Closed Bug 1770466 Opened 3 years ago Closed 3 years ago

Intermittent dom/canvas/test/reftest/webgl-color-test.html?frame=6&readback&aa&________&_______&_____ | application crashed [@ mozilla::WebGLContext::LoseLruContextIfLimitExceeded()]

Categories

(Core :: Graphics: Canvas2D, defect)

defect

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: intermittent-bug-filer, Unassigned)

References

Details

(4 keywords, Whiteboard: [dupe bug 1769739?])

Crash Data

Filed by: ctuns [at] mozilla.com
Parsed log: https://treeherder.mozilla.org/logviewer?job_id=378798134&repo=autoland
Full log: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/cbZpIWwASOygwyuuPx1ohA/runs/0/artifacts/public/logs/live_backing.log
Reftest URL: https://hg.mozilla.org/mozilla-central/raw-file/tip/layout/tools/reftest/reftest-analyzer.xhtml#logurl=https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/cbZpIWwASOygwyuuPx1ohA/runs/0/artifacts/public/logs/live_backing.log&only_show_unexpected=1


[task 2022-05-20T16:14:04.498Z] 16:14:04     INFO - REFTEST TEST-START | dom/canvas/test/reftest/webgl-color-test.html?frame=6&readback&aa&________&_______&_____ == dom/canvas/test/reftest/wrapper.html?colors-no-alpha.png
[task 2022-05-20T16:14:04.503Z] 16:14:04     INFO - REFTEST INFO | RESTORE PREFERENCE pref(webgl.force-layers-readback,false)
[task 2022-05-20T16:14:04.504Z] 16:14:04     INFO - REFTEST INFO | RESTORE PREFERENCE pref(webgl.force-enabled,false)
[task 2022-05-20T16:14:04.504Z] 16:14:04     INFO - REFTEST INFO | SET PREFERENCE pref(webgl.force-enabled,true)
[task 2022-05-20T16:14:04.506Z] 16:14:04     INFO - REFTEST INFO | SET PREFERENCE pref(webgl.force-layers-readback,true)
[task 2022-05-20T16:14:04.506Z] 16:14:04     INFO - REFTEST TEST-LOAD | file:///builds/worker/workspace/build/tests/reftest/tests/dom/canvas/test/reftest/webgl-color-test.html?frame=6&readback&aa&________&_______&_____ | 58 / 172 (33%)
[task 2022-05-20T16:14:04.550Z] 16:14:04     INFO - [Parent 2191, Compositor] WARNING: robust_buffer_access_behavior marked as unsupported: file /builds/worker/checkouts/gecko/gfx/gl/GLContextFeatures.cpp:632
[task 2022-05-20T16:14:04.550Z] 16:14:04     INFO - [Parent 2191, Compositor] WARNING: Robustness supported, strategy is not LOSE_CONTEXT_ON_RESET!: file /builds/worker/checkouts/gecko/gfx/gl/GLContext.cpp:999
[task 2022-05-20T16:14:04.551Z] 16:14:04     INFO - [Parent 2191, Compositor] WARNING: robustness marked as unsupported: file /builds/worker/checkouts/gecko/gfx/gl/GLContextFeatures.cpp:632
[task 2022-05-20T16:14:04.556Z] 16:14:04     INFO - ExceptionHandler::GenerateDump cloned child 2509
[task 2022-05-20T16:14:04.557Z] 16:14:04     INFO - ExceptionHandler::WaitForContinueSignal waiting for continue signal...
[task 2022-05-20T16:14:04.557Z] 16:14:04     INFO - ExceptionHandler::SendContinueSignalToChild sent continue signal to child
[task 2022-05-20T16:14:04.698Z] 16:14:04     INFO - [Child 2471, IPC I/O Child] WARNING: [32B101DCE25D69A0.D207B965820CE5B5]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.701Z] 16:14:04     INFO - [Child 2471, IPC I/O Child] WARNING: [32B101DCE25D69A0.D207B965820CE5B5]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.703Z] 16:14:04     INFO - [Child 2471, IPC I/O Child] WARNING: [32B101DCE25D69A0.D207B965820CE5B5]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.705Z] 16:14:04     INFO - [Child 2471, IPC I/O Child] WARNING: [32B101DCE25D69A0.D207B965820CE5B5]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.721Z] 16:14:04     INFO - [Child 2471, IPC I/O Child] WARNING: [32B101DCE25D69A0.D207B965820CE5B5]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.722Z] 16:14:04     INFO - [Child 2442, IPC I/O Child] WARNING: [BB71D3AF08B63852.338F003FFFE911D3]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.723Z] 16:14:04     INFO - [Child 2442, IPC I/O Child] WARNING: [BB71D3AF08B63852.338F003FFFE911D3]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.723Z] 16:14:04     INFO - [Child 2442, IPC I/O Child] WARNING: [BB71D3AF08B63852.338F003FFFE911D3]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.723Z] 16:14:04     INFO - [Child 2442, IPC I/O Child] WARNING: [BB71D3AF08B63852.338F003FFFE911D3]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.724Z] 16:14:04     INFO - [Child 2442, IPC I/O Child] WARNING: [BB71D3AF08B63852.338F003FFFE911D3]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.724Z] 16:14:04     INFO - [Child 2442, IPC I/O Child] WARNING: [BB71D3AF08B63852.338F003FFFE911D3]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.724Z] 16:14:04     INFO - [Child 2442, IPC I/O Child] WARNING: [BB71D3AF08B63852.338F003FFFE911D3]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.725Z] 16:14:04     INFO - Exiting due to channel error.
[task 2022-05-20T16:14:04.725Z] 16:14:04     INFO - [Child 2358, IPC I/O Child] WARNING: [5F9939E2C9B9606B.DB98378D52CB0F20]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.731Z] 16:14:04     INFO - [Child 2358, IPC I/O Child] WARNING: [5F9939E2C9B9606B.DB98378D52CB0F20]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.731Z] 16:14:04     INFO - [Child 2358, IPC I/O Child] WARNING: [5F9939E2C9B9606B.DB98378D52CB0F20]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.732Z] 16:14:04     INFO - [Child 2358, IPC I/O Child] WARNING: [5F9939E2C9B9606B.DB98378D52CB0F20]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.733Z] 16:14:04     INFO - [Child 2468, IPC I/O Child] WARNING: [948AC523B99A3C09.1F267503483B2B83]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.733Z] 16:14:04     INFO - [Child 2358, IPC I/O Child] WARNING: [5F9939E2C9B9606B.DB98378D52CB0F20]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.734Z] 16:14:04     INFO - [Child 2358, IPC I/O Child] WARNING: [5F9939E2C9B9606B.DB98378D52CB0F20]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.735Z] 16:14:04     INFO - [Child 2468, IPC I/O Child] WARNING: [948AC523B99A3C09.1F267503483B2B83]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.736Z] 16:14:04     INFO - [Child 2358, IPC I/O Child] WARNING: [5F9939E2C9B9606B.DB98378D52CB0F20]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.736Z] 16:14:04     INFO - Exiting due to channel error.
[task 2022-05-20T16:14:04.737Z] 16:14:04     INFO - [Child 2468, IPC I/O Child] WARNING: [948AC523B99A3C09.1F267503483B2B83]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.737Z] 16:14:04     INFO - [Child 2468, IPC I/O Child] WARNING: [948AC523B99A3C09.1F267503483B2B83]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.738Z] 16:14:04     INFO - [Child 2468, IPC I/O Child] WARNING: [948AC523B99A3C09.1F267503483B2B83]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.738Z] 16:14:04     INFO - Exiting due to channel error.
[task 2022-05-20T16:14:04.739Z] 16:14:04     INFO - [Child 2397, IPC I/O Child] WARNING: [BF579CF12658B26F.570D8440EA13CAF3]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.740Z] 16:14:04     INFO - [Child 2397, IPC I/O Child] WARNING: [BF579CF12658B26F.570D8440EA13CAF3]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.740Z] 16:14:04     INFO - [Child 2397, IPC I/O Child] WARNING: [BF579CF12658B26F.570D8440EA13CAF3]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.741Z] 16:14:04     INFO - [Child 2397, IPC I/O Child] WARNING: [BF579CF12658B26F.570D8440EA13CAF3]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.741Z] 16:14:04     INFO - Exiting due to channel error.
[task 2022-05-20T16:14:04.742Z] 16:14:04     INFO - [Child 2279, IPC I/O Child] WARNING: [89908DF029C0D9F5.2ED007B6AEC10040]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.744Z] 16:14:04     INFO - [Child 2279, IPC I/O Child] WARNING: [89908DF029C0D9F5.2ED007B6AEC10040]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.745Z] 16:14:04     INFO - [Child 2279, IPC I/O Child] WARNING: [89908DF029C0D9F5.2ED007B6AEC10040]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.745Z] 16:14:04     INFO - [Child 2279, IPC I/O Child] WARNING: [89908DF029C0D9F5.2ED007B6AEC10040]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.745Z] 16:14:04     INFO - [Child 2279, IPC I/O Child] WARNING: [89908DF029C0D9F5.2ED007B6AEC10040]: Ignoring message 'EVENT_MESSAGE' to peer 1.1 due to a missing broker: file /builds/worker/checkouts/gecko/ipc/glue/NodeController.cpp:352
[task 2022-05-20T16:14:04.745Z] 16:14:04     INFO - Exiting due to channel error.
[task 2022-05-20T16:14:04.745Z] 16:14:04     INFO - Exiting due to channel error.
[task 2022-05-20T16:14:04.753Z] 16:14:04    ERROR - TEST-UNEXPECTED-FAIL | dom/canvas/test/reftest/webgl-color-test.html?frame=6&readback&aa&________&_______&_____ | application terminated with exit code 11
[task 2022-05-20T16:14:04.770Z] 16:14:04     INFO - REFTEST INFO | Copy/paste: /builds/worker/fetches/minidump-stackwalk/minidump-stackwalk --symbols-url=https://symbols.mozilla.org/ --human /tmp/tmpgin3x94g.mozrunner/minidumps/77d93b35-4cce-9fcd-892e-a67201057456.dmp /builds/worker/workspace/build/symbols
[task 2022-05-20T16:14:07.482Z] 16:14:07     INFO - REFTEST INFO | Saved minidump as /builds/worker/workspace/build/blobber_upload_dir/77d93b35-4cce-9fcd-892e-a67201057456.dmp
[task 2022-05-20T16:14:07.483Z] 16:14:07     INFO - REFTEST INFO | Saved app info as /builds/worker/workspace/build/blobber_upload_dir/77d93b35-4cce-9fcd-892e-a67201057456.extra
[task 2022-05-20T16:14:07.775Z] 16:14:07     INFO - REFTEST PROCESS-CRASH | dom/canvas/test/reftest/webgl-color-test.html?frame=6&readback&aa&________&_______&_____ | application crashed [@ mozilla::WebGLContext::LoseLruContextIfLimitExceeded()]
[task 2022-05-20T16:14:07.776Z] 16:14:07     INFO - Crash dump filename: /tmp/tmpgin3x94g.mozrunner/minidumps/77d93b35-4cce-9fcd-892e-a67201057456.dmp
[task 2022-05-20T16:14:07.776Z] 16:14:07     INFO - Operating system: Linux
[task 2022-05-20T16:14:07.776Z] 16:14:07     INFO -                   4.4.0-1014-aws #14taskcluster1-Ubuntu SMP Tue Apr 3 10:27:00 UTC 2018
[task 2022-05-20T16:14:07.776Z] 16:14:07     INFO - CPU: amd64
[task 2022-05-20T16:14:07.777Z] 16:14:07     INFO -      family 6 model 85 stepping 4
[task 2022-05-20T16:14:07.777Z] 16:14:07     INFO -      2 CPUs
[task 2022-05-20T16:14:07.777Z] 16:14:07     INFO - Linux Ubuntu 18.04 - bionic (Ubuntu 18.04.6 LTS)
[task 2022-05-20T16:14:07.777Z] 16:14:07     INFO - 
[task 2022-05-20T16:14:07.777Z] 16:14:07     INFO - Crash reason:  SIGSEGV / SI_KERNEL
[task 2022-05-20T16:14:07.777Z] 16:14:07     INFO - Crash address: 0x0
[task 2022-05-20T16:14:07.778Z] 16:14:07     INFO - Process uptime: not available
[task 2022-05-20T16:14:07.778Z] 16:14:07     INFO - 
[task 2022-05-20T16:14:07.778Z] 16:14:07     INFO - Thread 27 Compositor (crashed)
[task 2022-05-20T16:14:07.778Z] 16:14:07     INFO -  0  libxul.so!mozilla::WebGLContext::LoseLruContextIfLimitExceeded() [WebGLContext.cpp:57b2916e3c3dfe06106babdccbe31840b2518249 : 693 + 0x6]
[task 2022-05-20T16:14:07.778Z] 16:14:07     INFO -      rax = 0x00007f2d527a43a0    rdx = 0x00007f2d53017d20
[task 2022-05-20T16:14:07.778Z] 16:14:07     INFO -      rcx = 0x000000003d1bc7c9    rbx = 0x000000000000012c
[task 2022-05-20T16:14:07.778Z] 16:14:07     INFO -      rsi = 0xe5e5e5e5e5e5e5e5    rdi = 0x0000000000000000
[task 2022-05-20T16:14:07.779Z] 16:14:07     INFO -      rbp = 0x00007f2d612fe360    rsp = 0x00007f2d612fe2d0
[task 2022-05-20T16:14:07.779Z] 16:14:07     INFO -       r8 = 0x0000000000000000     r9 = 0x00007b0441348b71
[task 2022-05-20T16:14:07.779Z] 16:14:07     INFO -      r10 = 0x00007f2d612fe080    r11 = 0x00007f2d519f0000
[task 2022-05-20T16:14:07.779Z] 16:14:07     INFO -      r12 = 0x00007f2d86dd1bf0    r13 = 0x0000000000000002
[task 2022-05-20T16:14:07.779Z] 16:14:07     INFO -      r14 = 0x00007f2d50ed8a00    r15 = 0x00007f2d612fe520
[task 2022-05-20T16:14:07.779Z] 16:14:07     INFO -      rip = 0x00007f2d81a69c34
[task 2022-05-20T16:14:07.779Z] 16:14:07     INFO -     Found by: given as instruction pointer in context
[task 2022-05-20T16:14:07.780Z] 16:14:07     INFO -  1  libxul.so!mozilla::WebGLContext::Create(mozilla::HostWebGLContext&, mozilla::webgl::InitContextDesc const&, mozilla::webgl::InitContextResult*) [WebGLContext.cpp:57b2916e3c3dfe06106babdccbe31840b2518249 : 582 + 0xf]
[task 2022-05-20T16:14:07.780Z] 16:14:07     INFO -      rbx = 0x00007f2d612fe3f0    rbp = 0x00007f2d612fe450
[task 2022-05-20T16:14:07.780Z] 16:14:07     INFO -      rsp = 0x00007f2d612fe370    r12 = 0x0000000000000001
[task 2022-05-20T16:14:07.780Z] 16:14:07     INFO -      r13 = 0xaaaaaaaaaaaaaaaa    r14 = 0x00007f2d612fe460
[task 2022-05-20T16:14:07.780Z] 16:14:07     INFO -      r15 = 0x00007f2d612fe520    rip = 0x00007f2d81a696fc
[task 2022-05-20T16:14:07.780Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.780Z] 16:14:07     INFO -  2  libxul.so!mozilla::HostWebGLContext::Create(mozilla::HostWebGLContext::OwnerData const&, mozilla::webgl::InitContextDesc const&, mozilla::webgl::InitContextResult*) [HostWebGLContext.cpp:57b2916e3c3dfe06106babdccbe31840b2518249 : 58 + 0x18]
[task 2022-05-20T16:14:07.780Z] 16:14:07     INFO -      rbx = 0x00007f2d612fe460    rbp = 0x00007f2d612fe4a0
[task 2022-05-20T16:14:07.780Z] 16:14:07     INFO -      rsp = 0x00007f2d612fe460    r12 = 0x00007f2d612fe520
[task 2022-05-20T16:14:07.780Z] 16:14:07     INFO -      r13 = 0x00007f2d612fe4b8    r14 = 0x00007f2d612fe4c8
[task 2022-05-20T16:14:07.780Z] 16:14:07     INFO -      r15 = 0x00007f2d612fe5b0    rip = 0x00007f2d81a2c1d8
[task 2022-05-20T16:14:07.781Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.781Z] 16:14:07     INFO -  3  libxul.so!mozilla::dom::WebGLParent::RecvInitialize(mozilla::webgl::InitContextDesc const&, mozilla::webgl::InitContextResult*) [WebGLParent.cpp:57b2916e3c3dfe06106babdccbe31840b2518249 : 18 + 0x16]
[task 2022-05-20T16:14:07.781Z] 16:14:07     INFO -      rbx = 0x00007f2d612fe5b8    rbp = 0x00007f2d612fe500
[task 2022-05-20T16:14:07.781Z] 16:14:07     INFO -      rsp = 0x00007f2d612fe4b0    r12 = 0x0000000000000428
[task 2022-05-20T16:14:07.781Z] 16:14:07     INFO -      r13 = 0x00007f2d612fe4c8    r14 = 0x0000000000000000
[task 2022-05-20T16:14:07.781Z] 16:14:07     INFO -      r15 = 0x00007f2d50bd4ca0    rip = 0x00007f2d81a946e7
[task 2022-05-20T16:14:07.781Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.781Z] 16:14:07     INFO -  4  libxul.so!mozilla::dom::PWebGLParent::OnMessageReceived(IPC::Message const&, mozilla::UniquePtr<IPC::Message, mozilla::DefaultDelete<IPC::Message> >&) [PWebGLParent.cpp: : 366 + 0xa]
[task 2022-05-20T16:14:07.782Z] 16:14:07     INFO -      rbx = 0x00007f2d612fe5b8    rbp = 0x00007f2d612fe680
[task 2022-05-20T16:14:07.782Z] 16:14:07     INFO -      rsp = 0x00007f2d612fe510    r12 = 0x0000000000000428
[task 2022-05-20T16:14:07.782Z] 16:14:07     INFO -      r13 = 0x00007f2d612fe5b0    r14 = 0x00007f2d612fe838
[task 2022-05-20T16:14:07.782Z] 16:14:07     INFO -      r15 = 0x00007f2d50bd4ca0    rip = 0x00007f2d81adfed6
[task 2022-05-20T16:14:07.782Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.783Z] 16:14:07     INFO -  5  libxul.so!mozilla::gfx::PCanvasManagerParent::OnMessageReceived(IPC::Message const&, mozilla::UniquePtr<IPC::Message, mozilla::DefaultDelete<IPC::Message> >&) [PCanvasManagerParent.cpp: : 377 + 0x17]
[task 2022-05-20T16:14:07.783Z] 16:14:07     INFO -      rbx = 0x00007f2d50dfe310    rbp = 0x00007f2d612fe750
[task 2022-05-20T16:14:07.783Z] 16:14:07     INFO -      rsp = 0x00007f2d612fe690    r12 = 0x0000000000000006
[task 2022-05-20T16:14:07.783Z] 16:14:07     INFO -      r13 = 0x00007f2d50dfe310    r14 = 0x00007f2d612fe838
[task 2022-05-20T16:14:07.783Z] 16:14:07     INFO -      r15 = 0x00007f2d612fe6b8    rip = 0x00007f2d80843c91
[task 2022-05-20T16:14:07.784Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.788Z] 16:14:07     INFO -  6  libxul.so!mozilla::ipc::MessageChannel::DispatchSyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&, mozilla::UniquePtr<IPC::Message, mozilla::DefaultDelete<IPC::Message> >&) [MessageChannel.cpp:57b2916e3c3dfe06106babdccbe31840b2518249 : 1748 + 0xf]
[task 2022-05-20T16:14:07.788Z] 16:14:07     INFO -      rbx = 0x00007f2d612fe768    rbp = 0x00007f2d612fe7e0
[task 2022-05-20T16:14:07.789Z] 16:14:07     INFO -      rsp = 0x00007f2d612fe760    r12 = 0x00007f2d530751e8
[task 2022-05-20T16:14:07.789Z] 16:14:07     INFO -      r13 = 0x00007f2d50dfe310    r14 = 0x00007f2d612fe838
[task 2022-05-20T16:14:07.789Z] 16:14:07     INFO -      r15 = 0x00007f2d5c09da00    rip = 0x00007f2d80294406
[task 2022-05-20T16:14:07.789Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.789Z] 16:14:07     INFO -  7  libxul.so!mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::UniquePtr<IPC::Message, mozilla::DefaultDelete<IPC::Message> >) [MessageChannel.cpp:57b2916e3c3dfe06106babdccbe31840b2518249 : 1704 + 0x11]
[task 2022-05-20T16:14:07.789Z] 16:14:07     INFO -      rbx = 0x0000000000000001    rbp = 0x00007f2d612fe8b0
[task 2022-05-20T16:14:07.790Z] 16:14:07     INFO -      rsp = 0x00007f2d612fe7f0    r12 = 0x00007f2d547ac200
[task 2022-05-20T16:14:07.790Z] 16:14:07     INFO -      r13 = 0x0000000000000000    r14 = 0x00007f2d612fe8c8
[task 2022-05-20T16:14:07.790Z] 16:14:07     INFO -      r15 = 0x00007f2d530751e8    rip = 0x00007f2d802936b2
[task 2022-05-20T16:14:07.790Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.791Z] 16:14:07     INFO -  8  libxul.so!mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::ipc::MessageChannel::MessageTask&) [MessageChannel.cpp:57b2916e3c3dfe06106babdccbe31840b2518249 : 1506 + 0x1f]
[task 2022-05-20T16:14:07.791Z] 16:14:07     INFO -      rbx = 0x00007f2d612fe8c8    rbp = 0x00007f2d612fe900
[task 2022-05-20T16:14:07.791Z] 16:14:07     INFO -      rsp = 0x00007f2d612fe8c0    r12 = 0x00007f2d5114b4f0
[task 2022-05-20T16:14:07.791Z] 16:14:07     INFO -      r13 = 0x0000000000000000    r14 = 0x00007f2d5c09da00
[task 2022-05-20T16:14:07.791Z] 16:14:07     INFO -      r15 = 0x00007f2d530751e8    rip = 0x00007f2d80293a53
[task 2022-05-20T16:14:07.791Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.792Z] 16:14:07     INFO -  9  libxul.so!mozilla::ipc::MessageChannel::MessageTask::Run() [MessageChannel.cpp:57b2916e3c3dfe06106babdccbe31840b2518249 : 1604 + 0x15]
[task 2022-05-20T16:14:07.792Z] 16:14:07     INFO -      rbx = 0x00007f2d5114b480    rbp = 0x00007f2d612fe940
[task 2022-05-20T16:14:07.792Z] 16:14:07     INFO -      rsp = 0x00007f2d612fe910    r12 = 0x00007f2d612fe980
[task 2022-05-20T16:14:07.792Z] 16:14:07     INFO -      r13 = 0x00007f2d90798388    r14 = 0x00007f2d547ac200
[task 2022-05-20T16:14:07.793Z] 16:14:07     INFO -      r15 = 0x00007f2d612fe918    rip = 0x00007f2d80294052
[task 2022-05-20T16:14:07.793Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.794Z] 16:14:07     INFO - 10  libxul.so!nsThread::ProcessNextEvent(bool, bool*) [nsThread.cpp:57b2916e3c3dfe06106babdccbe31840b2518249 : 1174 + 0x10]
[task 2022-05-20T16:14:07.794Z] 16:14:07     INFO -      rbx = 0x00007f2d612fe9f0    rbp = 0x00007f2d612fea80
[task 2022-05-20T16:14:07.794Z] 16:14:07     INFO -      rsp = 0x00007f2d612fe950    r12 = 0x00007f2d612fe980
[task 2022-05-20T16:14:07.794Z] 16:14:07     INFO -      r13 = 0x00007f2d90798388    r14 = 0x00007f2d90798260
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO -      r15 = 0xaaaaaaaaaaaaaaaa    rip = 0x00007f2d7fb567d2
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO - 11  libxul.so!NS_ProcessNextEvent(nsIThread*, bool) [nsThreadUtils.cpp:57b2916e3c3dfe06106babdccbe31840b2518249 : 465 + 0xe]
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO -      rbx = 0x0000000000000000    rbp = 0x00007f2d612feab0
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO -      rsp = 0x00007f2d612fea90    r12 = 0x0000000000000000
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO -      r13 = 0x00007f2d7922b5e0    r14 = 0x00007f2d612fea97
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO -      r15 = 0x00007f2d90798260    rip = 0x00007f2d7fb5ac71
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO - 12  libxul.so!mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) [MessagePump.cpp:57b2916e3c3dfe06106babdccbe31840b2518249 : 300 + 0x9]
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO -      rbx = 0x00007f2d612febb8    rbp = 0x00007f2d612feb00
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO -      rsp = 0x00007f2d612feac0    r12 = 0x0000000000000000
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO -      r13 = 0x00007f2d7922b5e0    r14 = 0x00007f2d7922b5c0
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO -      r15 = 0x00007f2d90798260    rip = 0x00007f2d8029751a
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO - 13  libxul.so!MessageLoop::RunInternal() [message_loop.cc:57b2916e3c3dfe06106babdccbe31840b2518249 : 380 + 0x16]
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO -      rbx = 0x00007f2d612febb8    rbp = 0x00007f2d612feb40
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO -      rsp = 0x00007f2d612feb10    r12 = 0x00007f2d612febb8
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO -      r13 = 0x000000000000000a    r14 = 0x00007f2d612feb50
[task 2022-05-20T16:14:07.795Z] 16:14:07     INFO -      r15 = 0x00007f2d90798260    rip = 0x00007f2d80239b37
[task 2022-05-20T16:14:07.796Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.796Z] 16:14:07     INFO - 14  libxul.so!MessageLoop::Run() [message_loop.cc:57b2916e3c3dfe06106babdccbe31840b2518249 : 355 + 0x7]
[task 2022-05-20T16:14:07.796Z] 16:14:07     INFO -      rbx = 0x00007f2d612febb8    rbp = 0x00007f2d612feb80
[task 2022-05-20T16:14:07.796Z] 16:14:07     INFO -      rsp = 0x00007f2d612feb50    r12 = 0x00007f2d612febb8
[task 2022-05-20T16:14:07.796Z] 16:14:07     INFO -      r13 = 0x000000000000000a    r14 = 0x00007f2d612feb50
[task 2022-05-20T16:14:07.796Z] 16:14:07     INFO -      r15 = 0x00007f2d90798260    rip = 0x00007f2d80239a91
[task 2022-05-20T16:14:07.796Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.796Z] 16:14:07     INFO - 15  libxul.so!nsThread::ThreadFunc(void*) [nsThread.cpp:57b2916e3c3dfe06106babdccbe31840b2518249 : 378 + 0x7]
[task 2022-05-20T16:14:07.796Z] 16:14:07     INFO -      rbx = 0x00007f2d907982a8    rbp = 0x00007f2d612fedb0
[task 2022-05-20T16:14:07.796Z] 16:14:07     INFO -      rsp = 0x00007f2d612feb90    r12 = 0x00007f2d612febb8
[task 2022-05-20T16:14:07.796Z] 16:14:07     INFO -      r13 = 0x000000000000000a    r14 = 0x00007f2d907982b0
[task 2022-05-20T16:14:07.796Z] 16:14:07     INFO -      r15 = 0x00007f2d90798260    rip = 0x00007f2d7fb5311a
[task 2022-05-20T16:14:07.796Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.796Z] 16:14:07     INFO - 16  libnspr4.so!_pt_root [ptthread.c:57b2916e3c3dfe06106babdccbe31840b2518249 : 201 + 0x6]
[task 2022-05-20T16:14:07.796Z] 16:14:07     INFO -      rbx = 0x00007f2d6e209dc0    rbp = 0x00007f2d612fee00
[task 2022-05-20T16:14:07.796Z] 16:14:07     INFO -      rsp = 0x00007f2d612fedc0    r12 = 0x00007f2d612ff630
[task 2022-05-20T16:14:07.796Z] 16:14:07     INFO -      r13 = 0x0000000000000002    r14 = 0x00000000000008ba
[task 2022-05-20T16:14:07.796Z] 16:14:07     INFO -      r15 = 0x00007f2d612ff700    rip = 0x00007f2d91cb5660
[task 2022-05-20T16:14:07.797Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.797Z] 16:14:07     INFO - 17  firefox-bin!set_alt_signal_stack_and_start(PthreadCreateParams*) [pthread_create_interposer.cpp:57b2916e3c3dfe06106babdccbe31840b2518249 : 80 + 0x5]
[task 2022-05-20T16:14:07.797Z] 16:14:07     INFO -      rbx = 0x00007f2d6e303000    rbp = 0x00007f2d612feeb0
[task 2022-05-20T16:14:07.797Z] 16:14:07     INFO -      rsp = 0x00007f2d612fee10    r12 = 0x00007f2d91cb54eb
[task 2022-05-20T16:14:07.797Z] 16:14:07     INFO -      r13 = 0x0000000000000000    r14 = 0x00007f2d6e209dc0
[task 2022-05-20T16:14:07.797Z] 16:14:07     INFO -      r15 = 0x00007f2d612fee20    rip = 0x000055f09677a107
[task 2022-05-20T16:14:07.797Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.797Z] 16:14:07     INFO - 18  libpthread.so.0!start_thread [pthread_create.c : 463 + 0xc]
[task 2022-05-20T16:14:07.797Z] 16:14:07     INFO -      rbx = 0x0000000000000000    rbp = 0x0000000000000000
[task 2022-05-20T16:14:07.797Z] 16:14:07     INFO -      rsp = 0x00007f2d612feec0    r12 = 0x00007f2d612fef80
[task 2022-05-20T16:14:07.798Z] 16:14:07     INFO -      r13 = 0x0000000000000000    r14 = 0x00007f2d6e231cf0
[task 2022-05-20T16:14:07.798Z] 16:14:07     INFO -      r15 = 0x00007ffec3847d30    rip = 0x00007f2d919246db
[task 2022-05-20T16:14:07.798Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.798Z] 16:14:07     INFO - 19  libc.so.6!__GI___clone + 0x3e
[task 2022-05-20T16:14:07.798Z] 16:14:07     INFO -      rbx = 0x00007f2d612ff700    rbp = 0x0000000000000000
[task 2022-05-20T16:14:07.798Z] 16:14:07     INFO -      rsp = 0x00007f2d612fef80    r12 = 0x00007f2d612fef80
[task 2022-05-20T16:14:07.798Z] 16:14:07     INFO -      r13 = 0x0000000000000000    r14 = 0x00007f2d6e231cf0
[task 2022-05-20T16:14:07.798Z] 16:14:07     INFO -      r15 = 0x00007ffec3847d30    rip = 0x00007f2d90b0aa3f
[task 2022-05-20T16:14:07.798Z] 16:14:07     INFO -     Found by: call frame info
[task 2022-05-20T16:14:07.799Z] 16:14:07     INFO - 
[task 2022-05-20T16:14:07.799Z] 16:14:07     INFO - Thread 0 firefox-bin

Clearly a UAF (see rsi) but we haven't seen any of the ASAN builds hit this crash. Maybe it's racey?

Group: core-security → gfx-core-security
Keywords: csectype-uaf

Bug 1764999 and bug 1769739 also look like races involving sWebglLru.

See Also: → 1764999, 1769739

Bug 1770614 is a UAF in an ASan build maybe also involving this linked list.

These are probably all the same thing, but I'll mark them all as sec-high for now.

Keywords: sec-high

I'll mark it as depending on the one bug.

Depends on: 1769739
Keywords: sec-highsec-other
Whiteboard: [dupe bug 1769739?]
See Also: 1769739

Fixed by bug 1769739, hopefully.

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
Group: gfx-core-security
You need to log in before you can comment on or make changes to this bug.