Closed
Bug 579336
Opened 14 years ago
Closed 14 years ago
crash in GLContextProvider::CreatePBuffer (GLX)
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | final+ |
People
(Reporter: stransky, Unassigned)
References
Details
Reproduction steps:
Go at http://learningwebgl.com/blog/?p=28, click at "Click here and you’ll see the live WebGL version", go back, click at the example again.
I can't get the backtrace from gdb, it crashes somewhere in JS.
|
Reporter | |
Comment 1•14 years ago
|
||
Oh, I forgot, It's Fedora 12 & Mozilla/5.0 (X11; Linux x86_64; en-US; rv:2.0b2pre) Gecko/20100716 Minefield/4.0b2pre
|
|
Reporter | |
Comment 2•14 years ago
|
||
Finally I got something:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6af397c in mozilla::gl::GLContextProvider::CreatePBuffer (this=Cannot access memory at address 0x7ffeffffff18
) at GLContextProviderGLX.cpp:499
499 pbattribs.Elements());
|
||
Comment 3•14 years ago
|
||
I confirm the crash, again on linux x86-64; the backtrace below shows that it's the same crash that was reported in bug 579191.
#0 0x000000381e0a6afd in nanosleep () at ../sysdeps/unix/syscall-template.S:82
#1 0x000000381e0a6970 in __sleep (seconds=0) at ../sysdeps/unix/sysv/linux/sleep.c:138
#2 0x00007f7c7c53edfc in ah_crap_handler (signum=11) at /home/bjacob/mozilla-central/toolkit/xre/nsSigHandlers.cpp:132
#3 0x00007f7c7c543b9d in nsProfileLock::FatalSignalHandler (signo=11, info=0x7fff4cfd6d70, context=0x7fff4cfd6c40) at nsProfileLock.cpp:221
#4 <signal handler called>
#5 0x00007f7c7c5196cc in nsDependentCString::AssertValid (this=0x7fff4cfd7100) at ../../../../dist/include/nsTDependentString.h:67
#6 0x00007f7c7c67fe50 in nsDependentCString::nsDependentCString (this=0x7fff4cfd7100, str=...) at ../../../dist/include/nsTDependentString.h:98
#7 0x00007f7c7cc019b3 in mozilla::WebGLContext::CompileShader (this=0x7f7c6587ec00, sobj=0x7f7c6580db80)
at /home/bjacob/mozilla-central/content/canvas/src/WebGLContextGL.cpp:2892
#8 0x00007f7c7d418dea in nsICanvasRenderingContextWebGL_CompileShader (cx=0x7f7c69767c00, argc=1, vp=0x7f7c701fe318) at dom_quickstubs.cpp:24361
#9 0x00007f7c7bab8a38 in js_Interpret (cx=0x7f7c69767c00) at /home/bjacob/mozilla-central/js/src/jsops.cpp:2145
#10 0x00007f7c7bace929 in Invoke<JSBool (*)(JSContext*, JSObject*, uintN, jsval*, jsval*)> (cx=0x7f7c69767c00, fun=0x7f7c65eec9a0, script=
0x7f7c65a03f20, native=0, args=..., flags=0) at /home/bjacob/mozilla-central/js/src/jsinterp.cpp:602
#11 0x00007f7c7bacbc37 in js_Invoke (cx=0x7f7c69767c00, args=..., flags=0) at /home/bjacob/mozilla-central/js/src/jsinterp.cpp:693
#12 0x00007f7c7bacbe95 in js_InternalInvoke (cx=0x7f7c69767c00, thisv=140172262558848, fval=140172262825408, flags=0, argc=1, argv=0x7f7c6580e020, rval=
0x7fff4cfd7d68) at /home/bjacob/mozilla-central/js/src/jsinterp.cpp:739
#13 0x00007f7c7ba2efb8 in JS_CallFunctionValue (cx=0x7f7c69767c00, obj=0x7f7c65eacc80, fval=140172262825408, argc=1, argv=0x7f7c6580e020, rval=
0x7fff4cfd7d68) at /home/bjacob/mozilla-central/js/src/jsapi.cpp:4850
#14 0x00007f7c7ce18086 in nsJSContext::CallEventHandler (this=0x7f7c6c3fdef0, aTarget=0x7f7c65cc3868, aScope=0x7f7c65eacc80, aHandler=0x7f7c65eeddc0,
aargv=0x7f7c65884280, arv=0x7fff4cfd7f00) at /home/bjacob/mozilla-central/dom/base/nsJSEnvironment.cpp:2204
#15 0x00007f7c7cea5ea0 in nsJSEventListener::HandleEvent (this=0x7f7c65a309c0, aEvent=0x7f7c6580d520)
at /home/bjacob/mozilla-central/dom/src/events/nsJSEventListener.cpp:228
#16 0x00007f7c7cc108d1 in nsEventListenerManager::HandleEventSubType (this=0x7f7c6bc70740, aListenerStruct=0x7f7c6bc70788, aListener=0x7f7c65a309c0,
aDOMEvent=0x7f7c6580d520, aCurrentTarget=0x7f7c65cc3888, aPhaseFlags=6, aPusher=0x7fff4cfd85d0)
at /home/bjacob/mozilla-central/content/events/src/nsEventListenerManager.cpp:1094
#17 0x00007f7c7cc10d90 in nsEventListenerManager::HandleEventInternal (this=0x7f7c6bc70740, aPresContext=0x7f7c6609e800, aEvent=0x7fff4cfd8700,
aDOMEvent=0x7fff4cfd85a0, aCurrentTarget=0x7f7c65cc3888, aFlags=6, aEventStatus=0x7fff4cfd85a8, aPusher=0x7fff4cfd85d0)
at /home/bjacob/mozilla-central/content/events/src/nsEventListenerManager.cpp:1190
#18 0x00007f7c7cc3c7b9 in nsEventListenerManager::HandleEvent (this=0x7f7c6bc70740, aPresContext=0x7f7c6609e800, aEvent=0x7fff4cfd8700, aDOMEvent=
0x7fff4cfd85a0, aCurrentTarget=0x7f7c65cc3888, aFlags=6, aEventStatus=0x7fff4cfd85a8, aPusher=0x7fff4cfd85d0)
at /home/bjacob/mozilla-central/content/events/src/nsEventListenerManager.h:146
#19 0x00007f7c7cc3cce9 in nsEventTargetChainItem::HandleEvent (this=0x7f7c6f77e310, aVisitor=..., aFlags=6, aMayHaveNewListenerManagers=0, aPusher=
0x7fff4cfd85d0) at /home/bjacob/mozilla-central/content/events/src/nsEventDispatcher.cpp:212
#20 0x00007f7c7cc3a96e in nsEventTargetChainItem::HandleEventTargetChain (this=0x7f7c6f77e1f8, aVisitor=..., aFlags=6, aCallback=0x0,
aMayHaveNewListenerManagers=0, aPusher=0x7fff4cfd85d0) at /home/bjacob/mozilla-central/content/events/src/nsEventDispatcher.cpp:341
#21 0x00007f7c7cc3b705 in nsEventDispatcher::Dispatch (aTarget=0x7f7c69767800, aPresContext=0x7f7c6609e800, aEvent=0x7fff4cfd8700, aDOMEvent=0x0,
---Type <return> to continue, or q <return> to quit---
aEventStatus=0x7fff4cfd874c, aCallback=0x0, aTargets=0x0) at /home/bjacob/mozilla-central/content/events/src/nsEventDispatcher.cpp:628
#22 0x00007f7c7c7ebd24 in DocumentViewerImpl::LoadComplete (this=0x7f7c66822880, aStatus=0)
at /home/bjacob/mozilla-central/layout/base/nsDocumentViewer.cpp:1037
#23 0x00007f7c7d46e754 in nsDocShell::EndPageLoad (this=0x7f7c69767000, aProgress=0x7f7c69767028, aChannel=0x7f7c65cc0050, aStatus=0)
at /home/bjacob/mozilla-central/docshell/base/nsDocShell.cpp:5794
#24 0x00007f7c7d46dff1 in nsDocShell::OnStateChange (this=0x7f7c69767000, aProgress=0x7f7c69767028, aRequest=0x7f7c65cc0050, aStateFlags=131088, aStatus=
0) at /home/bjacob/mozilla-central/docshell/base/nsDocShell.cpp:5654
#25 0x00007f7c7d49b91d in nsDocLoader::FireOnStateChange (this=0x7f7c69767000, aProgress=0x7f7c69767028, aRequest=0x7f7c65cc0050, aStateFlags=131088,
aStatus=0) at /home/bjacob/mozilla-central/uriloader/base/nsDocLoader.cpp:1321
#26 0x00007f7c7d49a648 in nsDocLoader::doStopDocumentLoad (this=0x7f7c69767000, request=0x7f7c65cc0050, aStatus=0)
at /home/bjacob/mozilla-central/uriloader/base/nsDocLoader.cpp:929
#27 0x00007f7c7d49a231 in nsDocLoader::DocLoaderIsEmpty (this=0x7f7c69767000, aFlushLayout=1)
at /home/bjacob/mozilla-central/uriloader/base/nsDocLoader.cpp:805
#28 0x00007f7c7d499d5e in nsDocLoader::OnStopRequest (this=0x7f7c69767000, aRequest=0x7f7c65cd3160, aCtxt=0x0, aStatus=0)
at /home/bjacob/mozilla-central/uriloader/base/nsDocLoader.cpp:700
#29 0x00007f7c7c58b9bd in nsLoadGroup::RemoveRequest (this=0x7f7c69743660, request=0x7f7c65cd3160, ctxt=0x0, aStatus=0)
at /home/bjacob/mozilla-central/netwerk/base/src/nsLoadGroup.cpp:680
#30 0x00007f7c7cb2437f in nsDocument::DoUnblockOnload (this=0x7f7c65cfa800) at /home/bjacob/mozilla-central/content/base/src/nsDocument.cpp:6945
#31 0x00007f7c7cb24140 in nsDocument::UnblockOnload (this=0x7f7c65cfa800, aFireSync=1)
at /home/bjacob/mozilla-central/content/base/src/nsDocument.cpp:6887
#32 0x00007f7c7cc3a3dd in nsLoadBlockingPLDOMEvent::~nsLoadBlockingPLDOMEvent (this=0x7f7c65a0d1f0, __in_chrg=<value optimized out>)
at /home/bjacob/mozilla-central/content/events/src/nsPLDOMEvent.cpp:86
#33 0x00007f7c7cc3a430 in nsLoadBlockingPLDOMEvent::~nsLoadBlockingPLDOMEvent (this=0x7f7c65a0d1f0, __in_chrg=<value optimized out>)
at /home/bjacob/mozilla-central/content/events/src/nsPLDOMEvent.cpp:88
#34 0x00007f7c7da9f3e2 in nsRunnable::Release (this=0x7f7c65a0d1f0) at nsThreadUtils.cpp:55
#35 0x00007f7c7c540a42 in nsCOMPtr<nsIRunnable>::~nsCOMPtr (this=0x7fff4cfd9230, __in_chrg=<value optimized out>) at ../../dist/include/nsCOMPtr.h:533
#36 0x00007f7c7db12fa4 in nsThread::ProcessNextEvent (this=0x7f7c7a038d70, mayWait=0, result=0x7fff4cfd92ac)
at /home/bjacob/mozilla-central/xpcom/threads/nsThread.cpp:552
#37 0x00007f7c7da9f965 in NS_ProcessNextEvent_P (thread=0x7f7c7a038d70, mayWait=0) at nsThreadUtils.cpp:250
#38 0x00007f7c7d950c02 in mozilla::ipc::MessagePump::Run (this=0x7f7c7a0af740, aDelegate=0x7f7c7a0d21c0)
at /home/bjacob/mozilla-central/ipc/glue/MessagePump.cpp:118
#39 0x00007f7c7db81561 in MessageLoop::RunInternal (this=0x7f7c7a0d21c0) at /home/bjacob/mozilla-central/ipc/chromium/src/base/message_loop.cc:219
#40 0x00007f7c7db814e6 in MessageLoop::RunHandler (this=0x7f7c7a0d21c0) at /home/bjacob/mozilla-central/ipc/chromium/src/base/message_loop.cc:202
#41 0x00007f7c7db81477 in MessageLoop::Run (this=0x7f7c7a0d21c0) at /home/bjacob/mozilla-central/ipc/chromium/src/base/message_loop.cc:176
#42 0x00007f7c7d7f6291 in nsBaseAppShell::Run (this=0x7f7c726e0a20) at /home/bjacob/mozilla-central/widget/src/xpwidgets/nsBaseAppShell.cpp:175
#43 0x00007f7c7d54bc41 in nsAppStartup::Run (this=0x7f7c6ffbb510) at /home/bjacob/mozilla-central/toolkit/components/startup/src/nsAppStartup.cpp:191
---Type <return> to continue, or q <return> to quit---
#44 0x00007f7c7c530cdd in XRE_main (argc=4, argv=0x7fff4cfd9f08, aAppData=0x7f7c7a0250f0)
at /home/bjacob/mozilla-central/toolkit/xre/nsAppRunner.cpp:3603
#45 0x0000000000401f4f in main (argc=4, argv=0x7fff4cfd9f08) at /home/bjacob/mozilla-central/browser/app/nsBrowserApp.cpp:158
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
|
|
||
Comment 4•14 years ago
|
||
(In reply to comment #2)
> Finally I got something:
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff6af397c in mozilla::gl::GLContextProvider::CreatePBuffer
> (this=Cannot access memory at address 0x7ffeffffff18
> ) at GLContextProviderGLX.cpp:499
> 499 pbattribs.Elements());
Oh! So you get a different crash!
Can you paste a backtrace ?
Reopening.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
|
|
||
Comment 5•14 years ago
|
||
Anyway --- any crash in CreatePBuffer will be fixed once the patches in bug
571831 are checked in.
Depends on: 571831
|
|
Reporter | |
Comment 6•14 years ago
|
||
Unfortunately I can't. GDB days something about corrupted stack:
(gdb) bt
Cannot access memory at address 0x7fff00000008
|
|
||
Comment 7•14 years ago
|
||
Strange. Reassigning and CC'ing the right people (this is not a crash in WebGL code but in GLX PBuffer creation code).
Summary:
Relevant code snippet (from gfx/thebes/GLContextProviderGLX.cpp):
nsTArray<int> pbattribs;
pbattribs.AppendElement(GLX_PBUFFER_WIDTH);
pbattribs.AppendElement(aSize.width);
pbattribs.AppendElement(GLX_PBUFFER_HEIGHT);
pbattribs.AppendElement(aSize.height);
pbattribs.AppendElement(GLX_PRESERVED_CONTENTS);
pbattribs.AppendElement(True);
GLXPbuffer pbuffer = sGLXLibrary.xCreatePbuffer(display,
cfg[0],
pbattribs.Elements());
The crash occurs in the above pbattribs.Elements() call. The stack is corrupted.
This code was last touched in changeset 3b3e795a1c2e4b: "add GLX GLContextProvider, pbuffers only", bug 565833
|
|
||
Updated•14 years ago
|
Component: Canvas: WebGL → Graphics
QA Contact: canvas.webgl → thebes
|
|
||
Updated•14 years ago
|
Summary: WebGL crash → crash in GLContextProvider::CreatePBuffer (GLX)
|
|
||
Comment 8•14 years ago
|
||
Just one thing is bugging me: the stack corruption could be the result of an earlier problem that is the real cause of the crash.
This goes well with the fact that you initially said "it crashes somewhere in the JS" and then had it crash in CreatePbuffer.
If you retry, does it consistently crash at the same location?
|
||
Updated•14 years ago
|
blocking2.0: --- → ?
|
|
||
Comment 9•14 years ago
|
||
Now that bug 579191 is fixed, I could try your steps-to-reproduce, but I don't get any crash (linux x86-64 here, current moz-central + patch in bug 579191)
Crap, sorry, I had a patch for this back at the summit but I forgot to commit it -- that pbattribs list needs to be 0-terminated.
http://hg.mozilla.org/mozilla-central/rev/06068c84b575
Let me know if that fixes it.
|
|
Reporter | |
Comment 12•14 years ago
|
||
It fixes it.
Status: REOPENED → RESOLVED
Closed: 14 years ago → 14 years ago
Resolution: --- → FIXED
|
||
Updated•14 years ago
|
blocking2.0: ? → final+
You need to log in
before you can comment on or make changes to this bug.
Description
•