Project

General

Profile

Actions

Bug #2623

closed

Instant panic trying to view html5 videos with Firefox

Added by ftigeot about 10 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Kernel
Target version:
Start date:
01/01/2014
Due date:
% Done:

0%

Estimated time:

Description

The kernel panics almost immediately after a video has started playing.

Steps to reproduce:
- Use DragonFly 3.7/x86_64 (i386 untested)
- Launch firefox
- Try to see a video on youtube

Panic message and stack trace:

<6>pid 1606 (firefox), uid 1000: exited on signal 6
panic: assertion "ref >= &td->td_toks_base && ref->tr_tok == tok" failed in lwkt_reltoken at /usr/src/sys/kern/lwkt_token.c:812

(kgdb) #0 _get_mycpu () at ./machine/thread.h:69
#1 md_dumpsys (di=di@entry=0xffffffff80f2df60 <dumper>)
at /usr/src/sys/platform/pc64/x86_64/dump_machdep.c:265
#2 0xffffffff80564952 in dumpsys () at /usr/src/sys/kern/kern_shutdown.c:912
#3 0xffffffff80564e1f in boot (howto=howto@entry=260)
at /usr/src/sys/kern/kern_shutdown.c:369
#4 0xffffffff80565115 in panic (
fmt=fmt@entry=0xffffffff8097ba38 "assertion \"%s\" failed in %s at %s:%u")
at /usr/src/sys/kern/kern_shutdown.c:818
#5 0xffffffff80579478 in lwkt_reltoken (tok=tok@entry=0xffffffe209df2040)
at /usr/src/sys/kern/lwkt_token.c:812
#6 0xffffffff80567f58 in sigexit (lp=lp@entry=0xffffffe20a21f200,
sig=sig@entry=6) at /usr/src/sys/kern/kern_sig.c:2185
#7 0xffffffff80568126 in postsig (sig=sig@entry=6)
at /usr/src/sys/kern/kern_sig.c:2083
#8 0xffffffff80930f1d in userret (lp=lp@entry=0xffffffe20a21f200,
frame=frame@entry=0xffffffe20f42f9f8, sticks=sticks@entry=7812)
at /usr/src/sys/platform/pc64/x86_64/trap.c:275
#9 0xffffffff809325e3 in syscall2 (frame=0xffffffe20f42f9f8)
at /usr/src/sys/platform/pc64/x86_64/trap.c:1310
#10 0xffffffff8091bfeb in Xfast_syscall ()
at /usr/src/sys/platform/pc64/x86_64/exception.S:323
#11 0x000000000000002b in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)


Files

patch-kern_sig.c (555 Bytes) patch-kern_sig.c Kernel patch removing lwkt_xxx_token() calls from sigexit() ftigeot, 01/12/2014 01:29 AM
Actions #1

Updated by ftigeot about 10 years ago

Core dump files are now present on leaf:~ftigeot/crash/crash.issue2623

Actions #2

Updated by marino about 10 years ago

i am curious, which firefox are you using? version 26?

and was firefox installed from binary package?

Actions #3

Updated by ftigeot about 10 years ago

It was with firefox 25 (both package and locally compiled dports version).
Now that I've upgraded to firefox 26, the issue isn't visible anymore.

Actions #4

Updated by ftigeot about 10 years ago

I can still reproduce this issue with a firefox or seamonkey binary built with the ALSA option

Actions #5

Updated by ftigeot about 10 years ago

The kernel panic is obviously caused by some wrong usage of the p->p_token token.

Removing the lwkt_gettoken() and lwkt_reltoken() calls from sigexit() is enough to prevent it.
The user process dies quietly, producing a coredump and printing some debug information:

Assertion failed: (r == 0), function alsa_stream_destroy, file /usr/obj/dports/www/seamonkey/work/comm-release/mozilla/media/libcubeb/src/cubeb_alsa.c, line 885.

Actions #6

Updated by ftigeot about 10 years ago

Kernel patch I used

Actions #7

Updated by tuxillo almost 10 years ago

  • Category set to Kernel
  • Target version set to 3.9.x

Hi François,

What happened to this one? Did you check the patch with Matt?

Cheers,
Antonio Huete

Actions #8

Updated by ftigeot almost 10 years ago

I had forgotten this patch; I'll try to ping Matt soon.

Actions #9

Updated by tuxillo about 9 years ago

  • Status changed from New to Closed

Hi,

I've been using firefox and HTML5 videos recently but no panics. This is for sure fixed.

Cheers

Actions

Also available in: Atom PDF