Bug 2184539

Summary: [abrt] firefox: llvm::Target::createTargetMachine(llvm::StringRef, llvm::StringRef, llvm::StringRef, llvm::TargetOptions const&, llvm::Optional<llvm::Reloc::Model>, llvm::Optional<llvm::CodeModel::Model>, llvm::CodeGenOpt::Level, bool) const(): firefox ki
Product: [Fedora] Fedora Reporter: Matt Fagnani <matt.fagnani>
Component: firefoxAssignee: Gecko Maintainer <gecko-bugs-nobody>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 38CC: erack, fedora, florian, gecko-bugs-nobody, jhorak, klaas, matt.fagnani, pjasicek, rstrode, sandmann
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/f06ca3aba0da0a44d84fe01f6bbd20ac4de74e7
Whiteboard: abrt_hash:f9c77c895363e83dccfe86df2f79c630e7c8290b;VARIANT_ID=kde;
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-05-08 01:45:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: core_backtrace
none
File: backtrace
none
File: maps
none
File: open_fds
none
File: os_info
none
File: exploitable
none
File: cpuinfo
none
File: proc_pid_status
none
File: dso_list
none
File: limits
none
File: environ
none
File: mountinfo
none
File: var_log_messages none

Description Matt Fagnani 2023-04-04 23:21:18 UTC 
Description of problem:
I'm using a Fedora 38 KDE Plasma installation with mesa-va-drivers-freeworld-0:23.0.1-1.fc38 installed from rpm fusion. I updated the system with updates-testing enabled using sudo dnf offline-upgrade download and sudo dnf offline-upgrade reboot
The update included the llvm-16.0.0-2.fc38 update at https://bodhi.fedoraproject.org/updates/FEDORA-2023-3a602914f6

I started Firefox 111.0.1 on Wayland a few times in Plasma 5.27.3. Crash notifications were shown each time I started Firefox. A Firefox child process crashed in llvm::Target::createTargetMachine

Core was generated by `/usr/lib64/firefox/firefox --name firefox-wayland'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  llvm::Target::createTargetMachine (this=0x0, TT=..., CPU=..., Features=..., Options=..., RM=..., 
    CM=..., OL=llvm::CodeGenOpt::Default, JIT=<optimized out>)
    at /usr/src/debug/llvm15-15.0.7-4.fc38.x86_64/include/llvm/MC/TargetRegistry.h:476
476         if (!TargetMachineCtorFn)

The pointer this was null in frame #0 and the pointer T was null in frame #1. TargetMachineCtorFn on the crashing line was at an inaccessible address 0x60.
(gdb) p TargetMachineCtorFn
Cannot access memory at address 0x60

The crash involved loading the radeonsi VA-API video driver from mesa-va-drivers-freeworld-0:23.0.1-1.fc38. The system has an integrated AMD Radeon R5 GPU using the radeonsi mesa driver and amdgpu kernel driver.

Version-Release number of selected component:
firefox-111.0.1-1.fc38

Additional info:
reporter:       libreport-2.17.9
cmdline:        /usr/lib64/firefox/firefox --name firefox-wayland
rootdir:        /
executable:     /usr/lib64/firefox/firefox
cgroup:         0::/user.slice/user-1000.slice/user/app.slice/app-firefox\x2dwayland-c88dd652e871452eb75eeaae53e25550.scope
type:           CCpp
kernel:         6.2.9-300.fc38.x86_64
runlevel:       N 5
journald_cursor: s=14e52130f49f48e58fb008916da3369c;i=35222a;b=7bbc879fc4704435b47c628341bc6e9d;m=2d7aed2b;t=5f88a477eb1fb;x=fbedf576ecb61527
package:        firefox-111.0.1-1.fc38
backtrace_rating: 4
uid:            1000
crash_function: llvm::Target::createTargetMachine(llvm::StringRef, llvm::StringRef, llvm::StringRef, llvm::TargetOptions const&, llvm::Optional<llvm::Reloc::Model>, llvm::Optional<llvm::CodeModel::Model>, llvm::CodeGenOpt::Level, bool) const
reason:         firefox killed by SIGSEGV

Truncated backtrace:
Thread no. 1 (24 frames)
 #0 llvm::Target::createTargetMachine(llvm::StringRef, llvm::StringRef, llvm::StringRef, llvm::TargetOptions const&, llvm::Optional<llvm::Reloc::Model>, llvm::Optional<llvm::CodeModel::Model>, llvm::CodeGenOpt::Level, bool) const at /usr/src/debug/llvm15-15.0.7-4.fc38.x86_64/include/llvm/MC/TargetRegistry.h:476
 #1 LLVMCreateTargetMachine(LLVMTargetRef, char const*, char const*, char const*, LLVMCodeGenOptLevel, LLVMRelocMode, LLVMCodeModel) at /usr/src/debug/llvm15-15.0.7-4.fc38.x86_64/lib/Target/TargetMachineC.cpp:146
 #2 ac_create_target_machine at ../src/amd/llvm/ac_llvm_util.c:204
 #3 ac_init_llvm_compiler at ../src/amd/llvm/ac_llvm_util.c:309
 #4 si_init_compiler at ../src/gallium/drivers/radeonsi/si_pipe.c:153
 #5 radeonsi_screen_create_impl at ../src/gallium/drivers/radeonsi/si_pipe.c:1171
 #6 amdgpu_winsys_create at ../src/gallium/winsys/amdgpu/drm/amdgpu_winsys.c:579
 #7 radeonsi_screen_create at ../src/gallium/drivers/radeonsi/si_pipe.c:1506
 #8 pipe_radeonsi_create_screen at ../src/gallium/auxiliary/target-helpers/drm_helper.h:222
 #9 pipe_loader_create_screen_vk at ../src/gallium/auxiliary/pipe-loader/pipe_loader.c:171
 #10 pipe_loader_create_screen at ../src/gallium/auxiliary/pipe-loader/pipe_loader.c:177
 #11 vl_drm_screen_create at ../src/gallium/auxiliary/vl/vl_winsys_drm.c:50
 #12 __vaDriverInit_1_18 at ../src/gallium/frontends/va/context.c:166
 #13 va_openDriver at ../va/va.c:522
 #14 vaInitialize at ../va/va.c:740
 #15 childvaapitest() at /usr/src/debug/firefox-111.0.1-1.fc38.x86_64/toolkit/xre/glxtest.cpp:1056
 #16 vaapitest at /usr/src/debug/firefox-111.0.1-1.fc38.x86_64/toolkit/xre/glxtest.cpp:1140
 #17 childgltest() at /usr/src/debug/firefox-111.0.1-1.fc38.x86_64/toolkit/xre/glxtest.cpp:1244
 #18 fire_glxtest_process() at /usr/src/debug/firefox-111.0.1-1.fc38.x86_64/toolkit/xre/glxtest.cpp:1286
 #19 XREMain::XRE_mainInit(bool*) at /usr/src/debug/firefox-111.0.1-1.fc38.x86_64/toolkit/xre/nsAppRunner.cpp:3961
 #21 XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) at /usr/src/debug/firefox-111.0.1-1.fc38.x86_64/toolkit/xre/nsAppRunner.cpp:5825
 #22 XRE_main(int, char**, mozilla::BootstrapConfig const&) at /usr/src/debug/firefox-111.0.1-1.fc38.x86_64/toolkit/xre/nsAppRunner.cpp:5907
 #23 do_main(int, char**, char**) at /usr/src/debug/firefox-111.0.1-1.fc38.x86_64/browser/app/nsBrowserApp.cpp:226
 #24 main(int, char**, char**) at /usr/src/debug/firefox-111.0.1-1.fc38.x86_64/browser/app/nsBrowserApp.cpp:423
Comment 1 Matt Fagnani 2023-04-04 23:21:21 UTC 
Created attachment 1955761 [details]
File: core_backtrace
Comment 2 Matt Fagnani 2023-04-04 23:21:23 UTC 
Created attachment 1955762 [details]
File: backtrace
Comment 3 Matt Fagnani 2023-04-04 23:21:24 UTC 
Created attachment 1955763 [details]
File: maps
Comment 4 Matt Fagnani 2023-04-04 23:21:26 UTC 
Created attachment 1955764 [details]
File: open_fds
Comment 5 Matt Fagnani 2023-04-04 23:21:27 UTC 
Created attachment 1955765 [details]
File: os_info
Comment 6 Matt Fagnani 2023-04-04 23:21:29 UTC 
Created attachment 1955766 [details]
File: exploitable
Comment 7 Matt Fagnani 2023-04-04 23:21:31 UTC 
Created attachment 1955767 [details]
File: cpuinfo
Comment 8 Matt Fagnani 2023-04-04 23:21:32 UTC 
Created attachment 1955768 [details]
File: proc_pid_status
Comment 9 Matt Fagnani 2023-04-04 23:21:34 UTC 
Created attachment 1955769 [details]
File: dso_list
Comment 10 Matt Fagnani 2023-04-04 23:21:35 UTC 
Created attachment 1955770 [details]
File: limits
Comment 11 Matt Fagnani 2023-04-04 23:21:37 UTC 
Created attachment 1955771 [details]
File: environ
Comment 12 Matt Fagnani 2023-04-04 23:21:39 UTC 
Created attachment 1955772 [details]
File: mountinfo
Comment 13 Matt Fagnani 2023-04-04 23:21:40 UTC 
Created attachment 1955773 [details]
File: var_log_messages
Comment 14 Florian Apolloner 2023-04-05 18:25:54 UTC 
I am seeing the same; I also have an integrated GPU and the CPU is: AMD Ryzen 7 PRO 5850U with Radeon Graphics
Comment 15 Thorsten Leemhuis 2023-04-06 11:23:50 UTC 
mesa-va-drivers-freeworld was not rebuild yet against the new llvm, that will take us a moment, sorry
Comment 16 Aoife Moloney 2024-05-07 16:04:35 UTC 
This message is a reminder that Fedora Linux 38 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 38 on 2024-05-21.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '38'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, change the 'version' 
to a later Fedora Linux version. Note that the version field may be hidden.
Click the "Show advanced fields" button if you do not see it.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora Linux 38 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora Linux, you are encouraged to change the 'version' to a later version
prior to this bug being closed.
Comment 17 Matt Fagnani 2024-05-08 01:45:29 UTC 
This problem was fixed by the rebuild mesa-freeworld-23.0.1-2.fc38 with llvm 16 https://koji.rpmfusion.org/koji/buildinfo?buildID=25468 https://bugzilla.rpmfusion.org/show_bug.cgi?id=6624