Bug 228855

Summary: www/firefox: crashes on certain sites
Product: Ports & Packages Reporter: robert.ayrapetyan
Component: Individual Port(s)Assignee: freebsd-gecko (Nobody) <gecko>
Status: Closed Overcome By Events    
Severity: Affects Only Me CC: dim.jakobi, grahamperrin, nrgmilk, srlemke, w.schwarzenfeld
Priority: --- Flags: bugzilla: maintainer-feedback? (gecko)
Version: Latest   
Hardware: amd64   
OS: Any   
See Also: https://bugzilla.mozilla.org/show_bug.cgi?id=1476130
Attachments:
Description Flags
Core.txt.0_crash none

Description robert.ayrapetyan 2018-06-09 21:58:52 UTC 
Kind of a funny issue - after latest upgrade (to Firefox 60.0.2) opening of http://ebay.com site constantly crashes browser:

#0  0x000000080d649af7 in mozilla::ipc::MessageChannel::OnChannelErrorFromLink() () from /usr/local/lib/firefox/libxul.so
#1  0x000000080d64aee0 in non-virtual thunk to mozilla::ipc::ProcessLink::OnChannelError() () from /usr/local/lib/firefox/libxul.so
#2  0x000000081479006f in ?? () from /usr/local/lib/libevent-2.1.so.6
#3  0x000000081478bf4e in event_base_loop ()
   from /usr/local/lib/libevent-2.1.so.6
#4  0x000000080d622cf9 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) () from /usr/local/lib/firefox/libxul.so
#5  0x000000080d62170b in MessageLoop::Run() ()
   from /usr/local/lib/firefox/libxul.so
#6  0x000000080d62b728 in base::Thread::ThreadMain() ()
   from /usr/local/lib/firefox/libxul.so
#7  0x000000080d62701a in ThreadFunc(void*) ()
   from /usr/local/lib/firefox/libxul.so
#8  0x0000000801d97bc5 in ?? () from /lib/libthr.so.3
#9  0x0000000000000000 in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffdfffe000

Another funny thing that Chrome doesn't crash immediately, but reboots PC after performing some browsing there...
Comment 1 Jan Beich freebsd_committer freebsd_triage 2018-06-11 20:25:31 UTC 
I can't reproduce. Maybe try Firefox 61 from review D15227.

> Chrome doesn't crash immediately, but reboots PC after performing some browsing there...

Did you mean www/chromium ? If so it could be due to a kernel panic e.g., in GPU drivers. Maybe try graphics/drm-stable-kmod.
Comment 2 Graham Perrin freebsd_committer freebsd_triage 2018-06-30 16:09:36 UTC 
Not reproducible here with Firefox 61.0_1,1 on FreeBSD-CURRENT

$ uname -a
FreeBSD momh167-gjp4-hpelitebook8570p-freebsd 12.0-CURRENT FreeBSD 12.0-CURRENT #6 r335800: Sat Jun 30 03:35:14 BST 2018     root@momh167-gjp4-hpelitebook8570p-freebsd:/usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64
Comment 3 robert.ayrapetyan 2018-08-14 03:29:03 UTC 
It still crashes on random sites on random actions, I can't find a stable way to reproduce this issue, but it crashes once or twice per day.

FreeBSD 11.2-RELEASE-p1
Firefox 61.0.1 (64-bit) (installed from packages)

Core was generated by `/usr/local/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 3'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000000080d57eab9 in mozilla::ipc::MessageChannel::OnChannelErrorFromLink() () from /usr/local/lib/firefox/libxul.so
[Current thread is 1 (LWP 100810)]
(gdb) bt
#0  0x000000080d57eab9 in mozilla::ipc::MessageChannel::OnChannelErrorFromLink() () from /usr/local/lib/firefox/libxul.so
#1  0x000000080d580000 in non-virtual thunk to mozilla::ipc::ProcessLink::OnChannelError() () from /usr/local/lib/firefox/libxul.so
#2  0x000000081453106f in ?? () from /usr/local/lib/libevent-2.1.so.6
#3  0x000000081452cf4e in event_base_loop ()
   from /usr/local/lib/libevent-2.1.so.6
#4  0x000000080d556438 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) () from /usr/local/lib/firefox/libxul.so
#5  0x000000080d554f7c in MessageLoop::Run() ()
   from /usr/local/lib/firefox/libxul.so
#6  0x000000080d55fa4d in base::Thread::ThreadMain() ()
   from /usr/local/lib/firefox/libxul.so
#7  0x000000080d55a5ba in ThreadFunc(void*) ()
   from /usr/local/lib/firefox/libxul.so
#8  0x0000000801da3c06 in ?? () from /lib/libthr.so.3
#9  0x0000000000000000 in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffdfffe000

What could be the reason for that? Thanks.
Comment 4 Jan Beich freebsd_committer freebsd_triage 2018-08-14 11:22:04 UTC 
Probably https://bugzilla.mozilla.org/show_bug.cgi?id=1476130
Comment 5 commit-hook freebsd_committer freebsd_triage 2018-09-26 16:06:01 UTC 
A commit references this bug:

Author: jbeich
Date: Wed Sep 26 16:05:49 UTC 2018
New revision: 480744
URL: https://svnweb.freebsd.org/changeset/ports/480744

Log:
  www/firefox: document e10s instability

  PR:		225233 228855

Changes:
  head/www/firefox/pkg-message
  head/www/firefox-esr/pkg-message
  head/www/waterfox/pkg-message
Comment 6 commit-hook freebsd_committer freebsd_triage 2018-09-26 16:07:09 UTC 
A commit references this bug:

Author: jbeich
Date: Wed Sep 26 16:06:50 UTC 2018
New revision: 480745
URL: https://svnweb.freebsd.org/changeset/ports/480745

Log:
  MFH: r480744

  www/firefox: document e10s instability

  PR:		225233 228855
  Approved by:	ports-secteam blanket

Changes:
_U  branches/2018Q3/
  branches/2018Q3/www/firefox/pkg-message
  branches/2018Q3/www/firefox-esr/pkg-message
  branches/2018Q3/www/waterfox/pkg-message
Comment 7 robert.ayrapetyan 2018-11-10 19:32:55 UTC 
Seems it has started to crash again (Firefox 63.0.1 (64-bit)):

Core was generated by `/usr/local/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 1'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000000080d1fbb39 in mozilla::ipc::MessageChannel::OnChannelErrorFromLink() () from /usr/local/lib/firefox/libxul.so
[Current thread is 1 (LWP 101784)]
(gdb) bt
#0  0x000000080d1fbb39 in mozilla::ipc::MessageChannel::OnChannelErrorFromLink() () from /usr/local/lib/firefox/libxul.so
#1  0x000000080d1fd020 in non-virtual thunk to mozilla::ipc::ProcessLink::OnChannelError() () from /usr/local/lib/firefox/libxul.so
#2  0x0000000814378ecd in ?? () from /usr/local/lib/libevent-2.1.so.6
#3  0x0000000814374e1f in event_base_loop () from /usr/local/lib/libevent-2.1.so.6
#4  0x000000080d1d3908 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) () from /usr/local/lib/firefox/libxul.so
#5  0x000000080d1d246c in MessageLoop::Run() () from /usr/local/lib/firefox/libxul.so
#6  0x000000080d1dcbcd in base::Thread::ThreadMain() () from /usr/local/lib/firefox/libxul.so
#7  0x000000080d1d7967 in ThreadFunc(void*) () from /usr/local/lib/firefox/libxul.so
#8  0x0000000801da4c06 in ?? () from /lib/libthr.so.3
#9  0x0000000000000000 in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffdfffe000
Comment 8 srlemke 2018-11-12 14:06:01 UTC 
Same here: 
firefox-63.0.1_1,1 installed via pkg
Comment 9 Walter Schwarzenfeld 2019-08-03 12:02:28 UTC 
Is this still relevant?
Comment 10 robert.ayrapetyan 2019-08-03 14:18:25 UTC 
Switched to Chrome lol
Comment 11 Walter Schwarzenfeld 2019-08-03 14:48:49 UTC 
Jan Beich suggested as workaround  "sysctl net.local.stream.recvspace=16384".
Comment 12 Dimitri Jakobi 2019-10-05 15:27:31 UTC 
Created attachment 208119 [details]
Core.txt.0_crash
Comment 13 Dimitri Jakobi 2019-10-05 15:49:12 UTC 
Firefox crashes on Goggle Maps Street View, Satellite View.

FreeBSD  12.1-STABLE FreeBSD 12.1-STABLE r353110 GENERIC  amd64
Firefox 69.0.2,1
ATI HD5040

Steps to reproduce: Open a map on Google Maps. Choose Street View or Satellite View. Navigate on the map for some time without a break. It takes about 20 moves till Firefox crashes and the system reboots. That's sad.
Comment 14 Dimitri Jakobi 2019-10-05 18:50:47 UTC 
On my system, not only Firefox but also Chromium causes a segmentation fault & reboot when using Street View in a swiftly.
Comment 15 nrgmilk 2019-12-21 05:43:31 UTC 
firefox-71.0_4,1@12.1-STABLE r355882 has crashed tab at google street view.
Map and satellite, 3D are ok.

[Parent 65426, Gecko_IOThread] WARNING: pipe error: Broken pipe: file /tmpfs/usr/ports/www/firefox/work/firefox-71.0/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 728
Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: DrawTargetCairo::Snapshot with bad surface 0x821282f80, context 0x81f42d600, status 0 (t=118.149) [GFX1-]: DrawTargetCairo::Snapshot with bad surface 0x821282f80, context 0x81f42d600, status 0
Comment 16 Jan Beich freebsd_committer freebsd_triage 2019-12-21 12:40:36 UTC 
(In reply to nrgmilk from comment #15)
May be driver-specific. I can't reproduce either on native X11, XWayland or Wayland compositor.
Comment 17 nrgmilk 2019-12-21 13:41:27 UTC 
(In reply to Jan Beich from comment #16)

After reboot, the symptom has not been happend.
Comment 18 Graham Perrin freebsd_committer freebsd_triage 2021-12-18 16:34:25 UTC 
Is this still reproducible? 

Food for thought: bug 260387 comment 7 with regard to limits.