1986922 - Crash in [@ WasmTrapHandler] (magicdsfilterQuest3.dll)

Status: VERIFIED FIXED

(External Software Affecting Firefox :: Other, defect, P1)

Description

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

Since early August, the crash volume for this signature has tripled. Both Windows and Android are affected, the crash stacks are corrupted. This is observed for all versions.

Ryan: Do you have better insights into this?

Crash report: https://crash-stats.mozilla.org/report/index/fa6d80c4-7c82-49f6-b398-052e60250904

Reason:

EXCEPTION_ACCESS_VIOLATION_EXEC

Top 2 frames:

0  xul.dll  WasmTrapHandler(_EXCEPTION_POINTERS*)  js/src/wasm/WasmSignalHandlers.cpp:564
1  ?  @0x000000ad47ec1aaf

Comment 1

[Ryan Hunt [:rhunt]]

This looks like it could be a duplicate of bug 1978000. The crash you linked to has "magicdsfilterQuest3.dll" loaded too. Looking at a bunch of the user comments on related crash reports, most of them seem to be the same "I was trying to open up a camera in web app and it crashed".

I'm not sure what we can do about this if the issue is coming from this DLL being injected into our processes. I'll think about it.

Comment 2

[Ryan Hunt [:rhunt]]

I believe there are three avenues here:

1. Reproduce this locally and see if we can change something in our code to resolve this
2. Reach out to Facebook and see if they can fix it on their end (if #1 fails)
3. Add them to our DLL block list

Comment 3

[Ryan Hunt [:rhunt]]

I can reproduce this crash locally. Will start debugging it.

Comment 4

[Ryan Hunt [:rhunt]]

STR:

• Install the Meta Quest Link app
• Go to this test page
• Click to view camera

It is crashing for me in the parent process, and even if I disable WebAssembly. Attaching a debugger leads to a stack in WebRTC code without any wasm involved. I'm not sure how the other reporter was seeing WasmTrap in the crash signatures. Will need to look into some of the crash reports closer.

Comment 5

[Ryan Hunt [:rhunt]]

I sampled a bunch of crash reports and they all contain 'magicdsfilterQuest3' as a loaded module. I don't know how to get an exact % of crash reports that contain it using filters/search, but it seems very likely that it's causing this issue.

I haven't made any progress in debugging what's going on here with the DLL. So far I wasn't able to get it to crash with the WasmTrapHandler on the stack. It seems to just be trapping in WebRTC code.

Comment 6

[Ryan Hunt [:rhunt]]

Attachment: Bug 1986922 - Add magicdsfilterQuest3.dll to block list. r?gstoll

Comment 7

[Ryan Hunt [:rhunt]]

I've reached out to Meta about this and they said they would look into it. No updates beyond that yet.

Comment 9

[Jim Mathies [:jimm]]

This is crashing common web apps like Google Meet. Can we go ahead and push this block fix?

Comment 11

[JN]

(just to answer the question posted in the other bug report: yes both my colleague and I have Meta Quest Link installed. )

Comment 12

[BugBot [:suhaib / :marco/ :calixte]]

Copying crash signatures from duplicate bugs.

Comment 13

[JN]

I just tested to add the Meta dlls in the dynamic block list and it indeed solves the crash 100%.
On a sidenote, as a Meta Quest user I don't see why Meta would be legit to inject itself in Firefox when I'm in a online conference on my privacy friendly browser. As a user, I find that adding these dlls to the static block list is a perfectly fine solution.
Of course I may not understand everything underneath this kind of decision, but just wanted to share my pov.

Comment 14

[Andreas Pehrson [:pehrsons] (PTO; back in Jan)]

Not to hijack the bug or anything, but as you mention the root cause is an external DirectShow filter DLL unrelated to wasm. Moving components. Also needinfoing Greg for his take on comment 9 as this crash rate is pretty high for video capture.

I'll note it was reported on Meta's community forums a month ago: https://communityforums.atmeta.com/discussions/OtherTroubleshooting/meta-quest-link-app-causes-firefox-to-crash/1341972
And some more technical details in the later thread https://communityforums.atmeta.com/discussions/dev-quest/meta-quest-links-virtual-camera-causes-third-party-applications-to-crash-windows/1343668:

The crash occurs when DirectShow enumerates the Meta Quest virtual camera. The IBaseFilter object (the fourth parameter) is obtained through the IMoniker::BindToObject() interface, and the crash occurs when releasing this object.

We use libwebrtc's DirectShow-based backend for camera capture on Windows. Our BindToObject call is here.

Comment 15

[Andreas Pehrson [:pehrsons] (PTO; back in Jan)]

(In reply to JN from comment #13)

On a sidenote, as a Meta Quest user I don't see why Meta would be legit to inject itself in Firefox when I'm in a online conference on my privacy friendly browser.

I'll just add that this is a DirectShow filter installed by a user. The DLL gets loaded automatically when accessing DirectShow APIs. These filters are often used to expose various non-standard video input sources as cameras. Think network cameras, virtual cameras, etc.

Comment 16

[Greg Stoll :gstoll]

Yes, you can see on the correlations tab for WasmTrapHandler that 100% of the reports have "magicdsfilterQuest3.dll" loaded. There are a significant number in the other signature too but there's also a lot of "magicdsfilterQuest3s.dll" loaded; could we block that as well?

Anyway, yes, I think we should block this and I can review the change if y'all would like. Thanks!

Comment 17

[JN]

Thanks for the clarification Andreas!
I don't know if it can help, but this crash does not happen with a built-in laptop camera.
I crash only if I plug-in an external USB camera.

Comment 18

[Trevor H]

Just to add to the comments regarding Meta Quest devices. I am experiencing this bug and have a Quest 2 with Oculus software installed.

Comment 19

[Greg Stoll :gstoll]

Given the crash volume and the fact that we can reproduce and know that the block is safe, I think we should consider uplifting to beta (and maybe release?).

For users running into this problem: you may be able to go to about:third-party and block this DLL to make the crashes stop in the meantime. There are instructions at SUMO here.

Comment 20

[Pulsebot]

Pushed by rhunt@eqrion.net:
https://github.com/mozilla-firefox/firefox/commit/4796c6bd424e
https://hg.mozilla.org/integration/autoland/rev/a797d708b4a2
Add magicdsfilterQuest3.dll to block list. r=gstoll,win-reviewers

Comment 21

[Cristian Tuns]

https://hg.mozilla.org/mozilla-central/rev/a797d708b4a2

Comment 22

[BugBot [:suhaib / :marco/ :calixte]]

The patch landed in nightly and beta is affected.
:rhunt, is this bug important enough to require an uplift?

• If yes, please nominate the patch for beta approval.
  • See https://wiki.mozilla.org/Release_Management/Requesting_an_Uplift for documentation on how to request an uplift.
• If no, please set status-firefox144 to wontfix.

For more information, please visit BugBot documentation.

Comment 23

[Phabricator Automation]

firefox-beta Uplift Approval Request

• User impact if declined: Crashes when Meta Link App installed and using any web conferencing (WebRTC) application.
• Code covered by automated testing: no
• Fix verified in Nightly: yes
• Needs manual QE test: no
• Steps to reproduce for manual QE testing:
• Risk associated with taking this patch: low
• Explanation of risk level: Just an entry in a DLL block list.
• String changes made/needed: None
• Is Android affected?: no

Comment 24

[Ryan Hunt [:rhunt]]

Attachment: Bug 1986922 - Add magicdsfilterQuest3.dll to block list. r?gstoll

Original Revision: https://phabricator.services.mozilla.com/D264949

Comment 25

[Phabricator Automation]

firefox-release Uplift Approval Request

• User impact if declined: Crashes when Meta Link App installed and using any web conferencing (WebRTC) application.
• Code covered by automated testing: no
• Fix verified in Nightly: yes
• Needs manual QE test: no
• Steps to reproduce for manual QE testing:
• Risk associated with taking this patch: low
• Explanation of risk level: Just an entry in a DLL block list.
• String changes made/needed: None
• Is Android affected?: no

Comment 26

[Ryan Hunt [:rhunt]]

Attachment: Bug 1986922 - Add magicdsfilterQuest3.dll to block list. r?gstoll

Original Revision: https://phabricator.services.mozilla.com/D264949

Comment 27

[Phabricator Automation]

firefox-esr140 Uplift Approval Request

• User impact if declined: Crashes when Meta Link App installed and using any web conferencing (WebRTC) application.
• Code covered by automated testing: no
• Fix verified in Nightly: yes
• Needs manual QE test: no
• Steps to reproduce for manual QE testing:
• Risk associated with taking this patch: low
• Explanation of risk level: Just an entry in a DLL block list.
• String changes made/needed: None
• Is Android affected?: no

Comment 28

[Ryan Hunt [:rhunt]]

Attachment: Bug 1986922 - Add magicdsfilterQuest3.dll to block list. r?gstoll

Original Revision: https://phabricator.services.mozilla.com/D264949

Comment 29

[Pulsebot]

https://github.com/mozilla-firefox/firefox/commit/6882670a5277
https://hg.mozilla.org/releases/mozilla-beta/rev/21714fc2e2bc

Comment 30

[Pulsebot]

https://hg.mozilla.org/releases/mozilla-esr140/rev/2482226c0cc6

Comment 31

[Pulsebot]

https://github.com/mozilla-firefox/firefox/commit/dbc480aaf3b5
https://hg.mozilla.org/releases/mozilla-release/rev/d20ff04c149e

Comment 32

[Simona Badau, Desktop QA]

Hi @Ryan,
Firefox still crashes on my end when the Meta Link App is installed and a WebRTC site is accessed - I hit the crashes on: https://mozilla.github.io/webrtc-landing/gum_test.html and https://webcammictest.com/. I tested on Windows 11 using the latest Nightly 145.0a1 (Build ID: 20251006155229), Firefox RC 144 (Build ID: 20251006164343) and Firefox 140.4.0 ESR (Build ID: 20251006114430).

The main difference I observed compared to pre-fix builds (tested on Nightly 145.0a2, Build ID: 20250922211053) is that the crash reporter dialog now appears in the latest versions mentioned above. However, please note that it is incomplete, as the Restart button is missing.

Here are some crash reports:

• https://crash-stats.mozilla.org/report/index/ba8e8603-c66b-43d0-ba6f-fc2040251007
• https://crash-stats.mozilla.org/report/index/e5b74e46-1151-49f7-a58b-d78430251007
• https://crash-stats.mozilla.org/report/index/2bdbaee2-11d9-4a16-bd5a-cf6840251007

Comment 33

[Ryan Hunt [:rhunt]]

All of those crash reports have a different DLL loaded now 'magicdsfilterQuest2.dll'. I'm guessing we should probably block that one now too.

Comment 34

[Ryan Hunt [:rhunt]]

Attachment: Bug 1986922 - Block magicdsfilterQuest2.dll too. r?gstoll

Comment 35

[Pulsebot]

Pushed by rhunt@eqrion.net:
https://github.com/mozilla-firefox/firefox/commit/cdfd617bd79b
https://hg.mozilla.org/integration/autoland/rev/52ce221d42d4
Block magicdsfilterQuest2.dll too. r=gstoll,win-reviewers

Comment 36

[Cristina Horotan [:chorotan]]

https://hg.mozilla.org/mozilla-central/rev/52ce221d42d4

Comment 37

[Simona Badau, Desktop QA]

Hi @Ryan,
Updated to the latest Nightly 145.0a1 (Build ID: 20251008212103) and the crash is still reproducible (with the magicdsfilterQuestPro.dll now).

Here are some crash reports:
https://crash-stats.mozilla.org/report/index/7165eca3-c500-4952-b0f0-976ba0251009
https://crash-stats.mozilla.org/report/index/7b248630-8ce5-4dd4-8c67-812610251009
https://crash-stats.mozilla.org/report/index/4eec07a3-efc1-4379-9537-3df1f0251009
https://crash-stats.mozilla.org/report/index/b9fab500-56b9-4a22-b7cd-6d6b90251009

Comment 38

[Ryan Hunt [:rhunt]]

Attachment: Bug 1986922 - Block magicdsfilterQuestPro.dll too. r?gstoll

Comment 39

[Ryan Hunt [:rhunt]]

Sorry I missed this comment until now. We should block this DLL too.

Comment 40

[Pulsebot]

Pushed by rhunt@eqrion.net:
https://github.com/mozilla-firefox/firefox/commit/5cd3b3e3c07c
https://hg.mozilla.org/integration/autoland/rev/83822391f9ff
Block magicdsfilterQuestPro.dll too. r=gstoll,win-reviewers

Comment 41

[agoloman]

https://hg.mozilla.org/mozilla-central/rev/83822391f9ff

Comment 42

[Simona Badau, Desktop QA]

Verified as fixed on the latest Nightly 146.0a1 - no crashes occurred when following the same steps as in Comment 32.

@Ryan - will all patches be uplifted to the current versions (Release, Beta, and ESR)?

Comment 43

[Ryan Hunt [:rhunt]]

Attachment: Bug 1986922 - Block magicdsfilterQuest2.dll too.

Original Revision: https://phabricator.services.mozilla.com/D267880

Comment 44

[Phabricator Automation]

firefox-esr140 Uplift Approval Request

• User impact if declined: Crash when video conferencing with the meta quest driver installed.
• Code covered by automated testing: no
• Fix verified in Nightly: yes
• Needs manual QE test: no
• Steps to reproduce for manual QE testing:
• Risk associated with taking this patch: low
• Explanation of risk level: DLL block list update, tested on nightly.
• String changes made/needed: None
• Is Android affected?: no

Comment 45

[Ryan Hunt [:rhunt]]

Attachment: Bug 1986922 - Block magicdsfilterQuestPro.dll too.

Original Revision: https://phabricator.services.mozilla.com/D269805

Comment 46

[Phabricator Automation]

firefox-beta Uplift Approval Request

• User impact if declined: Crash when video conferencing with the meta quest driver installed.
• Code covered by automated testing: no
• Fix verified in Nightly: yes
• Needs manual QE test: no
• Steps to reproduce for manual QE testing:
• Risk associated with taking this patch: low
• Explanation of risk level: DLL block list update, tested on nightly.
• String changes made/needed: None
• Is Android affected?: no

Comment 47

[Ryan Hunt [:rhunt]]

Attachment: Bug 1986922 - Block magicdsfilterQuestPro.dll too.

Original Revision: https://phabricator.services.mozilla.com/D269805

Comment 48

[Phabricator Automation]

firefox-release Uplift Approval Request

• User impact if declined: Crash when video conferencing with the meta quest driver installed.
• Code covered by automated testing: no
• Fix verified in Nightly: yes
• Needs manual QE test: no
• Steps to reproduce for manual QE testing:
• Risk associated with taking this patch: low
• Explanation of risk level: DLL block list update, tested on nightly.
• String changes made/needed: None
• Is Android affected?: no

Comment 49

[Ryan Hunt [:rhunt]]

Attachment: Bug 1986922 - Block magicdsfilterQuestPro.dll too.

Original Revision: https://phabricator.services.mozilla.com/D269805

Comment 50

[Pulsebot]

https://github.com/mozilla-firefox/firefox/commit/b410cba03462
https://hg.mozilla.org/releases/mozilla-release/rev/24bbfd26b00f

Comment 51

[Simona Badau, Desktop QA]

Verified as fixed using Firefox 145 (Build ID: 20251106194447) on Windows 11 x64 - no crashes occurred when following the same steps as in Comment 32.

Comment 52

[Pulsebot]

https://hg.mozilla.org/releases/mozilla-esr140/rev/82eb51d31818
https://hg.mozilla.org/releases/mozilla-esr140/rev/dd08b1105b89

Comment 53

[Simona Badau, Desktop QA]

Verified as fixed using Firefox 140.6.0 ESR (Build ID: 20251201132345) on Windows 11 x64 - no crashes occurred when following the same steps as in Comment 32.