Closed Bug 558260 Opened 15 years ago Closed 15 years ago

Mo5 segfault during test_streamNotify.html [@libgobject-2.0.so.0.2200.2 + 0x27b83]

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: cjones, Assigned: karlt)

References

Details

(Keywords: intermittent-failure)

http://tinderbox.mozilla.org/showlog.cgi?log=Firefox/1270786194.1270786684.14817.gz Nothing jumps out at me. Very weak hypothesis: was the fact that this was in test_streamNotify perhaps indicate recent plugin stream changes? (TBH I don't see off-hand how that could be.) I'll take mochitest-ipcplugins for a few spins through valgrind. 306 INFO TEST-PASS | /tests/modules/plugin/test/test_streamNotify.html | GET javascript: URI 307 INFO TEST-PASS | /tests/modules/plugin/test/test_streamNotify.html | GET javascript: URI correct testDone: 3 (processing deferred in-call) NPP_NewStream NPP_WriteReady NPP_Write, offset=0, len=5, end=5 NPP_DestroyStream NPP_URLNotify called 308 INFO TEST-PASS | /tests/modules/plugin/test/test_streamNotify.html | GET data: URI 309 INFO TEST-PASS | /tests/modules/plugin/test/test_streamNotify.html | GET data: URI correct testDone: 2 NEXT ERROR TEST-UNEXPECTED-FAIL | automation.py | Exited with code 11 during test run Thread 0 (crashed) 0 libgtk-x11-2.0.so.0.1800.3 + 0x25a026 eip = 0x02745026 esp = 0xbfe70fc0 ebp = 0xbfe70fd8 ebx = 0x029299c8 esi = 0xa7845e10 edi = 0xbfe7116c eax = 0xb7676370 ecx = 0x00000001 edx = 0x00000002 efl = 0x00210202 Found by: given as instruction pointer in context 1 libgtk-x11-2.0.so.0.1800.3 + 0x2d93ef eip = 0x027c43f0 esp = 0xbfe70fe0 ebp = 0xbfe71028 Found by: previous frame's frame pointer 2 libgdk-x11-2.0.so.0.1800.3 + 0x524f2 eip = 0x054734f3 esp = 0xbfe71030 ebp = 0xbfe71138 Found by: previous frame's frame pointer 3 libgdk-x11-2.0.so.0.1800.3 + 0x53df0 eip = 0x05474df1 esp = 0xbfe71140 ebp = 0xbfe711e8 Found by: previous frame's frame pointer 4 libgdk-x11-2.0.so.0.1800.3 + 0x5424f eip = 0x05475250 esp = 0xbfe711f0 ebp = 0xbfe71208 Found by: previous frame's frame pointer 5 libglib-2.0.so.0.2200.2 + 0x37117 eip = 0x003e3118 esp = 0xbfe71210 ebp = 0xbfe71288 Found by: previous frame's frame pointer 6 libglib-2.0.so.0.2200.2 + 0x3aa47 eip = 0x003e6a48 esp = 0xbfe71290 ebp = 0xbfe71308 Found by: previous frame's frame pointer 7 libglib-2.0.so.0.2200.2 + 0x3ab73 eip = 0x003e6b74 esp = 0xbfe71310 ebp = 0xbfe71348 Found by: previous frame's frame pointer 8 libxul.so!nsAppShell::ProcessNextNativeEvent [nsAppShell.cpp:251549ee918a : 144 + 0xa] eip = 0x016bbc5a esp = 0xbfe71350 ebp = 0x00000014 Found by: previous frame's frame pointer (BTW, after seeing this stack I was immediately nostalgic for the days of bug 528708.)
Assuming http://koji.fedoraproject.org/koji/buildinfo?buildID=139380 http://koji.fedoraproject.org/koji/buildinfo?buildID=138108 "addr2line -Cfi -e libglib-2.0.so.debug 0x3ab73" etc gives 0 IA__gtk_widget_get_display /usr/src/debug/gtk+-2.18.3/gtk/gtkwidget.c:7267 1 _gtk_socket_windowing_filter_func /usr/src/debug/gtk+-2.18.3/gtk/gtksocket-x11.c:429 2 gdk_event_apply_filters /usr/src/debug/gtk+-2.18.3/gdk/x11/gdkevents-x11.c:351 gdk_event_translate /usr/src/debug/gtk+-2.18.3/gdk/x11/gdkevents-x11.c:1025 3 _gdk_events_queue /usr/src/debug/gtk+-2.18.3/gdk/x11/gdkevents-x11.c:2302 4 gdk_event_dispatch /usr/src/debug/gtk+-2.18.3/gdk/x11/gdkevents-x11.c:2363 5 g_main_dispatch /usr/src/debug/glib-2.22.2/glib/gmain.c:1960 IA__g_main_context_dispatch /usr/src/debug/glib-2.22.2/glib/gmain.c:2513 6 g_main_context_iterate /usr/src/debug/glib-2.22.2/glib/gmain.c:2591 7 IA__g_main_context_iteration /usr/src/debug/glib-2.22.2/glib/gmain.c:2654
I can't see that GtkSocket removes the _gtk_socket_windowing_filter_func (and |data| pointing back to the socket) that it adds to the (foreign) plug_window.
Karl, are you saying that this is a GTK bug, or that we're mis-using GTK somehow? Does this need to block 3.6.4?
I'm pretty sure this is a GTK bug. So far it has only happened rarely, though I'm not clear why it doesn't happen more often. We could do a workaround for 3.6.4 I think. Whether it needs to block possibly depends on whether this is likely to happen more than once in a blue moon. Beta testing may or may not provide that information. Being a browser crash, we should probably make an effort to fix.
Assignee: nobody → karlt
Blocks: OOPP
New crash just showed up on tinderbox, apparently karl's X-error-triggers-breakpad stuff. Cool! http://tinderbox.mozilla.org/showlog.cgi?log=Firefox/1270860729.1270861216.9030.gz#err0 ###!!! ABORT: X_CreatePixmap: BadValue (integer parameter out of range for operation); 3 requests ago: file /builds/slave/mozilla-central-linux/build/toolkit/xre/nsX11ErrorHandler.cpp, line 194 [snip] ###!!! [Child][RPCChannel] Error: Channel error: cannot send/recv ###!!! ASSERTION: plug removed: 'glib assertion', file /builds/slave/mozilla-central-linux/build/toolkit/xre/nsSigHandlers.cpp, line 223 ** ERROR **: plug removed aborting... NEXT ERROR TEST-UNEXPECTED-FAIL | automation.py | Exited with code 6 during test run Crash reason: SIGABRT Crash address: 0x786 NEXT ERROR Thread 0 (crashed) 0 linux-gate.so + 0x424 eip = 0x00f61424 esp = 0xbff72588 ebp = 0xbff725a0 ebx = 0x00000786 esi = 0x00f28844 edi = 0x00f27ff4 eax = 0x00000000 ecx = 0x00000786 edx = 0x00000006 efl = 0x00200202 Found by: given as instruction pointer in context 1 libc-2.11.so + 0x2c349 eip = 0x00de334a esp = 0xbff725a8 ebp = 0xbff726c8 Found by: previous frame's frame pointer 2 libnspr4.so!PR_Abort [prlog.c:91694d19d7b2 : 548 + 0x4] eip = 0x002f0c15 esp = 0xbff726d0 ebp = 0xbff726d8 Found by: previous frame's frame pointer 3 libxul.so!Abort [nsDebugImpl.cpp:91694d19d7b2 : 387 + 0x4] eip = 0x01ae3010 esp = 0xbff726e0 ebp = 0xbff72710 ebx = 0x01ea699c Found by: call frame info 4 libxul.so!NS_DebugBreak_P [nsDebugImpl.cpp:91694d19d7b2 : 327 + 0x6] eip = 0x01ae3201 esp = 0xbff726f0 ebp = 0xbff72710 ebx = 0x01ea699c Found by: call frame info 5 libxul.so!X11Error [nsX11ErrorHandler.cpp:91694d19d7b2 : 194 + 0x1e] eip = 0x0115a7c8 esp = 0xbff72b10 ebp = 0x00000800 ebx = 0x01ea699c esi = 0x00000800 edi = 0xbff73398 Found by: call frame info 6 libbonoboui-2.so.0.0.0 + 0x20945 eip = 0x02cc2946 esp = 0xbff73410 ebp = 0xbff73428 ebx = 0x02d0ca3c esi = 0xb0db39a0 edi = 0xbff7346c Found by: call frame info 7 libX11.so.6.3.0 + 0x3c120 eip = 0x00b22121 esp = 0xbff73430 ebp = 0xbff734e8 Found by: previous frame's frame pointer 8 libX11.so.6.3.0 + 0x428e6 eip = 0x00b288e7 esp = 0xbff734f0 ebp = 0xbff73558 Found by: previous frame's frame pointer 9 libX11.so.6.3.0 + 0x42f95 eip = 0x00b28f96 esp = 0xbff73560 ebp = 0xbff735a8 Found by: previous frame's frame pointer 10 libX11.so.6.3.0 + 0x20a13 eip = 0x00b06a14 esp = 0xbff735b0 ebp = 0xbff73628 Found by: previous frame's frame pointer 11 libX11.so.6.3.0 + 0x20b92 eip = 0x00b06b93 esp = 0xbff73630 ebp = 0xbff73658 Found by: previous frame's frame pointer 12 libgdk-x11-2.0.so.0.1800.3 + 0x694e6 eip = 0x0548a4e7 esp = 0xbff73660 ebp = 0xbff736d8 Found by: previous frame's frame pointer 13 libgdk-x11-2.0.so.0.1800.3 + 0x19460 eip = 0x0543a461 esp = 0xbff736e0 ebp = 0xbff73708 Found by: previous frame's frame pointer 14 libgdk-x11-2.0.so.0.1800.3 + 0x19460 eip = 0x0543a461 esp = 0xbff73710 ebp = 0xbff73738 Found by: previous frame's frame pointer 15 libgdk-x11-2.0.so.0.1800.3 + 0x5cd9f eip = 0x0547dda0 esp = 0xbff73740 ebp = 0xbff73788 Found by: previous frame's frame pointer 16 libgdk-x11-2.0.so.0.1800.3 + 0x260a0 eip = 0x054470a1 esp = 0xbff73790 ebp = 0xbff737a8 Found by: previous frame's frame pointer 17 libgdk-x11-2.0.so.0.1800.3 + 0x3606e eip = 0x0545706f esp = 0xbff737b0 ebp = 0xbff73828 Found by: previous frame's frame pointer 18 libgdk-x11-2.0.so.0.1800.3 + 0x3804e eip = 0x0545904f esp = 0xbff73830 ebp = 0xbff73868 Found by: previous frame's frame pointer 19 libgtk-x11-2.0.so.0.1800.3 + 0x9feae eip = 0x005efeaf esp = 0xbff73870 ebp = 0xbff73888 Found by: previous frame's frame pointer 20 libgdk-x11-2.0.so.0.1800.3 + 0x14357 eip = 0x05435358 esp = 0xbff73890 ebp = 0xbff738b8 Found by: previous frame's frame pointer 21 libglib-2.0.so.0.2200.2 + 0x35301 eip = 0x00d03302 esp = 0xbff738c0 ebp = 0xbff738d8 Found by: previous frame's frame pointer 22 libglib-2.0.so.0.2200.2 + 0x37117 eip = 0x00d05118 esp = 0xbff738e0 ebp = 0xbff73958 Found by: previous frame's frame pointer 23 libglib-2.0.so.0.2200.2 + 0x3aa47 eip = 0x00d08a48 esp = 0xbff73960 ebp = 0xbff739d8 Found by: previous frame's frame pointer 24 libglib-2.0.so.0.2200.2 + 0x3ab73 eip = 0x00d08b74 esp = 0xbff739e0 ebp = 0xbff73a18 Found by: previous frame's frame pointer 25 libxul.so!nsAppShell::ProcessNextNativeEvent [nsAppShell.cpp:91694d19d7b2 : 144 + 0xa] eip = 0x0199d01a esp = 0xbff73a20 ebp = 0x00000014 Found by: previous frame's frame pointer
Comment 5 is https://bugzilla.gnome.org/show_bug.cgi?id=603652 (Mozilla bug 540197), fixed in Fedora 12 (and Ubuntu karmic) updates. 12 gdk_window_impl_x11_get_colormap /usr/src/debug/gtk+-2.18.3/gdk/x11/gdkwindow-x11.c:376 13 IA__gdk_drawable_get_colormap /usr/src/debug/gtk+-2.18.3/gdk/gdkdraw.c:276 14 IA__gdk_drawable_get_colormap /usr/src/debug/gtk+-2.18.3/gdk/gdkdraw.c:276 15 _gdk_pixmap_new /usr/src/debug/gtk+-2.18.3/gdk/x11/gdkpixmap-x11.c:186 16 IA__gdk_pixmap_new /usr/src/debug/gtk+-2.18.3/gdk/gdkpixmap.c:249 17 gdk_window_begin_implicit_paint /usr/src/debug/gtk+-2.18.3/gdk/gdkwindow.c:2543 gdk_window_process_updates_internal /usr/src/debug/gtk+-2.18.3/gdk/gdkwindow.c:5206
http://tinderbox.mozilla.org/showlog.cgi?log=Firefox/1270860729.1270861216.9030.gz Rev3 Fedora 12 mozilla-central opt test mochitests-5/5 on 2010/04/09 17:52:09 s: talos-r3-fed-009 http://tinderbox.mozilla.org/showlog.cgi?log=Firefox/1270845224.1270845653.26075.gz Rev3 Fedora 12 mozilla-central opt test mochitests-5/5 on 2010/04/09 13:33:44 s: talos-r3-fed-003 http://tinderbox.mozilla.org/showlog.cgi?log=Firefox/1270838801.1270839147.6452.gz Rev3 Fedora 12 mozilla-central opt test mochitests-5/5 on 2010/04/09 11:46:41 s: talos-r3-fed-027
Blocks: 438871
Whiteboard: [orange]
Chris filed bug 558521 for comment 5 to 7.
(In reply to comment #2) > I can't see that GtkSocket removes the _gtk_socket_windowing_filter_func (and > |data| pointing back to the socket) that it adds to the (foreign) plug_window. Those filters are (at least usually) removed in window_remove_filters from _gdk_window_destroy_hierarchy when the GtkSocket is unrealized and plug_window's parent window is destroyed. So I haven't found a reason for this crash and I don't think we can block on this. Bug 558130 existed at the time of this crash, but I'm having trouble imagining how that might be involved.
Looks like the upgrade didn't make this go away, as semi-expected. http://tinderbox.mozilla.org/showlog.cgi?log=Firefox/1271891686.1271892156.26666.gz#err0 Rev3 Fedora 12 mozilla-central opt test mochitests-5/5 on 2010/04/21 16:14:46 s: talos-r3-fed-040 addr2line locally shows the first three frames as comment 1.
Actually the top frame is different, updating summary. 0 IA__g_type_check_instance_cast /usr/src/debug/glib-2.22.2/gobject/gtype.c:3728 1 _gtk_socket_windowing_filter_func /usr/src/debug/gtk+-2.18.9/gtk/gtksocket-x11.c:420 2 gdk_event_apply_filters /usr/src/debug/gtk+-2.18.9/gdk/x11/gdkevents-x11.c:351 gdk_event_translate /usr/src/debug/gtk+-2.18.9/gdk/x11/gdkevents-x11.c:1028 3 _gdk_events_queue /usr/src/debug/gtk+-2.18.9/gdk/x11/gdkevents-x11.c:2305
Summary: Mo5 crash during test_streamNotify.html [@libgtk-x11-2.0.so.0.1800.3 + 0x25a026] → Mo5 segfault during test_streamNotify.html [@libgobject-2.0.so.0.2200.2 + 0x27b83]
(In reply to comment #10) > http://tinderbox.mozilla.org/showlog.cgi?log=Firefox/1271891686.1271892156.26666.gz#err0 > Rev3 Fedora 12 mozilla-central opt test mochitests-5/5 on 2010/04/21 16:14:46 > s: talos-r3-fed-040 Again, after: 322 INFO TEST-PASS | /tests/modules/plugin/test/test_streamNotify.html | GET data: URI correct (In reply to comment #11) > Actually the top frame is different, updating summary. > > 0 IA__g_type_check_instance_cast > /usr/src/debug/glib-2.22.2/gobject/gtype.c:3728 > > 1 _gtk_socket_windowing_filter_func > /usr/src/debug/gtk+-2.18.9/gtk/gtksocket-x11.c:420 http://git.gnome.org/browse/gtk+/tree/gtk/gtksocket-x11.c?id=2.18.9#n420 Same issue, apparently the filter is being called after its GdkWindow (either the socket window or more likely the foreign plug window) is deleted.
(In reply to comment #12) > Same issue, apparently the filter is being called after its GdkWindow (either > the socket window or more likely the foreign plug window) is deleted. Make that "after the GtkSocket is deleted". The GdkWindow apparently still exists.
test_streamNotify.html uses a windowless plugin so doesn't use a GtkSocket. Perhaps the GtkSocket in question comes from the previous test test_propertyAndMethod.html (which uses a windowed plugin).
No reports since April. -> WFM
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Whiteboard: [orange]
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.