Closed Bug 2000421 Opened 6 months ago Closed 6 months ago

Crash in [@ libgobject-2.0.so.0]

Categories

(Core :: Widget: Gtk, defect)

Product:
Core
Component:
Widget: Gtk
Version:
Firefox 147
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
147 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox-esr140 --- unaffected
firefox145 --- unaffected
firefox146 --- unaffected
firefox147 --- fixed

People

(Reporter: matt.fagnani, Unassigned)

References

(Regression)

Details

(Keywords: regression)

Crash Data

I ran Firefox 147.0a1 20251115204042 on Wayland in Plasma 6.5.2 in a Fedora 43 KDE installation. I had previously enabled the menu bar. I had three tabs open. I closed two of the tabs individually. I closed Firefox. Firefox crashed in libgobject-2.0.so.0@0x2ea08 according to the trace. Using gdb /usr/lib64/libgobject-2.0.so.0, that address is in g_type_check_instance_cast in glib2-0:2.86.1-5.fc43.x86_64 as follows.

(gdb) l *0x2ea08
0x2ea08 is in g_type_check_instance_cast (../gobject/gtype.c:3949).
3944 if (type_instance->g_class)
3945 {
3946 TypeNode *node, *iface;
3947 gboolean is_instantiatable, check;
3948
3949 node = lookup_type_node_I (type_instance->g_class->g_type);
3950 is_instantiatable = node && node->is_instantiatable;
3951 iface = lookup_type_node_I (iface_type);
3952 check = is_instantiatable && iface && type_node_conforms_to_U (node, iface, TRUE, FALSE);
3953 if (check)

This was the first crash of this type that I've seen. The crash address was 0xe5e5e5e5e5e5e5e5 which might indicate the memory had been freed.

Crash report: https://crash-stats.mozilla.org/report/index/3dd10302-c94b-4601-8887-df6af0251116

Reason:

SIGSEGV / SI_KERNEL

Top 10 frames:

0  libgobject-2.0.so.0  libgobject-2.0.so.0@0x2ea08
1  libxul.so  nsWindow::Destroy()  widget/gtk/nsWindow.cpp:744
2  libxul.so  mozilla::detail::RunnableMethodArguments<>::apply<FdWatcher, void (FdWatcher:...  xpcom/threads/nsThreadUtils.h:1083
2  libxul.so  std::__invoke_impl<void, mozilla::detail::RunnableMethodArguments<>::apply<Fd...  /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/c++/10/bits/invoke.h:60
2  libxul.so  std::__invoke<mozilla::detail::RunnableMethodArguments<>::apply<FdWatcher, vo...  /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/c++/10/bits/invoke.h:95
2  libxul.so  _ZSt12__apply_implIZN7mozilla6detail23RunnableMethodArgumentsIJEE5applyI9FdWa...  /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/c++/10/tuple:1740
2  libxul.so  std::apply<mozilla::detail::RunnableMethodArguments<>::apply<FdWatcher, void ...  /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/c++/10/tuple:1751
2  libxul.so  mozilla::detail::RunnableMethodArguments<>::apply<FdWatcher, void (FdWatcher:...  xpcom/threads/nsThreadUtils.h:1081
2  libxul.so  mozilla::detail::RunnableMethodImpl<FdWatcher*, void (FdWatcher::*)(), true, ...  xpcom/threads/nsThreadUtils.h:1132
3  libxul.so  mozilla::RunnableTask::Run()  xpcom/threads/TaskController.cpp:705
Crash Signature: [@ libgobject-2.0.so.0] [@ g_type_check_instance_cast]
Keywords: regression
Regressed by: 1998657

:stransky, since you are the author of the regressor, bug 1998657, could you take a look?

For more information, please visit BugBot documentation.

Flags: needinfo?(stransky)

https://crash-stats.mozilla.org/report/index/bd32ef50-f9f8-4f62-a47b-c42790251117

crash-stats suggested this could be the same bug. The crash happened with restarting for a Nightly update. Nightly did restart and restored tabs as expected.

The bug has a crash signature, thus the bug will be considered confirmed.

Status: UNCONFIRMED → NEW
Ever confirmed: true

Fixed by backout.

Status: NEW → RESOLVED
Closed: 6 months ago
status-firefox145: --- → unaffected
status-firefox146: --- → unaffected
status-firefox147: --- → fixed
status-firefox-esr115: --- → unaffected
status-firefox-esr140: --- → unaffected
Resolution: --- → FIXED
Target Milestone: --- → 147 Branch
Flags: needinfo?(stransky)
You need to log in before you can comment on or make changes to this bug.