Closed
Bug 701731
Opened 13 years ago
Closed 12 years ago
WebGL crash
Categories
(Core :: Graphics: CanvasWebGL, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: kdevel, Unassigned)
References
Details
(Keywords: crash)
User Agent: Steps to reproduce: 1. Open http://learningwebgl.com/lessons/lesson03/index.html with 2011-11-07-03-11-04-mozilla-central (x86_64 linux) Actual results: 2. segmentation fault #0 0x0000000000000000 in ?? () #1 0x00007fffd1b9f43b in st_BlitFramebuffer_resolve (ctx=0x7fffd010f000, srcX0=0, srcY0=0, srcX1=500, srcY1=500, dstX0=0, dstY0=<value optimized out>, dstX1=500, dstY1=500, mask=16384, filter=9728) at state_tracker/st_cb_blit.c:87 #2 st_BlitFramebuffer (ctx=0x7fffd010f000, srcX0=0, srcY0=0, srcX1=500, srcY1=500, dstX0=0, dstY0=<value optimized out>, dstX1=500, dstY1=500, mask=16384, filter=9728) at state_tracker/st_cb_blit.c:207 Expected results: 2. Don't crash as with 2011-11-06-03-10-55-mozilla-central. good 2011-11-06 7e28b68cf25d bad 2011-11-07 161c6106d787 http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=7e28b68cf25d&tochange=161c6106d787
The first bad revision is: changeset: 79867:a9a85150f31c user: Joel Maher <jmaher@mozilla.com> date: Sat Nov 05 21:52:34 2011 -0400 summary: Bug 693524 - Intermittent mobile/chrome/tests/browser_awesomescreen.js. r=mfinkle
Sorry. A typo. The first bad revision is: changeset: 79866:cf8b201e8980 user: Benoit Jacob <bjacob@mozilla.com> date: Sat Nov 05 16:46:54 2011 -0400 summary: Bug 668004 - dont return ERROR_FAILURE in GetFeatureStatusImpl - r=dsherk
|
||
Updated•13 years ago
|
Severity: normal → critical
Component: General → Graphics
Keywords: crash
Product: Firefox → Core
QA Contact: general → thebes
|
||
Updated•13 years ago
|
Component: Graphics → Canvas: WebGL
QA Contact: thebes → canvas.webgl
|
||
Comment 3•13 years ago
|
||
The call stack in comment 0 is truncated after frame 2. Can you paste the whole call stack? If you have a debug build of Firefox, can you run with this environment variable defined: MOZ_GL_DEBUG=1 it might help get a better call stack (by forcing GL to be a synchronous API). The truncated call stack from comment 0 points to internal stuff in Mesa code. Can you paste the output of glxinfo | egrep version\|vendor\|renderer and the contents of the Graphics section in about:support. and can you paste a crash link from about:crashes please. The revision that you found by bisecting only affects blacklisting. Is it the case that your driver was getting blacklisted? about:support would tell you that.
(In reply to Benoit Jacob [:bjacob] from comment #3) > whole call stack? (gdb) bt #0 0x0000000000000000 in ?? () #1 0x00007fffd249e43b in st_BlitFramebuffer_resolve (ctx=0x7fffd153a000, srcX0=0, srcY0=0, srcX1=500, srcY1=500, dstX0=0, dstY0=<value optimized out>, dstX1=500, dstY1=500, mask=16384, filter=9728) at state_tracker/st_cb_blit.c:87 #2 st_BlitFramebuffer (ctx=0x7fffd153a000, srcX0=0, srcY0=0, srcX1=500, srcY1=500, dstX0=0, dstY0=<value optimized out>, dstX1=500, dstY1=500, mask=16384, filter=9728) at state_tracker/st_cb_blit.c:207 #3 0x00007fffd235b44e in _mesa_BlitFramebufferEXT (srcX0=0, srcY0=0, srcX1=500, srcY1=500, dstX0=0, dstY0=0, dstX1=500, dstY1=500, mask=16384, filter=9728) at main/fbobject.c:2781 #4 0x00007ffff3e2d759 in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #5 0x00007ffff3e2d84c in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #6 0x00007ffff4624963 in mozilla::gl::GLContext::ReadPixelsIntoImageSurface(int, int, int, int, gfxImageSurface*) () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #7 0x00007ffff463b0e4 in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #8 0x00007ffff463b1c9 in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #9 0x00007ffff463b7ea in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #10 0x00007ffff463dee4 in mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLaye r*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #11 0x00007ffff463dce4 in mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLaye r*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #12 0x00007ffff463dce4 in mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLaye r*, gfxContext*, nsIntRegion const&, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #13 0x00007ffff4639009 in mozilla::layers::BasicLayerManager::EndTransactionInternal(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegi on const&, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #14 0x00007ffff46399b9 in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #15 0x00007ffff3be45c7 in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #16 0x00007ffff3bfca95 in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #17 0x00007ffff3c0da48 in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #18 0x00007ffff3f595e5 in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #19 0x00007ffff3f596ad in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #20 0x00007ffff3f5be49 in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #21 0x00007ffff3f5865a in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #22 0x00007ffff443349d in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #23 0x00007ffff4431700 in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #24 0x00007ffff0993b78 in ?? () from /usr/lib64/libgtk-x11-2.0.so.0 #25 0x00007ffff105437d in g_closure_invoke () from /usr/lib64/libgobject-2.0.so.0 #26 0x00007ffff106a07d in ?? () from /usr/lib64/libgobject-2.0.so.0 #27 0x00007ffff106b5af in g_signal_emit_valist () from /usr/lib64/libgobject-2.0.so.0 #28 0x00007ffff106bc63 in g_signal_emit () from /usr/lib64/libgobject-2.0.so.0 #29 0x00007ffff0a9705e in ?? () from /usr/lib64/libgtk-x11-2.0.so.0 #30 0x00007ffff098d48a in gtk_main_do_event () from /usr/lib64/libgtk-x11-2.0.so.0 #31 0x00007ffff03d86a5 in ?? () from /usr/lib64/libgdk-x11-2.0.so.0 #32 0x00007ffff03d8c31 in gdk_window_process_all_updates () from /usr/lib64/libgdk-x11-2.0.so.0 #33 0x00007ffff03d8c59 in ?? () from /usr/lib64/libgdk-x11-2.0.so.0 #34 0x00007ffff03bca4b in ?? () from /usr/lib64/libgdk-x11-2.0.so.0 #35 0x00007ffff21170fb in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0 #36 0x00007ffff211a8cd in ?? () from /usr/lib64/libglib-2.0.so.0 #37 0x00007ffff211aa8b in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0 #38 0x00007ffff4438aef in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #39 0x00007ffff444d890 in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #40 0x00007ffff45a29e5 in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so ---Type <return> to continue, or q <return> to quit--- #41 0x00007ffff456eb79 in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #42 0x00007ffff44f4c1b in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #43 0x00007ffff45d8b6e in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #44 0x00007ffff444d489 in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #45 0x00007ffff430cf2c in ?? () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #46 0x00007ffff3a5e792 in XRE_main () from /tmp/2011-11-12-03-15-41-mozilla-central/firefox/libxul.so #47 0x0000000000401dec in _start () > glxinfo | egrep version\|vendor\|renderer server glx vendor string: SGI server glx version string: 1.4 client glx vendor string: Mesa Project and SGI client glx version string: 1.4 OpenGL vendor string: X.Org OpenGL renderer string: Gallium 0.4 on AMD RV730 OpenGL version string: 2.1 Mesa 7.12-devel (git-faa16dc) glu version: 1.3 > and the contents of the Graphics section in about:support. Adapter DescriptionX.Org -- Gallium 0.4 on AMD RV730 Driver Version2.1 Mesa 7.12-devel (git-faa16dc) WebGL RendererX.Org -- Gallium 0.4 on AMD RV730 -- 2.1 Mesa 7.12-devel (git-faa16dc) GPU Accelerated Windows0/1 > and can you paste a crash link from about:crashes please. There is no such link. > The revision that you found by bisecting only affects blacklisting. Is it > the case that your driver was getting blacklisted? about:support would tell > you that. There is no such statement on about:support.
|
|
||
Comment 5•13 years ago
|
||
Thanks. This really looks like a bug inside of Mesa. I can see that you're using the development version of Mesa and have debug information for it, so it would probably be very helpful to Mesa developers if you reported this crash to them, at freedesktop.org. If you do, please paste here the link to the freedesktop bug.
|
||
Updated•13 years ago
|
Revision 3ea216303184 as well as the current 30161b298513 both work fine.
(In reply to Stefan from comment #7) > Revision 3ea216303184 as well as the current 30161b298513 both work fine. As long as cf8b201e8980 is backed out.
Now it crashes even with cf8b201e8980 backed out: The first bad revision is: changeset: 82627:b9c1b8afb35a user: Doug Sherk <dsherk@mozilla.com> date: Wed Dec 14 21:03:03 2011 -0800 summary: Bug 689598: implement Android gfx blocklisting r=joe
|
Reporter | |
Comment 10•13 years ago
|
||
Freedesktop.org has a patch in https://bugs.freedesktop.org/show_bug.cgi?id=42883#c2: http://lists.freedesktop.org/archives/mesa-dev/2011-November/015286.html
|
||
Comment 11•12 years ago
|
||
(In reply to Stefan from comment #10) > Freedesktop.org has a patch in > https://bugs.freedesktop.org/show_bug.cgi?id=42883#c2: > > http://lists.freedesktop.org/archives/mesa-dev/2011-November/015286.html then this should be closed, no?
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
|
|
||
Comment 12•12 years ago
|
||
Apparently it's fixed in Mesa 8 so there is nothing else that we want to do here except if that were a security bug.
You need to log in
before you can comment on or make changes to this bug.
Description
•