Open Bug 1919017 Opened 1 year ago Updated 3 months ago

[FreeBSD] Crash in libxul

Categories

(Core :: Graphics: CanvasWebGL, defect)

Product:
Core
Component:
Graphics: CanvasWebGL
Version:
Firefox 128
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: cartesius68, Unassigned, NeedInfo)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0

Steps to reproduce:

FreeBSD 14.1 running Firefox ESR 128.2.0. Go to basemark 3 website, run benchmark and crash in a couple of seconds.

Actual results:

Entire Firefox crashed on SIGSEGV. Here's the backtrace:

(lldb) cont
Process 2164 resuming
(lldb) bt
error: Command requires a process which is currently stopped.
Process 2164 stopped
* thread #47, name = 'CanvasRenderer', stop reason = signal SIGSEGV: address not mapped to object (fault address: 0x0)
    frame #0: 0x0000000000000000
error: memory read failed for 0x0
(lldb) bt
* thread #47, name = 'CanvasRenderer', stop reason = signal SIGSEGV: address not mapped to object (fault address: 0x0)
  * frame #0: 0x0000000000000000
    frame #1: 0x00000ce3d629278e libxul.so`DMABufSurfaceRGBA::CreateTexture(mozilla::gl::GLContext*, int) + 3598
    frame #2: 0x00000ce3d3b2894c libxul.so`mozilla::gl::SurfaceFactory_DMABUF::CanCreateSurface(mozilla::gl::GLContext&) + 268
    frame #3: 0x00000ce3d3b28682 libxul.so`mozilla::gl::SurfaceFactory_DMABUF::Create(mozilla::gl::GLContext&) + 66
    frame #4: 0x00000ce3d3b55c99 libxul.so`mozilla::gl::SurfaceFactory::Create(mozilla::gl::GLContext*, mozilla::layers::TextureType) + 73
    frame #5: 0x00000ce3d4ef6fdf libxul.so`mozilla::InitSwapChain(mozilla::gl::GLContext&, mozilla::gl::SwapChain&, mozilla::layers::TextureType, bool) + 63
    frame #6: 0x00000ce3d4ef71ce libxul.so`mozilla::WebGLContext::Present(mozilla::WebGLFramebuffer*, mozilla::layers::TextureType, bool, mozilla::webgl::SwapChainOptions const&) + 286
    frame #7: 0x00000ce3d4f45449 libxul.so`auto bool (*mozilla::MethodDispatcher<mozilla::WebGLMethodDispatcher, 52ul, void (mozilla::HostWebGLContext::*)(unsigned long, mozilla::layers::TextureType, bool, mozilla::webgl::SwapChainOptions const&) const, &mozilla::HostWebGLContext::Present(unsigned long, mozilla::layers::TextureType, bool, mozilla::webgl::SwapChainOptions const&) const>::DispatchCommandFuncById<mozilla::HostWebGLContext>(unsigned long))(mozilla::HostWebGLContext&, mozilla::webgl::RangeConsumerView&)::'lambda'(mozilla::HostWebGLContext&, mozilla::webgl::RangeConsumerView&)::operator()(mozilla::HostWebGLContext&, mozilla::webgl::RangeConsumerView&) const::'lambda'(auto&...)::operator()<unsigned long, mozilla::layers::TextureType, bool, mozilla::webgl::SwapChainOptions>(auto&...) const + 1177
    frame #8: 0x00000ce3d4f44f95 libxul.so`bool (*mozilla::MethodDispatcher<mozilla::WebGLMethodDispatcher, 52ul, void (mozilla::HostWebGLContext::*)(unsigned long, mozilla::layers::TextureType, bool, mozilla::webgl::SwapChainOptions const&) const, &mozilla::HostWebGLContext::Present(unsigned long, mozilla::layers::TextureType, bool, mozilla::webgl::SwapChainOptions const&) const>::DispatchCommandFuncById<mozilla::HostWebGLContext>(unsigned long))(mozilla::HostWebGLContext&, mozilla::webgl::RangeConsumerView&)::'lambda'(mozilla::HostWebGLContext&, mozilla::webgl::RangeConsumerView&)::__invoke(mozilla::HostWebGLContext&, mozilla::webgl::RangeConsumerView&) + 85
    frame #9: 0x00000ce3d4f2a25d libxul.so`mozilla::dom::WebGLParent::RecvDispatchCommands(mozilla::ipc::BigBuffer&&, unsigned long) + 429
    frame #10: 0x00000ce3d4f9b93d libxul.so`mozilla::dom::PWebGLParent::OnMessageReceived(IPC::Message const&) + 973
    frame #11: 0x00000ce3d3dfd6e6 libxul.so`mozilla::gfx::PCanvasManagerParent::OnMessageReceived(IPC::Message const&) + 406
    frame #12: 0x00000ce3d3785af1 libxul.so`mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) + 193
    frame #13: 0x00000ce3d3784d08 libxul.so`mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::UniquePtr<IPC::Message, mozilla::DefaultDelete<IPC::Message>>) + 360
    frame #14: 0x00000ce3d3785097 libxul.so`mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::ipc::MessageChannel::MessageTask&) + 247
    frame #15: 0x00000ce3d3785514 libxul.so`mozilla::ipc::MessageChannel::MessageTask::Run() + 132
    frame #16: 0x00000ce3d322c106 libxul.so`nsThread::ProcessNextEvent(bool, bool*) + 1190
    frame #17: 0x00000ce3d32303af libxul.so`NS_ProcessNextEvent(nsIThread*, bool) + 79
    frame #18: 0x00000ce3d3788768 libxul.so`mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) + 232
    frame #19: 0x00000ce3d3742317 libxul.so`MessageLoop::Run() + 87
    frame #20: 0x00000ce3d3229ac8 libxul.so`nsThread::ThreadFunc(void*) + 280
    frame #21: 0x00000ce3db7f14e9 libnspr4.so`___lldb_unnamed_symbol1038 + 217
    frame #22: 0x00000ce3a358eb05 libthr.so.3`___lldb_unnamed_symbol565 + 309
(lldb)

Expected results:

No crash.

The Bugbug bot thinks this bug should belong to the 'Core::Graphics: CanvasWebGL' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Graphics: CanvasWebGL
Product: Firefox → Core

Nobody?

Cross-reference: Firefox crashing | The FreeBSD Forums

(In reply to Cartesius68 from comment #0)

Steps to reproduce:

FreeBSD 14.1 running Firefox ESR 128.2.0. Go to basemark 3 website, run benchmark and crash in a couple of seconds.

https://web.basemark.com/

Not reproducible here.

root@fourteen-pkgbase:~ # pkg iinfo firefox
firefox-esr-128.2.0_2,1
root@fourteen-pkgbase:~ # freebsd-version -kru ; uname -mvKU
14.1-RELEASE-p5
14.1-RELEASE-p5
14.1-RELEASE-p5
FreeBSD 14.1-RELEASE-p5 releng/14.1-n267718-524a425d30fc GENERIC amd64 1401000 1401000
root@fourteen-pkgbase:~ # pkg -vv | grep -B 1 -e url -e enabled
  FreeBSD-ports: { 
    url             : "pkg+https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly",
    enabled         : yes,
--
  FreeBSD-base: { 
    url             : "pkg+https://pkg.FreeBSD.org/FreeBSD:14:amd64/base_release_1",
    enabled         : yes,
root@fourteen-pkgbase:~ #

Unfortunately, easily reproducible on my machine. For completeness, I use:

nvidia-drm-kmod-550.54.14

Still crashes in firefox-128.3.0esr on FreeBSD 14.1-RELEASE-p5.
Root cause: crash in libxul.

The severity field is not set for this bug.
:jgilbert, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(jgilbert)

Redirect a needinfo that is pending on an inactive user to the triage owner.
:ahale, since the bug doesn't have a severity set, could you please set the severity or close the bug?

For more information, please visit BugBot documentation.

Flags: needinfo?(jgilbert) → needinfo?(ahale)
You need to log in before you can comment on or make changes to this bug.