Closed Bug 846863 Opened 12 years ago Closed 7 years ago

Crash in IA__gdk_keymap_get_for_display with Unity Websites integration 2012.10.12.beta

Categories

(Core :: Widget: Gtk, defect)

Product:
Core
Component:
Widget: Gtk
Version:
19 Branch
Platform:
All
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
firefox19 --- affected
firefox21 --- affected
firefox22 --- affected

People

(Reporter: chrisccoulson, Unassigned)

References

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is report bp-3b5f0f5c-833e-4cfd-b997-3fc9e2130228 . ============================================================= This is currently number 16 top crasher on Linux for the last week, but number 2 over the last 24 hours. I don't think that is an actual sudden increase, but more likely because I've just fixed the crash symbols for our gtk packages in Ubuntu, so we get proper traces again. 0 libgdk-x11-2.0.so.0.2400.13 IA__gdk_keymap_get_for_display gdkkeys-x11.c:307 1 libxul.so mozilla::widget::KeymapWrapper::KeymapWrapper nsGtkKeyUtils.cpp:283 2 libxul.so mozilla::widget::KeymapWrapper::GetInstance nsGtkKeyUtils.cpp:278 3 libxul.so mozilla::widget::KeymapWrapper::InitInputEvent nsGtkKeyUtils.cpp:571 4 libxul.so nsWindow::OnMotionNotifyEvent nsWindow.cpp:2563 5 libxul.so motion_notify_event_cb nsWindow.cpp:5240 6 libgtk-x11-2.0.so.0.2400.13 _gtk_marshal_BOOLEAN__BOXED gtkmarshalers.c:86 7 libgobject-2.0.so.0.3400.1 g_closure_invoke gclosure.c:777 8 libgobject-2.0.so.0.3400.1 signal_emit_unlocked_R gsignal.c:3551 9 libgobject-2.0.so.0.3400.1 g_signal_emit_valist gsignal.c:3310 10 libgobject-2.0.so.0.3400.1 g_signal_emit gsignal.c:3356 11 libgtk-x11-2.0.so.0.2400.13 gtk_widget_event_internal gtkwidget.c:5010 12 libgtk-x11-2.0.so.0.2400.13 IA__gtk_propagate_event gtkmain.c:2509 13 libgtk-x11-2.0.so.0.2400.13 IA__gtk_main_do_event gtkmain.c:1699 14 libgdk-x11-2.0.so.0.2400.13 gdk_event_dispatch gdkevents-x11.c:2403 15 libglib-2.0.so.0.3400.1 g_main_context_dispatch gmain.c:2715 16 libglib-2.0.so.0.3400.1 g_main_context_iterate gmain.c:3290 17 libglib-2.0.so.0.3400.1 g_main_context_iteration gmain.c:3351 18 libxul.so nsAppShell::ProcessNextNativeEvent nsAppShell.cpp:135 19 libxul.so nsBaseAppShell::DoProcessNextNativeEvent nsBaseAppShell.cpp:139 20 libxul.so nsBaseAppShell::OnProcessNextEvent nsBaseAppShell.cpp:298 21 libxul.so nsThread::ProcessNextEvent nsThread.cpp:600 22 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:238 23 libxul.so nsXULWindow::ShowModal nsXULWindow.cpp:364 24 libxul.so nsWindowWatcher::OpenWindowInternal nsWindowWatcher.cpp:1029 25 libxul.so nsWindowWatcher::OpenWindow nsWindowWatcher.cpp:400 26 libxul.so NS_InvokeByIndex_P xptcinvoke_x86_64_unix.cpp:164 27 libxul.so XPCWrappedNative::CallMethod XPCWrappedNative.cpp:3100 28 libxul.so XPC_WN_CallMethod XPCWrappedNativeJSOps.cpp:1488 29 libxul.so js::InvokeKernel jscntxtinlines.h:364 30 libxul.so js::Interpret jsinterp.cpp:2336 31 libxul.so js::RunScript jsinterp.cpp:324 32 libxul.so js::InvokeKernel jsinterp.cpp:379 33 libxul.so js::Invoke jsinterp.h:109 34 libxul.so js::BaseProxyHandler::call jsproxy.cpp:266 35 libxul.so js::Wrapper::call jswrapper.cpp:302 36 libxul.so js::CrossCompartmentWrapper::call jswrapper.cpp:635 37 libxul.so proxy_Call jsproxy.cpp:2466 38 libxul.so js::InvokeKernel jscntxtinlines.h:364 39 libxul.so js::Interpret jsinterp.cpp:2336 40 libxul.so js::RunScript jsinterp.cpp:324 41 libxul.so js::InvokeKernel jsinterp.cpp:379 42 libxul.so js::Invoke jsinterp.h:109 43 libxul.so JS_CallFunctionValue jsapi.cpp:5771 44 libxul.so nsXPCWrappedJSClass::CallMethod XPCWrappedJSClass.cpp:1432 45 libxul.so nsXPCWrappedJS::CallMethod XPCWrappedJS.cpp:580 46 libxul.so PrepareAndDispatch xptcstubs_x86_64_linux.cpp:121 47 libxul.so libxul.so@0x1218b8b 48 libxul.so xptiInterfaceEntry::GetEntryForParam xptiInterfaceInfo.cpp:293 49 @0x7fff0f094b98 50 libxul.so nsEventListenerManager::HandleEventInternal nsEventListenerManager.cpp:987 51 libxul.so nsEventTargetChainItem::HandleEvent nsEventListenerManager.h:153 52 libxul.so nsEventTargetChainItem::HandleEventTargetChain nsEventDispatcher.cpp:316 53 libxul.so nsEventDispatcher::Dispatch nsEventDispatcher.cpp:634 54 libxul.so DocumentViewerImpl::LoadComplete nsDocumentViewer.cpp:1040 55 libxul.so nsDocShell::EndPageLoad nsDocShell.cpp:6516 56 libxul.so nsDocShell::OnStateChange nsDocShell.cpp:6344 57 libxul.so nsDocLoader::DoFireOnStateChange nsDocLoader.cpp:1305 58 libxul.so nsDocLoader::doStopDocumentLoad nsDocLoader.cpp:885 59 libxul.so nsDocLoader::DocLoaderIsEmpty nsDocLoader.cpp:775 60 libxul.so nsDocLoader::DocLoaderIsEmpty nsDocLoader.h:193 61 libxul.so nsDocLoader::OnStopRequest nsDocLoader.cpp:659 62 libxul.so nsLoadGroup::RemoveRequest nsLoadGroup.cpp:697 63 libxul.so nsDocument::DoUnblockOnload nsDocument.cpp:6992 64 libxul.so nsDocument::DispatchContentLoadedEvents nsDocument.cpp:4238 65 libxul.so nsRunnableMethodImpl<void nsThreadUtils.h:367 66 libxul.so nsThread::ProcessNextEvent nsThread.cpp:627 67 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:238 68 libxul.so mozilla::ipc::MessagePump::Run MessagePump.cpp:82 69 libxul.so MessageLoop::Run message_loop.cc:208 70 libxul.so nsBaseAppShell::Run nsBaseAppShell.cpp:163 71 libxul.so nsAppStartup::Run nsAppStartup.cpp:290 72 libxul.so XREMain::XRE_mainRun nsAppRunner.cpp:3823 73 libxul.so XREMain::XRE_main nsAppRunner.cpp:3890 74 libxul.so XRE_main nsAppRunner.cpp:4084 75 firefox main nsBrowserApp.cpp:174 76 libc-2.15.so libc-2.15.so@0x2176d 77 libstdc++.so.6.0.17 libstdc++.so.6.0.17@0x2ed5e0 78 firefox firefox@0x26d0 79 firefox firefox@0x2a30 80 ld-2.15.so ld-2.15.so@0xf3ef It's crashing inside gtk, just here: 304 if (!display_x11->keymap) 305 display_x11->keymap = g_object_new (gdk_keymap_x11_get_type (), NULL); 306 --> 307 display_x11->keymap->display = display; 308 309 return display_x11->keymap; On x86, the crashing address is always 0xc, and it's always 0x18 on x86-64. These are the exact offsets of |display| in GdkKeymap for each platform, suggesting that display_x11->keymap is null.
Ooh, so, probably a plugin or addon bug: https://crash-stats.mozilla.com/report/index/3b5f0f5c-833e-4cfd-b997-3fc9e2130228#modules libgdk-3.so.0.600.0 11F7CDB0EC8E227251C0CA7F4E73373D0 libgdk-3.so.0.600.0 libgtk-3.so.0.600.0 61B85BB755BF5B23D23D9776DE086DD70 libgtk-3.so.0.600.0 libwnck-3.so.0.2.2 9D7E68337AA91229F4E35675A32A3B330 libwnck-3.so.0.2.2 libgtk-x11-2.0.so.0.2400.13 81D7BD909D26EC255764510549C17AC60 libgtk-x11-2.0.so.0.2400.13 libgdk-x11-2.0.so.0.2400.13 3206968BE4FD283348953D724D0D92130 libgdk-x11-2.0.so.0.2400.13
It was fairly easy tracking down the culprit. Reported to https://launchpad.net/bugs/1138473
We don't have correlations because of bug 836671 but it seems correlated to Unity Websites integration 2012.10.12.beta.
status-firefox19: --- → affected
status-firefox21: --- → affected
status-firefox22: --- → affected
Summary: Crash in IA__gdk_keymap_get_for_display → Crash in IA__gdk_keymap_get_for_display with Unity Websites integration 2012.10.12.beta
Yeah, I've already reported this in their tracker
See Also: → https://launchpad.net/bugs/1138473
It's #3 top browser crasher in 19.0 and #1 in 21.0a2 and 22.0a1 on Linux.
Keywords: topcrash
More reports at: https://crash-stats.mozilla.com/report/list?signature=IA__gdk_keymap_get_for_display https://crash-stats.mozilla.com/report/list?signature=_dbus_watch_invalidate
Crash Signature: [@ IA__gdk_keymap_get_for_display] → [@ IA__gdk_keymap_get_for_display] [@ _dbus_watch_invalidate ]
The _dbus_watch_invalidate signature is a different crash (and likely to be an actual Firefox bug too). I was going to open a separate report for that. It has spiked this week for the same reason that this one has (I've fixed our crash symbols for libdbus as well). After looking through recent crash history, there are various crashes with signatures a like "libdbus-1.so.3.7.2@0x24d00" which all look likely to be the same crash.
Crash Signature: [@ IA__gdk_keymap_get_for_display] [@ _dbus_watch_invalidate ] → [@ IA__gdk_keymap_get_for_display]
Here are correlations from March 10th: 100% (12/12) vs. 25% (115/468) {2e1445b0-2682-11e1-bfc2-0800200c9a66} 100% (12/12) vs. 24% (110/468) 2012.10.12.beta 0% (0/12) vs. 1% (5/468) 2012.11.20.beta
There are only five crashes in 22.0.
Keywords: topcrash
Depends on: 997901
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.