once$u7b$$u7b$vtable.shim$u7d$$u7d$::hcff5e3ea22d786c6 /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/libcore/ops/function.rs:232:4
#73 0x7f515798326d in _$LT$alloc..boxed..Box$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$A$GT$$GT$::call_once::h553ef812d1929d1b /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/liballoc/boxed.rs:1017:8
#74 0x7f5157986ebf in _$LT$alloc..boxed..Box$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$A$GT$$GT$::call_once::h51b51bce029ae491 /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/liballoc/boxed.rs:1017:8
#75 0x7f5157986ebf in std::sys_common::thread::start_thread::hca943f45f04c8e46 /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/libstd/sys_common/thread.rs:13:4
#76 0x7f5157986ebf in std::sys::unix::thread::Thread::new::thread_start::h352e8a5875b189ee /rustc/4fb7144ed159f94491249e86d5bbd033b5d60550/src/libstd/sys/unix/thread.rs:80:16
#77 0x7f516dbd76da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
#78 0x7f516cbb5a3e in clone /build/glibc-2ORdQG/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

bp-d64a2d27-a157-453e-be13-82ff30200710

GraphicsCriticalError |[0]GP+[GFX1-]: Updating unknown shared surface: 68719476741 (t=27.9575)

Gnome X11, Debian Testing, Radeon RX480
mozregression --good 2020-06-01 --bad 2020-07-09 --pref gfx.webrender.all:true layers.gpu-process.enabled:false -a https://bug1651882.bmoattachments.org/attachment.cgi?id=9162674

6:06.88 INFO: Last good revision: 2053ed112b611b148c9b35fed3802c6061aa5048
6:06.88 INFO: First bad revision: 8d47aed2f6cd4939b633ed9c5553817859fb0f32
6:06.88 INFO: Pushlog:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=2053ed112b611b148c9b35fed3802c6061aa5048&tochange=8d47aed2f6cd4939b633ed9c5553817859fb0f32

This one enabled dom.dialog_element.enabled on Nightly. If I remove the <dialog> element from the testcase, I see glitches instead of a crash.

665f8f1a79a07f8a84214f2271ac8a57b3642bc9 sefeng — Bug 1645046 - Enable HTML5 dialog in Nightly r=smaug

mozregression --good 2020-05-01 --bad 2020-06-01 --pref gfx.webrender.all:true layers.gpu-process.enabled:false dom.dialog_element.enabled:true -a https://bug1651882.bmoattachments.org/attachment.cgi?id=9162674

6:36.69 INFO: Last good revision: dd35edffc6dffb7ae6a4050b955c6e7855cdffcd
6:36.69 INFO: First bad revision: 2383139c85c0a60504a871530d099f96eff9e59d
6:36.69 INFO: Pushlog:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=dd35edffc6dffb7ae6a4050b955c6e7855cdffcd&tochange=2383139c85c0a60504a871530d099f96eff9e59d

2383139c85c0a60504a871530d099f96eff9e59d cbrewster — Bug 1639729: Propagate surface device pixel scale to child surfaces r=Bert

Still reproducible on Windows build. Crash here: https://crash-stats.mozilla.org/report/index/83bf9067-d603-4c8d-ae7b-07b3c0200713

@Glen: Think you fixed a similar crash recently? (https://bugzilla.mozilla.org/show_bug.cgi?id=1647862)

It looks like it's probably unrelated to that, but may be a similar issue elsewhere in the code.

The severity field is not set for this bug.
:jbonisteel, could you have a look please?

For more information, please visit auto_nag documentation.

bp-88d0e7c5-1b7f-44d4-8696-774d60200724 (bug 1653443: now a main process crash)

Feature is still tied to Nightly builds -
https://searchfox.org/mozilla-central/rev/a315a1a0f09550e23e4590a77e74f36543315da3/modules/libpref/init/StaticPrefList.yaml#1606

Feature is still tied to Nightly only.

Still reproducible. bp-6417573b-9c66-4a70-acc6-ea8600200930

Recent spike has Nightly 83.0a1 20200928094830 as first build with a crash report. Most crashes are on Linux. Glenn, could this from one of the changes you landed Monday?

The test case in this bug has a perspective transform that results
in a readback rect for a mix-blend-mode at a very large origin.

Previous code would cast this to an i32, which was causing a
panic inside euclid.

However, the readbacks array is no longer even used by the
renderer, so a very simple fix in this case is to remove that
array altogether, which removes the cast code that panics.

It's possible some recent work might have caused the spike in this. I attached a patch which fixes the specific attached test case. Let's see if that fixes all the crashes around this area, or if there are other causes.

I get this crash with netflix recently and mozregression gives https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=b3ea886b0ae7c2f056fead164116774dab00239b&tochange=9cdbf4e04e1980201fe33114f6296857f321a14f.

This is a very common crash for Fenix nightly. Is this going to be tracked here?

Do we have any repro and/or URLs for this, particularly since it seems to be mostly occurring on Fenix nightly?

The mozregression link above looks like an unlikely candidate (or are there more changes in that pushlog that I need to expand somehow?)

In rare cases, the visibility of a picture can change from one frame
to the next in a way that affects the allocation of the child render
tasks slot. When this occurs, ensure we don't unwrap here and instead
only set the preallocation size if the tasks array exists. This
matches the code in restore_context now.

I was able to reproduce a panic (an unwrap on a None value) in the take_context function while using one of the crash report URLs and a mobile device view enabled.

However, the line it panicked on was different than what was reported in the crash reports. This means either (a) the callstack in the bug reports is incorrect, or (b) there are two panic conditions occurring in this area of the code that are being confused.

We'll get the patch above reviewed and landed, and see if that covers all of the panics here, and I'll keep trying to reproduce locally.

https://hg.mozilla.org/mozilla-central/rev/13de5d7b94a5

https://hg.mozilla.org/mozilla-central/rev/c7e95c899ae4

I'm not sure if I'm reading the crash stats correctly - but it looks to me that this patch has probably fixed the crashes in desktop, but that it's not in a Fenix nightly yet. Is that right? If so, what needs to happen to get Fenix nightly to pick up this patch?

I was able to reproduce this crash while navigating on amazon.com, searching a different color for a product, on 10/8 Nightly build with HTC 10 (Android 8).

c7b409a7-ea28-4f07-8192-8a92f2981f12
<native crash>

• Socorro: https://crash-stats.mozilla.org/report/index/bp-ddc4e03d-6173-4f43-93b5-3a3f40201008

<native crash>

(In reply to miralobontiu from comment #26)

• Socorro: https://crash-stats.mozilla.org/report/index/bp-ddc4e03d-6173-4f43-93b5-3a3f40201008

If this Android build id contains the same changes as the same desktop build id, this build would have the patch from comment 21, but not yet comment 22.

Need to get Geckoview updated for Fenix there has been some hiccups in that. See some discussion in #releaseduty-mobile on slack for some discussion about sorting that out.

Comment on attachment 9179148 [details]
Bug 1651882 - Fix panic when casting large float to i32.

Beta/Release Uplift Approval Request

• User impact if declined: Fixes a crash bug when using webrender that can occur in random situations (change in visibility of tiles between pages, mix-blend-mode + transforms, etc). This fixes a top crasher bug on Fenix.
• Is this code covered by automated tests?: Yes
• Has the fix been verified in Nightly?: Yes
• Needs manual test from QE?: No
• If yes, steps to reproduce:
• List of other uplifts needed: None
• Risk to taking this patch: Low
• Why is the change risky/not risky? (and alternatives if risky): The changes have been in nightly for a few days. They are reasonably straightforward logic fixes.
• String changes made/needed:

We don't seem to be seeing crashes outside of nightly, and we're about to enter RC week for 82. Comment 1 said the crash was only reproducible with dom.dialog_element.enabled (on desktop, though, AIUI), and the spike on fenix seems to have started after nightly became 83. How critical is getting this into 82 at this stage?

Also, can we close this and remove the leave-open keyword?

Ah, you're probably right - the patch causing the issue doesn't seem to be in the current beta then. Does that sound right to you jrmuizel?