1626536 - crash @ _gtk_settings_get_style_cascade() on gdk_display_close()

Status: RESOLVED FIXED

(Core :: Widget: Gtk, defect, P3)

Description

[Martin Stránský [:stransky] (ni? me)]

This crash can happen anywhere at gdk_display_close() as it's caused by null settings from gtk_widget_get_settings().

Looks like we have some widgets opened when gdk_display_close() is called as we have at backtrace gtk_tooltip_display_closed()/gtk_tooltip_dispose().

backtrace:
#6 0x00007fd5396fed48 in _gtk_settings_get_style_cascade (settings=0x0, scale=2) at gtksettings.c:1836
#7 0x00007fd53955559e in gtk_css_widget_node_get_style_provider (node=0x7fd514609880) at gtkcsswidgetnode.c:246
#8 0x00007fd53952ef0a in gtk_css_node_get_style_provider_or_null (cssnode=0x7fd514609880) at gtkcssnode.c:121
#9 0x00007fd539530590 in gtk_css_node_reposition (node=0x7fd514609880, new_parent=0x0, previous=0x0) at gtkcssnode.c:778
#10 0x00007fd5395307a8 in gtk_css_node_set_parent (node=0x7fd514609880, parent=0x0) at gtkcssnode.c:840
#11 0x00007fd5398009c7 in gtk_widget_unparent (widget=0x7fd514755170) at gtkwidget.c:4706
#12 0x00007fd5394a5b71 in gtk_box_remove (container=0x7fd519a319d0, widget=0x7fd514755170) at gtkbox.c:2633
#13 0x00007fd538ad0f70 in g_cclosure_marshal_VOID__OBJECTv () at /lib64/libgobject-2.0.so.0
#14 0x00007fd538acdaf6 in _g_closure_invoke_va () at /lib64/libgobject-2.0.so.0
#15 0x00007fd538ae6813 in g_signal_emit_valist () at /lib64/libgobject-2.0.so.0
#16 0x00007fd538ae6d93 in g_signal_emit () at /lib64/libgobject-2.0.so.0
#17 0x00007fd53950bd09 in gtk_container_remove (container=0x7fd519a319d0, widget=0x7fd514755170) at gtkcontainer.c:1906
#18 0x00007fd53980eeb7 in gtk_widget_dispose (object=0x7fd514755170) at gtkwidget.c:12151
#19 0x00007fd538ad4146 in g_object_run_dispose () at /lib64/libgobject-2.0.so.0
#20 0x00007fd539800b44 in gtk_widget_destroy (widget=0x7fd514755170) at gtkwidget.c:4776
#21 0x00007fd5394a5c60 in gtk_box_forall (container=0x7fd519a319d0, include_internals=0, callback=0x7fd539800a96 <gtk_widget_destroy>, callback_data=0x0) at gtkbox.c:2675
#22 0x00007fd53950cd3d in gtk_container_foreach (container=0x7fd519a319d0, callback=0x7fd539800a96 <gtk_widget_destroy>, callback_data=0x0) at gtkcontainer.c:2478
#23 0x00007fd53950b438 in gtk_container_destroy (widget=0x7fd519a319d0) at gtkcontainer.c:1701
#24 0x00007fd538acd7ba in g_closure_invoke () at /lib64/libgobject-2.0.so.0
#25 0x00007fd538ae04b5 in signal_emit_unlocked_R.isra.0 () at /lib64/libgobject-2.0.so.0
#26 0x00007fd538ae6c29 in g_signal_emit_valist () at /lib64/libgobject-2.0.so.0
#27 0x00007fd538ae6d93 in g_signal_emit () at /lib64/libgobject-2.0.so.0
#28 0x00007fd53980ef3a in gtk_widget_dispose (object=0x7fd519a319d0) at gtkwidget.c:12162
#29 0x00007fd5394a02cc in gtk_box_dispose (object=0x7fd519a319d0) at gtkbox.c:240
#30 0x00007fd538ad4146 in g_object_run_dispose () at /lib64/libgobject-2.0.so.0
#31 0x00007fd539800b44 in gtk_widget_destroy (widget=0x7fd519a319d0) at gtkwidget.c:4776
#32 0x00007fd53982c89f in gtk_window_forall (container=0x7fd510a76660, include_internals=0, callback=0x7fd539800a96 <gtk_widget_destroy>, callback_data=0x0) at gtkwindow.c:8596
#33 0x00007fd53950cd3d in gtk_container_foreach (container=0x7fd510a76660, callback=0x7fd539800a96 <gtk_widget_destroy>, callback_data=0x0) at gtkcontainer.c:2478
#34 0x00007fd53950b438 in gtk_container_destroy (widget=0x7fd510a76660) at gtkcontainer.c:1701
#35 0x00007fd5398268d8 in gtk_window_destroy (widget=0x7fd510a76660) at gtkwindow.c:5959
#36 0x00007fd538acd893 in g_closure_invoke () at /lib64/libgobject-2.0.so.0
#37 0x00007fd538ae04b5 in signal_emit_unlocked_R.isra.0 () at /lib64/libgobject-2.0.so.0
#38 0x00007fd538ae6c29 in g_signal_emit_valist () at /lib64/libgobject-2.0.so.0
#39 0x00007fd538ae6d93 in g_signal_emit () at /lib64/libgobject-2.0.so.0
#40 0x00007fd53980ef3a in gtk_widget_dispose (object=0x7fd510a76660) at gtkwidget.c:12162
#41 0x00007fd539821b1f in gtk_window_dispose (object=0x7fd510a76660) at gtkwindow.c:3166
#42 0x00007fd538ad4146 in g_object_run_dispose () at /lib64/libgobject-2.0.so.0
#43 0x00007fd539800b44 in gtk_widget_destroy (widget=0x7fd510a76660) at gtkwidget.c:4776
#44 0x00007fd5397a4382 in gtk_tooltip_dispose (object=0x7fd514609680) at gtktooltip.c:222
#45 0x00007fd538ad2d18 in g_object_unref () at /lib64/libgobject-2.0.so.0
#46 0x00007fd5389c2b6f in g_data_set_internal () at /lib64/libglib-2.0.so.0
#47 0x00007fd5397a5519 in gtk_tooltip_display_closed (display=0x7fd53a8d5090, was_error=0, tooltip=0x7fd514609680) at gtktooltip.c:783
#48 0x00007fd538acd893 in g_closure_invoke () at /lib64/libgobject-2.0.so.0
#49 0x00007fd538ae051b in signal_emit_unlocked_R.isra.0 () at /lib64/libgobject-2.0.so.0
#50 0x00007fd538ae6c29 in g_signal_emit_valist () at /lib64/libgobject-2.0.so.0
#51 0x00007fd538ae6d93 in g_signal_emit () at /lib64/libgobject-2.0.so.0
#52 0x00007fd539232434 in gdk_display_close (display=0x7fd53a8d5090) at gdkdisplay.c:397
#53 0x00007fd530798b41 in MOZ_gdk_display_close(GdkDisplay*) (display=0x7fd53a8d5090) at /home/komat/src/toolkit/xre/nsAppRunner.cpp:2746
#54 0x00007fd53079eb02 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) (this=0x7ffeeffd54a0, argc=5, argv=0x7ffeeffd67f8, aConfig=...)
at /home/komat/src/toolkit/xre/nsAppRunner.cpp:4795
#55 0x00007fd53079ec43 in XRE_main(int, char**, mozilla::BootstrapConfig const&) (argc=5, argv=0x7ffeeffd67f8, aConfig=...) at /home/komat/src/toolkit/xre/nsAppRunner.cpp:4812
#56 0x00007fd5307a4f44 in mozilla::BootstrapImpl::XRE_main(int, char**, mozilla::BootstrapConfig const&) (this=0x7fd53a8026d0, argc=5, argv=0x7ffeeffd67f8, aConfig=...)
at /home/komat/src/toolkit/xre/Bootstrap.cpp:45
#57 0x0000562d7e0d4995 in do_main(int, char**, char**) (argc=5, argv=0x7ffeeffd67f8, envp=0x7ffeeffd6828) at /home/komat/src/browser/app/nsBrowserApp.cpp:217
#58 0x0000562d7e0d4d55 in main(int, char**, char**) (argc=5, argv=0x7ffeeffd67f8, envp=0x7ffeeffd6828) at /home/komat/src/browser/app/nsBrowserApp.cpp:331

Comment 1

[Firefox Bug Husbandry Bot]

Because this bug's Severity has not been changed from the default since it was filed, and it's Priority is P3 (Backlog,) indicating it has been triaged, the bug's Severity is being updated to S3 (normal.)

Comment 2

[Rinat]

https://gitlab.gnome.org/GNOME/gtk/-/commit/b1d55f2c85203d92cecd0bc4112a78e7d8abc3a3 looks like the commit that triggers the crash.

Comment 3

[Rinat]

Filed an issue in GTK's bugtracker: https://gitlab.gnome.org/GNOME/gtk/-/issues/2780.

Comment 4

[Martin Stránský [:stransky] (ni? me)]

Thanks a lot Rinat!

Comment 5

[u608768]

I'm running into this consistently on shutdown in a local build. Is there anything I can provide or do to help fix this?

I'm willing to submit a patch to gtk, but I'll probably need a pointer or two (unless it's as easy as null checking the GtkSettings object here?).

Comment 6

[Rinat]

(In reply to :kashav from comment #5)

Until the bug is fixed, you can use a hack like this as a workaround:

diff --git a/gdk/gdkdisplay.c b/gdk/gdkdisplay.c
index 240c99fa43..a505cfb96d 100644
--- a/gdk/gdkdisplay.c
+++ b/gdk/gdkdisplay.c
@@ -388,6 +388,7 @@ gdk_display_finalize (GObject *object)
 void
 gdk_display_close (GdkDisplay *display)
 {
+  return;
   g_return_if_fail (GDK_IS_DISPLAY (display));
 
   if (!display->closed)

Comment 8

[Martin Stránský [:stransky] (ni? me)]

Attachment: Bug 1626536 [Linux] Remove gdk_display_close as recomended at https://gitlab.gnome.org/GNOME/gtk/-/issues/2780 r?jhorak

Comment 9

[Martin Stránský [:stransky] (ni? me)]

Let's skip the gdk_display_close() as it's suggested by GTK folks at https://gitlab.gnome.org/GNOME/gtk/-/issues/2780
Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=000cef01a44095a839bbffe4b0a2594f82f4459b

Comment 10

[Emilio Cobos Álvarez (:emilio)]

I think you should run the valgrind / ASAN builds to make sure they don't report this, but seems fine otherwise... Let me know if you want me to stamp it.

Thanks for investigating this Martin!

Comment 11

[Martin Stránský [:stransky] (ni? me)]

Thanks. There's a try with asan here: https://treeherder.mozilla.org/#/jobs?repo=try&revision=0a6723a28fa318ad62d8496b556a8242c43cbc3e&selectedTaskRun=NXr9gvk2R1uhEvG1m3Aw6Q.0

Comment 12

[Martin Stránský [:stransky] (ni? me)]

Emilio, can you please look at https://treeherder.mozilla.org/#/jobs?repo=try&revision=0a6723a28fa318ad62d8496b556a8242c43cbc3e ? I'm not sure if there's any leak related to this patch.

Comment 13

[Emilio Cobos Álvarez (:emilio)]

It seems there's only some leaks in devtools, and they don't seem related to this (seem to be some JS engine thing). I would expect that if this made asan unhappy everything would be very orange. So I think you're fine :)

Comment 14

[Martin Stránský [:stransky] (ni? me)]

Thanks a lot!

Comment 15

[Pulsebot]

Pushed by csabou@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/537f55fc468f
[Linux] Remove gdk_display_close as recomended at https://gitlab.gnome.org/GNOME/gtk/-/issues/2780 r=jhorak

Comment 16

[Atila Butkovits]

https://hg.mozilla.org/mozilla-central/rev/537f55fc468f