Closed
Bug 269585
Opened 20 years ago
Closed 20 years ago
Trunk crash at nbc.com opening a new window [@ event_processor_callback - our_gdk_io_invoke]
Categories
(Core Graveyard :: GFX: Gtk, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla1.8beta1
People
(Reporter: relf, Assigned: darin.moz)
References
Details
(Keywords: crash, fixed-aviary1.0, topcrash)
Crash Data
Attachments
(1 obsolete file)
Mozilla linux build 2004111205 I've got a crash at nbc.com on attempt to open video clip. Talkback ID: TB1917444E Although I'm unable to reproduce the bug intentionally.
Comment 1•20 years ago
|
||
the video clip opens in a new window, right? I've been getting similar crashes recently, but not reproducibly.
Keywords: talkbackid → topcrash
Summary: Crash at nbc.com → Crash at nbc.com [@ event_processor_callback]
Reporter | ||
Comment 2•20 years ago
|
||
(In reply to comment #1) > the video clip opens in a new window, right? I've been getting similar crashes > recently, but not reproducibly. That's true.
Comment 3•20 years ago
|
||
making a wild guess for a component
Assignee: general → blizzard
Component: Browser-General → GFX: Gtk
QA Contact: general → ian
Summary: Crash at nbc.com [@ event_processor_callback] → Crash at nbc.com opening a new window [@ event_processor_callback]
Reporter | ||
Comment 4•20 years ago
|
||
I've got one more crash similar to this one and bug 269477 while openning a new window at paypal.com Talkback ID: TB1957759H
Comment 5•20 years ago
|
||
Here's the reporter's incident: Incident ID: 1917444 Stack Signature event_processor_callback() 5911e1fd Product ID MozillaTrunk Build ID 2004111205 Trigger Time 2004-11-12 20:51:16.0 Platform LinuxIntel Operating System Linux 2.6.9 Module libwidget_gtk.so + (0000bb22) URL visited User Comments Since Last Crash 3 sec Total Uptime 3 sec Trigger Reason SIGSEGV: Segmentation Fault: (signal 11) Source File, Line No. /builds/tinderbox/SeaMonkey-Release/Linux_2.4.2-2_Clobber/mozilla/widget/src/gtk/nsAppShell.cpp, line 187 Stack Trace event_processor_callback() [/builds/tinderbox/SeaMonkey-Release/Linux_2.4.2-2_Clobber/mozilla/widget/src/gtk/nsAppShell.cpp, line 187] our_gdk_io_invoke() [/builds/tinderbox/SeaMonkey-Release/Linux_2.4.2-2_Clobber/mozilla/widget/src/gtk/nsAppShell.cpp, line 77] libglib-1.2.so.0 + 0xea56 (0xb7c89a56) libglib-1.2.so.0 + 0x1003d (0xb7c8b03d) libglib-1.2.so.0 + 0x104f4 (0xb7c8b4f4) libglib-1.2.so.0 + 0x10724 (0xb7c8b724) libgtk-1.2.so.0 + 0xa025f (0xb7d7725f) nsAppShell::Run() [/builds/tinderbox/SeaMonkey-Release/Linux_2.4.2-2_Clobber/mozilla/widget/src/gtk/nsAppShell.cpp, line 304] nsAppStartup::Run() [/builds/tinderbox/SeaMonkey-Release/Linux_2.4.2-2_Clobber/mozilla/xpfe/components/startup/src/nsAppStartup.cpp, line 221] main1() [/builds/tinderbox/SeaMonkey-Release/Linux_2.4.2-2_Clobber/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 711] main() [/builds/tinderbox/SeaMonkey-Release/Linux_2.4.2-2_Clobber/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1802] libc.so.6 + 0x157f8 (0xb7a547f8)
Summary: Crash at nbc.com opening a new window [@ event_processor_callback] → Trunk crash at nbc.com opening a new window [@ event_processor_callback - our_gdk_io_invoke]
*** Bug 270064 has been marked as a duplicate of this bug. ***
Comment 7•20 years ago
|
||
nominating blocker flag so that this can get fixed for tbird 1.0 (see bug 270064). this might've regressed when bug 234620 was fixed.
Flags: blocking-aviary1.0?
Updated•20 years ago
|
Flags: blocking1.8a5?
Comment 8•20 years ago
|
||
Incase it matters, I'm seeing this with recent thunderbird builds too: (gdb) #0 0x408c3781 in nanosleep () from /lib/i686/libc.so.6 #1 0x408c3649 in sleep () from /lib/i686/libc.so.6 #2 0x08071d1a in ah_crap_handler(int) (signum=11) at nsSigHandlers.cpp:135 #3 0x080729d1 in nsProfileLock::FatalSignalHandler(int) (signo=11) at nsProfileLock.cpp:209 #4 0x40641a6a in pthread_sighandler () from /lib/i686/libpthread.so.0 #5 <signal handler called> #6 0x40c73a68 in event_processor_callback (source=0x87bdee8, condition=1086798408, data=0x87bde20) at nsAppShell.cpp:67 #7 0x40463089 in g_io_unix_dispatch () from /usr/lib/libglib-2.0.so.0 #8 0x40444329 in g_main_dispatch () from /usr/lib/libglib-2.0.so.0 #9 0x40445329 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #10 0x40445643 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0 #11 0x40445ce7 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #12 0x4019b7a7 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #13 0x40c7415e in nsAppShell::Run() (this=0x80e4250) at nsAppShell.cpp:142 #14 0x40b5aa9f in nsAppShellService::Run() (this=0x80e1c90) at nsAppShellService.cpp:494 #15 0x0806146e in xre_main(int, char**, nsXREAppData const*) (argc=1, argv=0xbfffd1e4, aAppData=0x8078b0c) at nsAppRunner.cpp:1907 #16 0x0805a97e in main (argc=1, argv=0xbfffd1e4) at nsMailApp.cpp:58 #17 0x4083e4c2 in __libc_start_main () from /lib/i686/libc.so.6 (gdb)
Assignee | ||
Comment 9•20 years ago
|
||
*** Bug 269847 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 10•20 years ago
|
||
I just hit this in a debug build... Apparently, the eventQueue parameter passed as the |data| parameter to event_processor_callback has already been destroyed, or the memory it points to is corrupt. Interestingly enough, the fd corresponding to the GIOChannel passed to this function is still referenced in sCountHashTable with a refcount of 1. The corresponding tag is also found under the same key (fd) in sQueueHashTable. So, it would appear that nsAppShell::Spindown was not called for the nsAppShell instance that should be keeping an owning reference to the nsIEventQueue in question. Oh, but ListenToEventQueue may also be called indirectly via the AppStartup module. See nsAppStartup::Observe. When it receives a nsIEventQueueActivated event, it passes the nsIEventQueue to ListenToEventQueue, and ListenToEventQueue never AddRefs the interface pointer. As a result, if the nsIEventQueue was a temporary, child "native" event queue pushed to handle a modal dialog for example, then we could easily hit this problem. One solution to this crash would be to AddRef the nsIEventQueue in ListenToEventQueue, and then Release it via a GDestroyNotify function.
Assignee | ||
Comment 11•20 years ago
|
||
By the way, I encountered this crash after seeing the security dialog for transitioning from HTTP to HTTPS content. That's consistent with my child event queue theory. Plus, the code in nsEventQueue creates native child event queues from existing native event queues. Patch coming up...
Assignee | ||
Comment 12•20 years ago
|
||
Assignee: blizzard → darin
Status: NEW → ASSIGNED
Assignee | ||
Updated•20 years ago
|
Attachment #166179 -
Flags: review?(blizzard)
Assignee | ||
Comment 13•20 years ago
|
||
The same patch is probably needed for widget/gtk as well.
Target Milestone: --- → mozilla1.8beta
Comment 14•20 years ago
|
||
plussing for the aviary 1.0 branch for tbird
Flags: blocking-aviary1.0? → blocking-aviary1.0+
Comment 15•20 years ago
|
||
Are we sure this doesn't create cycles? I don't remember the ownership model here, but it was kind of strange with event queues.
Updated•20 years ago
|
Flags: blocking1.8a5? → blocking1.8a5+
Assignee | ||
Comment 16•20 years ago
|
||
Hmm... you may be correct. We depend on ListenToEventQueue(..., PR_FALSE) to be called to trigger g_source_remove, which triggers the release of the event queue. But, ListenToEventQueue(..., PR_FALSE) won't happen until the event queue's destructor runs. Ok, the patch is invalid. Perhaps this bug was caused by ListenToEventQueue(..., PR_FALSE) not running? Hmm...
Assignee | ||
Updated•20 years ago
|
Attachment #166179 -
Attachment is obsolete: true
Attachment #166179 -
Flags: review?(blizzard)
Assignee | ||
Comment 17•20 years ago
|
||
Ah, something else: looks like nsWindowWatcher also calls ListenToEventQueue.
Assignee | ||
Comment 18•20 years ago
|
||
*** Bug 268402 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 19•20 years ago
|
||
*** Bug 269076 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 20•20 years ago
|
||
*** Bug 269477 has been marked as a duplicate of this bug. ***
Assignee | ||
Updated•20 years ago
|
Assignee | ||
Comment 21•20 years ago
|
||
Alternate fix for bug 234620 has been checked in. Waiting to see if that fixed this bug before resolving this one.
Assignee | ||
Comment 22•20 years ago
|
||
> Waiting to see if that fixed this bug before resolving this one.
To clarify, I meant that I think we'll have to keep an eye on talkback data to
determine if this crash has been resolved.
Reporter | ||
Comment 23•20 years ago
|
||
I've just got a crach trying testcase for bug 271066 (which opens a new window). Talkback ID: TB2089075H Mozilla linux build 2004111905
Comment 24•20 years ago
|
||
Max: Darin's patch went in after that. You'll need to try yesterday's or today's build.
Comment 25•20 years ago
|
||
We think this is looking good. no longer an a5 blocker.
Flags: blocking1.8a5+ → blocking1.8a5-
Assignee | ||
Comment 26•20 years ago
|
||
marking fixed based on talkback data.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Comment 27•20 years ago
|
||
This looks good for Thunderbird branch builds as well. Thanks Darin.
Keywords: fixed-aviary1.0
Updated•16 years ago
|
Product: Core → Core Graveyard
Updated•13 years ago
|
Crash Signature: [@ event_processor_callback - our_gdk_io_invoke]
You need to log in
before you can comment on or make changes to this bug.
Description
•