Closed Bug 1853740 Opened 2 years ago Closed 1 year ago

Crash at null in [@ libGLES_mali.so@0x7c6fd4 ]

Categories

(Core :: Graphics: CanvasWebGL, defect, P2)

Product:
Core
Component:
Graphics: CanvasWebGL
Platform:
Unspecified
Android
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox117 --- affected
firefox118 --- affected
firefox119 --- affected

People

(Reporter: tsmith, Unassigned)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

about-support.txt
18.23 KB, text/plain
Details

This is consistently reproducible by visiting the following url:

OS: Unspecified → Android

Tested on my OnePlus 8 5G running Firefox 117.1.0 on Android 11 and I get no crashing. ( Cool site, btw ;) )

Jamie, can you reproduce this?

Severity: -- → S3
Flags: needinfo?(jnicol)
Priority: -- → P2

Crash stats show it only occurs on Pixel 6 family devices. It's possible other Mali devices are affected too but with a different crash address, but I cannot repro on my Pixel 7.

I have a Pixel 6a at home so hopefully should be able to debug it on that.

Hrm, I cannot reproduce on the Pixel 6a. Tyson, is there any specific interaction that has to be done to trigger the crash, or just loading it? Could you please attach your about:support?

Flags: needinfo?(jnicol) → needinfo?(twsmith)
Attached file about-support.txt

Just loading the page triggers the crash on my Pixel 6a.

Flags: needinfo?(twsmith)

FWIW the tab does not crash but I get a notification (that pops behind) saying there has been a crash. If I don't switch to the notification and hit send the report does not get submitted.

This crashes with libGLES_mali.so@0x7ad154 for me on Pixel 7.

Crash Signature: [@ libGLES_mali.so@0x7c6fd4 ] → [@ libGLES_mali.so@0x7c6fd4 ] [@ libGLES_mali.so@0x7ad154 ]

Hrm, I can't crash on either URL with either a Pixel 6a or 7. Is there anything interesting in the logcat? Would mozregression work or does this crash on a year old revision?

Flags: needinfo?(twsmith)
Flags: needinfo?(jschwartzentruber)

I think this is specific to GrapheneOS, which uses an expanded virtual address space and hardened allocator. I'm not sure if we use the system allocator on Android or not, but disabling both features fixes this crash.

Hardened Malloc 48-bit VA Crash
Yes
Hang on launch
Yes
No
  1. https://grapheneos.org/usage#bugs-uncovered-by-security-features
Flags: needinfo?(jschwartzentruber)

I am also using GrapheneOS.

I don't have a dev device to do any testing with unfortunately.

Flags: needinfo?(twsmith)

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: