Closed Bug 1655120 Opened 4 years ago Closed 4 years ago

Crash in [@ <name omitted> | <name omitted> | dri2_allocate_textures]

Categories

(Core :: Widget: Gtk, defect)

Product:
Core
Component:
Widget: Gtk
Version:
80 Branch
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1645677
Tracking Flags:
Tracking Status
firefox80 --- disabled
firefox81 --- affected
firefox82 --- affected

People

(Reporter: matt.fagnani, Unassigned)

References

(Blocks 1 open bug)

Details

Crash Data

This bug is for crash report bp-65db34b7-b36d-447b-9749-52f580200724.

Top 10 frames of crashing thread:

0 libEGL_mesa.so.0 <name omitted> ../src/egl/drivers/dri2/platform_wayland.c:675
1 libEGL_mesa.so.0 <name omitted> ../src/egl/drivers/dri2/platform_wayland.c:810
2 libgallium_dri.so dri2_allocate_textures ../src/gallium/state_trackers/dri/dri2.c:415
3 libgallium_dri.so dri_st_framebuffer_validate ../src/gallium/state_trackers/dri/dri_drawable.c:82
4 libgallium_dri.so <name omitted> ../src/mesa/state_tracker/st_manager.c:223
5 libgallium_dri.so <name omitted> ../src/mesa/state_tracker/st_manager.c:1064
6 libgallium_dri.so dri_make_current ../src/gallium/state_trackers/dri/dri_context.c:303
7 libgallium_dri.so <name omitted> ../src/mesa/drivers/dri/common/dri_util.c:581
8 libEGL_mesa.so.0 dri2_make_current ../src/egl/drivers/dri2/egl_dri2.c:1811
9 libEGL_mesa.so.0 eglMakeCurrent ../src/egl/main/eglapi.c:882

I was using Firefox 80.0a1 (2020-7-23) on Wayland with Webrender enabled in Fedora Rawhide/33 in Plasma 5.19.3. I clicked on the green arrow icon indicating an update was available in the top right. Firefox crashed before the popup would've been shown. A segmentation fault occurred in ../src/egl/drivers/dri2/platform_wayland.c:675 in mesa-libEGL-20.1.3-1.fc33.x86_64 in update_buffers(struct dri2_egl_surface *dri2_surf) in the Renderer thread. The line 675 where the segmentation fault occurred was 
if (dri2_surf->base.Width != dri2_surf->wl_win->width ||
       dri2_surf->base.Height != dri2_surf->wl_win->height) {

The crash address was 0x8. dri2_surf might've been an invalid pointer. The radeonsi mesa driver and the amdgpu kernel driver were in use. I've seen occasional crashes which haven't had crash reports saved, such as when clicking on Bookmarks and Help in the menu bar. The crashes might be related to a problem when rendering popup menus.

Firefox Nightly 81.0a1 (2020-7-30) on Wayland with WebRender and opengl acceleration enabled in Plasma 5.19.3 in Fedora Rawhide crashed when I clicked on the Privacy Badger icon at the top right. The crash report showed the segmentation fault was at libEGL_mesa.so.0@0x2a24d in mesa-libEGL-20.1.4-1.fc33.x86_64 at a crash address of 0x8 in the Renderer thread.
https://crash-stats.mozilla.org/report/index/ed64faca-ce56-4dfc-be5c-6440a0200731

gdb showed that libEGL_mesa.so.0@0x2a24d was in update buffers in platform_wayland.c:675 as in the original crash I reported here.

gdb /usr/lib64/libEGL_mesa.so.0
(gdb) info line *0x2a24d
Line 675 of "../src/egl/drivers/dri2/platform_wayland.c" starts at address 0x2a246 <update_buffers+38>
and ends at 0x2a257 <update_buffers+55>.
(gdb) info line *0x2a7c7
Line 810 of "../src/egl/drivers/dri2/platform_wayland.c"
starts at address 0x2a7b4 <image_get_buffers+4> and ends at 0x2a7d2 <image_get_buffers+34>.

This crash has been infrequent. I guess that a race condition between when the Wayland buffer for the popup was created by Firefox and when it was used by update_buffers in libEGL_mesa.so.0 after occasionally being changed to an invalid pointer might have happened.

Duping due to same STR.

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
See Also: 1645677

Do you see the crash also on Gnome or is that KDE specific?
Thanks.

Flags: needinfo?(matthew.fagnani)

(In reply to Martin Stránský [:stransky] from comment #3)

Do you see the crash also on Gnome or is that KDE specific?
Thanks.

Martin, I've only been using the Fedora Rawhide KDE Plasma spin. I haven't had Gnome installed. The crash signature <name omitted> | <name omitted> | dri2_allocate_textures shows 34 crashes from Fedora 32 (Workstation Edition) by others in the last 6 months. https://crash-stats.mozilla.org/signature/?signature=%3Cname%20omitted%3E%20%7C%20%3Cname%20omitted%3E%20%7C%20dri2_allocate_textures&date=%3E%3D2020-02-06T14%3A03%3A00.000Z&date=%3C2020-08-06T14%3A03%3A00.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&_columns=startup_crash&_sort=-date&page=1#summary

So I guess crashes with that signature happened in Gnome also. Thanks.

Flags: needinfo?(matthew.fagnani)

Clicking on the Bookmarks and Help menus occasionally resulted in crashes almost all of which didn't have crash reports saved. A crash report was saved when I clicked on the Edit this Bookmark in the Bookmark menu in Nightly 81.0a1 (2020-8-17) on Wayland in Plasma 5.19.4 in Fedora 33.
https://crash-stats.mozilla.org/report/index/1d9eeb61-6930-40ca-86c3-c7b570200817 A segmentation fault occurred in update_buffers in ../src/egl/drivers/dri2/platform_wayland.c:675 in mesa-libEGL-20.1.5-1.fc33.x86_64. Although most of the signatures showed <name omitted>, the trace had the same files and lines as in the crashes I reported here before. The same crash happened the next time I tried to reproduce the crash, but no crash report was saved. These crashes might involve the Wayland surfaces of popups infrequently being freed or corrupted before being used due to a race condition.

I've seen one crash in 82.0a1 (2020-9-5) and three crashes in 82.0a1 (2020-9-6) on Wayland in update_buffers of the type I reported here while clicking on the toolbar buttons repeatedly in Plasma 5.19.5 in Fedora 33.
https://crash-stats.mozilla.org/report/index/098418af-c1fe-4f3f-a1f3-2d6bd0200905
https://crash-stats.mozilla.org/report/index/2be51f13-1e6a-42f1-a4a8-75a9c0200906
https://crash-stats.mozilla.org/report/index/0632c844-f619-417f-8646-893190200906
https://crash-stats.mozilla.org/report/index/be0e663d-2010-4047-a362-d034b0200907

I clicked on Bookmarks in the menu bar then Bookmark This Page when a crash happened in update_buffers in /src/egl/drivers/dri2/platform_wayland.c:674 in mesa-libEGL-20.2.0~rc4-1.fc33 using Nightly 82.0a1 (2020-9-20) on Wayland with WebRender enabled in Plasma 5.19.5 in Fedora 33. https://crash-stats.mozilla.org/report/index/20edbe7f-2949-41cc-b7e5-084760200921

dri2_surf->wl_win might've been an invalid pointer, as dri2_surf was dereferenced on the previous line without the segmentation fault happening.

static int
update_buffers(struct dri2_egl_surface *dri2_surf)
{
struct dri2_egl_display *dri2_dpy =
dri2_egl_display(dri2_surf->base.Resource.Display);

if (dri2_surf->base.Width != dri2_surf->wl_win->width ||
dri2_surf->base.Height != dri2_surf->wl_win->height) {
...

status-firefox81: --- → affected
status-firefox82: --- → affected
You need to log in before you can comment on or make changes to this bug.