Closed
Bug 1706762
Opened 3 years ago
Closed 3 years ago
glxtest crash with ASan/UBSan builds
Categories
(Core :: Widget: Gtk, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1706452
| Tracking | Status | |
|---|---|---|
| firefox90 | --- | affected |
People
(Reporter: truber, Unassigned)
References
Details
Launching m-c 20210421-5b126bae321a --fuzzing --debug I see the following crash:
==12511==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7fd5301cdb7f bp 0x7fd5301d30d0 sp 0x7ffe1c0aa430 T12511)
==12511==The signal is caused by a READ memory access.
==12511==Hint: address points to the zero page.
#0 0x7fd5301cdb7f in wlFreeAllInternalDisplays /usr/src/debug/build/../egl-wayland/src/wayland-egldevice.c:90:5
#1 0x7fd5301cdb7f in wlEglDestroyAllDisplays /usr/src/debug/build/../egl-wayland/src/wayland-egldisplay.c:717:5
#2 0x7fd5301cdb7f in wlEglUnloadPlatformExport /usr/src/debug/build/../egl-wayland/src/wayland-external-exports.c:87:11
#3 0x7fd530525297 (/usr/lib/libEGL_nvidia.so.0+0xab297)
#4 0x7fd53051b4e5 (/usr/lib/libEGL_nvidia.so.0+0xa14e5)
#5 0x7fd533320c8d in __cxa_finalize (/usr/lib/libc.so.6+0x3fc8d)
#6 0x7fd5304ad1f5 (/usr/lib/libEGL_nvidia.so.0+0x331f5)
UndefinedBehaviorSanitizer can not provide additional info.
SUMMARY: UndefinedBehaviorSanitizer: SEGV /usr/src/debug/build/../egl-wayland/src/wayland-egldevice.c:90:5 in wlFreeAllInternalDisplays
==12511==ABORTING
I have the latest stable NVidia driver (465.24.02).
If I set UBSAN_OPTIONS=handle_segv=0 I see the following on stdout:
Crash Annotation GraphicsCriticalError: |[0][GFX1-]: No GPUs detected via PCI (t=1.04799) [GFX1-]: No GPUs detected via PCI
Crash Annotation GraphicsCriticalError: |[0][GFX1-]: No GPUs detected via PCI (t=1.04799) |[1][GFX1-]: glxtest: process failed (received signal 11) (t=1.04801) [GFX1-]: glxtest: process failed (received signal 11)
|
||
Comment 1•3 years ago
|
||
__cxa_finalize is during dlclose, more or less, so this looks like code that runs in NV's libEGL on unload, even if we didn't touch Wayland.
Do previous versions of the driver have the same issue?
Is your egl-wayland custom-built? The paths make it seem like it's a debug build.
|
Reporter | |
Comment 2•3 years ago
|
||
I'm using archlinux, so I had to recompile egl-wayland to get symbols. It occurs in the upstream package too. libEGL_nvidia.so comes from the driver install, so symbols aren't possible I think. I'll try the previous driver.
When I do set UBSAN_OPTIONS=handle_segv=0, systemctl handles the signal and gives a more complete backtrace:
Process 16510 (firefox-bin) of user 1000 dumped core.
Stack trace of thread 16510:
#0 0x00007f3ab00f4b7f wlEglUnloadPlatformExport /usr/src/debug/build/../egl-wayland/src/wayland-egldevice.c:90
#1 0x00007f3ab01a6298 n/a (libEGL_nvidia.so.0 + 0xab298)
#2 0x00007f3ab019c4e6 n/a (libEGL_nvidia.so.0 + 0xa14e6)
#3 0x00007f3ab2f9ec8e __cxa_finalize (libc.so.6 + 0x3fc8e)
#4 0x00007f3ab012e1f6 n/a (libEGL_nvidia.so.0 + 0x331f6)
#5 0x00007f3ab01b91ed n/a (libEGL_nvidia.so.0 + 0xbe1ed)
#6 0x00007f3ab34c9cc2 _dl_close (ld-linux-x86-64.so.2 + 0x15cc2)
#7 0x00007f3ab3098b38 _dl_catch_exception (libc.so.6 + 0x139b38)
#8 0x00007f3ab3098c03 _dl_catch_error (libc.so.6 + 0x139c03)
#9 0x00007f3ab314ab89 n/a (libdl.so.2 + 0x2b89)
#10 0x00007f3ab314a478 dlclose (libdl.so.2 + 0x2478)
#11 0x00007f3aa3997430 get_egl_status(void*, bool, bool) /builds/worker/checkouts/gecko/toolkit/xre/glxtest.cpp:0:3
#12 0x00007f3aa3990360 x11_egltest /builds/worker/checkouts/gecko/toolkit/xre/glxtest.cpp:835:7
childgltest /builds/worker/checkouts/gecko/toolkit/xre/glxtest.cpp:1217:10
#13 0x00007f3aa3990b3a fire_glxtest_process() /builds/worker/checkouts/gecko/toolkit/xre/glxtest.cpp:1256:14
#14 0x00007f3aa397e864 XREMain::XRE_mainInit(bool*) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:3602:22
#15 0x00007f3aa39896a8 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5513:16
#16 0x00007f3aa3989fea XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:5598:21
#17 0x000055654e8fd2c1 do_main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:0:0
main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:347:16
#18 0x00007f3ab2f86b25 __libc_start_main (libc.so.6 + 0x27b25)
#19 0x000055654e8db13d _start (firefox-bin + 0x1513d)
|
||
Comment 3•3 years ago
|
||
Jesse, can you test again with latest mc? This was maybe fixed in bug 1706452 (see bug 1706452 comment 14).
Flags: needinfo?(jschwartzentruber)
|
|
Reporter | |
Comment 4•3 years ago
|
||
Latest mc does resolve this for me. Thanks!
Flags: needinfo?(jschwartzentruber)
|
|
Reporter | |
Updated•3 years ago
|
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•