Closed Bug 1809350 Opened 2 years ago Closed 2 years ago

Firefox Wayland crashes when requestPointerLock is called while already locked (zwp_pointer_constraints_v1@55: error 0: the pointer was already requested to be locked or confined on that surface)

Categories

(Core :: Widget: Gtk, defect)

Product:
Core
Component:
Widget: Gtk
Version:
Firefox 108
Platform:
Desktop
Linux
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
111 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- wontfix
firefox108 --- wontfix
firefox109 --- wontfix
firefox110 --- verified
firefox111 --- verified

People

(Reporter: brewerofbeer, Assigned: stransky)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: crash, regression, topcrash)

Crash Data

Attachments

(3 files, 1 obsolete file)

pastebin.html
683 bytes, text/html
Details
crash.html
657 bytes, text/html
Details
Bug 1809350 [Wayland] Unlock mouse pointer before repeated lock r?emilio
48 bytes, text/x-phabricator-request
pascalc
: approval-mozilla-beta+
Details | Review

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:108.0) Gecko/20100101 Firefox/108.0

Steps to reproduce:

KDE / Plasma / KWin on Arch Linux with proprietary NVidia drivers

Using Firefox on Wayland, trigger requestPointerLock while site already has pointer lock. Example here:

https://pastebin.com/27kgcFM1

Actual results:

Firefox crashes. Here are the last few log messages with Wayland debugging on:

[1621939.326] wl_callback@76.done(30121746)
[1621939.347] -> wl_surface@45.frame(new id wl_callback@76)
[1621939.354] -> wl_surface@45.commit()
[1621939.456] -> wl_compositor@51.create_region(new id wl_region@74)
[1621939.471] -> wl_region@74.add(0, 0, 1920, 1015)
[1621939.480] -> wl_surface@45.set_opaque_region(wl_region@74)
[1621939.491] -> wl_region@74.destroy()
[1621939.507] -> wl_surface@45.commit()
[1621940.051] -> zwp_pointer_constraints_v1@54.lock_pointer(new id zwp_locked_pointer_v1@79, wl_surface@40, wl_pointer@18, nil, 2)
[1621940.070] -> zwp_relative_pointer_manager_v1@55.get_relative_pointer(new id zwp_relative_pointer_v1@77, wl_pointer@18)
[1621940.570] -> wl_surface@45.attach(wl_buffer@67, 0, 0)
[1621940.586] -> wl_surface@45.damage(0, 0, 1920, 1015)
[1621940.594] -> wl_surface@45.commit()
[1621940.602] -> wl_display@1.sync(new id wl_callback@81)
[1621940.699] wl_display@1.delete_id(74)
[1621940.701] wl_display@1.error(zwp_pointer_constraints_v1@54, 1, "the surface is already constrained")
Gdk-Message: 16:35:00.593: Error reading events from display: Connection reset by peer
Exiting due to channel error.
Exiting due to channel error.
Exiting due to channel error.
Exiting due to channel error.
Exiting due to channel error.
Exiting due to channel error.
Exiting due to channel error.

Expected results:

Firefox doesn't crash.

The Bugbug bot thinks this bug should belong to the 'Core::Widget: Gtk' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Widget: Gtk
Product: Firefox → Core
Attached file pastebin.html (obsolete) —
Attached file pastebin.html
Attachment #9311532 - Attachment is obsolete: true
Attached file crash.html

Gnome Wayland, Debian Testing, Intel
bp-bf35c60e-2690-4b48-9b2d-392730230110

bad = Crash if you click into the black box.
$ MOZ_DISABLE_CONTENT_SANDBOX=1 MOZ_ENABLE_WAYLAND=1 mozregression --good 2021-01-01 --bad 2023-01-09 -a https://bugzilla.mozilla.org/attachment.cgi?id=9311534

4:51.13 INFO: Last good revision: 683c2a81d1a3230a9b2ae93162277244a99d4921 (2021-04-21)
4:51.13 INFO: First bad revision: 33143ef17c70c76f39ac75fe51d3ae9342365845 (2021-04-22)
4:51.13 INFO: Pushlog:
https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=683c2a81d1a3230a9b2ae93162277244a99d4921&tochange=33143ef17c70c76f39ac75fe51d3ae9342365845

This one sounds relevant:

94659f852c6663b297d2476fef3d4f19e2fd1ae9 Greg V — Bug 1580595 - [Wayland] Add support for pointer lock via relative-pointer and pointer-constraints r=stransky,rmader,emilio

Blocks: wayland
Status: UNCONFIRMED → NEW
Crash Signature: [@ wl_log ]
Has STR: --- → yes
status-firefox108: --- → wontfix
status-firefox109: --- → wontfix
status-firefox110: --- → affected
status-firefox-esr102: --- → fix-optional
Ever confirmed: true
Keywords: crash
OS: Unspecified → Linux
Hardware: Unspecified → Desktop
Summary: Firefox Wayland crashes when requestPointerLock is called while already locked → Firefox Wayland crashes when requestPointerLock is called while already locked (zwp_pointer_constraints_v1@55: error 0: the pointer was already requested to be locked or confined on that surface)

Thanks for the reproducer, will have a look.

Flags: needinfo?(robert.mader)

The bug is linked to a topcrash signature, which matches the following criterion:

  • Top 5 desktop browser crashes on Linux on release

:stransky, could you consider increasing the severity of this top-crash bug?

For more information, please visit auto_nag documentation.

Flags: needinfo?(stransky)
Keywords: topcrash
Assignee: nobody → stransky
Status: NEW → ASSIGNED
Pushed by stransky@redhat.com: https://hg.mozilla.org/integration/autoland/rev/650a44964036 [Wayland] Unlock mouse pointer before repeated lock r=emilio

Thanks!

Flags: needinfo?(robert.mader)
Flags: needinfo?(stransky)
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 111 Branch

Based on comment #5, this bug contains a bisection range found by mozregression. However, the Regressed by field is still not filled.

:stransky, if possible, could you fill the Regressed by field?

For more information, please visit auto_nag documentation.

Flags: needinfo?(stransky)
Keywords: regression

Regression comes from original implementation.

Flags: needinfo?(stransky)
Regressed by: 1580595

Set release status flags based on info from the regressing bug 1580595

status-firefox111: --- → affected

Should we uplit to beta or can it ride the 111 train? Thanks

Flags: needinfo?(stransky)

Comment on attachment 9312423 [details]
Bug 1809350 [Wayland] Unlock mouse pointer before repeated lock r?emilio

Beta/Release Uplift Approval Request

  • User impact if declined: Crash on Wayland when mouse pointer is captured twice.
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Release mouse lock before we get another one.
  • String changes made/needed:
  • Is Android affected?: No
Flags: needinfo?(stransky)
Attachment #9312423 - Flags: approval-mozilla-beta?

Comment on attachment 9312423 [details]
Bug 1809350 [Wayland] Unlock mouse pointer before repeated lock r?emilio

Approved for 110 beta 3, thanks

Attachment #9312423 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
QA Whiteboard: [qa-triaged]

Reproduced the issue on Ubuntu 22.04 Gnome Wayland with Firefox 110.0a1 (2023-01-09) by opening the test case from comment 4 and clicking the box (crash id).
I can no longer reproduce the crash by clicking the box in the test case with Firefox 111.0a1 (2023-01-19) and 110.0b3 on Ubuntu 22.04 with Wayland.

Since I don't have Arch Linux available can you please verify that Firefox Beta and Firefox Nightly are no longer crashing on your end as well? Thank you in advance!

Flags: needinfo?(brewerofbeer)

No crash for me on Arch with 110.0b3 or 111.0a1 using the attachment from comment 4. Thanks.

Flags: needinfo?(brewerofbeer)

(In reply to rbrauer from comment #20)

No crash for me on Arch with 110.0b3 or 111.0a1 using the attachment from comment 4. Thanks.

Thank you!

I am going to close this based on comment 20 and comment 19.

Status: RESOLVED → VERIFIED
QA Whiteboard: [qa-triaged]
status-firefox110: fixedverified
status-firefox111: fixedverified
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: