Closed
Bug 1590940
Opened 5 years ago
Closed 2 years ago
Crash [@ mozilla::gfx::VRPuppetCommandBuffer::Get]
Categories
(Core :: WebVR, defect, P3)
Core
WebVR
Tracking
()
RESOLVED
WONTFIX
| Tracking | Status | |
|---|---|---|
| firefox72 | --- | affected |
People
(Reporter: jkratzer, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, testcase, Whiteboard: [fuzzblocker])
Attachments
(1 file)
|
248 bytes,
text/html
|
Details |
Testcase found while fuzzing mozilla-central rev ad7a152bc66c.
rax = 0x00005645253e0340 rdx = 0x0000000000000000
rcx = 0x00007f60b6b95c18 rbx = 0x00007f60967be000
rsi = 0x00007f60c35508b0 rdi = 0x00007f60c354f680
rbp = 0x00007f60ac0fe740 rsp = 0x00007f60ac0fe730
r8 = 0x00007f60c35508b0 r9 = 0x00007f60ac0ff700
r10 = 0x0000000000000002 r11 = 0x0000000000000000
r12 = 0x00007f60ac0fe818 r13 = 0x00007f60ac0fe808
r14 = 0x00007f609c9d8300 r15 = 0x00007f60ac0fe800
rip = 0x00007f60b295dca1
OS|Linux|0.0.0 Linux 5.0.0-31-generic #33~18.04.1-Ubuntu SMP Tue Oct 1 10:20:39 UTC 2019 x86_64
CPU|amd64|family 6 model 94 stepping 3|1
GPU|||
Crash|SIGSEGV|0x0|2
2|0|libxul.so|mozilla::gfx::VRPuppetCommandBuffer::Get()|hg:hg.mozilla.org/mozilla-central:gfx/vr/VRPuppetCommandBuffer.cpp:ad7a152bc66c0d411a6fb0b210d675abed9693c7|19|0x32
2|1|libxul.so|mozilla::gfx::VRServiceHost::PuppetReset()|hg:hg.mozilla.org/mozilla-central:gfx/vr/VRServiceHost.cpp:ad7a152bc66c0d411a6fb0b210d675abed9693c7|203|0x5
2|2|libxul.so|mozilla::gfx::VRManager::ResetPuppet(mozilla::gfx::VRManagerParent*)|hg:hg.mozilla.org/mozilla-central:gfx/vr/VRManager.cpp:ad7a152bc66c0d411a6fb0b210d675abed9693c7|805|0x14
2|3|libxul.so|mozilla::gfx::VRManagerParent::RecvResetPuppet()|hg:hg.mozilla.org/mozilla-central:gfx/vr/ipc/VRManagerParent.cpp:ad7a152bc66c0d411a6fb0b210d675abed9693c7|213|0xb
2|4|libxul.so|mozilla::gfx::PVRManagerParent::OnMessageReceived(IPC::Message const&)|s3:gecko-generated-sources:0abcb1f4632d92c944bc4e3cba808afd584be763959cddaa6db8f4267660bb27ae526a4e4f3792040f1382a4fe9fd911b3bc6103e0f6668749248e66153e41d8/ipc/ipdl/PVRManagerParent.cpp:|742|0x8
2|5|libxul.so|mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:ad7a152bc66c0d411a6fb0b210d675abed9693c7|2208|0x6
2|6|libxul.so|mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:ad7a152bc66c0d411a6fb0b210d675abed9693c7|2130|0xb
2|7|libxul.so|mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:ad7a152bc66c0d411a6fb0b210d675abed9693c7|1972|0xb
2|8|libxul.so|mozilla::ipc::MessageChannel::MessageTask::Run()|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:ad7a152bc66c0d411a6fb0b210d675abed9693c7|2003|0xc
2|9|libxul.so|MessageLoop::RunTask(already_AddRefed<nsIRunnable>)|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:ad7a152bc66c0d411a6fb0b210d675abed9693c7|442|0x45
2|10|libxul.so|MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask&&)|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:ad7a152bc66c0d411a6fb0b210d675abed9693c7|450|0x17
2|11|libxul.so|MessageLoop::DoWork()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:ad7a152bc66c0d411a6fb0b210d675abed9693c7|523|0x5
2|12|libxul.so|base::MessagePumpDefault::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_pump_default.cc:ad7a152bc66c0d411a6fb0b210d675abed9693c7|35|0x9
2|13|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:ad7a152bc66c0d411a6fb0b210d675abed9693c7|315|0x17
2|14|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:ad7a152bc66c0d411a6fb0b210d675abed9693c7|290|0x8
2|15|libxul.so|base::Thread::ThreadMain()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/thread.cc:ad7a152bc66c0d411a6fb0b210d675abed9693c7|192|0x8
2|16|libxul.so|ThreadFunc|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/platform_thread_posix.cc:ad7a152bc66c0d411a6fb0b210d675abed9693c7|40|0x3
2|17|libpthread-2.27.so||||0x76db
2|18|libc-2.27.so||||0x12188f
Flags: in-testsuite?
|
||
Comment 1•5 years ago
|
||
The priority flag is not set for this bug.
:kip, could you have a look please?
For more information, please visit auto_nag documentation.
Flags: needinfo?(kgilbert)
|
||
Updated•5 years ago
|
Flags: needinfo?(kgilbert)
Priority: -- → P3
|
|
||
Comment 2•2 years ago
|
||
This bug prevents fuzzing from making progress; however, it has low severity. It is important for fuzz blocker bugs to be addressed in a timely manner (see here why?).
:jimm, could you increase the severity?
For more information, please visit auto_nag documentation.
Flags: needinfo?(jmathies)
|
||
Updated•2 years ago
|
Status: NEW → RESOLVED
Closed: 2 years ago
Flags: needinfo?(jmathies)
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•