1194397 - Intermittent AddressSanitizer: double-free /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:64 __interceptor_free

Status: RESOLVED FIXED

(Core :: Widget: Gtk, defect)

Description

[Ryan VanderMeulen [:RyanVM]]

06:17:33 INFO - ==1944==ERROR: AddressSanitizer: attempting double-free on 0x6150008e2e00 in thread T35 (Compositor):
06:17:33 INFO - -1596958208[61200003bec0]: [main|PeerConnectionImpl] PeerConnectionImpl.cpp:2455: CloseInt: Closing PeerConnectionImpl 47369a38a5171280; ending call
06:17:33 INFO - -1596958208[61200003bec0]: [1439471852779695 (id=2147487168 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_bug1042791.html)]: stable -> closed
06:17:33 INFO - -1596958208[61200003bec0]: [main|PeerConnectionImpl] PeerConnectionImpl.cpp:2455: CloseInt: Closing PeerConnectionImpl 7a505c76877ffe95; ending call
06:17:33 INFO - -1596958208[61200003bec0]: [1439471852801041 (id=2147487168 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_bug1042791.html)]: stable -> closed
06:17:33 INFO - MEMORY STAT | vsize 20973077MB | residentFast 1450MB
06:17:33 INFO - #0 0x472031 in __interceptor_free /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:64
06:17:33 INFO - #1 0x7fd316d422fd (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x372fd)
06:17:33 INFO - #2 0x7fd316d425ea (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x375ea)
06:17:33 INFO - #3 0x7fd316d42989 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x37989)
06:17:33 INFO - #4 0x7fd314b94051 (/usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0+0x70051)
06:17:33 INFO - #5 0x7fd314b6b4f6 (/usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0+0x474f6)
06:17:33 INFO - #6 0x7fd314b7c1df (/usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0+0x581df)
06:17:35 INFO - #7 0x7fd30b764d08 in gdk_x11_window_get_xid /builds/slave/fx-team-l64-asan-0000000000000/build/src/widget/gtk/compat/gdk/gdkx.h:31
06:17:35 INFO - #8 0x7fd30b764d08 in nsWindow::GetThebesSurface() /builds/slave/fx-team-l64-asan-0000000000000/build/src/widget/gtk/nsWindow.cpp:6269
06:17:35 INFO - #9 0x7fd30b7645b1 in nsWindow::StartRemoteDrawing() /builds/slave/fx-team-l64-asan-0000000000000/build/src/widget/gtk/nsWindow.cpp:6183
06:17:35 INFO - #10 0x7fd307b8c4c5 in mozilla::layers::BasicCompositor::BeginFrame(nsIntRegion const&, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits> const*, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits>*, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits>*) /builds/slave/fx-team-l64-asan-0000000000000/build/src/gfx/layers/basic/BasicCompositor.cpp:517
06:17:35 INFO - #11 0x7fd307c3ea74 in mozilla::layers::LayerManagerComposite::Render() /builds/slave/fx-team-l64-asan-0000000000000/build/src/gfx/layers/composite/LayerManagerComposite.cpp:723
06:17:35 INFO - #12 0x7fd307c3cd04 in mozilla::layers::LayerManagerComposite::EndTransaction(mozilla::TimeStamp const&, mozilla::layers::LayerManager::EndTransactionFlags) /builds/slave/fx-team-l64-asan-0000000000000/build/src/gfx/layers/composite/LayerManagerComposite.cpp:310
06:17:35 INFO - #13 0x7fd307c8b7f7 in mozilla::layers::CompositorParent::CompositeToTarget(mozilla::gfx::DrawTarget*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) /builds/slave/fx-team-l64-asan-0000000000000/build/src/gfx/layers/ipc/CompositorParent.cpp:1176
06:17:35 INFO - #14 0x7fd307c8df57 in ComposeToTarget /builds/slave/fx-team-l64-asan-0000000000000/build/src/gfx/layers/ipc/CompositorParent.cpp:274
06:17:35 INFO - #15 0x7fd307c8df57 in mozilla::layers::CompositorVsyncScheduler::Composite(mozilla::TimeStamp) /builds/slave/fx-team-l64-asan-0000000000000/build/src/gfx/layers/ipc/CompositorParent.cpp:524
06:17:35 INFO - #16 0x7fd3067d89d4 in RunTask /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/message_loop.cc:364
06:17:35 INFO - #17 0x7fd3067d89d4 in MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/message_loop.cc:372
06:17:35 INFO - #18 0x7fd3067d9a87 in MessageLoop::DoWork() /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/message_loop.cc:459
06:17:35 INFO - #19 0x7fd3067dbb86 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/message_pump_default.cc:34
06:17:35 INFO - #20 0x7fd3067d755c in RunInternal /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/message_loop.cc:234
06:17:35 INFO - #21 0x7fd3067d755c in RunHandler /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/message_loop.cc:227
06:17:35 INFO - #22 0x7fd3067d755c in MessageLoop::Run() /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/message_loop.cc:201
06:17:35 INFO - #23 0x7fd3067efc33 in base::Thread::ThreadMain() /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/thread.cc:170
06:17:35 INFO - #24 0x7fd3067f14ec in ThreadFunc(void*) /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/platform_thread_posix.cc:39
06:17:35 INFO - #25 0x7fd3219dbe99 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7e99)
06:17:35 INFO - #26 0x7fd320aeb2ec (/lib/x86_64-linux-gnu/libc.so.6+0xf42ec)
06:17:35 INFO - 0x6150008e2e00 is located 0 bytes inside of 512-byte region [0x6150008e2e00,0x6150008e3000)
06:17:35 INFO - freed by thread T0 here:
06:17:35 INFO - #0 0x472031 in __interceptor_free /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:64
06:17:35 INFO - #1 0x7fd316d422fd (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x372fd)
06:17:35 INFO - previously allocated by thread T35 (Compositor) here:
06:17:35 INFO - #0 0x472341 in calloc /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:90
06:17:35 INFO - #1 0x7fd316d58aa0 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4daa0)
06:17:35 INFO - Thread T35 (Compositor) created by T0 here:
06:17:35 INFO - #0 0x45eaa5 in __interceptor_pthread_create /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:175
06:17:35 INFO - #1 0x7fd3067ef814 in CreateThread /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/platform_thread_posix.cc:144
06:17:35 INFO - #2 0x7fd3067ef814 in Create /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/platform_thread_posix.cc:155
06:17:35 INFO - #3 0x7fd3067ef814 in base::Thread::StartWithOptions(base::Thread::Options const&) /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/thread.cc:92
06:17:35 INFO - #4 0x7fd307c8a630 in mozilla::layers::CompositorThreadHolder::CreateCompositorThread() /builds/slave/fx-team-l64-asan-0000000000000/build/src/gfx/layers/ipc/CompositorParent.cpp:195
06:17:35 INFO - #5 0x7fd307c8e2a0 in operator new /builds/slave/fx-team-l64-asan-0000000000000/build/src/gfx/layers/ipc/CompositorParent.cpp:147
06:17:35 INFO - #6 0x7fd307c8e2a0 in mozilla::layers::CompositorParent::StartUp() /builds/slave/fx-team-l64-asan-0000000000000/build/src/gfx/layers/ipc/CompositorParent.cpp:591
06:17:35 INFO - #7 0x7fd307d7ce44 in InitLayersIPC /builds/slave/fx-team-l64-asan-0000000000000/build/src/gfx/thebes/gfxPlatform.cpp:680
06:17:35 INFO - #8 0x7fd307d7ce44 in gfxPlatform::Init() /builds/slave/fx-team-l64-asan-0000000000000/build/src/gfx/thebes/gfxPlatform.cpp:507
06:17:35 INFO - #9 0x7fd307d7b9a4 in gfxPlatform::GetPlatform() /builds/slave/fx-team-l64-asan-0000000000000/build/src/gfx/thebes/gfxPlatform.cpp:415
06:17:35 INFO - #10 0x7fd30bd425b4 in CreateVsyncRefreshTimer /builds/slave/fx-team-l64-asan-0000000000000/build/src/layout/base/nsRefreshDriver.cpp:865
06:17:35 INFO - #11 0x7fd30bd425b4 in nsRefreshDriver::ChooseTimer() const /builds/slave/fx-team-l64-asan-0000000000000/build/src/layout/base/nsRefreshDriver.cpp:1008
06:17:35 INFO - #12 0x7fd30bd4553f in nsRefreshDriver::EnsureTimerStarted(nsRefreshDriver::EnsureTimerStartedFlags) /builds/slave/fx-team-l64-asan-0000000000000/build/src/layout/base/nsRefreshDriver.cpp:1218
06:17:35 INFO - #13 0x7fd30bd4599f in nsRefreshDriver::MostRecentRefresh() const /builds/slave/fx-team-l64-asan-0000000000000/build/src/layout/base/nsRefreshDriver.cpp:1107
06:17:35 INFO - #14 0x7fd30bf459e5 in nsPresContext::Init(nsDeviceContext*) /builds/slave/fx-team-l64-asan-0000000000000/build/src/layout/base/nsPresContext.cpp:1048
06:17:35 INFO - #15 0x7fd30bf40c04 in nsDocumentViewer::InitInternal(nsIWidget*, nsISupports*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, bool, bool, bool) /builds/slave/fx-team-l64-asan-0000000000000/build/src/layout/base/nsDocumentViewer.cpp:809
06:17:35 INFO - #16 0x7fd30bf3fbe7 in nsDocumentViewer::Init(nsIWidget*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) /builds/slave/fx-team-l64-asan-0000000000000/build/src/layout/base/nsDocumentViewer.cpp:621
06:17:35 INFO - #17 0x7fd30cb8f6cc in nsDocShell::SetupNewViewer(nsIContentViewer*) /builds/slave/fx-team-l64-asan-0000000000000/build/src/docshell/base/nsDocShell.cpp:9167
06:17:35 INFO - #18 0x7fd30cb8dfc7 in nsDocShell::Embed(nsIContentViewer*, char const*, nsISupports*) /builds/slave/fx-team-l64-asan-0000000000000/build/src/docshell/base/nsDocShell.cpp:7068
06:17:35 INFO - #19 0x7fd30cb9b7f8 in nsDocShell::CreateAboutBlankContentViewer(nsIPrincipal*, nsIURI*, bool) /builds/slave/fx-team-l64-asan-0000000000000/build/src/docshell/base/nsDocShell.cpp:7886
06:17:35 INFO - #20 0x7fd30ccab94d in nsWebShellWindow::Initialize(nsIXULWindow*, nsIXULWindow*, nsIURI*, int, int, bool, nsITabParent*, nsWidgetInitData&) /builds/slave/fx-team-l64-asan-0000000000000/build/src/xpfe/appshell/nsWebShellWindow.cpp:216
06:17:35 INFO - #21 0x7fd30cca6286 in nsAppShellService::JustCreateTopWindow(nsIXULWindow*, nsIURI*, unsigned int, int, int, bool, nsITabParent*, nsWebShellWindow**) /builds/slave/fx-team-l64-asan-0000000000000/build/src/xpfe/appshell/nsAppShellService.cpp:615
06:17:35 INFO - #22 0x7fd30cca5648 in nsAppShellService::CreateHiddenWindowHelper(bool) /builds/slave/fx-team-l64-asan-0000000000000/build/src/xpfe/appshell/nsAppShellService.cpp:136
06:17:35 INFO - #23 0x7fd30d42cce2 in nsAppStartup::CreateHiddenWindow() /builds/slave/fx-team-l64-asan-0000000000000/build/src/toolkit/components/startup/nsAppStartup.cpp:245
06:17:35 INFO - #24 0x7fd30d537d10 in XREMain::XRE_mainRun() /builds/slave/fx-team-l64-asan-0000000000000/build/src/toolkit/xre/nsAppRunner.cpp:4217
06:17:35 INFO - #25 0x7fd30d539235 in XREMain::XRE_main(int, char**, nsXREAppData const*) /builds/slave/fx-team-l64-asan-0000000000000/build/src/toolkit/xre/nsAppRunner.cpp:4385
06:17:35 INFO - #26 0x7fd30d53a0b5 in XRE_main /builds/slave/fx-team-l64-asan-0000000000000/build/src/toolkit/xre/nsAppRunner.cpp:4474
06:17:35 INFO - #27 0x48a6a9 in do_main /builds/slave/fx-team-l64-asan-0000000000000/build/src/browser/app/nsBrowserApp.cpp:212
06:17:35 INFO - #28 0x48a6a9 in main /builds/slave/fx-team-l64-asan-0000000000000/build/src/browser/app/nsBrowserApp.cpp:399
06:17:35 INFO - #29 0x7fd320a1876c (/lib/x86_64-linux-gnu/libc.so.6+0x2176c)
06:17:35 INFO - SUMMARY: AddressSanitizer: double-free /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:64 __interceptor_free
06:17:35 INFO - ==1944==ABORTING
06:17:36 INFO - [Child 2002] ###!!! ABORT: Aborting on channel error.: file /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/glue/MessageChannel.cpp, line 1762
06:17:36 INFO - [Child 2002] ###!!! ABORT: Aborting on channel error.: file /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/glue/MessageChannel.cpp, line 1762
06:17:36 INFO - ASAN:SIGSEGV
06:17:36 INFO - =================================================================
06:17:36 INFO - ==2002==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000048e0ee sp 0x7f0284ffdd20 bp 0x7f0284ffdd30 T2)
06:17:37 INFO - #0 0x48e0ed in mozalloc_abort(char const*) /builds/slave/fx-team-l64-asan-0000000000000/build/src/memory/mozalloc/mozalloc_abort.cpp:33
06:17:38 INFO - #1 0x7f02930a0d95 in Abort(char const*) /builds/slave/fx-team-l64-asan-0000000000000/build/src/xpcom/base/nsDebugImpl.cpp:472
06:17:38 INFO - #2 0x7f02930a0a61 in NS_DebugBreak /builds/slave/fx-team-l64-asan-0000000000000/build/src/xpcom/base/nsDebugImpl.cpp:425
06:17:38 INFO - #3 0x7f0293aa41b6 in mozilla::ipc::MessageChannel::OnChannelErrorFromLink() /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/glue/MessageChannel.cpp:1762
06:17:38 INFO - #4 0x7f0293aa8e90 in OnChannelError /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/glue/MessageLink.cpp:408
06:17:38 INFO - #5 0x7f0293aa8e90 in non-virtual thunk to mozilla::ipc::ProcessLink::OnChannelError() /builds/slave/fx-team-l64-asan-0000000000000/build/src/obj-firefox/ipc/glue/Unified_cpp_ipc_glue0.cpp:409
06:17:38 INFO - #6 0x7f0293a14d62 in event_process_active_single_queue /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/third_party/libevent/event.c:1350
06:17:38 INFO - #7 0x7f0293a14d62 in event_process_active /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/third_party/libevent/event.c:1420
06:17:38 INFO - #8 0x7f0293a14d62 in event_base_loop /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/third_party/libevent/event.c:1621
06:17:38 INFO - #9 0x7f0293a3b9cc in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/message_pump_libevent.cc:349
06:17:38 INFO - #10 0x7f0293a3655c in RunInternal /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/message_loop.cc:234
06:17:38 INFO - #11 0x7f0293a3655c in RunHandler /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/message_loop.cc:227
06:17:38 INFO - #12 0x7f0293a3655c in MessageLoop::Run() /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/message_loop.cc:201
06:17:38 INFO - #13 0x7f0293a4ec33 in base::Thread::ThreadMain() /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/thread.cc:170
06:17:38 INFO - #14 0x7f0293a504ec in ThreadFunc(void*) /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/platform_thread_posix.cc:39
06:17:38 INFO - #15 0x7f02a0905e99 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7e99)
06:17:38 INFO - #16 0x7f0290cda2ec (/lib/x86_64-linux-gnu/libc.so.6+0xf42ec)
06:17:38 INFO - AddressSanitizer can not provide additional info.
06:17:38 INFO - SUMMARY: AddressSanitizer: SEGV /builds/slave/fx-team-l64-asan-0000000000000/build/src/memory/mozalloc/mozalloc_abort.cpp:33 mozalloc_abort(char const*)
06:17:38 INFO - Thread T2 (Chrome_ChildThr) created by T0 (Web Content) here:
06:17:38 INFO - #0 0x461855 in pthread_create /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:175
06:17:38 INFO - #1 0x7f0293a4e814 in CreateThread /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/platform_thread_posix.cc:144
06:17:38 INFO - #2 0x7f0293a4e814 in Create /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/platform_thread_posix.cc:155
06:17:38 INFO - #3 0x7f0293a4e814 in base::Thread::StartWithOptions(base::Thread::Options const&) /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/chromium/src/base/thread.cc:92
06:17:38 INFO - #4 0x7f0293aaab0b in mozilla::ipc::ProcessChild::ProcessChild(int) /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/glue/ProcessChild.cpp:22
06:17:38 INFO - #5 0x7f029a79e09d in operator new /builds/slave/fx-team-l64-asan-0000000000000/build/src/obj-firefox/toolkit/xre/../../dist/include/mozilla/dom/ContentProcess.h:28
06:17:38 INFO - #6 0x7f029a79e09d in XRE_InitChildProcess /builds/slave/fx-team-l64-asan-0000000000000/build/src/toolkit/xre/nsEmbedFunctions.cpp:572
06:17:38 INFO - #7 0x48d670 in content_process_main(int, char**) /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/app/../contentproc/plugin-container.cpp:237
06:17:38 INFO - #8 0x7f0290c0776c (/lib/x86_64-linux-gnu/libc.so.6+0x2176c)
06:17:38 INFO - ==2002==ABORTING
06:17:39 INFO - TEST-INFO | Main app process: exit 1

Comment 1

[Legacy TBPL/Treeherder Robot]

log: https://treeherder.mozilla.org/logviewer.html#?repo=fx-team&job_id=4228112
repository: fx-team
start_time: 2015-08-13T05:31:22
who: rvandermeulen[at]mozilla[dot]com
machine: tst-linux64-spot-254
buildname: Ubuntu ASAN VM 12.04 x64 fx-team opt test mochitest-e10s-2
revision: 23e1c3ba0d42

SUMMARY: AddressSanitizer: double-free /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:64 __interceptor_free
[Child 2002] ###!!! ABORT: Aborting on channel error.: file /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/glue/MessageChannel.cpp, line 1762
[Child 2002] ###!!! ABORT: Aborting on channel error.: file /builds/slave/fx-team-l64-asan-0000000000000/build/src/ipc/glue/MessageChannel.cpp, line 1762
SUMMARY: AddressSanitizer: SEGV /builds/slave/fx-team-l64-asan-0000000000000/build/src/memory/mozalloc/mozalloc_abort.cpp:33 mozalloc_abort(char const*)
TEST-UNEXPECTED-FAIL | dom/media/tests/mochitest/test_peerConnection_bug1042791.html | application terminated with exit code 1
Return code: 1
No tests run or test summary not found

Comment 2

[Karl Tomlinson (:karlt)]

GDK use on wrong thread.

Comment 3

[Lee Salzman [:lsalzman]]

Attachment: force gdk_window_ensure_native on gdk window creation

The apparent cause of this crash is an embedded call to gdk_window_ensure_native that is creating a native window at an inopportune time. As a workaround to force native window creation onto the same thread as the call to nsWindow::Create(), this pokes at gdk_x11_window_get_xid() at the end to make that occur then and there if for some reason it hasn't.

Comment 5

[Andrew Comminos [:acomminos]]

Comment on attachment 8652591 [details] [diff] [review]
force gdk_window_ensure_native on gdk window creation

Review of attachment 8652591 [details] [diff] [review]:
-----------------------------------------------------------------

::: widget/gtk/nsWindow.cpp
@@ +3715,5 @@
>      // resize so that everything is set to the right dimensions
>      if (!mIsTopLevel)
>          Resize(mBounds.x, mBounds.y, mBounds.width, mBounds.height, false);
>  
> +    if (mGdkWindow) {

mGdkWindow should always be non-null here.

@@ +3718,5 @@
>  
> +    if (mGdkWindow) {
> +      // force creation of native window via internal call to gdk_window_ensure_native
> +      // in case it was not created already
> +      gdk_x11_window_get_xid(mGdkWindow);

If we can't use gdk_window_ensure_native here, we should guard this against MOZ_X11.

Comment 6

[Lee Salzman [:lsalzman]]

Attachment: force gdk_window_ensure_native on gdk window creation

Added #ifdef MOZ_X11 as requested by Andrew.

Try run: https://treeherder.mozilla.org/#/jobs?repo=try&revision=c77ba5dc7a08

Comment 7

[Pulsebot]

https://hg.mozilla.org/integration/b2g-inbound/rev/71d398b08d25

Comment 8

[Karl Tomlinson (:karlt)]

[Tracking Requested - why for this release]:

The diagnosis here seems to be that using GDK from the wrong thread corrupts its memory, but using gdk_x11_window_get_xid() first on the correct thread might mean we get away with calling it later on the wrong thread.

gdk_window_ensure_native is called only for child windows and child window use in Gecko is rare.  It seems the media tests trigger the crash, so I wonder whether they are using child windows somewhere.

The other place where child windows are used in plugins.  We shouldn't be drawing to those windows and so we shouldn't get to these stacks from plugins, but I can't guarantee that. 

Seems we should consider uplifting a fix for webrtc at least.

Comment 9

[Ryan VanderMeulen [:RyanVM]]

You are my hero. <3

Comment 25

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/mozilla-central/rev/71d398b08d25

Comment 26

[Randell Jesup [:jesup] (needinfo me)]

+mreavy for possible uplift

Comment 27

[Ryan VanderMeulen [:RyanVM]]

yes plz

Comment 28

[Maire Reavy [:mreavy]]

Hi Lee -- Can you write the uplift request for this patch?  Based on the hits we're getting, I believe we want to uplift this all the way into Beta, but I'd appreciate if you could verify how far we should uplift this and capture what the known risks are.  Thanks!

Comment 29

[Lee Salzman [:lsalzman]]

Comment on attachment 8652618 [details] [diff] [review]
force gdk_window_ensure_native on gdk window creation

Approval Request Comment
[Feature/regressing bug #]: bug 882523
[User impact if declined]: Unknown, problem only seems to show up with media tests and Linux/gtk, but not identifiably on any Linux crash reports
[Describe test coverage new/current, TreeHerder]: media-related mochitests
[Risks and why]: Intermittent failures in media tests
[String/UUID change made/needed]: None

Comment 30

[Ritu Kothari (:ritu) (Inactive, please n-i to RyanVM, jcristau, or pascal)]

Comment on attachment 8652618 [details] [diff] [review]
force gdk_window_ensure_native on gdk window creation

This is an intermittent test failure and RelEng team would be happy the sooner this gets uplifted. It seems safe to uplift to Aurora and Beta.

Comment 31

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/releases/mozilla-aurora/rev/e0f3c1fde8c8

Comment 32

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/releases/mozilla-beta/rev/9ca7e3f7532e