Closed Bug 1591716 Opened 3 years ago Closed 3 years ago

crash @ gtk_im_context_wayland_set_surrounding - failed to allocate 18446744073709548432 bytes

Categories

(Core :: Widget: Gtk, defect, P2)

70 Branch
x86_64
Linux
defect

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: rmader, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash)

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0

Steps to reproduce:

Random crash. Worked in another program, clicked on the Firefox window so it regained focus. Might be specific to the Wayland backend.

Firefox 70 / Wayland / Fedora 31 / Intel-Skylake

Actual results:

Crash. Only logging information I could find:

Okt 26 17:44:30 thinkpad-t460p audit[2277]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=3 pid=2277 comm="firefox" exe="/usr/lib64/firefox/firefox" sig=5 res=1
Okt 26 17:44:30 thinkpad-t460p kernel: show_signal: 1 callbacks suppressed
Okt 26 17:44:30 thinkpad-t460p kernel: traps: firefox[2277] trap int3 ip:7faecdfed6e5 sp:7ffcb0ae3fc0 error:0 in libglib-2.0.so.0.6200.2[7faecdfb2000+83000]
Okt 26 17:44:30 thinkpad-t460p audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@0-3676-0 comm="systemd" exe="/us>
Okt 26 17:44:30 thinkpad-t460p firefox[2277]: ../glib/gmem.c:105: failed to allocate 18446744073709548432 bytes
Okt 26 17:44:30 thinkpad-t460p systemd[1]: Created slice system-systemd\x2dcoredump.slice.
Okt 26 17:44:30 thinkpad-t460p systemd[1]: Started Process Core Dump (PID 3676/UID 0).
Okt 26 17:44:31 thinkpad-t460p firefox.desktop[1722]: Exiting due to channel error.
Okt 26 17:44:31 thinkpad-t460p firefox.desktop[1722]: Exiting due to channel error.
Okt 26 17:44:31 thinkpad-t460p firefox.desktop[1722]: Exiting due to channel error.
Okt 26 17:44:31 thinkpad-t460p firefox.desktop[1722]: Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Receive IPC close with reason=AbnormalShutdown (t>
Okt 26 17:44:31 thinkpad-t460p firefox.desktop[1722]: [Child 3180, Chrome_ChildThread] WARNING: pipe error (3): Connection reset by peer: file /builddir/buil>
Okt 26 17:44:31 thinkpad-t460p firefox.desktop[1722]: Exiting due to channel error.
Okt 26 17:44:31 thinkpad-t460p firefox.desktop[1722]: Exiting due to channel error.
Okt 26 17:44:31 thinkpad-t460p firefox.desktop[1722]: Exiting due to channel error.
Okt 26 17:44:31 thinkpad-t460p firefox.desktop[1722]: Exiting due to channel error.

Expected results:

No crash. Note: 18,446,744,073,709,548,432 = guint64_max (18,446,744,073,709,551,615) - 3183

Severity: normal → critical
Keywords: crash
OS: Unspecified → Linux
Hardware: Unspecified → x86_64

Ah got more log. Seems to be Wayland specific.
I have troubles to get the backtrace running, it eats up my ram for some reason (maybe because /var/temp is in ram?).

But here is what I got:

#0  _g_log_abort (breakpoint=1) at ../glib/gmessages.c:554
#1  0x00007faecdfee769 in g_log_default_handler (log_domain=log_domain@entry=0x7faece03500e "GLib", log_level=log_level@entry=6, 
    message=message@entry=0x7fae8abd7240 "../glib/gmem.c:105: failed to allocate 18446744073709548432 bytes", unused_data=unused_data@entry=0x0)
    at ../glib/gmessages.c:3123
#2  0x00007faecdfee99b in g_logv (log_domain=0x7faece03500e "GLib", log_level=G_LOG_LEVEL_ERROR, format=<optimized out>, args=args@entry=0x7ffcb0ae4110)
    at ../glib/gmessages.c:1350
#3  0x00007faecdfeeb83 in g_log (log_domain=log_domain@entry=0x7faece03500e "GLib", log_level=log_level@entry=G_LOG_LEVEL_ERROR, 
    format=format@entry=0x7faece03f3c0 "%s: failed to allocate %lu bytes") at ../glib/gmessages.c:1415
#4  0x00007faecdfed305 in g_malloc (n_bytes=n_bytes@entry=18446744073709548432) at ../glib/gmem.c:104
#5  0x00007faece00762e in g_strndup (
    str=str@entry=0x7fae79314c10 "men zu Kurden auf der Flucht27 Tote und mehr als 1.700 Verletzte bei neuen Protesten im IrakPakistan und Indien ermöglichen Sikh-Pilgern GrenzübertrittUigure Ilham Tohti erhält Sacharow-Preis des E"..., n=18446744073709548431) at ../glib/gstrfuncs.c:425
#6  0x00007faececba778 in notify_surrounding_text (context=0x7faeadc45230 [GtkIMContextWayland]) at imwayland.c:335
#7  gtk_im_context_wayland_set_surrounding (context=0x7faeadc45230 [GtkIMContextWayland], text=<optimized out>, len=<optimized out>, 
    cursor_index=<optimized out>) at imwayland.c:823
Blocks: wayland
Summary: failed to allocate 18446744073709548432 bytes → crash @ gtk_im_context_wayland_set_surrounding - failed to allocate 18446744073709548432 bytes

hm, according to https://gitlab.gnome.org/GNOME/gtk/issues/1468 it should be fixed in gtk 3.24.3 but Fedora 31 should have it already.
Can you run 'gsettings get org.gnome.desktop.interface gtk-im-module' on terminal and attach the output here?
Thanks.

Flags: needinfo?(robert.mader)
Priority: -- → P2

Hm, Fedora 31 is on 3.24.12-3, so way newer.

gsettings get org.gnome.desktop.interface gtk-im-module gives me gtk-im-context-simple

Flags: needinfo?(robert.mader)
Component: Untriaged → Widget: Gtk
Product: Firefox → Core

Just got it again on Fedora 32:

#0  g_logv (log_domain=0x7f371d50100e "GLib", log_level=G_LOG_LEVEL_ERROR, format=<optimized out>, args=<optimized out>) at ../glib/gmessages.c:1377
1377		  g_private_set (&g_log_depth, GUINT_TO_POINTER (depth));
[Current thread is 1 (Thread 0x7f371e985780 (LWP 2253))]
(gdb) bt
#0  g_logv (log_domain=0x7f371d50100e "GLib", log_level=G_LOG_LEVEL_ERROR, format=<optimized out>, args=<optimized out>) at ../glib/gmessages.c:1377
#1  0x00007f371d4b9163 in g_log
    (log_domain=log_domain@entry=0x7f371d50100e "GLib", log_level=log_level@entry=G_LOG_LEVEL_ERROR, format=format@entry=0x7f371d50b4e0 "%s: failed to allocate %lu bytes") at ../glib/gmessages.c:1415
#2  0x00007f371d4b78c5 in g_malloc (n_bytes=n_bytes@entry=18446744073709550184) at ../glib/gmem.c:107
#3  0x00007f371d4d1b6e in g_strndup
    (str=str@entry=0x7f36a274a538 "Nach Bayern und Niedersachsen jetzt auch Schulschließungen ...Firefox Nightly NewsOpen \"Firefox Nightly News\"✓ These Weeks in Firefox: Issue 70These Weeks in Firefox: Issue 69These Weeks in Firefox"..., n=18446744073709550183) at ../glib/gstrfuncs.c:425
#4  0x00007f36f39d5c32 in notify_surrounding_text (context=0x7f36f5ec8a10 [GtkIMContextWayland]) at ../modules/input/imwayland.c:339
#5  gtk_im_context_wayland_set_surrounding (context=<optimized out>, text=<optimized out>, len=<optimized out>, cursor_index=<optimized out>)
    at ../modules/input/imwayland.c:836
#6  0x00007f3717adbae3 in mozilla::widget::IMContextWrapper::OnRetrieveSurroundingNative(_GtkIMContext*) (this=0x7f36febd6b00, aContext=<optimized out>)
    at /usr/src/debug/firefox-74.0-5.fc32.x86_64/objdir/dist/include/nsTString.h:161
#7  0x00007f371d71addd in _gtk_marshal_BOOLEAN__VOIDv
    (closure=<optimized out>, return_value=0x7ffd1449c840, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x0) at gtk/gtkmarshalers.c:2147
#8  0x00007f371d419af6 in _g_closure_invoke_va
    (closure=closure@entry=0x7f36f380d2b0, return_value=return_value@entry=0x7ffd1449c840, instance=instance@entry=0x7f36f3804aa0, args=args@entry=0x7ffd1449c918, n_params=0, param_types=0x0) at ../gobject/gclosure.c:873
#9  0x00007f371d431f67 in g_signal_emit_valist
    (instance=instance@entry=0x7f36f3804aa0, signal_id=signal_id@entry=268, detail=detail@entry=0, var_args=var_args@entry=0x7ffd1449c918)
    at ../gobject/gsignal.c:3407
#10 0x00007f371d432fbd in g_signal_emit_by_name (instance=0x7f36f3804aa0, detailed_signal=detailed_signal@entry=0x7f371dadbdd2 "retrieve-surrounding")
    at ../gobject/gsignal.c:3594
#11 0x00007f371d86516a in gtk_im_multicontext_retrieve_surrounding_cb (slave=<optimized out>, multicontext=<optimized out>) at ../gtk/gtkimmulticontext.c:532
#12 0x00007f371d71addd in _gtk_marshal_BOOLEAN__VOIDv
    (closure=<optimized out>, return_value=0x7ffd1449cba0, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x0) at gtk/gtkmarshalers.c:2147
#13 0x00007f371d419af6 in _g_closure_invoke_va
    (closure=closure@entry=0x7f36f380d080, return_value=return_value@entry=0x7ffd1449cba0, instance=instance@entry=0x7f36f5ec8a10, args=args@entry=0x7ffd1449cc78, n_params=0, param_types=0x0) at ../gobject/gclosure.c:873
#14 0x00007f371d431f67 in g_signal_emit_valist
    (instance=instance@entry=0x7f36f5ec8a10, signal_id=signal_id@entry=268, detail=detail@entry=0, var_args=var_args@entry=0x7ffd1449cc78)
    at ../gobject/gsignal.c:3407
#15 0x00007f371d432fbd in g_signal_emit_by_name (instance=0x7f36f5ec8a10, detailed_signal=detailed_signal@entry=0x7f36f39d712d "retrieve-surrounding")
    at ../gobject/gsignal.c:3594
#16 0x00007f36f39d5e15 in enable (context_wayland=0x7f36f5ec8a10 [GtkIMContextWayland]) at ../modules/input/imwayland.c:551
#17 0x00007f3717acb246 in mozilla::widget::IMContextWrapper::Focus() (this=0x7f36febd6b00)
    at /usr/src/debug/firefox-74.0-5.fc32.x86_64/widget/gtk/IMContextWrapper.cpp:1401
#18 0x00007f3717ab40b8 in nsWindow::SetFocus(nsIWidget::Raise, mozilla::dom::CallerType) (this=
    0x7f36fde0f400, aRaise=nsIWidget::Raise::No, aCallerType=<optimized out>) at /usr/src/debug/firefox-74.0-5.fc32.x86_64/widget/gtk/nsWindow.cpp:1728
#19 0x00007f37165ec402 in nsFocusManager::Focus(nsPIDOMWindowOuter*, mozilla::dom::Element*, unsigned int, bool, bool, bool, bool, nsIContent*)
    (this=this@entry=0x7f3706534a50, aWindow=0x7f36f5ecb760, aElement=aElement@entry=
    0x7f36a1f8a160, aFlags=aFlags@entry=0, aIsNewDocument=aIsNewDocument@entry=true, aFocusChanged=aFocusChanged@entry=false, aWindowRaised=<optimized out>, aAdjustWidgets=<optimized out>, aContentLostFocus=<optimized out>) at /usr/src/debug/firefox-74.0-5.fc32.x86_64/dom/base/nsFocusManager.cpp:1863
#20 0x00007f37165ee303 in nsFocusManager::WindowRaised(mozIDOMWindowProxy*) (this=0x7f3706534a50, aWindow=aWindow@entry=0x7f36f5ecb760)
    at /usr/src/debug/firefox-74.0-5.fc32.x86_64/objdir/dist/include/nsCOMPtr.h:1429
#21 0x00007f37188832ad in mozilla::AppWindow::WindowActivated() (this=0x7f36f5ee2ec0)
    at /usr/src/debug/firefox-74.0-5.fc32.x86_64/xpfe/appshell/AppWindow.cpp:2865
#22 0x00007f371888333c in mozilla::AppWindow::WidgetListenerDelegate::WindowActivated() (this=<optimized out>)
    at /usr/src/debug/firefox-74.0-5.fc32.x86_64/xpfe/appshell/AppWindow.cpp:3178
#23 0x00007f3717ab51ce in nsWindow::OnContainerFocusInEvent(_GdkEventFocus*) (this=this@entry=0x7f36fde0f400, aEvent=aEvent@entry=0x7f36a27944c0)
    at /usr/src/debug/firefox-74.0-5.fc32.x86_64/widget/gtk/nsWindow.cpp:3149
#24 0x00007f3717ab5382 in focus_in_event_cb(GtkWidget*, GdkEventFocus*) (widget=widget@entry=0x7f3700a9fbf0 [MozContainer], event=0x7f36a27944c0)
    at /usr/src/debug/firefox-74.0-5.fc32.x86_64/widget/gtk/nsWindow.cpp:6197
#29 0x00007f371d432d93 in <emit signal ??? on instance 0x7f3700a9fbf0 [MozContainer]>
    (instance=instance@entry=0x7f3700a9fbf0, signal_id=<optimized out>, detail=detail@entry=0) at ../gobject/gsignal.c:3554
    #25 0x00007f371d717a2c in _gtk_marshal_BOOLEAN__BOXED
    (closure=closure@entry=0x7f36f3a605d0, return_value=return_value@entry=0x7ffd1449d1b0, n_param_values=n_param_values@entry=2, param_values=param_values@entry=0x7ffd1449d210, invocation_hint=invocation_hint@entry=0x7ffd1449d190, marshal_data=marshal_data@entry=0x0) at gtk/gtkmarshalers.c:84
    #26 0x00007f371d419893 in g_closure_invoke
    (closure=0x7f36f3a605d0, return_value=return_value@entry=0x7ffd1449d1b0, n_param_values=2, param_values=param_values@entry=0x7ffd1449d210, invocation_hint=invocation_hint@entry=0x7ffd1449d190) at ../gobject/gclosure.c:810
    #27 0x00007f371d42c51b in signal_emit_unlocked_R
    (node=<optimized out>, detail=detail@entry=0, instance=instance@entry=0x7f3700a9fbf0, emission_return=emission_return@entry=0x7ffd1449d300, instance_and_params=instance_and_params@entry=0x7ffd1449d210) at ../gobject/gsignal.c:3742
    #28 0x00007f371d4324e4 in g_signal_emit_valist
    (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffd1449d3b0) at ../gobject/gsignal.c:3508
#30 0x00007f371d9e2214 in gtk_widget_event_internal (widget=0x7f3700a9fbf0 [MozContainer], event=0x7f36a27944c0) at ../gtk/gtkwidget.c:7808
#31 0x00007f371d9e4632 in gtk_widget_event_internal (event=<optimized out>, widget=<optimized out>) at ../gtk/gtkwidget.c:7687
#32 gtk_widget_event (widget=<optimized out>, event=<optimized out>) at ../gtk/gtkwidget.c:7378
#33 0x00007f3700a9fbf0 in  ()
#34 0x00007f36ad0b7940 in  ()
#35 0x00007f36f3a59720 in  ()
#36 0x00007f371d9f8dbf in do_focus_change (widget=0x7f36f3a59720 [GdkWaylandWindow], in=1) at ../gtk/gtkwindow.c:8451
#37 0x00007f371da09f25 in _gtk_window_set_is_active (window=0x7f36fde0fa60 [GtkWindow], is_active=1) at ../gtk/gtkwindow.c:12140
#38 0x00007f371da0a532 in gtk_window_focus_in_event (widget=widget@entry=0x7f36fde0fa60 [GtkWindow], event=<optimized out>) at ../gtk/gtkwindow.c:8504
#43 0x00007f371d432d93 in <emit signal ??? on instance 0x7f36fde0fa60 [GtkWindow]>
    (instance=instance@entry=0x7f36fde0fa60, signal_id=<optimized out>, detail=detail@entry=0) at ../gobject/gsignal.c:3554
    #39 0x00007f371d717a2c in _gtk_marshal_BOOLEAN__BOXED
    (closure=0x7f371e7e8b60, return_value=0x7ffd1449d720, n_param_values=<optimized out>, param_values=0x7ffd1449d780, invocation_hint=<optimized out>, marshal_data=<optimized out>) at gtk/gtkmarshalers.c:84
    #40 0x00007f371d419893 in g_closure_invoke
    (closure=closure@entry=0x7f371e7e8b60, return_value=return_value@entry=0x7ffd1449d720, n_param_values=2, param_values=param_values@entry=0x7ffd1449d780, i--Type <RET> for more, q to quit, c to continue without paging--bt
nvocation_hint=invocation_hint@entry=0x7ffd1449d700) at ../gobject/gclosure.c:810
    #41 0x00007f371d42bf8e in signal_emit_unlocked_R
    (node=<optimized out>, detail=detail@entry=0, instance=instance@entry=0x7f36fde0fa60, emission_return=emission_return@entry=0x7ffd1449d870, instance_and_params=instance_and_params@entry=0x7ffd1449d780) at ../gobject/gsignal.c:3780
    #42 0x00007f371d4324e4 in g_signal_emit_valist
    (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffd1449d920) at ../gobject/gsignal.c:3508
#44 0x00007f371d9e2214 in gtk_widget_event_internal (widget=0x7f36fde0fa60 [GtkWindow], event=0x7f36a27942e0) at ../gtk/gtkwidget.c:7808
#45 0x00007f371d9e4632 in gtk_widget_event_internal (event=<optimized out>, widget=<optimized out>) at ../gtk/gtkwidget.c:7687
#46 gtk_widget_event (widget=<optimized out>, event=<optimized out>) at ../gtk/gtkwidget.c:7378
#47 0x00007f36a9000000 in  ()
#48 0x00007f3706517180 in  ()
#49 0x00007f36f3a6fdd0 in  ()
#50 0x00007f371e7f42f0 in  ()
#51 0x0000000000000000 in  ()

I should add that when I created the issue I was using the addon "Livemarks" - I stopped using it but a couple of days ago installed it again. I'm mentioning it because the content in #3 appears to be the text of the live mark folders/items. At some other point I read we might be hitting Wayland protocol limits. Will ask garnacho about it.

Fixed in GTK: https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/1528, shipping with GTK 3.24.15

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME

Update: not quite fixed yet, but working on it in https://gitlab.gnome.org/GNOME/gtk/issues/2522 - it's definitely a GTK3 bug (just in case somebody finds the bug report here)

P.S.: apart from the fact that firefox tries to send all my livemarks as text over a wayland wire that is limited to 4kb, which sounds questionable to me - but the fact that this causes a crash is a GKT bug :)

You need to log in before you can comment on or make changes to this bug.