crash @ gtk_im_context_wayland_set_surrounding - failed to allocate 18446744073709548432 bytes
Categories
(Core :: Widget: Gtk, defect, P2)
Tracking
()
People
(Reporter: rmader, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash)
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0
Steps to reproduce:
Random crash. Worked in another program, clicked on the Firefox window so it regained focus. Might be specific to the Wayland backend.
Firefox 70 / Wayland / Fedora 31 / Intel-Skylake
Actual results:
Crash. Only logging information I could find:
Okt 26 17:44:30 thinkpad-t460p audit[2277]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=3 pid=2277 comm="firefox" exe="/usr/lib64/firefox/firefox" sig=5 res=1
Okt 26 17:44:30 thinkpad-t460p kernel: show_signal: 1 callbacks suppressed
Okt 26 17:44:30 thinkpad-t460p kernel: traps: firefox[2277] trap int3 ip:7faecdfed6e5 sp:7ffcb0ae3fc0 error:0 in libglib-2.0.so.0.6200.2[7faecdfb2000+83000]
Okt 26 17:44:30 thinkpad-t460p audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@0-3676-0 comm="systemd" exe="/us>
Okt 26 17:44:30 thinkpad-t460p firefox[2277]: ../glib/gmem.c:105: failed to allocate 18446744073709548432 bytes
Okt 26 17:44:30 thinkpad-t460p systemd[1]: Created slice system-systemd\x2dcoredump.slice.
Okt 26 17:44:30 thinkpad-t460p systemd[1]: Started Process Core Dump (PID 3676/UID 0).
Okt 26 17:44:31 thinkpad-t460p firefox.desktop[1722]: Exiting due to channel error.
Okt 26 17:44:31 thinkpad-t460p firefox.desktop[1722]: Exiting due to channel error.
Okt 26 17:44:31 thinkpad-t460p firefox.desktop[1722]: Exiting due to channel error.
Okt 26 17:44:31 thinkpad-t460p firefox.desktop[1722]: Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Receive IPC close with reason=AbnormalShutdown (t>
Okt 26 17:44:31 thinkpad-t460p firefox.desktop[1722]: [Child 3180, Chrome_ChildThread] WARNING: pipe error (3): Connection reset by peer: file /builddir/buil>
Okt 26 17:44:31 thinkpad-t460p firefox.desktop[1722]: Exiting due to channel error.
Okt 26 17:44:31 thinkpad-t460p firefox.desktop[1722]: Exiting due to channel error.
Okt 26 17:44:31 thinkpad-t460p firefox.desktop[1722]: Exiting due to channel error.
Okt 26 17:44:31 thinkpad-t460p firefox.desktop[1722]: Exiting due to channel error.
Expected results:
No crash. Note: 18,446,744,073,709,548,432 = guint64_max (18,446,744,073,709,551,615) - 3183
Reporter | ||
Comment 1•5 years ago
|
||
Ah got more log. Seems to be Wayland specific.
I have troubles to get the backtrace running, it eats up my ram for some reason (maybe because /var/temp is in ram?).
But here is what I got:
#0 _g_log_abort (breakpoint=1) at ../glib/gmessages.c:554
#1 0x00007faecdfee769 in g_log_default_handler (log_domain=log_domain@entry=0x7faece03500e "GLib", log_level=log_level@entry=6,
message=message@entry=0x7fae8abd7240 "../glib/gmem.c:105: failed to allocate 18446744073709548432 bytes", unused_data=unused_data@entry=0x0)
at ../glib/gmessages.c:3123
#2 0x00007faecdfee99b in g_logv (log_domain=0x7faece03500e "GLib", log_level=G_LOG_LEVEL_ERROR, format=<optimized out>, args=args@entry=0x7ffcb0ae4110)
at ../glib/gmessages.c:1350
#3 0x00007faecdfeeb83 in g_log (log_domain=log_domain@entry=0x7faece03500e "GLib", log_level=log_level@entry=G_LOG_LEVEL_ERROR,
format=format@entry=0x7faece03f3c0 "%s: failed to allocate %lu bytes") at ../glib/gmessages.c:1415
#4 0x00007faecdfed305 in g_malloc (n_bytes=n_bytes@entry=18446744073709548432) at ../glib/gmem.c:104
#5 0x00007faece00762e in g_strndup (
str=str@entry=0x7fae79314c10 "men zu Kurden auf der Flucht27 Tote und mehr als 1.700 Verletzte bei neuen Protesten im IrakPakistan und Indien ermöglichen Sikh-Pilgern GrenzübertrittUigure Ilham Tohti erhält Sacharow-Preis des E"..., n=18446744073709548431) at ../glib/gstrfuncs.c:425
#6 0x00007faececba778 in notify_surrounding_text (context=0x7faeadc45230 [GtkIMContextWayland]) at imwayland.c:335
#7 gtk_im_context_wayland_set_surrounding (context=0x7faeadc45230 [GtkIMContextWayland], text=<optimized out>, len=<optimized out>,
cursor_index=<optimized out>) at imwayland.c:823
Comment 2•5 years ago
|
||
It looks like a bug in Gtk input module:
https://bugzilla.redhat.com/show_bug.cgi?id=1759638
https://gitlab.gnome.org/GNOME/gtk/issues/1468
Updated•5 years ago
|
Comment 3•5 years ago
|
||
Comment 4•5 years ago
|
||
hm, according to https://gitlab.gnome.org/GNOME/gtk/issues/1468 it should be fixed in gtk 3.24.3 but Fedora 31 should have it already.
Can you run 'gsettings get org.gnome.desktop.interface gtk-im-module' on terminal and attach the output here?
Thanks.
Updated•5 years ago
|
Reporter | ||
Comment 5•5 years ago
|
||
Hm, Fedora 31 is on 3.24.12-3, so way newer.
gsettings get org.gnome.desktop.interface gtk-im-module
gives me gtk-im-context-simple
Updated•5 years ago
|
Reporter | ||
Comment 6•5 years ago
|
||
Just got it again on Fedora 32:
#0 g_logv (log_domain=0x7f371d50100e "GLib", log_level=G_LOG_LEVEL_ERROR, format=<optimized out>, args=<optimized out>) at ../glib/gmessages.c:1377
1377 g_private_set (&g_log_depth, GUINT_TO_POINTER (depth));
[Current thread is 1 (Thread 0x7f371e985780 (LWP 2253))]
(gdb) bt
#0 g_logv (log_domain=0x7f371d50100e "GLib", log_level=G_LOG_LEVEL_ERROR, format=<optimized out>, args=<optimized out>) at ../glib/gmessages.c:1377
#1 0x00007f371d4b9163 in g_log
(log_domain=log_domain@entry=0x7f371d50100e "GLib", log_level=log_level@entry=G_LOG_LEVEL_ERROR, format=format@entry=0x7f371d50b4e0 "%s: failed to allocate %lu bytes") at ../glib/gmessages.c:1415
#2 0x00007f371d4b78c5 in g_malloc (n_bytes=n_bytes@entry=18446744073709550184) at ../glib/gmem.c:107
#3 0x00007f371d4d1b6e in g_strndup
(str=str@entry=0x7f36a274a538 "Nach Bayern und Niedersachsen jetzt auch Schulschließungen ...Firefox Nightly NewsOpen \"Firefox Nightly News\"✓ These Weeks in Firefox: Issue 70These Weeks in Firefox: Issue 69These Weeks in Firefox"..., n=18446744073709550183) at ../glib/gstrfuncs.c:425
#4 0x00007f36f39d5c32 in notify_surrounding_text (context=0x7f36f5ec8a10 [GtkIMContextWayland]) at ../modules/input/imwayland.c:339
#5 gtk_im_context_wayland_set_surrounding (context=<optimized out>, text=<optimized out>, len=<optimized out>, cursor_index=<optimized out>)
at ../modules/input/imwayland.c:836
#6 0x00007f3717adbae3 in mozilla::widget::IMContextWrapper::OnRetrieveSurroundingNative(_GtkIMContext*) (this=0x7f36febd6b00, aContext=<optimized out>)
at /usr/src/debug/firefox-74.0-5.fc32.x86_64/objdir/dist/include/nsTString.h:161
#7 0x00007f371d71addd in _gtk_marshal_BOOLEAN__VOIDv
(closure=<optimized out>, return_value=0x7ffd1449c840, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x0) at gtk/gtkmarshalers.c:2147
#8 0x00007f371d419af6 in _g_closure_invoke_va
(closure=closure@entry=0x7f36f380d2b0, return_value=return_value@entry=0x7ffd1449c840, instance=instance@entry=0x7f36f3804aa0, args=args@entry=0x7ffd1449c918, n_params=0, param_types=0x0) at ../gobject/gclosure.c:873
#9 0x00007f371d431f67 in g_signal_emit_valist
(instance=instance@entry=0x7f36f3804aa0, signal_id=signal_id@entry=268, detail=detail@entry=0, var_args=var_args@entry=0x7ffd1449c918)
at ../gobject/gsignal.c:3407
#10 0x00007f371d432fbd in g_signal_emit_by_name (instance=0x7f36f3804aa0, detailed_signal=detailed_signal@entry=0x7f371dadbdd2 "retrieve-surrounding")
at ../gobject/gsignal.c:3594
#11 0x00007f371d86516a in gtk_im_multicontext_retrieve_surrounding_cb (slave=<optimized out>, multicontext=<optimized out>) at ../gtk/gtkimmulticontext.c:532
#12 0x00007f371d71addd in _gtk_marshal_BOOLEAN__VOIDv
(closure=<optimized out>, return_value=0x7ffd1449cba0, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x0) at gtk/gtkmarshalers.c:2147
#13 0x00007f371d419af6 in _g_closure_invoke_va
(closure=closure@entry=0x7f36f380d080, return_value=return_value@entry=0x7ffd1449cba0, instance=instance@entry=0x7f36f5ec8a10, args=args@entry=0x7ffd1449cc78, n_params=0, param_types=0x0) at ../gobject/gclosure.c:873
#14 0x00007f371d431f67 in g_signal_emit_valist
(instance=instance@entry=0x7f36f5ec8a10, signal_id=signal_id@entry=268, detail=detail@entry=0, var_args=var_args@entry=0x7ffd1449cc78)
at ../gobject/gsignal.c:3407
#15 0x00007f371d432fbd in g_signal_emit_by_name (instance=0x7f36f5ec8a10, detailed_signal=detailed_signal@entry=0x7f36f39d712d "retrieve-surrounding")
at ../gobject/gsignal.c:3594
#16 0x00007f36f39d5e15 in enable (context_wayland=0x7f36f5ec8a10 [GtkIMContextWayland]) at ../modules/input/imwayland.c:551
#17 0x00007f3717acb246 in mozilla::widget::IMContextWrapper::Focus() (this=0x7f36febd6b00)
at /usr/src/debug/firefox-74.0-5.fc32.x86_64/widget/gtk/IMContextWrapper.cpp:1401
#18 0x00007f3717ab40b8 in nsWindow::SetFocus(nsIWidget::Raise, mozilla::dom::CallerType) (this=
0x7f36fde0f400, aRaise=nsIWidget::Raise::No, aCallerType=<optimized out>) at /usr/src/debug/firefox-74.0-5.fc32.x86_64/widget/gtk/nsWindow.cpp:1728
#19 0x00007f37165ec402 in nsFocusManager::Focus(nsPIDOMWindowOuter*, mozilla::dom::Element*, unsigned int, bool, bool, bool, bool, nsIContent*)
(this=this@entry=0x7f3706534a50, aWindow=0x7f36f5ecb760, aElement=aElement@entry=
0x7f36a1f8a160, aFlags=aFlags@entry=0, aIsNewDocument=aIsNewDocument@entry=true, aFocusChanged=aFocusChanged@entry=false, aWindowRaised=<optimized out>, aAdjustWidgets=<optimized out>, aContentLostFocus=<optimized out>) at /usr/src/debug/firefox-74.0-5.fc32.x86_64/dom/base/nsFocusManager.cpp:1863
#20 0x00007f37165ee303 in nsFocusManager::WindowRaised(mozIDOMWindowProxy*) (this=0x7f3706534a50, aWindow=aWindow@entry=0x7f36f5ecb760)
at /usr/src/debug/firefox-74.0-5.fc32.x86_64/objdir/dist/include/nsCOMPtr.h:1429
#21 0x00007f37188832ad in mozilla::AppWindow::WindowActivated() (this=0x7f36f5ee2ec0)
at /usr/src/debug/firefox-74.0-5.fc32.x86_64/xpfe/appshell/AppWindow.cpp:2865
#22 0x00007f371888333c in mozilla::AppWindow::WidgetListenerDelegate::WindowActivated() (this=<optimized out>)
at /usr/src/debug/firefox-74.0-5.fc32.x86_64/xpfe/appshell/AppWindow.cpp:3178
#23 0x00007f3717ab51ce in nsWindow::OnContainerFocusInEvent(_GdkEventFocus*) (this=this@entry=0x7f36fde0f400, aEvent=aEvent@entry=0x7f36a27944c0)
at /usr/src/debug/firefox-74.0-5.fc32.x86_64/widget/gtk/nsWindow.cpp:3149
#24 0x00007f3717ab5382 in focus_in_event_cb(GtkWidget*, GdkEventFocus*) (widget=widget@entry=0x7f3700a9fbf0 [MozContainer], event=0x7f36a27944c0)
at /usr/src/debug/firefox-74.0-5.fc32.x86_64/widget/gtk/nsWindow.cpp:6197
#29 0x00007f371d432d93 in <emit signal ??? on instance 0x7f3700a9fbf0 [MozContainer]>
(instance=instance@entry=0x7f3700a9fbf0, signal_id=<optimized out>, detail=detail@entry=0) at ../gobject/gsignal.c:3554
#25 0x00007f371d717a2c in _gtk_marshal_BOOLEAN__BOXED
(closure=closure@entry=0x7f36f3a605d0, return_value=return_value@entry=0x7ffd1449d1b0, n_param_values=n_param_values@entry=2, param_values=param_values@entry=0x7ffd1449d210, invocation_hint=invocation_hint@entry=0x7ffd1449d190, marshal_data=marshal_data@entry=0x0) at gtk/gtkmarshalers.c:84
#26 0x00007f371d419893 in g_closure_invoke
(closure=0x7f36f3a605d0, return_value=return_value@entry=0x7ffd1449d1b0, n_param_values=2, param_values=param_values@entry=0x7ffd1449d210, invocation_hint=invocation_hint@entry=0x7ffd1449d190) at ../gobject/gclosure.c:810
#27 0x00007f371d42c51b in signal_emit_unlocked_R
(node=<optimized out>, detail=detail@entry=0, instance=instance@entry=0x7f3700a9fbf0, emission_return=emission_return@entry=0x7ffd1449d300, instance_and_params=instance_and_params@entry=0x7ffd1449d210) at ../gobject/gsignal.c:3742
#28 0x00007f371d4324e4 in g_signal_emit_valist
(instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffd1449d3b0) at ../gobject/gsignal.c:3508
#30 0x00007f371d9e2214 in gtk_widget_event_internal (widget=0x7f3700a9fbf0 [MozContainer], event=0x7f36a27944c0) at ../gtk/gtkwidget.c:7808
#31 0x00007f371d9e4632 in gtk_widget_event_internal (event=<optimized out>, widget=<optimized out>) at ../gtk/gtkwidget.c:7687
#32 gtk_widget_event (widget=<optimized out>, event=<optimized out>) at ../gtk/gtkwidget.c:7378
#33 0x00007f3700a9fbf0 in ()
#34 0x00007f36ad0b7940 in ()
#35 0x00007f36f3a59720 in ()
#36 0x00007f371d9f8dbf in do_focus_change (widget=0x7f36f3a59720 [GdkWaylandWindow], in=1) at ../gtk/gtkwindow.c:8451
#37 0x00007f371da09f25 in _gtk_window_set_is_active (window=0x7f36fde0fa60 [GtkWindow], is_active=1) at ../gtk/gtkwindow.c:12140
#38 0x00007f371da0a532 in gtk_window_focus_in_event (widget=widget@entry=0x7f36fde0fa60 [GtkWindow], event=<optimized out>) at ../gtk/gtkwindow.c:8504
#43 0x00007f371d432d93 in <emit signal ??? on instance 0x7f36fde0fa60 [GtkWindow]>
(instance=instance@entry=0x7f36fde0fa60, signal_id=<optimized out>, detail=detail@entry=0) at ../gobject/gsignal.c:3554
#39 0x00007f371d717a2c in _gtk_marshal_BOOLEAN__BOXED
(closure=0x7f371e7e8b60, return_value=0x7ffd1449d720, n_param_values=<optimized out>, param_values=0x7ffd1449d780, invocation_hint=<optimized out>, marshal_data=<optimized out>) at gtk/gtkmarshalers.c:84
#40 0x00007f371d419893 in g_closure_invoke
(closure=closure@entry=0x7f371e7e8b60, return_value=return_value@entry=0x7ffd1449d720, n_param_values=2, param_values=param_values@entry=0x7ffd1449d780, i--Type <RET> for more, q to quit, c to continue without paging--bt
nvocation_hint=invocation_hint@entry=0x7ffd1449d700) at ../gobject/gclosure.c:810
#41 0x00007f371d42bf8e in signal_emit_unlocked_R
(node=<optimized out>, detail=detail@entry=0, instance=instance@entry=0x7f36fde0fa60, emission_return=emission_return@entry=0x7ffd1449d870, instance_and_params=instance_and_params@entry=0x7ffd1449d780) at ../gobject/gsignal.c:3780
#42 0x00007f371d4324e4 in g_signal_emit_valist
(instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffd1449d920) at ../gobject/gsignal.c:3508
#44 0x00007f371d9e2214 in gtk_widget_event_internal (widget=0x7f36fde0fa60 [GtkWindow], event=0x7f36a27942e0) at ../gtk/gtkwidget.c:7808
#45 0x00007f371d9e4632 in gtk_widget_event_internal (event=<optimized out>, widget=<optimized out>) at ../gtk/gtkwidget.c:7687
#46 gtk_widget_event (widget=<optimized out>, event=<optimized out>) at ../gtk/gtkwidget.c:7378
#47 0x00007f36a9000000 in ()
#48 0x00007f3706517180 in ()
#49 0x00007f36f3a6fdd0 in ()
#50 0x00007f371e7f42f0 in ()
#51 0x0000000000000000 in ()
I should add that when I created the issue I was using the addon "Livemarks" - I stopped using it but a couple of days ago installed it again. I'm mentioning it because the content in #3
appears to be the text of the live mark folders/items. At some other point I read we might be hitting Wayland protocol limits. Will ask garnacho about it.
Reporter | ||
Comment 7•5 years ago
|
||
Fixed in GTK: https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/1528, shipping with GTK 3.24.15
Reporter | ||
Comment 8•5 years ago
|
||
Update: not quite fixed yet, but working on it in https://gitlab.gnome.org/GNOME/gtk/issues/2522 - it's definitely a GTK3 bug (just in case somebody finds the bug report here)
Reporter | ||
Comment 9•5 years ago
|
||
P.S.: apart from the fact that firefox tries to send all my livemarks as text over a wayland wire that is limited to 4kb, which sounds questionable to me - but the fact that this causes a crash is a GKT bug :)
Reporter | ||
Comment 10•5 years ago
|
||
And finally fixed by https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/1533
Description
•