Closed Bug 1786219 Opened 2 years ago Closed 2 years ago

Crash in [@ wl_proxy_marshal_constructor | mozilla::widget::WaylandShmPool::Create]

Categories

(Core :: Widget: Gtk, defect)

Firefox 105
defect

Tracking

()

RESOLVED DUPLICATE of bug 1792082

People

(Reporter: matt.fagnani, Unassigned)

References

(Blocks 1 open bug)

Details

Crash Data

I started Firefox Nightly 105.0a1 20220821185924 on Wayland with WebRender compositing in Plasma 5.25.4 on Wayland in a Fedora 37 KDE Plasma installation. I clicked on Bookmarks in the Menu bar. Firefox crashed in wl_proxy_marshal_constructor at /usr/src/debug/wayland-1.21.0-1.fc37.x86_64/src/wayland-client.c:935 in libwayland-client-1.21.0-1.fc37.x86_64. This crash hasn't usually happened. I reported a crash in 95.0a1 with the same signature which was automatically closed at https://bugzilla.mozilla.org/show_bug.cgi?id=1736268

Crash report: https://crash-stats.mozilla.org/report/index/12645714-ff42-41b7-9837-b63090220822

Reason: SIGSEGV / SEGV_MAPERR

Top 10 frames of crashing thread:

0 libwayland-client.so.0 wl_proxy_marshal_constructor /usr/src/debug/wayland-1.21.0-1.fc37.x86_64/src/wayland-client.c:935
1 libxul.so mozilla::widget::WaylandShmPool::Create widget/gtk/WaylandBuffer.cpp:121
2 libxul.so mozilla::widget::WaylandBufferSHM::Create widget/gtk/WaylandBuffer.cpp:194
3 libxul.so mozilla::widget::WindowSurfaceWaylandMB::ObtainBufferFromPool widget/gtk/WindowSurfaceWaylandMultiBuffer.cpp:328
4 libxul.so mozilla::widget::WindowSurfaceWaylandMB::Lock widget/gtk/WindowSurfaceWaylandMultiBuffer.cpp:199
5 libxul.so mozilla::widget::WindowSurfaceProvider::StartRemoteDrawingInRegion widget/gtk/WindowSurfaceProvider.cpp:147
6 libxul.so mozilla::wr::RenderCompositorSWGL::AllocateMappedBuffer gfx/webrender_bindings/RenderCompositorSWGL.cpp:73
7 libxul.so mozilla::wr::RenderCompositorSWGL::StartCompositing gfx/webrender_bindings/RenderCompositorSWGL.cpp:186
8 libxul.so <webrender::compositor::sw_compositor::SwCompositor as webrender::composite::Compositor>::start_compositing gfx/wr/webrender/src/compositor/sw_compositor.rs:1430
9 libxul.so webrender::renderer::Renderer::draw_frame gfx/wr/webrender/src/renderer/mod.rs:4285
See Also: → 1736268

The bug has a crash signature, thus the bug will be considered confirmed.

Status: UNCONFIRMED → NEW
Ever confirmed: true

A crash with the same signature happened when I clicked Help in the Menu bar in 105.0a1 20220822095220 on Wayland in Plasma 5.25.4
https://crash-stats.mozilla.org/report/index/88335e6c-9e0c-4fdf-be59-17ce40220823 The Help menu didn't show up before the crash.

/usr/src/debug/wayland-1.21.0-1.fc37.x86_64/src/wayland-client.c:935 was
wl_argument_from_va_list(proxy->object.interface->methods[opcode].signature,
args, WL_CLOSURE_MAX_ARGS, ap);

A race condition might be involved in which memory was infrequently freed before it was used in that line. The crash address was 0x0000000000000000, so a null pointer dereference might have happened.

See Also: → 1792082

Let's solve it at Bug 1792082.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.