Closed Bug 377595 Opened 17 years ago Closed 17 years ago

Crash [@ g_slice_free1] from [@ ~nsScreenGtk]

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: MatsPalmgren_bugz, Unassigned)

Details

(Keywords: crash, regression)

Crash Data

A local Firefox debug build crashes on exit (Linux x86_64):

(gdb) bt
#0  0x00002aaaaebb8610 in ?? ()
#1  0x00002b78780af912 in g_slice_free1 () from /usr/lib/libglib-2.0.so.0
#2  0x00002b7876da56ec in gdk_window_remove_filter () from /usr/lib/libgdk-x11-2.0.so.0
#3  0x00002aaaab9b18aa in ~nsScreenGtk (this=0x2aaab2322e00) at nsScreenGtk.cpp:84
#4  0x00002aaaab9b1994 in nsScreenGtk::Release (this=0x2aaab2322e00) at nsScreenGtk.cpp:92
#5  0x00002b7875da4eb4 in nsSupportsArray::Clear (this=0x2aaab2322d90) at nsSupportsArray.cpp:541
#6  0x00002b7875da581e in nsSupportsArray::DeleteArray (this=0x9e3f70) at nsSupportsArray.cpp:288
#7  0x00002b7875da585d in ~nsSupportsArray (this=0x9e3f70) at nsSupportsArray.cpp:146
#8  0x00002b7875da5e2c in nsSupportsArray::Release (this=0x2aaab2322d90) at nsSupportsArray.cpp:219
#9  0x00002aaaab99f72f in ~nsCOMPtr (this=0x74e658) at ../../../dist/include/xpcom/nsCOMPtr.h:583
#10 0x00002aaaab9b23eb in ~nsScreenManagerGtk (this=0x74e640) at nsScreenManagerGtk.cpp:66
#11 0x00002aaaab9b22f4 in nsScreenManagerGtk::Release (this=0x74e640) at nsScreenManagerGtk.cpp:70
#12 0x00002b7875d87faf in nsCOMPtr_base::assign_assuming_AddRef (this=0x67d938, newPtr=<value optimized out>) at ../../dist/include/xpcom/nsCOMPtr.h:531
#13 0x00002b7875d87da9 in nsCOMPtr_base::assign_with_AddRef (this=0x67d938, rawPtr=0x0) at nsCOMPtr.cpp:89
#14 0x00002b7875da1d95 in nsCOMPtr<nsISupports>::operator= (this=0x9e3f70, rhs=0xa58520) at ../../../dist/include/xpcom/nsCOMPtr.h:1039
#15 0x00002b7875ddb825 in FreeServiceContractIDEntryEnumerate (aTable=<value optimized out>, aHdr=<value optimized out>, aNumber=6499168, aData=0x601a20) at nsComponentManager.cpp:1851
#16 0x00002b7875d868c0 in PL_DHashTableEnumerate (table=0x9e3f70, etor=0x2b7875ddb80a <FreeServiceContractIDEntryEnumerate>, arg=0x0) at pldhash.c:724
#17 0x00002b7875dd9918 in nsComponentManagerImpl::FreeServices (this=0x658c10) at nsComponentManager.cpp:1864
#18 0x00002b7875d942ed in NS_ShutdownXPCOM_P (servMgr=0x658c18) at nsXPComInit.cpp:770
#19 0x00002b787562b8d6 in ~ScopedXPCOMStartup (this=0x7fff356eabf0) at nsAppRunner.cpp:797
#20 0x00002b787562f1e3 in XRE_main (argc=<value optimized out>, argv=<value optimized out>, aAppData=<value optimized out>) at nsAppRunner.cpp:2932
#21 0x0000000000400778 in main (argc=10370928, argv=0xa58520) at nsBrowserApp.cpp:61


It's 100% reproducible.

It's a fresh trunk checkout without local changes as of 20 minutes ago.
It's a regression from the last 1 or 2 days I think.
The Firefox 20070415 nightly build does not crash.
I wonder if the patch in bug 374332 is to blame.
I came across this bug on Kubuntu 7.04 while testing Gran Paradiso 3.0a4 Release build.  Upon further testing, I also witnessed this bug repeatedly on GP 3.0a3 Release, Trunk 3.0a5 Nightly and Trunk 20070416.  Trunk build 20070415 works ok.

This bug does not occur on shutdown though.  It occurs on start up.  The following is a copy of my backtrace:

   1.Program received signal SIGSEGV, Segmentation fault.
   2.[Switching to Thread -1222088112 (LWP 7376)]
   3.0xb6913f70 in ?? ()
   4.(gdb) backtrace
   5.#0  0xb6913f70 in ?? ()
   6.#1  0xb7911762 in g_slice_free1 () from /usr/lib/libglib-2.0.so.0
   7.#2  0xb78f7e59 in g_list_free_1 () from /usr/lib/libglib-2.0.so.0
   8.#3  0xb7a62a62 in gdk_window_remove_filter () from /usr/lib/libgdk-x11-2.0.so.0
   9.#4  0x0821bea2 in ?? ()
  10.#5  0x08a36018 in ?? ()
  11.#6  0x0821bd50 in ?? ()
  12.#7  0x08d3c940 in ?? ()
  13.#8  0x08d3c940 in ?? ()
  14.#9  0xbf979678 in ?? ()
  15.#10 0x0821bee9 in ?? ()
  16.#11 0x08d3c940 in ?? ()
  17.#12 0xb7f09b14 in ?? ()
  18.from ./Downloads/firefox-3.0a5pre.en-US.linux-i686/firefox/libxpcom_core.so
  19.#13 0xbf979688 in ?? ()
  20.#14 0xb7eb5a73 in nsSupportsArray::Clear ()
  21.from ./Downloads/firefox-3.0a5pre.en-US.linux-i686/firefox/libxpcom_core.so
  22.Backtrace stopped: previous frame inner to this frame (corrupt stack?)
  23.(gdb) 

This bug happens every time, but it only occurs on Kubuntu 7.04.  It has been tested on OpenSUSE 10, Fedora Core 6, and Ubunutu 7.04, to be working ok.

It appears to be a regression at the point indicated in Mats Palmgren's comment above.
Mats, Anthony: are you guys still hitting this after Michael's patch in bug 379666 landed?
I no longer experience this crash on Linux :)
Haven't seen this in a while either...

-> WORKSFORME
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
I just downloaded 3.0a5 (last modified 6-6-2007) and it seg faulted on launch with a new profile.  It seg faults on safe-mode too.

I downloaded the build from:
ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/granparadiso/alpha5/linux-i686/en-US
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Status: REOPENED → RESOLVED
Closed: 17 years ago17 years ago
Resolution: --- → WORKSFORME
That's because mwu's fix for bug 379666 didn't make it into alpha 5.
Crash Signature: [@ g_slice_free1] [@ ~nsScreenGtk]
You need to log in before you can comment on or make changes to this bug.