1461041 - aarch64: GraphicsCriticalError: seg fault crash

Status: RESOLVED INCOMPLETE

(Core :: Graphics, defect, P5)

Description

[Charles Robertson]

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20180327000000

Steps to reproduce:

Build Firefox 60 ESR for Aarch64 Linux. Run Firefox. 

mozconfig file:
MOZILLA_OFFICIAL=1
BUILD_OFFICIAL=1
MOZ_MAKE_FLAGS=-j4
MOZ_OBJDIR=/home/abuild/rpmbuild/BUILD/obj
--enable-application=browser
--prefix=/usr
--libdir=/usr/lib64
--includedir=/usr/include
--enable-release
--enable-default-toolkit=cairo-gtk3
--enable-pie
--enable-optimize=-g -O2
--disable-optimize
--with-system-nspr
--with-system-nss
--with-l10n-base=/home/abuild/rpmbuild/BUILD/l10n
--with-system-zlib
--disable-updater
--disable-tests
--enable-alsa
--disable-debug
--enable-startup-notification
--enable-update-channel=esr
--with-mozilla-api-keyfile=/home/abuild/rpmbuild/SOURCES/mozilla-api-key
--with-google-api-keyfile=/home/abuild/rpmbuild/SOURCES/google-api-key
--enable-official-branding
--enable-libproxy
--disable-crashreporter
--disable-webrtc

Compile flags:
CFLAGS='-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection  -fno-strict-aliasing -fno-delete-null-pointer-checks'
CXXFLAGS='-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection  -fno-strict-aliasing -fno-delete-null-pointer-checks'
LDFLAGS=' -Wl,--no-keep-memory -Wl,--reduce-memory-overheads'


Actual results:

On Firefox startup the crash appears with following on console:

[Child 13954, Chrome_ChildThread] WARNING: pipe error (18): Connection reset by peer: file /home/abuild/rpmbuild/BUILD/mozilla/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 353
[Child 13954, Chrome_ChildThread] WARNING: pipe error (3): Connection reset by peer: file /home/abuild/rpmbuild/BUILD/mozilla/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 353
Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Receive IPC close with reason=AbnormalShutdown (t=2.41705) Segmentation fault (core dumped)

GDB the core reveals:
...
Core was generated by `/usr/lib64/firefox/firefox -contentproc -childID 1 -isForBrowser -boolPrefs 299'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  mozilla::ipc::MessageChannel::OnChannelErrorFromLink (this=0xffffb79b3130) at /usr/src/debug/MozillaFirefox-60.0.0esr-10.1.aarch64/ipc/glue/MessageChannel.cpp:2557
2557	            MOZ_CRASH("Aborting on channel error.");
[Current thread is 1 (Thread 0xffffac4a51c0 (LWP 14087))]
(gdb) bt
#0  mozilla::ipc::MessageChannel::OnChannelErrorFromLink (this=0xffffb79b3130) at /usr/src/debug/MozillaFirefox-60.0.0esr-10.1.aarch64/ipc/glue/MessageChannel.cpp:2557
#1  0x0000ffffb083b4a4 in mozilla::ipc::ProcessLink::OnChannelError (this=0xffffab944160) at /usr/src/debug/MozillaFirefox-60.0.0esr-10.1.aarch64/ipc/glue/MessageLink.cpp:393
#2  0x0000ffffb0820ac8 in event_persist_closure (ev=<optimized out>, base=0xffffb79ad400) at /usr/src/debug/MozillaFirefox-60.0.0esr-10.1.aarch64/ipc/chromium/src/third_party/libevent/event.c:1580
#3  event_process_active_single_queue (base=base@entry=0xffffb79ad400, max_to_process=max_to_process@entry=2147483647, endtime=endtime@entry=0x0, activeq=<optimized out>)
    at /usr/src/debug/MozillaFirefox-60.0.0esr-10.1.aarch64/ipc/chromium/src/third_party/libevent/event.c:1639
#4  0x0000ffffb08210d0 in event_process_active (base=0xffffb79ad400) at /usr/src/debug/MozillaFirefox-60.0.0esr-10.1.aarch64/ipc/chromium/src/third_party/libevent/event.c:1738
#5  event_base_loop (base=0xffffb79ad400, flags=flags@entry=1) at /usr/src/debug/MozillaFirefox-60.0.0esr-10.1.aarch64/ipc/chromium/src/third_party/libevent/event.c:1961
#6  0x0000ffffb0807518 in base::MessagePumpLibevent::Run (this=0xffffb795ab00, delegate=0xffffac4a47e0) at /usr/src/debug/MozillaFirefox-60.0.0esr-10.1.aarch64/ipc/chromium/src/base/message_pump_libevent.cc:381
#7  0x0000ffffb0809f48 in MessageLoop::RunInternal (this=0xffffac4a47e0) at /usr/src/debug/MozillaFirefox-60.0.0esr-10.1.aarch64/ipc/chromium/src/base/message_loop.cc:326
#8  MessageLoop::RunHandler (this=0xffffac4a47e0) at /usr/src/debug/MozillaFirefox-60.0.0esr-10.1.aarch64/ipc/chromium/src/base/message_loop.cc:319
#9  MessageLoop::Run (this=this@entry=0xffffac4a47e0) at /usr/src/debug/MozillaFirefox-60.0.0esr-10.1.aarch64/ipc/chromium/src/base/message_loop.cc:299
#10 0x0000ffffb0816a5c in base::Thread::ThreadMain (this=0xffffb79583e8) at /usr/src/debug/MozillaFirefox-60.0.0esr-10.1.aarch64/ipc/chromium/src/base/thread.cc:181
#11 0x0000ffffb0806f3c in ThreadFunc (closure=<optimized out>) at /usr/src/debug/MozillaFirefox-60.0.0esr-10.1.aarch64/ipc/chromium/src/base/platform_thread_posix.cc:38
#12 0x0000ffffb7f91058 in start_thread () from /lib64/libpthread.so.0
#13 0x0000ffffb7ce0e2c in thread_start () from /lib64/libc.so.6
(gdb)


Expected results:

Firefox should run normally without crashing.

Comment 1

[Charles Robertson]

I have stumbled on to a fix. By removing the "-fno-delete-null-pointer-checks" compiler flag Firefox 60 ESR does not crash on AArch64 machine. Can a developer look into this? And is this bug related to https://bugzilla.mozilla.org/show_bug.cgi?id=1459602 ? It is showing the exact same crash results.

Comment 2

[BugBot [:suhaib / :marco/ :calixte]]

In the process of migrating remaining bugs to the new severity system, the severity for this bug cannot be automatically determined. Please retriage this bug using the new severity system.

Comment 3

[BugBot [:suhaib / :marco/ :calixte]]

The severity field is not set for this bug.
:bhood, could you have a look please?

For more information, please visit BugBot documentation.