Open Bug 1786064 Opened 2 years ago Updated 2 days ago

NativeLayerRootWayland: Crash in [@ mozilla::detail::MutexImpl::lock | MozContainerSurfaceLock::MozContainerSurfaceLock]

Categories

(Core :: Widget: Gtk, defect, P5)

Unspecified
Linux
defect

Tracking

()

Tracking Status
firefox-esr91 --- unaffected
firefox-esr102 --- unaffected
firefox104 --- unaffected
firefox105 --- disabled
firefox106 --- disabled
firefox107 --- disabled

People

(Reporter: mccr8, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Crash report: https://crash-stats.mozilla.org/report/index/e143420a-6426-416f-8ecc-ee1af0220818

Reason: SIGSEGV / SEGV_MAPERR

Top 10 frames of crashing thread:

0 libc.so.6 __GI___pthread_mutex_lock /usr/src/debug/glibc-2.35-15.fc36.x86_64/nptl/pthread_mutex_lock.c:80
1 firefox-bin mozilla::detail::MutexImpl::lock mozglue/misc/Mutex_posix.cpp:118
2 libxul.so MozContainerSurfaceLock::MozContainerSurfaceLock widget/gtk/MozContainerWayland.cpp:109
3 libxul.so mozilla::layers::NativeLayerRootWayland::UpdateLayersOnMainThread gfx/layers/NativeLayerWayland.cpp:295
4 libxul.so mozilla::detail::RunnableMethodImpl<mozilla::layers::NativeLayerRootWayland*, void  xpcom/threads/nsThreadUtils.h:1200
5 libxul.so mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:851
6 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1205
7 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:85
8 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:356
9 libxul.so nsBaseAppShell::Run widget/nsBaseAppShell.cpp:150

This looks like some kind of Wayland-related null deref.

Flags: needinfo?(stransky)

This is the set of patches in the first build it showed up in, 20220817091029. Bug 1785072 is in that range, but I don't know if it could have caused this issue.

Attached file about:support info
I've hit this bug a few times, it happens whenever an extension pop over is closed by clicking on the open tab or clicking on the extension icon again. It doesn't happen most of the time if the pop up is closed by clicking on a new tab however, or if the pop up is opened on a new tab. It also doesn't happen with built-in menus, such as downloads or the Firefox accounts pop up, only extensions. I'm running Firefox 105.0a1 build 20220822095220 on Sway 1.7 with an Intel , on Arch Linux fully updated as of this comment

It's because you have enabled NativeLayerRootWayland - it's supposed to be disabled. Robert, may mContainer be already released internally, i.e. this is called after after nsWindow::Destroy() ?

Flags: needinfo?(stransky) → needinfo?(continuation)
Flags: needinfo?(continuation) → needinfo?(robert.mader)

(In reply to Martin Stránský [:stransky] (ni? me) from comment #3)

It's because you have enabled NativeLayerRootWayland - it's supposed to be disabled. Robert, may mContainer be already released internally, i.e. this is called after after nsWindow::Destroy() ?

This may well be - will look at it. @Robert Holt: for the time being disabling gfx.webrender.compositor.force-enabled is probably the best idea. The compositor-integration backend will not become the default in it's current form.

Flags: needinfo?(robert.mader)
See Also: → 1791156
See Also: 1791156
Priority: -- → P5
Summary: Crash in [@ mozilla::detail::MutexImpl::lock | MozContainerSurfaceLock::MozContainerSurfaceLock] → NativeLayerRootWayland: Crash in [@ mozilla::detail::MutexImpl::lock | MozContainerSurfaceLock::MozContainerSurfaceLock]
Crash Signature: [@ mozilla::detail::MutexImpl::lock | MozContainerSurfaceLock::MozContainerSurfaceLock] → [@ mozilla::detail::MutexImpl::lock | MozContainerSurfaceLock::MozContainerSurfaceLock] [@ mozilla::detail::MutexImpl::mutexLock | mozilla::detail::MutexImpl::lock | mozilla::OffTheBooksMutex::Lock] [@ mozilla::detail::MutexImpl::mutexLock | mozilla::de…

A couple more signatures from experimental/testing Debian builds.

Crash Signature: mozilla::detail::MutexImpl::lock | mozilla::OffTheBooksMutex::Lock | moz_container_wayland_surface_lock] → mozilla::detail::MutexImpl::lock | mozilla::OffTheBooksMutex::Lock | moz_container_wayland_surface_lock] [@ libc.so.6@0x8c0c4 | mozilla::OffTheBooksMutex::Lock | moz_container_wayland_surface_lock] [@ libc.so.6@0x8c150 | mozilla::OffTheBooksMutex::Lock…

Adjusting the signature to anticipate the changes in bug 1816846.

Crash Signature: mozilla::OffTheBooksMutex::Lock | moz_container_wayland_surface_lock] → mozilla::OffTheBooksMutex::Lock | moz_container_wayland_surface_lock] [@ moz_container_wayland_surface_lock]

A couple more recent comments, they seem to confirm the STRs we've already discussed here:

happens whenever trying to open ublock origin and clicking on autofill

Firefox crashes sometimes clicking on bitwarden icon added to the tab bar.

This shows up routinely when I do triage, the problem seem to always be copying something from an extension window, here's a recent comment:

Copied a password from the BitWarden extension -> instant crash

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: