Closed
Bug 1271100
Opened 8 years ago
Closed 8 years ago
Firefox-46 crashes with "ABORT: X_ShmAttach: BadAccess"
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
mozilla53
People
(Reporter: pkozlov.vrn, Assigned: lsalzman)
References
Details
(Keywords: regression, topcrash)
Crash Data
Attachments
(1 file)
|
1.28 KB,
patch
|
karlt
:
review+
gchang
:
approval-mozilla-aurora+
gchang
:
approval-mozilla-beta+
ritu
:
approval-mozilla-release+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0 Build ID: 20160503230414 Steps to reproduce: Started firefox, browsed some pages. firefox-46, linux-x86_64 Actual results: Crash [6359] ###!!! ABORT: X_ShmAttach: BadAccess (attempt to access private resource denied); 14 requests ago: file /var/tmp/portage/www-client/firefox-46.0/work/firefox-46.0/toolkit/xre/nsX11ErrorHandler.cpp, line 157 Expected results: Normally working
|
||
Comment 1•8 years ago
|
||
Can you please post the crash report of the crash in question found in about:crashes? Also could you please try to reproduce the issue on the latest Firefox release (46.0.1)? When doing this please use a clean new profile, maybe even safe mode, to eliminate custom settings as a possible cause (https://goo.gl/PNe90E).
Flags: needinfo?(pkozlov.vrn)
|
|
||
Comment 2•8 years ago
|
||
Marking this as Resolved: Incomplete due to the lack of response from the reporter. If anyone can still reproduce it on latest versions, feel free to reopen the issue and provide more information.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Flags: needinfo?(pkozlov.vrn)
Resolution: --- → INCOMPLETE
> If anyone can still reproduce it on latest versions, feel free to reopen the issue and provide more information. Did not start with several crashes on Ubuntu LTS 16.04: Error messages: > [1888] ###!!! ABORT: X_ShmCreatePixmap: BadShmSeg (invalid shared segment parameter); 6 requests ago: file /build/firefox-aTzZgw/firefox-47.0+build3/toolkit/xre/nsX11ErrorHandler.cpp, line 157 > [1888] ###!!! ABORT: X_ShmCreatePixmap: BadShmSeg (invalid shared segment parameter); 6 requests ago: file /build/firefox-aTzZgw/firefox-47.0+build3/toolkit/xre/nsX11ErrorHandler.cpp, line 157 and > [7507] ###!!! ABORT: X_ShmAttach: BadAccess (attempt to access private resource denied); 3 requests ago: file /build/firefox-aTzZgw/firefox-47.0+build3/toolkit/xre/nsX11ErrorHandler.cpp, line 157 > [7507] ###!!! ABORT: X_ShmAttach: BadAccess (attempt to access private resource denied); 3 requests ago: file /build/firefox-aTzZgw/firefox-47.0+build3/toolkit/xre/nsX11ErrorHandler.cpp, line 157 Same behavior for safe mode > $ firefox --safe-mode > (firefox:7677): GConf-WARNING **: Client failed to connect to the D-BUS daemon: /usr/bin/dbus-launch terminated abnormally without any error message > (firefox:7677): Gdk-WARNING **: /build/gtk+3.0-lL7YRg/gtk+3.0-3.18.9/./gdk/x11/gdkproperty-x11.c:224 invalid X atom: 449 > (firefox:7677): Gdk-WARNING **: /build/gtk+3.0-lL7YRg/gtk+3.0-3.18.9/./gdk/x11/gdkproperty-x11.c:224 invalid X atom: 462 > [7677] ###!!! ABORT: X_CopyArea: BadDrawable (invalid Pixmap or Window parameter); 3 requests ago: file /build/firefox-aTzZgw/firefox-47.0+build3/toolkit/xre/nsX11ErrorHandler.cpp, line 157 > [7677] ###!!! ABORT: X_CopyArea: BadDrawable (invalid Pixmap or Window parameter); 3 requests ago: file /build/firefox-aTzZgw/firefox-47.0+build3/toolkit/xre/nsX11ErrorHandler.cpp, line 157 > ExceptionHandler::GenerateDump cloned child 7718 > ExceptionHandler::SendContinueSignalToChild sent continue signal to child > ExceptionHandler::WaitForContinueSignal waiting for continue signal... click on restart > (crashreporter:7719): GConf-WARNING **: Client failed to connect to the D-BUS daemon: > /usr/bin/dbus-launch terminated abnormally without any error message GConf Error: No D-BUS daemon running > (firefox:7740): GConf-WARNING **: Client failed to connect to the D-BUS daemon: /usr/bin/dbus-launch terminated abnormally without any error message > (firefox:7740): Gdk-WARNING **: /build/gtk+3.0-lL7YRg/gtk+3.0-3.18.9/./gdk/x11/gdkproperty-x11.c:224 invalid X atom: 449 1466603565289 addons.repository WARN Search failed when repopulating cache > (firefox:7740): GConf-WARNING **: Client failed to connect to the D-BUS daemon: /usr/bin/dbus-launch terminated abnormally without any error message > [7740] ###!!! ABORT: X_FreePixmap: BadPixmap (invalid Pixmap parameter); 3 requests ago: file /build/firefox-aTzZgw/firefox-47.0+build3/toolkit/xre/nsX11ErrorHandler.cpp, line 157 > [7740] ###!!! ABORT: X_FreePixmap: BadPixmap (invalid Pixmap parameter); 3 requests ago: file /build/firefox-aTzZgw/firefox-47.0+build3/toolkit/xre/nsX11ErrorHandler.cpp, line 157 > ExceptionHandler::GenerateDump cloned child 7800 > ExceptionHandler::SendContinueSignalToChild sent continue signal to child > ExceptionHandler::WaitForContinueSignal waiting for continue signal... BTW: how about some StackOverflow-like comment-editing. Would help... (crashreporter:7801): GConf-WARNING **: Client failed to connect to the D-BUS daemon: /usr/bin/dbus-launch terminated abnormally without any error message GConf Error: No D-BUS daemon running
Starting it once with the --sync option fixed it. Afterwards it started normally.
An older Firefox (of the Tor Browser Bundle) worked again with --sync, but without failed regularly (sometimes at the start, sometimes later):
> (firefox:8972): Gdk-WARNING **: /build/gtk+2.0-KsZKkB/gtk+2.0-2.24.30/gdk/x11/gdkproperty-x11.c:325 invalid X atom: 399
>
>
> (firefox:8972): GConf-WARNING **: Client failed to connect to the D-BUS daemon:
> /usr/bin/dbus-launch terminated abnormally without any error message
> [8972] ###!!! ABORT: X_ShmDetach: BadShmSeg (invalid shared segment parameter); 2 requests ago: file /home/debian/build/tor-browser/toolkit/xre/nsX11ErrorHandler.cpp, line 157
> [8972] ###!!! ABORT: X_ShmDetach: BadShmSeg (invalid shared segment parameter); 2 requests ago: file /home/debian/build/tor-browser/toolkit/xre/nsX11ErrorHandler.cpp, line 157
> Jun 22 16:30:12.000 [notice] Owning controller connection has closed -- exiting now.
> Jun 22 16:30:12.000 [notice] Catching signal TERM, exiting cleanly.
> Segmentation fault (core dumped)
>
> $ env LD_LIBRARY_PATH="$(pwd)/TorBrowser/Tor" ./firefox -version
> Mozilla Firefox 45.2.0
>
>
> $ env LD_LIBRARY_PATH="$(pwd)/TorBrowser/Tor" ldd ./firefox
> linux-vdso.so.1 => (0x00007ffe6356f000)
> libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f43d995f000)
> libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f43d975b000)
> librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f43d9552000)
> libstdc++.so.6 => /path/to/tor-browser_en-US/Browser/TorBrowser/Tor/libstdc++.so.6 (0x00007f43d91c3000)
> libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f43d8eba000)
> libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f43d8ca3000)
> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f43d88da000)
> /lib64/ld-linux-x86-64.so.2 (0x000055e7b95ad000)
>
|
||
Comment 6•8 years ago
|
||
I can easily reproduce with a fresh profile by panning the on any of the maps on this site: http://carto.metro.free.fr/cartes/metro-tram-lyon/ $ firefox --profile $(mktemp -d) --new-instance ATTENTION: default value of option force_s3tc_enable overridden by environment. [8688] ###!!! ABORT: X_ShmAttach: BadAccess (attempt to access private resource denied); 14 requests ago: file /var/tmp/portage/www-client/firefox-47.0/work/firefox-47.0/toolkit/xre/nsX11ErrorHandler.cpp, line 157 [8688] ###!!! ABORT: X_ShmAttach: BadAccess (attempt to access private resource denied); 14 requests ago: file /var/tmp/portage/www-client/firefox-47.0/work/firefox-47.0/toolkit/xre/nsX11ErrorHandler.cpp, line 157 Erreur de segmentation (core dumped) Anything else needed to get this bug looked at ? Cheers
|
||
Comment 7•8 years ago
|
||
Re-opening, since it sounds like people are still experiencing this.
Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: INCOMPLETE → ---
|
|
||
Comment 8•8 years ago
|
||
Rémi or kreikenbaumaccoun, since both of you can still reproduce this reliably, are either of you able to post a link to a crash report from about:crashes?
Flags: needinfo?(remi2402)
Flags: needinfo?(kreikenbaumaccoun)
@mconley: Here is a crash report. For me, it needed a second monitor and ssh forwarding to occur. A good workaround was xpra. https://crash-stats.mozilla.com/report/index/bp-dc2344d1-88db-48c9-a4bf-0a7452160707
|
|
||
Updated•8 years ago
|
Crash Signature: @ Abort | X_ShmCreatePixmap: BadShmSeg (invalid shared segment parameter); 8 requests ago | mozalloc_abort | NS_DebugBreak | X11Error
|
|
||
Updated•8 years ago
|
Crash Signature: @ Abort | X_ShmCreatePixmap: BadShmSeg (invalid shared segment parameter); 8 requests ago | mozalloc_abort | NS_DebugBreak | X11Error → [@ Abort | X_ShmCreatePixmap: BadShmSeg (invalid shared segment parameter); 8 requests ago | mozalloc_abort | NS_DebugBreak | X11Error]
|
|
||
Comment 10•8 years ago
|
||
Hey acomminos - this crash reports seems to fall right between graphics and X11. Does this one sound familiar?
Flags: needinfo?(andrew)
|
||
Comment 11•8 years ago
|
||
It's possible that the X server's MIT-SHM implementation (which we switched to using by default after disabling XRender in Firefox 46) has some quirks that we're running into. Lee might have a better idea here. I'll look into this a bit more. If anyone experiencing this issue could provide details about their distribution, that would be great.
Flags: needinfo?(andrew)
|
|
||
Comment 12•8 years ago
|
||
For these errors: > [7507] ###!!! ABORT: X_ShmAttach: BadAccess (attempt to access private resource denied); 3 requests ago: file /build/firefox-aTzZgw/firefox-47.0+build3/toolkit/xre/nsX11ErrorHandler.cpp, line 157 > [7507] ###!!! ABORT: X_ShmAttach: BadAccess (attempt to access private resource denied); 3 requests ago: file /build/firefox-aTzZgw/firefox-47.0+build3/toolkit/xre/nsX11ErrorHandler.cpp, line 157 There is an interesting part of the MIT-SHM specification; > Also note that, on many systems for security reasons, the X server will only accept to attach to the shared memory segment if > it's readable and writeable by "other". On systems where the X server is able to determine the uid of the X client over a > local transport, the shared memory segment can be readable and writeable only by the uid of the client. Our SysV shmem segment currently only uses 600 permissions (read/write for the current user). I'll try and find what mechanism checks this in the server.
|
|
||
Comment 13•8 years ago
|
||
Can you please try this build? It relaxes permissions on the SHM segment allocated. https://people.mozilla.org/~acomminos/xshm-firefox-50.0a1.en-US.linux-x86_64.tar.bz2 Thanks!
|
||
Comment 14•8 years ago
|
||
@acomminos: with LD_LIBRARY_PATH, with firefox-bin and firefox binary, crashed with Error: GDK_BACKEND does not match available displays [22266] WARNING: XPCOM objects created/destroyed from static ctor/dtor: file /home/andrew/mozilla-central/xpcom/base/nsTraceRefcnt.cpp, line 171 nsStringStats => mAllocCount: 19 => mReallocCount: 11 => mFreeCount: 18 -- LEAKED 1 !!! => mShareCount: 14 => mAdoptCount: 0 => mAdoptFreeCount: 0 => Process ID: 22266, Thread ID: 140113639262016
|
|
||
Comment 15•8 years ago
|
||
Strange. Might be caused by debug build weirdness, try this one; https://people.mozilla.org/~acomminos/xshm-opt-firefox-50.0a1.en-US.linux-x86_64.tar.bz2
|
|
||
Comment 16•8 years ago
|
||
(In reply to Andrew Comminos [:acomminos] from comment #15) > https://people.mozilla.org/~acomminos/xshm-opt-firefox-50.0a1.en-US.linux- > x86_64.tar.bz2 Can't reproduce with this one so far. I'll keep using it a bit longer and report if it core dumps. Thanks !
|
|
||
Comment 17•8 years ago
|
||
So although graceful handing of SHM errors has been fixed by bug 1286649 (crashes should no longer occur), I'm leaving this open for investigating whether or not the SHM segment permissions should be relaxed.
|
||
Comment 18•8 years ago
|
||
When can we expect this bug to be fixed: FF50 maybe? Is there some workaround I could apply: something with LD_PRELOAD and change the argument to some SHM calls? Currently my users are at version 46.0.1 (they think it is better working and unsafe than crashing).
|
Assignee | |
Comment 19•8 years ago
|
||
(In reply to Paul Szabo from comment #18) > When can we expect this bug to be fixed: FF50 maybe? > Is there some workaround I could apply: something with > LD_PRELOAD and change the argument to some SHM calls? > Currently my users are at version 46.0.1 (they think > it is better working and unsafe than crashing). The fix for bug 1286649 will landed in 50, so that release presumably.
|
|
||
Comment 20•8 years ago
|
||
Seems that my issue was not SHM permissions, but: Firefox attempts to use MIT-SHM. It is "known" that MIT-SHM can only work on "local" displays. However: - some X servers report supporting MIT-SHM even on remote (e.g. TCP-connected) displays. (Maybe "right" so not a bug: the client might have access to the X server machine.) - the ssh "port forwarding" feature makes both the X server and client appear to be "local" (somewhat: using TCP localhost, not Unix domain sockets); and ssh makes no attempt to intercept or disable MIT-SHM. I guess that the "bug" is in Firefox: it should be smarter and somehow test whether MIT-SHM is in fact useable. In the meantime I use the workaround below (seems to work well for me). Seeing how Firefox48 uses XQueryExtension to check the availability, I provide my own call that fudges the response to report that MIT-SHM is not available. Seems that (as per bug 1286649) Firefox will move to XCB, then this workaround will need to be updated. ---- /* * Compile: cc -shared -o XExtNoSHM.so XExtNoSHM.c * to be used with * LD_PRELOAD='libdl.so ./XExtNoSHM.so' firefox */ #include <stdio.h> #include <string.h> #include <X11/Xlib.h> #include <dlfcn.h> #define LIBXLIB "libXext.so" Bool XQueryExtension(Display* dpl, _Xconst char* name, int* major, int* event, int* error) { static Bool (*original_XQueryExtension)(Display*, _Xconst char*, int*, int*, int*) = NULL; /* printf("Got XQueryExtension %s\n",name); */ if (!strcmp(name,"MIT-SHM")) { /* printf("Returning False for XQueryExtension %s\n",name); */ *major = 0; return False; } if (!original_XQueryExtension) { void *handle = dlopen(LIBXLIB, RTLD_LAZY); if (!handle) return False; original_XQueryExtension = dlsym(handle, "XQueryExtension"); if (!original_XQueryExtension) return False; } /* printf("Doing original_XQueryExtension ...\n"); */ return original_XQueryExtension(dpl, name, major, event, error); }
|
|
Assignee | |
Comment 21•8 years ago
|
||
So long as creating the actual shm segment fails in nightly, it should do "the right thing" and fall back to something that does not use XShm. So the question is, does it actually work that way without any extra hacks if you try with nightly? Worst case scenario, if there is no automagic way to detect the scenario you outline, maybe we can add a pref.
Flags: needinfo?(psz)
|
|
||
Comment 22•8 years ago
|
||
I am not quite sure how to test "nightly". A few days ago I grabbed "developer edition", got version 50.0a2, but that complained about my profile (and it was not clear to me what it wanted different). Maybe you could test with some "ssh -X" connection to some actually different "remote" machine so the X display and firefox run on different machines, where your X server reports MIT-SHM as present e.g. in xdpyinfo. In my experience, firefox did not crash every single time: about one-in-ten right at startup (with my homepage), or sometimes later while browsing, or sometimes it stayed up all day.
|
|
||
Comment 23•8 years ago
|
||
So the way we dealt with this situation pre-XCB is by setting a new X error handler in nsShmImage before calling XShmAttach. This would, as one might expect, trigger when X11 SHM may not be used (such as over a network). I suspect that the situation you're running into on 46 is a known race condition where the failed attach call gets caught by the wrong error handler due to main thread X activity overwriting the trap handler- it's more likely to occur over a networked connection as the compositor thread must wait longer for a response. The XCB solution inherently fixes this issue by making the call to ShmAttach checked. On another note, I'm confident at this point that the permissions of the segment are fine as they are (only r/w to user). Since X SHM is only available using a local X server, the server can be reasonably expected to determine the UID of the client and thus handle permissions appropriately [1]. Nightly may be obtained here [2]. Although OpenGL composition is the default in Linux nightly, which does not go down this code path, your networked connection is unlikely to provide an accelerated GLX context and should use the XCB-based implementation. This can be verified in about:support by checking the value of "Compositing" in "Graphics" is equal to Basic. [1] https://www.x.org/releases/X11R7.7/doc/xextproto/shm.html#USE_OF_SHARED_MEMORY_XIMAGES [2] https://nightly.mozilla.org/
|
|
||
Comment 24•8 years ago
|
||
Thanks for the explanations. Tried nightly, seems to work well.
|
|
||
Comment 25•8 years ago
|
||
Based on the above comments, the issue seems fixed on the latest Nightly. Pkozlov, could you please download the latest Nightly (https://nightly.mozilla.org) and see if you can still reproduce the issue?
Flags: needinfo?(pkozlov.vrn)
|
||
Comment 26•8 years ago
|
||
Assuming 47 based on comment 18 and bug 1241832.
Blocks: 1241832
Component: Untriaged → Graphics
Keywords: regression
Product: Firefox → Core
Version: 46 Branch → 47 Branch
|
||
Updated•8 years ago
|
OS: Unspecified → Linux
|
|
||
Comment 28•8 years ago
|
||
Still got it on 49.0 (gentoo) and 50b (between7 and 10, can't remember) with binaries from mozilla. I can't find the link, but I submitted the crash report a few days ago using 50b. Are they publicly available and searchable?
Flags: needinfo?(remi2402)
|
|
||
Comment 29•8 years ago
|
||
(In reply to Rémi Cardona from comment #28) > I can't find the link, but I submitted the crash report a few days ago using > 50b. Are they publicly available and searchable? In a mozilla build, enter about:crashes as a URL to find a list of submitted reports.
|
|
||
Comment 30•8 years ago
|
||
Here it is : https://crash-stats.mozilla.com/report/index/d942c6b0-ece2-4323-80d3-4957f2161027
|
|
||
Comment 31•8 years ago
|
||
As of 50, the crash reports are now on the main thread, whereas previously they were on the compositor thread. Hard to be sure it is the same crash. GDK also uses XShm on the main thread. Would be interesting to know whether the crash rates have changed.
Crash Signature: [@ Abort | X_ShmCreatePixmap: BadShmSeg (invalid shared segment parameter); 8 requests ago | mozalloc_abort | NS_DebugBreak | X11Error] → [@ Abort | X_ShmCreatePixmap: BadShmSeg (invalid shared segment parameter); 8 requests ago | mozalloc_abort | NS_DebugBreak | X11Error][@ Abort | X_ShmAttach: BadAccess (attempt to access private resource denied); 15 reques... | mozalloc_abort | NS_DebugB…
|
||
Comment 32•8 years ago
|
||
I'm reliably triggering this on ff50 on Ubuntu both on Intel graphics but also to a separate tightvnc (on the same host). (Both running under xfwm); still happens in safe mode and with graphics disabled. I can trigger it by going to the following gmaps page and scrolling around and zooming in a bit; triggers in under 10s for me; https://www.google.com/maps/d/viewer?mid=13IoaZV57s03ZgYLVoSeYn5_RHAc&ll=53.373324108807445%2C-2.358459298602952&z=12 Host is Core2duo with intel graphics kernel: 4.8.0-27-generic here's one of my crash report entries: https://crash-stats.mozilla.com/report/index/28e8aa53-6589-4a3c-b1f7-41e0f2161119 firefox 50.0+build2-0ubuntu0.16.10.2
|
|
||
Comment 33•8 years ago
|
||
Here's a selective look at an strace of both the X server and firefox around the time of the crash; 7833 is one of the ff threads [pid 7833] 00:54:21.238199 shmat(43188244, NULL, 0 <unfinished ...> [pid 7833] 00:54:21.238293 <... shmat resumed> ) = 0x7f2fc397f000 [pid 7833] 00:54:21.242568 shmctl(43188244, IPC_RMID, <unfinished ...> [pid 7833] 00:54:21.242640 <... shmctl resumed> NULL) = 0 X !! 00:54:21.247069 shmat(43188244, NULL, 0) = -1 EINVAL (Invalid argument) [pid 7833] 00:54:21.290396 write(2, "[7833] ###!!! ABORT: X_ShmAttach"..., 197[7833] ###!!! ABORT: X_ShmAttach: BadAccess (attempt to access private resource denied); 15 requests ago: file /build/firefox-wm7CB0/firefox-50.0+build2/toolkit/xre/nsX11ErrorHandler.cpp, line 147 [pid 7833] 00:54:21.290396 write(2, "[7833] ###!!! ABORT: X_ShmAttach"..., 197[7833] ###!!! ABORT: X_ShmAttach: BadAccess (attempt to access private resource denied); 15 requests ago: file /build/firefox-wm7CB0/firefox-50.0+build2/toolkit/xre/nsX11ErrorHandler.cpp, line 147
|
|
||
Comment 34•8 years ago
|
||
Thanks, David. Would you be able to identify the name of the client-side thread calling shmat and shmctl with the id that the X server finds is invalid, please? Comparing the pid from strace with output from pstree -p <firefox-main-thread-pid> should find a name. That would narrow down which code is sending the request without catching the error. Is there only a single shmat from each of the client/server? If not, do some shmat calls succeed on the server? Is firefox on the same host as the X server?
Flags: needinfo?(psz)
Flags: needinfo?(mozilla)
Flags: needinfo?(kreikenbaumaccoun)
|
||
Comment 35•8 years ago
|
||
I have this problem on Linux Mint 18 Cinnamon, with Firefox 50. Hadn't happened before the automatic update to version 50.
|
||
Comment 36•8 years ago
|
||
We have similar report at Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1396789 and I can reproduce with Fedora build and also with stock Firefox build from mozilla.com. Reproductible on sites: https://www.tradingview.com/chart/?symbol=NYSE%3ASAN http://www.investing.com/equities/tobii-ab-chart
|
||
Comment 37•8 years ago
|
||
The problem also occurs on Xubuntu 16.04.1 LTS. It started today, so maybe it appeared after the latest update to 50. Full error: [2346] ###!!! ABORT: X_ShmAttach: BadAccess (attempt to access private resource denied); 12 requests ago: file /build/firefox-RaD34G/firefox-50.0+build2/toolkit/xre/nsX11ErrorHandler.cpp, line 147 [2346] ###!!! ABORT: X_ShmAttach: BadAccess (attempt to access private resource denied); 12 requests ago: file /build/firefox-RaD34G/firefox-50.0+build2/toolkit/xre/nsX11ErrorHandler.cpp, line 147 ExceptionHandler::GenerateDump cloned child 2425 ExceptionHandler::WaitForContinueSignal waiting for continue signal... ExceptionHandler::SendContinueSignalToChild sent continue signal to child
|
||
Comment 38•8 years ago
|
||
Got the same problem, Xubuntu 16.04. started yesterday, presumably after update to 50. Tried to watch a video on Youtube, got the crash and Firefox kept on crashing after restart with the page reopening. Same happens on random pages.
|
||
Comment 39•8 years ago
|
||
Ditto on build 50 (50.0+linuxmint1+rosa). Posting a comment here for one specific reason .... the bug is reliably reproduced on my box when accessing a page that requires scripts from maps.googleapis.com
|
|
||
Comment 40•8 years ago
|
||
(In reply to Karl Tomlinson (:karlt) from comment #34) > Thanks, David. > > Would you be able to identify the name of the client-side thread calling > shmat and shmctl with the id that the X server finds is invalid, please? > > Comparing the pid from strace with output from pstree -p > <firefox-main-thread-pid> should find a name. That would narrow down which > code is sending the request without catching the error. Up to the point of the error most shmat/shmdt/shmget calls are made by the main 'firefox' thread; there are also a few made by the 9833 Compositor thread; I get some after the crash from crashreporter. > Is there only a single shmat from each of the client/server? No, there are hundreds on each. > If not, do some shmat calls succeed on the server? Yes - although I don't know how to filter out which ones are firefox's (I guess I could do that again with the separate X server). There's only a single failed shmat in the whole of the X server trace failing with a -1 EINVAL (Invalid argument). The shmid of that failing shmat on the X server side is the same as the last shmat on the firefox side before the failure message is printed. It looks like firefox does: shmat shmctl IPC_RMID shmdt (address returned by the shmat) all from the main thread. So perhaps ff is deleting the shm segment before the X server got around to accessing it? > > Is firefox on the same host as the X server? Yes. <gut feel, guessing, take with large pinch of salt> perhaps ff is allocating the shm, registering it with the X server but deciding it doesn't need it even before the X server has got a chance to finish registering with it? My reading of the IPC_RMID man is that shouldn't delete it until the last user has finished with it, so shouldn't cause the failure - but I'm no spec lawyer.
|
|
||
Updated•8 years ago
|
Flags: needinfo?(mozilla)
|
|
||
Comment 41•8 years ago
|
||
I'm pretty sure the problem here is racing updates to the cursor - which is wonderfully basic :-)
I attached with gdb and breakpointed on both shmat and shmdt and had it do a bt full/continue on them both, the last shmat I see is, the following backtraces, so perhaps what we have here is a cairo/gtk bug? But I don't know that level; backtraces below, cairo gtk versions (ubuntu in this case):
ii libcairo2:amd64 1.14.6-1build1 amd64 Cairo 2D vector graphics library
ii libgtk-3-0:amd64 3.20.9-1ubuntu2 amd64 GTK+ graphical user interface library
it does make me wonder:
a) Why cairo is using shm for a cursor pixmap - it's tiny
b) wth it's deleting the shm pixmap every time - we're flipping back and forward between the same 3 cursors we should keeping them cached.
It could explain why that particular case is bad; on my gmaps case we've got the white-hand drag pointer for most of it, then we've got the black hand pointer when we hit the path or a point on the map and maybe the pointy-black-arrow when we hit the menus - so I guess it's flipping back and forward all the time.
Thread 1 "firefox" hit Breakpoint 1, shmat () at ../sysdeps/unix/syscall-template.S:84
84 ../sysdeps/unix/syscall-template.S: No such file or directory.
#0 shmat () at ../sysdeps/unix/syscall-template.S:84
No locals.
#1 0x00007fb063b5df5f in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
No symbol table info available.
#2 0x00007fb063b5e991 in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
No symbol table info available.
#3 0x00007fb063b5ea1c in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
No symbol table info available.
#4 0x00007fb063b2cf2d in cairo_surface_create_similar_image () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
No symbol table info available.
#5 0x00007fb064b87131 in gdk_window_create_similar_image_surface () from /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
No symbol table info available.
#6 0x00007fb064b64088 in gdk_cairo_surface_create_from_pixbuf () from /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
No symbol table info available.
#7 0x00007fb064b64c16 in gdk_cursor_new_from_pixbuf () from /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
No symbol table info available.
#8 0x00007fb05942760a in nsWindow::SetCursor (this=0x7fb044df3000, aCursor=<optimised out>, aHotspotX=8, aHotspotY=8) at /build/firefox-wm7CB0/firefox-50.0+build2/widget/gtk/nsWindow.cpp:1683
pixbuf = 0x7fb026812400
width = <optimised out>
height = <optimised out>
cursor = <optimised out>
rv = <optimised out>
#9 0x00007fb058f2d941 in mozilla::EventStateManager::SetCursor (this=this@entry=0x7fb02f19ee40, aCursor=aCursor@entry=3, aContainer=aContainer@entry=0x7fb024070000, aHaveHotspot=aHaveHotspot@entry=false, aHotspotX=aHotspotX@entry=0, aHotspotY=aHotspotY@entry=0, aWidget=0x7fb044df3000, aLockCursor=aLockCursor@entry=false) at /build/firefox-wm7CB0/firefox-50.0+build2/dom/events/EventStateManager.cpp:3781
hotspotX = 8
hotspotY = 8
c = eCursor_standard
rv = -2147467259
#10 0x00007fb058f2e830 in mozilla::EventStateManager::UpdateCursor (this=0x7fb02f19ee40, aPresContext=0x7fb036e28800, aEvent=<optimised out>, aTargetFrame=0x7fb0364fc9a8, aStatus=0x7ffc985130a4) at /build/firefox-wm7CB0/firefox-50.0+build2/dom/events/EventStateManager.cpp:3589
cursor = 3
container = 0x7fb024070000
haveHotspot = false
hotspotX = 0
hotspotY = 0
aStatus = 0x7ffc985130a4
aPresContext = 0x7fb036e28800
this = 0x7fb02f19ee40
aTargetFrame = 0x7fb0364fc9a8
aEvent = <optimised out>
#11 0x00007fb058f36477 in mozilla::EventStateManager::PreHandleEvent (this=0x7fb02f19ee40, aPresContext=0x7fb036e28800, aEvent=aEvent@entry=0x7ffc98513158, aTargetFrame=0x7fb0364fc9a8, aTargetContent=0x7fb0375b1b00, aStatus=aStatus@entry=0x7ffc985130a4) at /build/firefox-wm7CB0/firefox-50.0+build2/dom/events/EventStateManager.cpp:698
mouseEvent = 0x7ffc98513158
#12 0x00007fb05960ce2f in PresShell::HandleEventInternal (this=this@entry=0x7fb03b4e9400, aEvent=aEvent@entry=0x7ffc98513158, aStatus=aStatus@entry=0x7ffc985130a4, aIsHandlingNativeEvent=aIsHandlingNativeEvent@entry=true) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsPresShell.cpp:8236
touchIsNew = false
isHandlingUserInput = false
userInpStatePusher = {mIsHandlingUserInput = false, mIsMouseDown = false, mResetFMMouseButtonHandlingState = false, mMouseButtonEventHandlingDocument = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}}
manager = {mRawPtr = 0x7fb02f19ee40}
rv = nsresult::NS_OK
#13 0x00007fb05960d321 in PresShell::HandlePositionedEvent (this=this@entry=0x7fb03b4e9400, aTargetFrame=aTargetFrame@entry=0x7fb0364fc9a8, aEvent=aEvent@entry=0x7ffc98513158, aEventStatus=aEventStatus@entry=0x7ffc985130a4) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsPresShell.cpp:8077
rv = nsresult::NS_OK
#14 0x00007fb05960e536 in PresShell::HandleEvent (this=<optimised out>, aFrame=<optimised out>, aEvent=0x7ffc98513158, aDontRetargetEvents=<optimised out>, aEventStatus=0x7ffc985130a4, aTargetContent=0x0) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsPresShell.cpp:7862
kungFuDeathGrip = {<nsCOMPtr_base> = {mRawPtr = 0x7fb03b4e9400}, <No data fields>}
rv = <optimised out>
releasePointerCaptureCaller = {mPointerId = 0, mIsSet = false}
rootPresContext = <optimised out>
weakFrame = {mPrev = 0x0, mFrame = 0x0}
captureRetarget = <optimised out>
mouseEvent = <optimised out>
isWindowLevelMouseExit = <optimised out>
shell = 0x7fb03b4e9400
capturingContent = <optimised out>
retargetEventDoc = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
frame = <optimised out>
rv = <optimised out>
#15 0x00007fb0593fd6f1 in nsViewManager::DispatchEvent (this=<optimised out>, aEvent=aEvent@entry=0x7ffc98513158, aView=<optimised out>, aStatus=aStatus@entry=0x7ffc985130a4) at /build/firefox-wm7CB0/firefox-50.0+build2/view/nsViewManager.cpp:816
shell = {<nsCOMPtr_base> = {mRawPtr = 0x7fb04752e000}, <No data fields>}
sampler_raii768 = {mHandle = 0x7fb066eee000}
mouseEvent = <optimised out>
view = <optimised out>
dispatchUsingCoordinates = <optimised out>
frame = 0x7fb04396b038
#16 0x00007fb0595d8f79 in PresShell::DispatchSynthMouseMove (this=0x7fb03b4e9400, aEvent=0x7ffc98513158, aFlushOnHoverChange=<optimised out>) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsPresShell.cpp:3697
restyleManager = {mPtr = {mValue = 140394701327072}}
status = nsEventStatus_eIgnore
targetView = <optimised out>
#17 0x00007fb0595e5fdc in PresShell::ProcessSynthMouseMoveEvent (this=0x7fb04752e000, aFromScroll=<optimised out>) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsPresShell.cpp:5654
apzContext = {static sGuid = {mLayersId = 0, mPresShellId = 0, mScrollId = 0}, static sBlockId = 0, static sApzResponse = nsEventStatus_eIgnore, static sRoutedToChildProcess = false, mOldGuid = {mLayersId = 0, mPresShellId = 0, mScrollId = 0}, mOldBlockId = 0, mOldApzResponse = nsEventStatus_eIgnore, mOldRoutedToChildProcess = false}
dragSession = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
rootView = 0x7fb043828a80
kungFuDeathGrip = {<nsCOMPtr_base> = {mRawPtr = 0x7fb04752e000}, <No data fields>}
view = <optimised out>
viewAPD = 60
refpoint = {<mozilla::gfx::BasePoint<int, nsPoint, int>> = {{{x = 26880, y = 36540}, components = {26880, 36540}}}, <No data fields>}
pointVM = 0x7fb0453f29c0
event = {<mozilla::WidgetMouseEventBase> = {<mozilla::WidgetInputEvent> = {<mozilla::WidgetGUIEvent> = {<mozilla::WidgetEvent> = {<mozilla::WidgetEventTime> = {mTime = 49933313, mTimeStamp = {mValue = 49933313620855}}, _vptr.WidgetEvent = 0x7fb05b8f4360 <vtable for mozilla::WidgetMouseEvent+16>, mClass = mozilla::eMouseEventClass, mMessage = mozilla::eMouseMove, mRefPoint = {<mozilla::gfx::BasePoint<int, mozilla::gfx::IntPointTyped<mozilla::LayoutDevicePixel>, mozilla::gfx::IntCoordTyped<mozilla::LayoutDevicePixel> >> = {{{x = 448, y = 609}, components = {448, 609}}}, <mozilla::LayoutDevicePixel> = {<No data fields>}, <No data fields>}, mLastRefPoint = {<mozilla::gfx::BasePoint<int, mozilla::gfx::IntPointTyped<mozilla::LayoutDevicePixel>, mozilla::gfx::IntCoordTyped<mozilla::LayoutDevicePixel> >> = {{{x = 0, y = 0}, components = {0, 0}}}, <mozilla::LayoutDevicePixel> = {<No data fields>}, <No data fields>}, mFlags = {mIsTrusted = true, mInBubblingPhase = false, mInCapturePhase = false, mInSystemGroup = false, mCancelable = true, mBubbles = true, mPropagationStopped = false, mImmediatePropagationStopped = false, mDefaultPrevented = false, mDefaultPreventedByContent = false, mDefaultPreventedByChrome = false, mMultipleActionsPrevented = false, mIsBeingDispatched = false, mDispatchedAtLeastOnce = false, mIsSynthesizedForTests = false, mExceptionWasRaised = false, mRetargetToNonNativeAnonymous = false, mNoCrossProcessBoundaryForwarding = false, mNoContentDispatch = false, mOnlyChromeDispatch = false, mOnlySystemGroupDispatchInContent = false, mWantReplyFromContentProcess = false, mHandledByAPZ = false, mInPassiveListener = false}, mSpecifiedEventType = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, mSpecifiedEventTypeString = {<nsAString_internal> = {mData = 0x7fb05a60805a <gNullChar> u"", mLength = 0, mFlags = 1}, <No data fields>}, mTarget = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, mCurrentTarget = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, mOriginalTarget = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}}, mWidget = {<nsCOMPtr_base> = {mRawPtr = 0x7fb044df3000}, <No data fields>}, mPluginEvent = {mBuffer = {<nsTArray_Impl<unsigned char, nsTArrayInfallibleAllocator>> = {<nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>> = {mHdr = 0x7fb05bd28650 <nsTArrayHeader::sEmptyHdr>}, <nsTArray_TypedBase<unsigned char, nsTArray_Impl<unsigned char, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtHelper<unsigned char, nsTArray_Impl<unsigned char, nsTArrayInfallibleAllocator> >> = {<No data fields>}, <No data fields>}, static NoIndex = <optimised out>}, <No data fields>}}}, mModifiers = 0}, relatedTarget = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, button = 0, buttons = 0, pressure = 0, hitCluster = false, inputSource = 1, region = {<nsAString_internal> = {mData = 0x7fb05a60805a <gNullChar> u"", mLength = 0, mFlags = 1}, <No data fields>}}, <mozilla::WidgetPointerHelper> = {convertToPointer = true, pointerId = 0, tiltX = 0, tiltY = 0, retargetedByPointerCapture = false}, mReason = mozilla::WidgetMouseEvent::eSynthesized, mContextMenuTrigger = mozilla::WidgetMouseEvent::eNormal, mExitFrom = mozilla::WidgetMouseEvent::eChild, mIgnoreRootScrollFrame = false, mClickCount = 0}
shell = {<nsCOMPtr_base> = {mRawPtr = 0x7fb03b4e9400}, <No data fields>}
#18 0x00007fb05960bd3d in PresShell::nsSynthMouseMoveEvent::WillRefresh (this=0x7fb0242fec80, aTime=...) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsPresShell.h:675
shell = {mRawPtr = 0x7fb04752e000}
#19 0x00007fb05957417c in nsRefreshDriver::Tick (this=0x7fb04752d000, aNowEpoch=aNowEpoch@entry=1480212683927330, aNowTime=...) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsRefreshDriver.cpp:1712
obs = {mRawPtr = 0x7fb0242fec80}
etor = {<nsAutoTObserverArray<nsARefreshObserver*, 0ul>::ForwardIterator> = {<nsAutoTObserverArray<nsARefreshObserver*, 0ul>::Iterator> = {<nsTObserverArray_base::Iterator_base> = {mPosition = 1, mNext = 0x0}, mArray = @0x7fb04752d0c8}, <No data fields>}, mEnd = {<nsAutoTObserverArray<nsARefreshObserver*, 0ul>::Iterator> = {<nsTObserverArray_base::Iterator_base> = {mPosition = 1, mNext = 0x7ffc98513328}, mArray = @0x7fb04752d0c8}, <No data fields>}}
i = 2
sampler_raii1635 = {mHandle = 0x7fb066eee000}
previousRefresh = {mValue = 49933290723853}
presShell = {<nsCOMPtr_base> = {mRawPtr = 0x7fb04752e000}, <No data fields>}
restoreInRefresh = {mLocation = @0x7fb04752d06d, mValue = <optimised out>}
restoreTickStart = {mLocation = @0x7fb04752d090, mValue = {mValue = <optimised out>}}
iter = {<nsAutoTObserverArray<nsAPostRefreshObserver*, 0ul>::Iterator> = {<nsTObserverArray_base::Iterator_base> = {mPosition = 1, mNext = 0x0}, mArray = @0x7fb04752d0c8}, <No data fields>}
#20 0x00007fb059574cb0 in mozilla::RefreshDriverTimer::TickDriver (driver=<optimised out>, jsnow=jsnow@entry=1480212683927330, now=..., now@entry=...) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsRefreshDriver.cpp:279
No locals.
#21 0x00007fb059574ddd in mozilla::RefreshDriverTimer::TickRefreshDrivers (aJsNow=aJsNow@entry=1480212683927330, aNow=aNow@entry=..., aDrivers=..., this=0x7fb04203aab0) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsRefreshDriver.cpp:251
__for_range = @0x7ffc98513430: {<nsTArray_Impl<RefPtr<nsRefreshDriver>, nsTArrayInfallibleAllocator>> = {<nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>> = {mHdr = 0x7fb026c560a0}, <nsTArray_TypedBase<RefPtr<nsRefreshDriver>, nsTArray_Impl<RefPtr<nsRefreshDriver>, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtHelper<RefPtr<nsRefreshDriver>, nsTArray_Impl<RefPtr<nsRefreshDriver>, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtSmartPtrHelper<nsRefreshDriver, nsTArray_Impl<RefPtr<nsRefreshDriver>, nsTArrayInfallibleAllocator> >> = {<No data fields>}, <No data fields>}, <No data fields>}, static NoIndex = 18446744073709551615}, <No data fields>}
__for_begin = 0x7fb026c560a8
drivers = {<nsTArray_Impl<RefPtr<nsRefreshDriver>, nsTArrayInfallibleAllocator>> = {<nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>> = {mHdr = 0x7fb026c560a0}, <nsTArray_TypedBase<RefPtr<nsRefreshDriver>, nsTArray_Impl<RefPtr<nsRefreshDriver>, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtHelper<RefPtr<nsRefreshDriver>, nsTArray_Impl<RefPtr<nsRefreshDriver>, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtSmartPtrHelper<nsRefreshDriver, nsTArray_Impl<RefPtr<nsRefreshDriver>, nsTArrayInfallibleAllocator> >> = {<No data fields>}, <No data fields>}, <No data fields>}, static NoIndex = 18446744073709551615}, <No data fields>}
#22 0x00007fb059574e99 in mozilla::RefreshDriverTimer::Tick (this=0x7fb04203aab0, jsnow=1480212683927330, now=...) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsRefreshDriver.cpp:270
No locals.
#23 0x00007fb0595750a3 in mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers (aTimeStamp=..., this=0x7fb04203aab0) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsRefreshDriver.cpp:593
jsnow = 1480212683933571
diff = {mValue = 6240346}
vsyncJsNow = <optimised out>
#24 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver (this=<optimised out>, aVsyncTimestamp=...) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsRefreshDriver.cpp:513
No locals.
#25 0x00007fb05956f195 in mozilla::detail::RunnableMethodArguments<mozilla::TimeStamp>::applyImpl<mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver, void (mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::*)(mozilla::TimeStamp), StoreCopyPassByValue<mozilla::TimeStamp>, 0ul> (args=..., m=<optimised out>, o=<optimised out>) at /build/firefox-wm7CB0/firefox-50.0+build2/obj-x86_64-linux-gnu/dist/include/nsThreadUtils.h:729
No locals.
#26 mozilla::detail::RunnableMethodArguments<mozilla::TimeStamp>::apply<mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver, void (mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::*)(mozilla::TimeStamp)> (m=<optimised out>, o=<optimised out>, this=<optimised out>) at /build/firefox-wm7CB0/firefox-50.0+build2/obj-x86_64-linux-gnu/dist/include/nsThreadUtils.h:736
No locals.
#27 mozilla::detail::RunnableMethodImpl<void (mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::*)(mozilla::TimeStamp), true, false, mozilla::TimeStamp>::Run (this=<optimised out>) at /build/firefox-wm7CB0/firefox-50.0+build2/obj-x86_64-linux-gnu/dist/include/nsThreadUtils.h:764
No locals.
#28 0x00007fb057fe5dc7 in nsThread::ProcessNextEvent (this=0x7fb066edbd10, aMayWait=<optimised out>, aResult=0x7ffc98513597) at /build/firefox-wm7CB0/firefox-50.0+build2/xpcom/threads/nsThread.cpp:1076
event = {<nsCOMPtr_base> = {mRawPtr = 0x7fb01e0fdfa0}, <No data fields>}
rv = nsresult::NS_OK
noJSAPI = {mIsSome = true, mStorage = {u = {mBytes = "\000\000\000\000\000\000\000\000\003\000\000\000\344\361=\253\000\000\000\000\000\000\000", mDummy = 0}}}
callScriptObserver = true
obs = {<nsCOMPtr_base> = {mRawPtr = 0x7fb04cd736a8}, <No data fields>}
aResult = 0x7ffc98513597
aMayWait = true
this = 0x7fb066edbd10
#29 0x00007fb058000a0b in NS_ProcessNextEvent (aThread=<optimised out>, aThread@entry=0x7fb066edbd10, aMayWait=aMayWait@entry=true) at /build/firefox-wm7CB0/firefox-50.0+build2/xpcom/glue/nsThreadUtils.cpp:290
val = true
#30 0x00007fb0582bcfb7 in mozilla::ipc::MessagePump::Run (this=0x7fb055544600, aDelegate=0x7fb066eab690) at /build/firefox-wm7CB0/firefox-50.0+build2/ipc/glue/MessagePump.cpp:132
did_work = <optimised out>
thisThread = 0x7fb066edbd10
#31 0x00007fb0582a7fa6 in MessageLoop::RunHandler (this=<optimised out>) at /build/firefox-wm7CB0/firefox-50.0+build2/ipc/chromium/src/base/message_loop.cc:225
No locals.
#32 MessageLoop::Run (this=<optimised out>) at /build/firefox-wm7CB0/firefox-50.0+build2/ipc/chromium/src/base/message_loop.cc:205
save_state = {<MessageLoop::RunState> = {run_depth = 1, quit_received = false}, loop_ = 0x7fb066eab690, previous_state_ = 0x0}
#33 0x00007fb059415352 in nsBaseAppShell::Run (this=0x7fb04cd736a0) at /build/firefox-wm7CB0/firefox-50.0+build2/widget/nsBaseAppShell.cpp:156
thread = 0x7fb066edbd10
#34 0x00007fb059a869de in nsAppStartup::Run (this=0x7fb04cd4fe70) at /build/firefox-wm7CB0/firefox-50.0+build2/toolkit/components/startup/nsAppStartup.cpp:284
rv = <optimised out>
retval = <optimised out>
#35 0x00007fb059acc364 in XREMain::XRE_mainRun (this=this@entry=0x7ffc98513838) at /build/firefox-wm7CB0/firefox-50.0+build2/toolkit/xre/nsAppRunner.cpp:4297
rv = nsresult::NS_OK
prefs = {<nsCOMPtr_base> = {mRawPtr = 0x7fb0555ce700}, <No data fields>}
appStartup = {<nsCOMPtr_base> = {mRawPtr = 0x7fb04cd4fe70}, <No data fields>}
userAgentLocale = {<nsACString_internal> = {mData = 0x7fb047109758 "en-US", mLength = 5, mFlags = 5}, <No data fields>}
cmdLine = {<nsCOMPtr_base> = {mRawPtr = 0x7fb04716a4c0}, <No data fields>}
workingDir = {<nsCOMPtr_base> = {mRawPtr = 0x7fb04758b3c0}, <No data fields>}
#36 0x00007fb059acc639 in XREMain::XRE_main (this=this@entry=0x7ffc98513838, argc=argc@entry=1, argv=argv@entry=0x7ffc98514c18, aAppData=aAppData@entry=0x7ffc98513a38) at /build/firefox-wm7CB0/firefox-50.0+build2/toolkit/xre/nsAppRunner.cpp:4424
aLocal = 0 '\000'
sampler_raii4363 = {mHandle = 0x7fb066eee000}
rv = <optimised out>
binFile = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6cfc0}, <No data fields>}
exit = false
result = <optimised out>
appInitiatedRestart = false
#37 0x00007fb059acc89b in XRE_main (argc=1, argv=0x7ffc98514c18, aAppData=0x7ffc98513a38, aFlags=<optimised out>) at /build/firefox-wm7CB0/firefox-50.0+build2/toolkit/xre/nsAppRunner.cpp:4515
main = {mNativeApp = {<nsCOMPtr_base> = {mRawPtr = 0x7fb055539620}, <No data fields>}, mProfileSvc = {<nsCOMPtr_base> = {mRawPtr = 0x7fb05553d290}, <No data fields>}, mProfD = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6d980}, <No data fields>}, mProfLD = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6da40}, <No data fields>}, mProfileLock = {<nsCOMPtr_base> = {mRawPtr = 0x7fb05553a7c0}, <No data fields>}, mRemoteService = {<nsCOMPtr_base> = {mRawPtr = 0x7fb044b67710}, <No data fields>}, mScopedXPCOM = {mTuple = {<mozilla::detail::PairHelper<ScopedXPCOMStartup*, mozilla::DefaultDelete<ScopedXPCOMStartup>, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::DefaultDelete<ScopedXPCOMStartup>> = {<No data fields>}, mFirstA = 0x7fb066eb8828}, <No data fields>}}, mAppData = {mRawPtr = 0x7fb066e5ec80}, mDirProvider = {<nsIDirectoryServiceProvider2> = {<nsIDirectoryServiceProvider> = {<nsISupports> = {_vptr.nsISupports = 0x7fb05bb3a4e8 <vtable for nsXREDirProvider+16>}, <No data fields>}, <No data fields>}, <nsIProfileStartup> = {<nsISupports> = {_vptr.nsISupports = 0x7fb05bb3a530 <vtable for nsXREDirProvider+88>}, <No data fields>}, mAppProvider = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, mGREDir = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6cc00}, <No data fields>}, mGREBinDir = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6d080}, <No data fields>}, mXULAppDir = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6ce40}, <No data fields>}, mProfileDir = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6d980}, <No data fields>}, mProfileLocalDir = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6da40}, <No data fields>}, mProfileNotified = true, mAppBundleDirectories = {<nsCOMArray_base> = {mArray = {<nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator>> = {<nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>> = {mHdr = 0x7fb05bd28650 <nsTArrayHeader::sEmptyHdr>}, <nsTArray_TypedBase<nsISupports*, nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtHelper<nsISupports*, nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator> >> = {<No data fields>}, <No data fields>}, static NoIndex = <optimised out>}, <No data fields>}}, <No data fields>}, mExtensionDirectories = {<nsCOMArray_base> = {mArray = {<nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator>> = {<nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>> = {mHdr = 0x7fb048b38d20}, <nsTArray_TypedBase<nsISupports*, nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtHelper<nsISupports*, nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator> >> = {<No data fields>}, <No data fields>}, static NoIndex = <optimised out>}, <No data fields>}}, <No data fields>}, mThemeDirectories = {<nsCOMArray_base> = {mArray = {<nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator>> = {<nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>> = {mHdr = 0x7fb0489a7110}, <nsTArray_TypedBase<nsISupports*, nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtHelper<nsISupports*, nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator> >> = {<No data fields>}, <No data fields>}, static NoIndex = <optimised out>}, <No data fields>}}, <No data fields>}}, mProfileName = {<nsFixedCString> = {<nsCString> = {<nsACString_internal> = {mData = 0x7fb05552e5a8 "default", mLength = 7, mFlags = 65541}, <No data fields>}, mFixedCapacity = 63, mFixedBuf = 0x7ffc985138f8 ""}, mStorage = "\000\071Q\230\374\177\000\000x9Q\230\374\177\000\000\177\071Q\230\374\177\000\000\177\071Q\230\374\177\000\000\000\204`k\344\361=\253 :Q\230\374\177\000\000X9Q\230\374\177\000\000@\316\346f\260\177\000"}, mDesktopStartupID = {<nsFixedCString> = {<nsCString> = {<nsACString_internal> = {mData = 0x7ffc98513958 "", mLength = 0, mFlags = 65553}, <No data fields>}, mFixedCapacity = 63, mFixedBuf = 0x7ffc98513958 ""}, mStorage = "\000\071Q\230\374\177\000\000\a\000\000\000\021\000\001\000?\000\000\000\000\000\000\000x9Q\230\374\177\000\000browser\000 :Q\230\374\177\000\000\025\337\371W\260\177\000\000\000\314\346f\260\177\000"}, mStartOffline = false, mShuttingDown = false, mDisableRemote = false, mGdkDisplay = 0x7fb0555080b0}
result = <optimised out>
#38 0x0000560247a4c22e in do_main (argc=1, argv=0x7ffc98514c18, envp=<optimised out>, xreDirectory=0x7fb066e6cc00) at /build/firefox-wm7CB0/firefox-50.0+build2/browser/app/nsBrowserApp.cpp:247
appini = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
rv = <optimised out>
appDataFile = <optimised out>
appData = {<nsXREAppData> = {size = 128, directory = 0x7fb066e6ce40, vendor = 0x7fb066eb8100 "Mozilla", name = 0x7fb066eb8108 "Firefox", remotingName = 0x7fb066eb8110 "firefox", version = 0x7fb066eb8118 "50.0", buildID = 0x7fb066e54720 "20161114144856", ID = 0x7fb066ed4eb0 "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}", copyright = 0x0, flags = 10, xreDirectory = 0x7fb066e6cc00, minVersion = 0x7fb066eb8120 "50.0", maxVersion = 0x7fb066eb8128 "50.0", crashReporterURL = 0x7fb066e5eb00 "https://crash-reports.mozilla.com/submit?id={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&version=50.0&buildid=20161114144856", profile = 0x0, UAName = 0x0}, <No data fields>}
exeFile = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6ccc0}, <No data fields>}
greDir = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6cd80}, <No data fields>}
appSubdir = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6ce40}, <No data fields>}
#39 0x0000560247a4b7e7 in main (argc=1, argv=0x7ffc98514c18, envp=0x7ffc98514c28) at /build/firefox-wm7CB0/firefox-50.0+build2/browser/app/nsBrowserApp.cpp:380
xreDirectory = 0x7fb066e6cc00
rv = <optimised out>
result = <optimised out>
---
and the last shmdt after it is:
#0 shmdt () at ../sysdeps/unix/syscall-template.S:84
No locals.
#1 0x00007fb063b5d088 in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
No symbol table info available.
#2 0x00007fb063b5d164 in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
No symbol table info available.
#3 0x00007fb063b5d214 in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
No symbol table info available.
#4 0x00007fb063b2aca6 in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
No symbol table info available.
#5 0x00007fb063b2b640 in cairo_surface_destroy () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
No symbol table info available.
#6 0x00007fb064b64c44 in gdk_cursor_new_from_pixbuf () from /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
No symbol table info available.
#7 0x00007fb05942760a in nsWindow::SetCursor (this=0x7fb044df3000, aCursor=<optimised out>, aHotspotX=8, aHotspotY=8) at /build/firefox-wm7CB0/firefox-50.0+build2/widget/gtk/nsWindow.cpp:1683
pixbuf = 0x7fb026812400
width = <optimised out>
height = <optimised out>
cursor = <optimised out>
rv = <optimised out>
#8 0x00007fb058f2d941 in mozilla::EventStateManager::SetCursor (this=this@entry=0x7fb02f19ee40, aCursor=aCursor@entry=3, aContainer=aContainer@entry=0x7fb024070000, aHaveHotspot=aHaveHotspot@entry=false, aHotspotX=aHotspotX@entry=0, aHotspotY=aHotspotY@entry=0, aWidget=0x7fb044df3000, aLockCursor=aLockCursor@entry=false) at /build/firefox-wm7CB0/firefox-50.0+build2/dom/events/EventStateManager.cpp:3781
hotspotX = 8
hotspotY = 8
c = eCursor_standard
rv = -2147467259
#9 0x00007fb058f2e830 in mozilla::EventStateManager::UpdateCursor (this=0x7fb02f19ee40, aPresContext=0x7fb036e28800, aEvent=<optimised out>, aTargetFrame=0x7fb0364fc9a8, aStatus=0x7ffc985130a4) at /build/firefox-wm7CB0/firefox-50.0+build2/dom/events/EventStateManager.cpp:3589
cursor = 3
container = 0x7fb024070000
haveHotspot = false
hotspotX = 0
hotspotY = 0
aStatus = 0x7ffc985130a4
aPresContext = 0x7fb036e28800
this = 0x7fb02f19ee40
aTargetFrame = 0x7fb0364fc9a8
aEvent = <optimised out>
#10 0x00007fb058f36477 in mozilla::EventStateManager::PreHandleEvent (this=0x7fb02f19ee40, aPresContext=0x7fb036e28800, aEvent=aEvent@entry=0x7ffc98513158, aTargetFrame=0x7fb0364fc9a8, aTargetContent=0x7fb0375b1b00, aStatus=aStatus@entry=0x7ffc985130a4) at /build/firefox-wm7CB0/firefox-50.0+build2/dom/events/EventStateManager.cpp:698
mouseEvent = 0x7ffc98513158
#11 0x00007fb05960ce2f in PresShell::HandleEventInternal (this=this@entry=0x7fb03b4e9400, aEvent=aEvent@entry=0x7ffc98513158, aStatus=aStatus@entry=0x7ffc985130a4, aIsHandlingNativeEvent=aIsHandlingNativeEvent@entry=true) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsPresShell.cpp:8236
touchIsNew = false
isHandlingUserInput = false
userInpStatePusher = {mIsHandlingUserInput = false, mIsMouseDown = false, mResetFMMouseButtonHandlingState = false, mMouseButtonEventHandlingDocument = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}}
manager = {mRawPtr = 0x7fb02f19ee40}
rv = nsresult::NS_OK
#12 0x00007fb05960d321 in PresShell::HandlePositionedEvent (this=this@entry=0x7fb03b4e9400, aTargetFrame=aTargetFrame@entry=0x7fb0364fc9a8, aEvent=aEvent@entry=0x7ffc98513158, aEventStatus=aEventStatus@entry=0x7ffc985130a4) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsPresShell.cpp:8077
rv = nsresult::NS_OK
#13 0x00007fb05960e536 in PresShell::HandleEvent (this=<optimised out>, aFrame=<optimised out>, aEvent=0x7ffc98513158, aDontRetargetEvents=<optimised out>, aEventStatus=0x7ffc985130a4, aTargetContent=0x0) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsPresShell.cpp:7862
kungFuDeathGrip = {<nsCOMPtr_base> = {mRawPtr = 0x7fb03b4e9400}, <No data fields>}
rv = <optimised out>
releasePointerCaptureCaller = {mPointerId = 0, mIsSet = false}
rootPresContext = <optimised out>
weakFrame = {mPrev = 0x0, mFrame = 0x0}
captureRetarget = <optimised out>
mouseEvent = <optimised out>
isWindowLevelMouseExit = <optimised out>
shell = 0x7fb03b4e9400
capturingContent = <optimised out>
retargetEventDoc = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
frame = <optimised out>
rv = <optimised out>
#14 0x00007fb0593fd6f1 in nsViewManager::DispatchEvent (this=<optimised out>, aEvent=aEvent@entry=0x7ffc98513158, aView=<optimised out>, aStatus=aStatus@entry=0x7ffc985130a4) at /build/firefox-wm7CB0/firefox-50.0+build2/view/nsViewManager.cpp:816
shell = {<nsCOMPtr_base> = {mRawPtr = 0x7fb04752e000}, <No data fields>}
sampler_raii768 = {mHandle = 0x7fb066eee000}
mouseEvent = <optimised out>
view = <optimised out>
dispatchUsingCoordinates = <optimised out>
frame = 0x7fb04396b038
#15 0x00007fb0595d8f79 in PresShell::DispatchSynthMouseMove (this=0x7fb03b4e9400, aEvent=0x7ffc98513158, aFlushOnHoverChange=<optimised out>) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsPresShell.cpp:3697
restyleManager = {mPtr = {mValue = 140394701327072}}
status = nsEventStatus_eIgnore
targetView = <optimised out>
#16 0x00007fb0595e5fdc in PresShell::ProcessSynthMouseMoveEvent (this=0x7fb04752e000, aFromScroll=<optimised out>) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsPresShell.cpp:5654
apzContext = {static sGuid = {mLayersId = 0, mPresShellId = 0, mScrollId = 0}, static sBlockId = 0, static sApzResponse = nsEventStatus_eIgnore, static sRoutedToChildProcess = false, mOldGuid = {mLayersId = 0, mPresShellId = 0, mScrollId = 0}, mOldBlockId = 0, mOldApzResponse = nsEventStatus_eIgnore, mOldRoutedToChildProcess = false}
dragSession = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
rootView = 0x7fb043828a80
kungFuDeathGrip = {<nsCOMPtr_base> = {mRawPtr = 0x7fb04752e000}, <No data fields>}
view = <optimised out>
viewAPD = 60
refpoint = {<mozilla::gfx::BasePoint<int, nsPoint, int>> = {{{x = 26880, y = 36540}, components = {26880, 36540}}}, <No data fields>}
pointVM = 0x7fb0453f29c0
event = {<mozilla::WidgetMouseEventBase> = {<mozilla::WidgetInputEvent> = {<mozilla::WidgetGUIEvent> = {<mozilla::WidgetEvent> = {<mozilla::WidgetEventTime> = {mTime = 49933313, mTimeStamp = {mValue = 49933313620855}}, _vptr.WidgetEvent = 0x7fb05b8f4360 <vtable for mozilla::WidgetMouseEvent+16>, mClass = mozilla::eMouseEventClass, mMessage = mozilla::eMouseMove, mRefPoint = {<mozilla::gfx::BasePoint<int, mozilla::gfx::IntPointTyped<mozilla::LayoutDevicePixel>, mozilla::gfx::IntCoordTyped<mozilla::LayoutDevicePixel> >> = {{{x = 448, y = 609}, components = {448, 609}}}, <mozilla::LayoutDevicePixel> = {<No data fields>}, <No data fields>}, mLastRefPoint = {<mozilla::gfx::BasePoint<int, mozilla::gfx::IntPointTyped<mozilla::LayoutDevicePixel>, mozilla::gfx::IntCoordTyped<mozilla::LayoutDevicePixel> >> = {{{x = 0, y = 0}, components = {0, 0}}}, <mozilla::LayoutDevicePixel> = {<No data fields>}, <No data fields>}, mFlags = {mIsTrusted = true, mInBubblingPhase = false, mInCapturePhase = false, mInSystemGroup = false, mCancelable = true, mBubbles = true, mPropagationStopped = false, mImmediatePropagationStopped = false, mDefaultPrevented = false, mDefaultPreventedByContent = false, mDefaultPreventedByChrome = false, mMultipleActionsPrevented = false, mIsBeingDispatched = false, mDispatchedAtLeastOnce = false, mIsSynthesizedForTests = false, mExceptionWasRaised = false, mRetargetToNonNativeAnonymous = false, mNoCrossProcessBoundaryForwarding = false, mNoContentDispatch = false, mOnlyChromeDispatch = false, mOnlySystemGroupDispatchInContent = false, mWantReplyFromContentProcess = false, mHandledByAPZ = false, mInPassiveListener = false}, mSpecifiedEventType = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, mSpecifiedEventTypeString = {<nsAString_internal> = {mData = 0x7fb05a60805a <gNullChar> u"", mLength = 0, mFlags = 1}, <No data fields>}, mTarget = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, mCurrentTarget = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, mOriginalTarget = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}}, mWidget = {<nsCOMPtr_base> = {mRawPtr = 0x7fb044df3000}, <No data fields>}, mPluginEvent = {mBuffer = {<nsTArray_Impl<unsigned char, nsTArrayInfallibleAllocator>> = {<nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>> = {mHdr = 0x7fb05bd28650 <nsTArrayHeader::sEmptyHdr>}, <nsTArray_TypedBase<unsigned char, nsTArray_Impl<unsigned char, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtHelper<unsigned char, nsTArray_Impl<unsigned char, nsTArrayInfallibleAllocator> >> = {<No data fields>}, <No data fields>}, static NoIndex = <optimised out>}, <No data fields>}}}, mModifiers = 0}, relatedTarget = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, button = 0, buttons = 0, pressure = 0, hitCluster = false, inputSource = 1, region = {<nsAString_internal> = {mData = 0x7fb05a60805a <gNullChar> u"", mLength = 0, mFlags = 1}, <No data fields>}}, <mozilla::WidgetPointerHelper> = {convertToPointer = true, pointerId = 0, tiltX = 0, tiltY = 0, retargetedByPointerCapture = false}, mReason = mozilla::WidgetMouseEvent::eSynthesized, mContextMenuTrigger = mozilla::WidgetMouseEvent::eNormal, mExitFrom = mozilla::WidgetMouseEvent::eChild, mIgnoreRootScrollFrame = false, mClickCount = 0}
shell = {<nsCOMPtr_base> = {mRawPtr = 0x7fb03b4e9400}, <No data fields>}
#17 0x00007fb05960bd3d in PresShell::nsSynthMouseMoveEvent::WillRefresh (this=0x7fb0242fec80, aTime=...) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsPresShell.h:675
shell = {mRawPtr = 0x7fb04752e000}
#18 0x00007fb05957417c in nsRefreshDriver::Tick (this=0x7fb04752d000, aNowEpoch=aNowEpoch@entry=1480212683927330, aNowTime=...) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsRefreshDriver.cpp:1712
obs = {mRawPtr = 0x7fb0242fec80}
etor = {<nsAutoTObserverArray<nsARefreshObserver*, 0ul>::ForwardIterator> = {<nsAutoTObserverArray<nsARefreshObserver*, 0ul>::Iterator> = {<nsTObserverArray_base::Iterator_base> = {mPosition = 1, mNext = 0x0}, mArray = @0x7fb04752d0c8}, <No data fields>}, mEnd = {<nsAutoTObserverArray<nsARefreshObserver*, 0ul>::Iterator> = {<nsTObserverArray_base::Iterator_base> = {mPosition = 1, mNext = 0x7ffc98513328}, mArray = @0x7fb04752d0c8}, <No data fields>}}
i = 2
sampler_raii1635 = {mHandle = 0x7fb066eee000}
previousRefresh = {mValue = 49933290723853}
presShell = {<nsCOMPtr_base> = {mRawPtr = 0x7fb04752e000}, <No data fields>}
restoreInRefresh = {mLocation = @0x7fb04752d06d, mValue = <optimised out>}
restoreTickStart = {mLocation = @0x7fb04752d090, mValue = {mValue = <optimised out>}}
iter = {<nsAutoTObserverArray<nsAPostRefreshObserver*, 0ul>::Iterator> = {<nsTObserverArray_base::Iterator_base> = {mPosition = 1, mNext = 0x0}, mArray = @0x7fb04752d0c8}, <No data fields>}
#19 0x00007fb059574cb0 in mozilla::RefreshDriverTimer::TickDriver (driver=<optimised out>, jsnow=jsnow@entry=1480212683927330, now=..., now@entry=...) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsRefreshDriver.cpp:279
No locals.
#20 0x00007fb059574ddd in mozilla::RefreshDriverTimer::TickRefreshDrivers (aJsNow=aJsNow@entry=1480212683927330, aNow=aNow@entry=..., aDrivers=..., this=0x7fb04203aab0) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsRefreshDriver.cpp:251
__for_range = @0x7ffc98513430: {<nsTArray_Impl<RefPtr<nsRefreshDriver>, nsTArrayInfallibleAllocator>> = {<nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>> = {mHdr = 0x7fb026c560a0}, <nsTArray_TypedBase<RefPtr<nsRefreshDriver>, nsTArray_Impl<RefPtr<nsRefreshDriver>, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtHelper<RefPtr<nsRefreshDriver>, nsTArray_Impl<RefPtr<nsRefreshDriver>, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtSmartPtrHelper<nsRefreshDriver, nsTArray_Impl<RefPtr<nsRefreshDriver>, nsTArrayInfallibleAllocator> >> = {<No data fields>}, <No data fields>}, <No data fields>}, static NoIndex = 18446744073709551615}, <No data fields>}
__for_begin = 0x7fb026c560a8
drivers = {<nsTArray_Impl<RefPtr<nsRefreshDriver>, nsTArrayInfallibleAllocator>> = {<nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>> = {mHdr = 0x7fb026c560a0}, <nsTArray_TypedBase<RefPtr<nsRefreshDriver>, nsTArray_Impl<RefPtr<nsRefreshDriver>, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtHelper<RefPtr<nsRefreshDriver>, nsTArray_Impl<RefPtr<nsRefreshDriver>, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtSmartPtrHelper<nsRefreshDriver, nsTArray_Impl<RefPtr<nsRefreshDriver>, nsTArrayInfallibleAllocator> >> = {<No data fields>}, <No data fields>}, <No data fields>}, static NoIndex = 18446744073709551615}, <No data fields>}
#21 0x00007fb059574e99 in mozilla::RefreshDriverTimer::Tick (this=0x7fb04203aab0, jsnow=1480212683927330, now=...) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsRefreshDriver.cpp:270
No locals.
#22 0x00007fb0595750a3 in mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers (aTimeStamp=..., this=0x7fb04203aab0) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsRefreshDriver.cpp:593
jsnow = 1480212683933571
diff = {mValue = 6240346}
vsyncJsNow = <optimised out>
#23 mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver (this=<optimised out>, aVsyncTimestamp=...) at /build/firefox-wm7CB0/firefox-50.0+build2/layout/base/nsRefreshDriver.cpp:513
No locals.
#24 0x00007fb05956f195 in mozilla::detail::RunnableMethodArguments<mozilla::TimeStamp>::applyImpl<mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver, void (mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::*)(mozilla::TimeStamp), StoreCopyPassByValue<mozilla::TimeStamp>, 0ul> (args=..., m=<optimised out>, o=<optimised out>) at /build/firefox-wm7CB0/firefox-50.0+build2/obj-x86_64-linux-gnu/dist/include/nsThreadUtils.h:729
No locals.
#25 mozilla::detail::RunnableMethodArguments<mozilla::TimeStamp>::apply<mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver, void (mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::*)(mozilla::TimeStamp)> (m=<optimised out>, o=<optimised out>, this=<optimised out>) at /build/firefox-wm7CB0/firefox-50.0+build2/obj-x86_64-linux-gnu/dist/include/nsThreadUtils.h:736
No locals.
#26 mozilla::detail::RunnableMethodImpl<void (mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::*)(mozilla::TimeStamp), true, false, mozilla::TimeStamp>::Run (this=<optimised out>) at /build/firefox-wm7CB0/firefox-50.0+build2/obj-x86_64-linux-gnu/dist/include/nsThreadUtils.h:764
No locals.
#27 0x00007fb057fe5dc7 in nsThread::ProcessNextEvent (this=0x7fb066edbd10, aMayWait=<optimised out>, aResult=0x7ffc98513597) at /build/firefox-wm7CB0/firefox-50.0+build2/xpcom/threads/nsThread.cpp:1076
event = {<nsCOMPtr_base> = {mRawPtr = 0x7fb01e0fdfa0}, <No data fields>}
rv = nsresult::NS_OK
noJSAPI = {mIsSome = true, mStorage = {u = {mBytes = "\000\000\000\000\000\000\000\000\003\000\000\000\344\361=\253\000\000\000\000\000\000\000", mDummy = 0}}}
callScriptObserver = true
obs = {<nsCOMPtr_base> = {mRawPtr = 0x7fb04cd736a8}, <No data fields>}
aResult = 0x7ffc98513597
aMayWait = true
this = 0x7fb066edbd10
#28 0x00007fb058000a0b in NS_ProcessNextEvent (aThread=<optimised out>, aThread@entry=0x7fb066edbd10, aMayWait=aMayWait@entry=true) at /build/firefox-wm7CB0/firefox-50.0+build2/xpcom/glue/nsThreadUtils.cpp:290
val = true
#29 0x00007fb0582bcfb7 in mozilla::ipc::MessagePump::Run (this=0x7fb055544600, aDelegate=0x7fb066eab690) at /build/firefox-wm7CB0/firefox-50.0+build2/ipc/glue/MessagePump.cpp:132
did_work = <optimised out>
thisThread = 0x7fb066edbd10
#30 0x00007fb0582a7fa6 in MessageLoop::RunHandler (this=<optimised out>) at /build/firefox-wm7CB0/firefox-50.0+build2/ipc/chromium/src/base/message_loop.cc:225
No locals.
#31 MessageLoop::Run (this=<optimised out>) at /build/firefox-wm7CB0/firefox-50.0+build2/ipc/chromium/src/base/message_loop.cc:205
save_state = {<MessageLoop::RunState> = {run_depth = 1, quit_received = false}, loop_ = 0x7fb066eab690, previous_state_ = 0x0}
#32 0x00007fb059415352 in nsBaseAppShell::Run (this=0x7fb04cd736a0) at /build/firefox-wm7CB0/firefox-50.0+build2/widget/nsBaseAppShell.cpp:156
thread = 0x7fb066edbd10
#33 0x00007fb059a869de in nsAppStartup::Run (this=0x7fb04cd4fe70) at /build/firefox-wm7CB0/firefox-50.0+build2/toolkit/components/startup/nsAppStartup.cpp:284
rv = <optimised out>
retval = <optimised out>
#34 0x00007fb059acc364 in XREMain::XRE_mainRun (this=this@entry=0x7ffc98513838) at /build/firefox-wm7CB0/firefox-50.0+build2/toolkit/xre/nsAppRunner.cpp:4297
rv = nsresult::NS_OK
prefs = {<nsCOMPtr_base> = {mRawPtr = 0x7fb0555ce700}, <No data fields>}
appStartup = {<nsCOMPtr_base> = {mRawPtr = 0x7fb04cd4fe70}, <No data fields>}
userAgentLocale = {<nsACString_internal> = {mData = 0x7fb047109758 "en-US", mLength = 5, mFlags = 5}, <No data fields>}
cmdLine = {<nsCOMPtr_base> = {mRawPtr = 0x7fb04716a4c0}, <No data fields>}
workingDir = {<nsCOMPtr_base> = {mRawPtr = 0x7fb04758b3c0}, <No data fields>}
#35 0x00007fb059acc639 in XREMain::XRE_main (this=this@entry=0x7ffc98513838, argc=argc@entry=1, argv=argv@entry=0x7ffc98514c18, aAppData=aAppData@entry=0x7ffc98513a38) at /build/firefox-wm7CB0/firefox-50.0+build2/toolkit/xre/nsAppRunner.cpp:4424
aLocal = 0 '\000'
sampler_raii4363 = {mHandle = 0x7fb066eee000}
rv = <optimised out>
binFile = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6cfc0}, <No data fields>}
exit = false
result = <optimised out>
appInitiatedRestart = false
#36 0x00007fb059acc89b in XRE_main (argc=1, argv=0x7ffc98514c18, aAppData=0x7ffc98513a38, aFlags=<optimised out>) at /build/firefox-wm7CB0/firefox-50.0+build2/toolkit/xre/nsAppRunner.cpp:4515
main = {mNativeApp = {<nsCOMPtr_base> = {mRawPtr = 0x7fb055539620}, <No data fields>}, mProfileSvc = {<nsCOMPtr_base> = {mRawPtr = 0x7fb05553d290}, <No data fields>}, mProfD = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6d980}, <No data fields>}, mProfLD = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6da40}, <No data fields>}, mProfileLock = {<nsCOMPtr_base> = {mRawPtr = 0x7fb05553a7c0}, <No data fields>}, mRemoteService = {<nsCOMPtr_base> = {mRawPtr = 0x7fb044b67710}, <No data fields>}, mScopedXPCOM = {mTuple = {<mozilla::detail::PairHelper<ScopedXPCOMStartup*, mozilla::DefaultDelete<ScopedXPCOMStartup>, (mozilla::detail::StorageType)1, (mozilla::detail::StorageType)0>> = {<mozilla::DefaultDelete<ScopedXPCOMStartup>> = {<No data fields>}, mFirstA = 0x7fb066eb8828}, <No data fields>}}, mAppData = {mRawPtr = 0x7fb066e5ec80}, mDirProvider = {<nsIDirectoryServiceProvider2> = {<nsIDirectoryServiceProvider> = {<nsISupports> = {_vptr.nsISupports = 0x7fb05bb3a4e8 <vtable for nsXREDirProvider+16>}, <No data fields>}, <No data fields>}, <nsIProfileStartup> = {<nsISupports> = {_vptr.nsISupports = 0x7fb05bb3a530 <vtable for nsXREDirProvider+88>}, <No data fields>}, mAppProvider = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}, mGREDir = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6cc00}, <No data fields>}, mGREBinDir = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6d080}, <No data fields>}, mXULAppDir = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6ce40}, <No data fields>}, mProfileDir = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6d980}, <No data fields>}, mProfileLocalDir = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6da40}, <No data fields>}, mProfileNotified = true, mAppBundleDirectories = {<nsCOMArray_base> = {mArray = {<nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator>> = {<nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>> = {mHdr = 0x7fb05bd28650 <nsTArrayHeader::sEmptyHdr>}, <nsTArray_TypedBase<nsISupports*, nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtHelper<nsISupports*, nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator> >> = {<No data fields>}, <No data fields>}, static NoIndex = <optimised out>}, <No data fields>}}, <No data fields>}, mExtensionDirectories = {<nsCOMArray_base> = {mArray = {<nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator>> = {<nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>> = {mHdr = 0x7fb048b38d20}, <nsTArray_TypedBase<nsISupports*, nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtHelper<nsISupports*, nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator> >> = {<No data fields>}, <No data fields>}, static NoIndex = <optimised out>}, <No data fields>}}, <No data fields>}, mThemeDirectories = {<nsCOMArray_base> = {mArray = {<nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator>> = {<nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>> = {mHdr = 0x7fb0489a7110}, <nsTArray_TypedBase<nsISupports*, nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator> >> = {<nsTArray_SafeElementAtHelper<nsISupports*, nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator> >> = {<No data fields>}, <No data fields>}, static NoIndex = <optimised out>}, <No data fields>}}, <No data fields>}}, mProfileName = {<nsFixedCString> = {<nsCString> = {<nsACString_internal> = {mData = 0x7fb05552e5a8 "default", mLength = 7, mFlags = 65541}, <No data fields>}, mFixedCapacity = 63, mFixedBuf = 0x7ffc985138f8 ""}, mStorage = "\000\071Q\230\374\177\000\000x9Q\230\374\177\000\000\177\071Q\230\374\177\000\000\177\071Q\230\374\177\000\000\000\204`k\344\361=\253 :Q\230\374\177\000\000X9Q\230\374\177\000\000@\316\346f\260\177\000"}, mDesktopStartupID = {<nsFixedCString> = {<nsCString> = {<nsACString_internal> = {mData = 0x7ffc98513958 "", mLength = 0, mFlags = 65553}, <No data fields>}, mFixedCapacity = 63, mFixedBuf = 0x7ffc98513958 ""}, mStorage = "\000\071Q\230\374\177\000\000\a\000\000\000\021\000\001\000?\000\000\000\000\000\000\000x9Q\230\374\177\000\000browser\000 :Q\230\374\177\000\000\025\337\371W\260\177\000\000\000\314\346f\260\177\000"}, mStartOffline = false, mShuttingDown = false, mDisableRemote = false, mGdkDisplay = 0x7fb0555080b0}
result = <optimised out>
#37 0x0000560247a4c22e in do_main (argc=1, argv=0x7ffc98514c18, envp=<optimised out>, xreDirectory=0x7fb066e6cc00) at /build/firefox-wm7CB0/firefox-50.0+build2/browser/app/nsBrowserApp.cpp:247
appini = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
rv = <optimised out>
appDataFile = <optimised out>
appData = {<nsXREAppData> = {size = 128, directory = 0x7fb066e6ce40, vendor = 0x7fb066eb8100 "Mozilla", name = 0x7fb066eb8108 "Firefox", remotingName = 0x7fb066eb8110 "firefox", version = 0x7fb066eb8118 "50.0", buildID = 0x7fb066e54720 "20161114144856", ID = 0x7fb066ed4eb0 "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}", copyright = 0x0, flags = 10, xreDirectory = 0x7fb066e6cc00, minVersion = 0x7fb066eb8120 "50.0", maxVersion = 0x7fb066eb8128 "50.0", crashReporterURL = 0x7fb066e5eb00 "https://crash-reports.mozilla.com/submit?id={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&version=50.0&buildid=20161114144856", profile = 0x0, UAName = 0x0}, <No data fields>}
exeFile = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6ccc0}, <No data fields>}
greDir = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6cd80}, <No data fields>}
appSubdir = {<nsCOMPtr_base> = {mRawPtr = 0x7fb066e6ce40}, <No data fields>}
#38 0x0000560247a4b7e7 in main (argc=1, argv=0x7ffc98514c18, envp=0x7ffc98514c28) at /build/firefox-wm7CB0/firefox-50.0+build2/browser/app/nsBrowserApp.cpp:380
xreDirectory = 0x7fb066e6cc00
rv = <optimised out>
result = <optimised out>|
|
||
Comment 42•8 years ago
|
||
I'm noticing that neither the ubuntu or Fedora lib cairo have got the fix that is in upstream cairo's source from Marc-Andre:
98d01cd1 (Marc-André Lureau 2015-11-06 18:13:05 +0100)| pool->attached = XNextRequest (dpy);
xlib: fix mixing xcb & xlib calls
NextRequest is a macro that doesn't mix well with xcb, since
dpy->request is not updated. Instead use XNextRequest() that was fixed
to do the right thing with xcb in libX11 commit:
http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=7f8f9a36ef901f31279c385caf960a22daeb33fe
This may solve application X errors when a shmdt() is called by cairo
before the Attach request is processed.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Uli Schlachter <psychon@znc.in>
but I don't understand why the library relies on sequence numbering - isn't an XShmCompletionEvent supposed to be there to handle that?|
|
||
Comment 43•8 years ago
|
||
I've just built a cairo2 with 98d01cd1 added and it does seem to fix it - so I think the problem here is purely a cairo bug and not firefox. Note that it's on the dev branch in cairo, and isn't on the 1.14.6 release branch that the distros have. Asking the cairo guys to put it on the release
|
|
||
Comment 44•8 years ago
|
||
That's fantastic analysis, thanks David. (In reply to Dr. David Alan Gilbert from comment #40) > My reading of the IPC_RMID man is that shouldn't delete it until the last > user has finished with it, Yes, but the X server has not yet started using it, and so there are no users. (In reply to Dr. David Alan Gilbert from comment #42) > but I don't understand why the library relies on sequence numbering - isn't > an XShmCompletionEvent supposed to be there to handle that? Cairo doesn't pop events from the queue, because the app will want to see the events, but sequence numbering should work if done properly.
|
|
||
Comment 45•8 years ago
|
||
There is still a chance of this happening even with cairo using XNextRequest(), due to https://bugs.freedesktop.org/show_bug.cgi?id=98883 To summarize the changes in behavior related to this bug: BadAccess and BadShmSeg errors were showing up on remote X connections in versions 47 to 49 due to problems catching the errors on Firefox's compositor thread. Switching Firefox's compositor thread to use libxcb (bug 1286649) fixed the bug with remote connections, but made a bug in cairo calling shmdt() too soon much more likely to demonstrate. That also leads to BadAccess errors, similar symptoms to the remote connection bug, but happens even on local connections. Switching cairo from NextRequest to XNextRequest will reduce the likelihood of the cairo bug demonstrating, but there are still races there that can lead to shmdt() being called to early.
|
|
||
Comment 46•8 years ago
|
||
Some potential options to working around this in Gecko: A) Diagnose the problems that caused bug 1304637 and use a separate server connection on the compositor thread. B) Catch X_ShmAttach BadAccess errors so that they are ignored, leaving instead random results from GDK drawing. C) Trick cairo into thinking that MIT-SHM is not available on the server, using an approach similar to the LD_PRELOAD from comment 20, or what is used in rr.
Keywords: topcrash
|
|
||
Updated•8 years ago
|
Flags: needinfo?(pkozlov.vrn)
|
|
Assignee | |
Comment 47•8 years ago
|
||
This is an implementation of Karl's idea to override XShmQueryExtension. After discussion with glandium, we decided that mozgtk was probably one of the more acceptable places to stash this stub. It seems to resolve the issue.
Attachment #8815543 -
Flags: review?(karlt)
|
|
||
Comment 48•8 years ago
|
||
Comment on attachment 8815543 [details] [diff] [review] work around race in system Cairo's XShm usage There is the option of putting this only in the gtk3 stub so as not to affect Flash, which uses MIT-SHM through GDK and is probably unaffected by this bug, but that would mean putting this within the GTK2_SYMBOLS block, which is counter-intuitive, so whatever you like. Thanks!
Attachment #8815543 -
Flags: review?(karlt) → review+
|
||
Comment 49•8 years ago
|
||
Pushed by lsalzman@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/f78f86eaba8d work around race in system Cairo's XShm usage. r=karlt
|
||
Comment 50•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/f78f86eaba8d
Status: REOPENED → RESOLVED
Closed: 8 years ago → 8 years ago
status-firefox53:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
|
|
Assignee | |
Comment 51•8 years ago
|
||
Comment on attachment 8815543 [details] [diff] [review] work around race in system Cairo's XShm usage Approval Request Comment [Feature/Bug causing the regression]: bug 1286649, bug 1304637 [User impact if declined]: Frequent Linux crashes (Linux top crasher in 50+ from when we uplifted bug 1304637) when hovering with the mouse [Is this code covered by automated tests?]: No [Has the fix been verified in Nightly?]: Yes [Needs manual test from QE? If yes, steps to reproduce]: No [List of other uplifts needed for the feature/fix]: aurora/beta/release [Is the change risky?]: Not very [Why is the change risky/not risky?]: Risk is low since this patch forces Cairo to not use the XShm extension, a feature we do not currently rely upon and which Cairo will happily operate without (since we don't extensively use it for rendering to X drawables). [String changes made/needed]: None
Attachment #8815543 -
Flags: approval-mozilla-release?
Attachment #8815543 -
Flags: approval-mozilla-beta?
Attachment #8815543 -
Flags: approval-mozilla-aurora?
|
||
Updated•8 years ago
|
|
|
||
Comment 52•8 years ago
|
||
Comment on attachment 8815543 [details] [diff] [review] work around race in system Cairo's XShm usage Reduce the risk of crash. Beta51+ and Aurora52+. Should be in 51 beta 6.
Attachment #8815543 -
Flags: approval-mozilla-beta?
Attachment #8815543 -
Flags: approval-mozilla-beta+
Attachment #8815543 -
Flags: approval-mozilla-aurora?
Attachment #8815543 -
Flags: approval-mozilla-aurora+
|
||
Updated•8 years ago
|
Assignee: nobody → lsalzman
|
||
Comment 53•8 years ago
|
||
https://hg.mozilla.org/releases/mozilla-beta/rev/ed3d26ab8b35982ad915254c68087e97b2d9b792
|
|
||
Comment 54•8 years ago
|
||
| bugherder uplift | ||
https://hg.mozilla.org/releases/mozilla-aurora/rev/a6c49cbc9151
Comment on attachment 8815543 [details] [diff] [review] work around race in system Cairo's XShm usage Top crasher on linux, let's include the fix in 50.1.0
Attachment #8815543 -
Flags: approval-mozilla-release? → approval-mozilla-release+
|
|
||
Comment 57•8 years ago
|
||
| bugherder uplift | ||
https://hg.mozilla.org/releases/mozilla-release/rev/e95dc5a9a4be
|
||
Comment 62•7 years ago
|
||
Just my two cents. Same problem here using Firefox 50.0.2 on Xubuntu 16.04.1 X64. !!! abort: x_shmattach: badaccess (attempt to access private resource denied) Submitted several reports, this is one of them: https://crash-stats.mozilla.com/report/index/7985f16b-043c-4b50-8a65-4c8ac2161213
|
|
Assignee | |
Comment 63•7 years ago
|
||
(In reply to Bart Hoekstra from comment #62) > Just my two cents. Same problem here using Firefox 50.0.2 on Xubuntu 16.04.1 > X64. > > !!! abort: x_shmattach: badaccess (attempt to access private resource denied) > > Submitted several reports, this is one of them: > > https://crash-stats.mozilla.com/report/index/7985f16b-043c-4b50-8a65- > 4c8ac2161213 What were you doing when these crashes occurred? Is there a reliable way for you to reproduce it?
|
|
||
Comment 64•7 years ago
|
||
> What were you doing when these crashes occurred? Is there a reliable way for > you to reproduce it? Just browsing. Happens every now and then on different pages. Cannot reproduce it at will. I set layers.acceleration.force-enabled true, that was mentioned in duplicate bug 1318504. At about the sametime 50.1.0 arrived (just an hour ago or so) through the regular update channel. No crashes since. Fingers crossed.
|
|
||
Comment 65•7 years ago
|
||
Just happens again with 50.1.0 https://crash-stats.mozilla.com/report/index/bp-b68322a7-8705-495c-8716-c6cff2161213 But now it seems something completely else... nsFrame::DisplayOutlineUnconditional Crash Reason SIGSEGV Crash Address 0x80000000064
|
|
||
Comment 67•7 years ago
|
||
Looks like 50.1.0 fixed this one. Thanks! Had 2 more crashes, unrelated I think, SIGSEGV at two different actions.
|
|
||
Comment 70•7 years ago
|
||
For the record, Lee and I were able to reproduce this with GDK_SCALE=2 in the environment and e10s off, when hovering around the chart at https://www.tradingview.com/chart/?symbol=NYSE%3ASAN to produce changes in the cursor. It would be very hard to reproduce with libcairo 1.14.8 or newer.
|
||
Comment 71•6 years ago
|
||
FYI, there seem to be some cases where the workaround here isn't enough. In bug 1376910 we saw evidence of SysV shm usage in content processes, via the graphics stack; I suspect that libXext was getting preloaded somehow (probably indirectly, via some other preload lib with X dependencies), and when I preloaded it manually I saw shm usage with similar stacks. The plan for bug 1376910 is to add a similar interposition to libmozsandbox.so, which is prepended to LD_PRELOAD in sandboxed child processes and therefore precedes any other preloading, and also leave the interposition in libmozgtk where it is so that --disable-sandbox builds will still work.
|
|
||
Comment 72•6 years ago
|
||
I've found something that will preload libXext: VirtualGL (https://virtualgl.org/). I suspect it's not very commonly used but I don't know if we have telemetry that would allow quantifying that. Also, there are uses of SysV shm via Cairo (via GTK) that aren't affected by interposing XShmQueryExtension; the only explanation I can come up with is that they're using Cairo's XCB backend rather than Xlib. Returning an error from shmget() should be sufficient for both backends.
|
||
Comment 73•3 years ago
|
||
Given that this fixed from what I can tell in libcairo 1.14.8 from 2016. Is this workaround still needed? I built it without the workaround and could not reproduce.
I'm looking to clean up the need for mozgtk/gtk2 bits once plugins code is removed.
|
|
Assignee | |
Comment 74•3 years ago
|
||
Robert and/or Martin, do you know what the cairo deployment situation is in the wild these days?
Flags: needinfo?(stransky)
Flags: needinfo?(robert.mader)
|
||
Comment 75•3 years ago
|
||
Sorry can't say. But Martin should know - I suppose the oldest version will be the one the oldest still supported RHEL uses and it should be possible for him to make sure it has that fix. Other than that the oldest Ubuntu we need to support is 18.04, which should have the fix.
Flags: needinfo?(robert.mader)
|
|
||
Comment 76•3 years ago
|
||
Oh, I can check that.. From this https://access.redhat.com/solutions/3146951 I believe RHEL7 is the only one we have to worry about. And AFAICT it has a new enough version: https://pkgs.org/search/?q=cairo&on=provides (although I see some evidence it originally launched with an older version)
|
|
||
Comment 77•3 years ago
|
||
The cairo bug still exists.
I assume libmozsandbox.so applies only to content processes.
If the parent process is still using the X connection off main thread, then we'll want to keep a workaround.
|
|
||
Updated•3 years ago
|
Flags: needinfo?(stransky)
You need to log in
before you can comment on or make changes to this bug.
Description
•