Closed
Bug 521374
Opened 15 years ago
Closed 15 years ago
Segfault in glib (g_slice_alloc) originating from out-of-process Flash
Categories
(Core :: IPC, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: cjones, Assigned: cjones)
References
()
Details
Attachments
(1 file)
|
691 bytes,
patch
|
karlt
:
review+
|
Details | Diff | Splinter Review |
The crash is in a flash thread (ID 79 below). Backtrace:
#0 IA__g_slice_alloc (mem_size=80) at /build/buildd/glib2.0-2.20.1/glib/gslice.c:474
#1 0x00007fe96565fe36 in IA__g_slice_alloc0 (mem_size=80) at /build/buildd/glib2.0-2.20.1/glib/gslice.c:833
#2 0x00007fe9658f9a60 in IA__g_type_create_instance (type=38862256) at /build/buildd/glib2.0-2.20.1/gobject/gtype.c:1654
#3 0x00007fe9658de5bb in g_object_constructor (type=80, n_construct_properties=0, construct_params=0x1) at /build/buildd/glib2.0-2.20.1/gobject/gobject.c:1338
Threads
91 Thread 0x7fe93a3c7950 (LWP 5529) 0x00007fe96b5d9d60 in pthread_mutex_lock () from /lib/libpthread.so.0
90 Thread 0x7fe93c15e950 (LWP 5528) 0x00007fe96b5d9d60 in pthread_mutex_lock () from /lib/libpthread.so.0
89 Thread 0x7fe947308950 (LWP 5517) 0x00007fe96b5dc2e9 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
88 Thread 0x7fe947b59950 (LWP 5516) 0x00007fe95004d38e in ?? () from /home/cjones/Desktop/flash-10-x86_64/libflashplayer.so
87 Thread 0x7fe9483aa950 (LWP 5515) 0x00007fe96b5dc2e9 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
86 Thread 0x7fe948bfb950 (LWP 5514) 0x00007fe96b5debc5 in __lll_unlock_wake () from /lib/libpthread.so.0
85 Thread 0x7fe94b590950 (LWP 5513) 0x00007fe95004d38e in ?? () from /home/cjones/Desktop/flash-10-x86_64/libflashplayer.so
84 Thread 0x7fe94bde1950 (LWP 5512) 0x00007fe95004d38e in ?? () from /home/cjones/Desktop/flash-10-x86_64/libflashplayer.so
83 Thread 0x7fe94c632950 (LWP 5511) 0x00007fe96b5dc2e9 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
82 Thread 0x7fe94ce83950 (LWP 5510) 0x00007fe95004d38e in ?? () from /home/cjones/Desktop/flash-10-x86_64/libflashplayer.so
81 Thread 0x7fe94d6d4950 (LWP 5509) 0x00007fe95004d38e in ?? () from /home/cjones/Desktop/flash-10-x86_64/libflashplayer.so
80 Thread 0x7fe94df25950 (LWP 5508) 0x00007fe95004d38e in ?? () from /home/cjones/Desktop/flash-10-x86_64/libflashplayer.so
* 79 Thread 0x7fe94e776950 (LWP 5507) IA__g_slice_alloc (mem_size=80) at /build/buildd/glib2.0-2.20.1/glib/gslice.c:474
78 Thread 0x7fe94efc7950 (LWP 5506) 0x00007fe95004d385 in ?? () from /home/cjones/Desktop/flash-10-x86_64/libflashplayer.so
77 Thread 0x7fe94ad3f950 (LWP 5505) 0x00007fe96b5dc2e9 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
76 Thread 0x7fe94a4ee950 (LWP 5504) 0x00007fe96b5dc2e9 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
75 Thread 0x7fe949c9d950 (LWP 5503) 0x00007fe96b5dc2e9 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
74 Thread 0x7fe94944c950 (LWP 5502) 0x00007fe96b5dc2e9 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
5 Thread 0x7fe95e494950 (LWP 5214) 0x00007fe967b1e496 in poll () from /lib/libc.so.6
4 Thread 0x7fe95ed66950 (LWP 5213) 0x00007fe96b5dc56d in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
3 Thread 0x7fe95f5b7950 (LWP 5212) 0x00007fe96b5dc2e9 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
2 Thread 0x7fe95fe08950 (LWP 5211) 0x00007fe95004d383 in ?? () from /home/cjones/Desktop/flash-10-x86_64/libflashplayer.so
1 Thread 0x7fe96b9d47e0 (LWP 5204) 0x00007fe967b24739 in syscall () from /lib/libc.so.6
GDB is telling that the failure is where the [==>] is marked below
static inline ChunkLink*
magazine_chain_pop_head (ChunkLink **magazine_chunks)
{
/* magazine chains are linked via ChunkLink->next.
* each ChunkLink->data of the toplevel chain may point to a subchain,
* linked via ChunkLink->next. ChunkLink->data of the subchains just
* contains uninitialized junk.
*/
ChunkLink *chunk = (*magazine_chunks)->data;
if (G_UNLIKELY (chunk))
{
/* allocating from freed list */
[==>] (*magazine_chunks)->data = chunk->next;
}
else
{
chunk = *magazine_chunks;
*magazine_chunks = chunk->next;
}
return chunk;
}
but gdb can't tell me the value of any variables.
|
Assignee | |
Comment 1•15 years ago
|
||
I should add that |magazine_chain_pop_head()| above is defined in glib/gslice.c.
|
|
Assignee | |
Updated•15 years ago
|
|
|
Assignee | |
Comment 2•15 years ago
|
||
Karl suggests that this crash may be due to us not initializing multi-threaded glib correctly. I'm going to test-drive this patch for a few days and see if the crash occurs again (I've seen it twice so far, can't deterministically reproduce).
|
|
Assignee | |
Comment 3•15 years ago
|
||
Comment on attachment 405418 [details] [diff] [review] potential fix, courtesy of Karl I've been running this patch for a while without seeing this glib assertion.
Attachment #405418 -
Flags: review?(mozbugz)
|
||
Comment 4•15 years ago
|
||
Comment on attachment 405418 [details] [diff] [review] potential fix, courtesy of Karl g_thread_init is declared in gthread.h (but glib.h is the recommended file to include). This is pulled in through these includes: . ../../dist/include/mozilla/plugins/PluginThreadChild.h .. ../../dist/include/mozilla/plugins/PluginModuleChild.h ... ../../ipc/ipdl/_ipdlheaders/mozilla/plugins/PPluginModuleChild.h .... ../../ipc/ipdl/_ipdlheaders/mozilla/plugins/PPluginModule.h ..... ../../dist/include/mozilla/plugins/PluginMessageUtils.h ...... ../../dist/include/mozilla/plugins/NPEventX11.h ....... ../../dist/system_wrappers/gdk/gdkx.h ........ /usr/include/gtk-2.0/gdk/gdkx.h ......... ../../dist/system_wrappers/gdk/gdkprivate.h .......... /usr/include/gtk-2.0/gdk/gdkprivate.h ........... ../../dist/system_wrappers/gdk/gdk.h ............ /usr/include/gtk-2.0/gdk/gdk.h ............. /usr/include/gtk-2.0/gdk/gdkapplaunchcontext.h .............. /usr/include/glib-2.0/gio/gio.h ............... /usr/include/glib-2.0/gio/giotypes.h ................ /usr/include/glib-2.0/gio/gioenums.h ................. ../../dist/system_wrappers/glib-object.h .................. /usr/include/glib-2.0/glib-object.h ................... /usr/include/glib-2.0/gobject/gboxed.h .................... /usr/include/glib-2.0/gobject/gtype.h ..................... ../../dist/system_wrappers/glib.h ...................... /usr/include/glib-2.0/glib.h ....................... /usr/include/glib-2.0/glib/gthread.h If these connections are likely to be broken, then explicitly including glib.h may be sensible. I don't really mind. (It is reasonable to assume that gdk will include glib.h.)
Attachment #405418 -
Flags: review?(mozbugz) → review+
|
|
Assignee | |
Comment 5•15 years ago
|
||
Pushed http://hg.mozilla.org/projects/electrolysis/rev/aa582e9900ef, with Karl's suggested |#include <glib.h>| added.
|
|
Assignee | |
Updated•15 years ago
|
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
||
Updated•13 years ago
|
Assignee: nobody → jones.chris.g
You need to log in
before you can comment on or make changes to this bug.
Description
•