[Wayland-bugs] [Bug 793062] [Wayland] Crash under gdk_wayland_window_attach_image()
gtk+ (GNOME Bugzilla)
bugzilla at gnome.org
Mon Feb 19 09:14:11 UTC 2018
https://bugzilla.gnome.org/show_bug.cgi?id=793062
--- Comment #24 from Olivier Fourdan <ofourdan at redhat.com> ---
So I think what happens and I believe this is Firefox doing something
unexpected.
The issue occurs because the window we're updating recursively is being
unmapped (on Wayland if you unmap a window, it's surface resource is
destroyed).
The patch (attachment 367922) I posted checks for the window being mapped prior
to calling the update, and that patch doesn't fix the issue, which means that
when we checked, the window was mapped. When we crash, it's not mapped anymore,
so “something” is unmapping the window while gdk is updating it recursively.
Some tests shows this is not a threding issue, the crash and the unmap occur
from within the same thread id.
Unfortunately using a simple break in gdb on gdk_window_unmap() is not
practical so the solution is to add a variable, increase its value prior to
enter the recursion and check for its value when unmapping the window, so that
we can tell exactly when the window is being unmapped from within the
recursion.
That leads to the following backtrace:
(gdb) bt
#0 mozalloc_abort (msg=msg at entry=0x55555557d6d8 "Redirecting call to
abort() to mozalloc_abort\n")
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/memory/mozalloc/mozalloc_abort.cpp:33
#1 0x00005555555668b0 in abort () at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/memory/mozalloc/mozalloc_abort.cpp:80
#2 0x00007fffef81aa85 in g_assertion_message
(domain=domain at entry=0x7ffff43a140e "Gdk",
file=file at entry=0x7ffff43b8ee8
"/home/ofourdan/src/gnome/gtk+-3/gdk/gdkwindow.c", line=line at entry=5667,
func=func at entry=0x7ffff43ba3e0 <__func__.66322> "gdk_window_hide",
message=message at entry=0x7fffaad8ae50 "assertion failed: (recurse_level
== 0)") at /home/ofourdan/src/gnome/glib/glib/gtestutils.c:2532
#3 0x00007fffef81aada in g_assertion_message_expr
(domain=domain at entry=0x7ffff43a140e "Gdk",
file=file at entry=0x7ffff43b8ee8
"/home/ofourdan/src/gnome/gtk+-3/gdk/gdkwindow.c", line=line at entry=5667,
func=func at entry=0x7ffff43ba3e0 <__func__.66322> "gdk_window_hide",
expr=expr at entry=0x7ffff43b8e6a "recurse_level == 0")
at /home/ofourdan/src/gnome/glib/glib/gtestutils.c:2555
→ #4 0x00007ffff43558b0 in gdk_window_hide (window=0x7fffab257760) at
/home/ofourdan/src/gnome/gtk+-3/gdk/gdkwindow.c:5667
#5 0x00007fffe973be90 in moz_container_unmap (widget=0x7fffaa3319b0)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/widget/gtk/mozcontainer.cpp:337
#6 0x00007fffefcd57d0 in _g_closure_invoke_va (closure=0x7ffff6afb420,
return_value=0x0, instance=0x7fffaa3319b0, args=0x7fffffff9fe8,
n_params=0, param_types=0x0) at
/home/ofourdan/src/gnome/glib/gobject/gclosure.c:867
#7 0x00007fffefcf133e in g_signal_emit_valist (instance=0x7fffaa3319b0,
signal_id=<optimized out>, detail=0,
var_args=var_args at entry=0x7fffffff9fe8) at
/home/ofourdan/src/gnome/glib/gobject/gsignal.c:3300
#8 0x00007fffefcf1802 in g_signal_emit
(instance=instance at entry=0x7fffaa3319b0, signal_id=<optimized out>,
detail=detail at entry=0)
at /home/ofourdan/src/gnome/glib/gobject/gsignal.c:3447
→ #9 0x00007ffff495c24c in gtk_widget_unmap (widget=0x7fffaa3319b0) at
/home/ofourdan/src/gnome/gtk+-3/gtk/gtkwidget.c:5033
#10 0x00007fffefcd568d in g_closure_invoke (closure=0x7ffff6afb420,
return_value=0x0, n_param_values=1, param_values=0x7fffffffa2a0,
invocation_hint=0x7fffffffa240) at
/home/ofourdan/src/gnome/glib/gobject/gclosure.c:804
#11 0x00007fffefce878e in signal_emit_unlocked_R
(node=node at entry=0x7ffff6affb80, detail=detail at entry=0,
instance=instance at entry=0x7fffaa908a60,
emission_return=emission_return at entry=0x0,
instance_and_params=instance_and_params at entry=0x7fffffffa2a0)
at /home/ofourdan/src/gnome/glib/gobject/gsignal.c:3565
#12 0x00007fffefcf0f35 in g_signal_emit_valist (instance=<optimized out>,
signal_id=<optimized out>, detail=<optimized out>,
var_args=var_args at entry=0x7fffffffa448) at
/home/ofourdan/src/gnome/glib/gobject/gsignal.c:3391
#13 0x00007fffefcf1802 in g_signal_emit
(instance=instance at entry=0x7fffaa908a60, signal_id=<optimized out>,
detail=detail at entry=0)
at /home/ofourdan/src/gnome/glib/gobject/gsignal.c:3447
#14 0x00007ffff495c24c in gtk_widget_unmap (widget=0x7fffaa908a60) at
/home/ofourdan/src/gnome/gtk+-3/gtk/gtkwidget.c:5033
#15 0x00007ffff4970e8c in gtk_window_hide (widget=0x7fffaa908a60) at
/home/ofourdan/src/gnome/gtk+-3/gtk/gtkwindow.c:6217
#16 0x00007fffefcd568d in g_closure_invoke (closure=0x7ffff6afb3a0,
return_value=0x0, n_param_values=1, param_values=0x7fffffffa720,
invocation_hint=0x7fffffffa6c0) at
/home/ofourdan/src/gnome/glib/gobject/gclosure.c:804
#17 0x00007fffefce878e in signal_emit_unlocked_R
(node=node at entry=0x7ffff6affac0, detail=detail at entry=0,
instance=instance at entry=0x7fffaa908a60,
emission_return=emission_return at entry=0x0,
instance_and_params=instance_and_params at entry=0x7fffffffa720)
at /home/ofourdan/src/gnome/glib/gobject/gsignal.c:3565
#18 0x00007fffefcf0f35 in g_signal_emit_valist (instance=<optimized out>,
signal_id=<optimized out>, detail=<optimized out>,
var_args=var_args at entry=0x7fffffffa8c8) at
/home/ofourdan/src/gnome/glib/gobject/gsignal.c:3391
#19 0x00007fffefcf1802 in g_signal_emit
(instance=instance at entry=0x7fffaa908a60, signal_id=<optimized out>,
detail=detail at entry=0)
at /home/ofourdan/src/gnome/glib/gobject/gsignal.c:3447
#20 0x00007ffff4964235 in gtk_widget_hide (widget=0x7fffaa908a60) at
/home/ofourdan/src/gnome/gtk+-3/gtk/gtkwidget.c:4901
#21 0x00007fffe97160b3 in nsWindow::NativeShow (this=0x7fffaa908400,
aAction=<optimized out>)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/widget/gtk/nsWindow.cpp:4232
#22 0x00007fffe96d2af4 in nsView::DoResetWidgetBounds (this=<optimized
out>, aMoveOnly=<optimized out>, aInvalidateChangedSize=<optimized out>)
at /usr/src/debug/firefox-59.0-0.6.fc27.x86_64/view/nsView.cpp:341
#23 0x00007fffe96d5fba in nsViewManager::ProcessPendingUpdatesForView
(this=this at entry=0x7fffc14c5fc0, aView=<optimized out>,
aFlushDirtyRegion=aFlushDirtyRegion at entry=true) at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/view/nsViewManager.cpp:399
#24 0x00007fffe96d61a5 in nsViewManager::ProcessPendingUpdates
(this=this at entry=0x7fffc14c5fc0)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/view/nsViewManager.cpp:1102
#25 0x00007fffe96d62d8 in nsViewManager::WillPaintWindow
(this=this at entry=0x7fffc14c5fc0, aWidget=0x7fffaa908400)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/view/nsViewManager.cpp:707
#26 0x00007fffe96d6326 in nsView::WillPaintWindow (this=<optimized out>,
aWidget=<optimized out>)
at /usr/src/debug/firefox-59.0-0.6.fc27.x86_64/view/nsView.cpp:1059
→ #27 0x00007fffe9722c0b in nsWindow::OnExposeEvent (this=<optimized out>,
cr=<optimized out>, this=<optimized out>)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/widget/gtk/nsWindow.cpp:2089
#28 0x00007fffe97239b2 in draw_window_of_widget
(widget=widget at entry=0x7fffaa3319b0, aWindow=0x7fffab257760,
cr=cr at entry=0x7fffc9d42800)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/widget/gtk/nsWindow.cpp:5455
#29 0x00007fffe9723a0f in expose_event_cb
(widget=widget at entry=0x7fffaa3319b0, cr=0x7fffc9d42800)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/widget/gtk/nsWindow.cpp:5478
#30 0x00007ffff481db4b in _gtk_marshal_BOOLEAN__BOXED
(closure=closure at entry=0x7fffaa3fef80,
return_value=return_value at entry=0x7fffffffaf20,
n_param_values=n_param_values at entry=2,
param_values=param_values at entry=0x7fffffffafd0,
invocation_hint=invocation_hint at entry=0x7fffffffaf70,
marshal_data=marshal_data at entry=0x0) at gtkmarshalers.c:83
#31 0x00007ffff495949f in gtk_widget_draw_marshaller
(closure=0x7fffaa3fef80, return_value=0x7fffffffaf20, n_param_values=2,
param_values=0x7fffffffafd0, invocation_hint=0x7fffffffaf70,
marshal_data=0x0) at /home/ofourdan/src/gnome/gtk+-3/gtk/gtkwidget.c:945
#32 0x00007fffefcd568d in g_closure_invoke (closure=0x7fffaa3fef80,
return_value=0x7fffffffaf20, n_param_values=2, param_values=0x7fffffffafd0,
invocation_hint=0x7fffffffaf70) at
/home/ofourdan/src/gnome/glib/gobject/gclosure.c:804
#33 0x00007fffefce86be in signal_emit_unlocked_R (node=<optimized out>,
detail=detail at entry=0, instance=instance at entry=0x7fffaa3319b0,
emission_return=emission_return at entry=0x7fffffffb0d0,
instance_and_params=instance_and_params at entry=0x7fffffffafd0)
at /home/ofourdan/src/gnome/glib/gobject/gsignal.c:3635
#34 0x00007fffefcf091c in g_signal_emit_valist (instance=<optimized out>,
signal_id=<optimized out>, detail=<optimized out>,
var_args=var_args at entry=0x7fffffffb188) at
/home/ofourdan/src/gnome/glib/gobject/gsignal.c:3401
#35 0x00007fffefcf1802 in g_signal_emit
(instance=instance at entry=0x7fffaa3319b0, signal_id=<optimized out>,
detail=detail at entry=0)
at /home/ofourdan/src/gnome/glib/gobject/gsignal.c:3447
#36 0x00007ffff4965ab2 in gtk_widget_draw_internal
(widget=widget at entry=0x7fffaa3319b0, cr=cr at entry=0x7fffc9d42800,
clip_to_size=clip_to_size at entry=1) at
/home/ofourdan/src/gnome/gtk+-3/gtk/gtkwidget.c:7019
#37 0x00007ffff475c202 in gtk_container_propagate_draw
(container=container at entry=0x7fffaa908a60, child=0x7fffaa3319b0,
cr=cr at entry=0x7fffc9d42800) at
/home/ofourdan/src/gnome/gtk+-3/gtk/gtkcontainer.c:3838
#38 0x00007ffff475c2c2 in gtk_container_draw (widget=0x7fffaa908a60,
cr=0x7fffc9d42800)
at /home/ofourdan/src/gnome/gtk+-3/gtk/gtkcontainer.c:3658
#39 0x00007ffff4972dff in gtk_window_draw (widget=0x7fffaa908a60,
cr=0x7fffc9d42800) at /home/ofourdan/src/gnome/gtk+-3/gtk/gtkwindow.c:10401
#40 0x00007ffff496586f in gtk_widget_draw_internal (widget=0x7fffaa908a60,
cr=0x7fffc9d42800, clip_to_size=<optimized out>)
at /home/ofourdan/src/gnome/gtk+-3/gtk/gtkwidget.c:7026
#41 0x00007ffff496e763 in gtk_widget_render
(widget=widget at entry=0x7fffaa908a60, window=0x7fffab2575d0, region=<optimized
out>)
at /home/ofourdan/src/gnome/gtk+-3/gtk/gtkwidget.c:17536
#42 0x00007ffff481cac1 in gtk_main_do_event (event=<optimized out>) at
/home/ofourdan/src/gnome/gtk+-3/gtk/gtkmain.c:1838
#43 0x00007ffff433d565 in _gdk_event_emit
(event=event at entry=0x7fffffffb520) at
/home/ofourdan/src/gnome/gtk+-3/gdk/gdkevents.c:73
→ #44 0x00007ffff434da8e in _gdk_window_process_updates_recurse_helper
(window=0x7fffab2575d0, expose_region=<optimized out>)
at /home/ofourdan/src/gnome/gtk+-3/gdk/gdkwindow.c:3858
→ #45 0x00007ffff434e670 in _gdk_window_process_updates_recurse
(window=<optimized out>, expose_region=<optimized out>)
at /home/ofourdan/src/gnome/gtk+-3/gdk/gdkwindow.c:3917
#46 0x00007ffff434e426 in gdk_window_process_updates_internal
(window=0x7fffab2575d0) at /home/ofourdan/src/gnome/gtk+-3/gdk/gdkwindow.c:4007
#47 0x00007ffff434e620 in gdk_window_process_updates_with_mode
(window=<optimized out>, recurse_mode=<optimized out>)
at /home/ofourdan/src/gnome/gtk+-3/gdk/gdkwindow.c:4201
#48 0x00007fffefcd568d in g_closure_invoke (closure=0x7fffaa3fe620,
return_value=0x0, n_param_values=1, param_values=0x7fffffffb800,
invocation_hint=0x7fffffffb7a0) at
/home/ofourdan/src/gnome/glib/gobject/gclosure.c:804
#49 0x00007fffefce86be in signal_emit_unlocked_R
(node=node at entry=0x7ffff6aca9a0, detail=detail at entry=0,
instance=instance at entry=0x7fffaa380ed0,
emission_return=emission_return at entry=0x0,
instance_and_params=instance_and_params at entry=0x7fffffffb800)
at /home/ofourdan/src/gnome/glib/gobject/gsignal.c:3635
#50 0x00007fffefcf0f35 in g_signal_emit_valist (instance=<optimized out>,
signal_id=<optimized out>, detail=<optimized out>,
var_args=var_args at entry=0x7fffffffb9a8) at
/home/ofourdan/src/gnome/glib/gobject/gsignal.c:3391
#51 0x00007fffefcf1802 in g_signal_emit
(instance=instance at entry=0x7fffaa380ed0, signal_id=<optimized out>,
detail=detail at entry=0)
at /home/ofourdan/src/gnome/glib/gobject/gsignal.c:3447
#52 0x00007ffff4345f1f in _gdk_frame_clock_emit_paint
(frame_clock=frame_clock at entry=0x7fffaa380ed0)
at /home/ofourdan/src/gnome/gtk+-3/gdk/gdkframeclock.c:640
#53 0x00007ffff4346621 in gdk_frame_clock_paint_idle (data=0x7fffaa380ed0)
at /home/ofourdan/src/gnome/gtk+-3/gdk/gdkframeclockidle.c:430
#54 0x00007ffff4332140 in gdk_threads_dispatch
(data=data at entry=0x7fffafdcb640) at
/home/ofourdan/src/gnome/gtk+-3/gdk/gdk.c:743
#55 0x00007fffef7f535d in g_timeout_dispatch (source=0x7fffb58bb4a0,
callback=0x7ffff4332120 <gdk_threads_dispatch>, user_data=0x7fffafdcb640)
at /home/ofourdan/src/gnome/glib/glib/gmain.c:4650
#56 0x00007fffef7f4937 in g_main_dispatch (context=0x7ffff6a25be0) at
/home/ofourdan/src/gnome/glib/glib/gmain.c:3177
#57 g_main_context_dispatch (context=context at entry=0x7ffff6a25be0) at
/home/ofourdan/src/gnome/glib/glib/gmain.c:3830
#58 0x00007fffef7f4ca8 in g_main_context_iterate
(context=context at entry=0x7ffff6a25be0, block=block at entry=0,
dispatch=dispatch at entry=1,
self=<optimized out>) at
/home/ofourdan/src/gnome/glib/glib/gmain.c:3903
#59 0x00007fffef7f4d2c in g_main_context_iteration (context=0x7ffff6a25be0,
context at entry=0x0, may_block=0)
at /home/ofourdan/src/gnome/glib/glib/gmain.c:3964
#60 0x00007fffe9732d3f in nsAppShell::ProcessNextNativeEvent
(this=<optimized out>, mayWait=<optimized out>)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/widget/gtk/nsAppShell.cpp:295
---Type <return> to continue, or q <return> to quit---
#61 0x00007fffe96ffb42 in nsBaseAppShell::DoProcessNextNativeEvent
(this=this at entry=0x7fffd2b84040, mayWait=mayWait at entry=false)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/widget/nsBaseAppShell.cpp:139
#62 0x00007fffe96ffd7c in nsBaseAppShell::OnProcessNextEvent
(this=0x7fffd2b84040, thr=0x7fffdc21c480, mayWait=<optimized out>)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/widget/nsBaseAppShell.cpp:272
#63 0x00007fffe7746525 in nsThread::ProcessNextEvent (this=<optimized out>,
aMayWait=<optimized out>, aResult=0x7fffffffbda7,
this=<optimized out>) at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/xpcom/threads/nsThread.cpp:952
#64 0x00007fffe774f6d8 in NS_ProcessNextEvent (aThread=<optimized out>,
aThread at entry=0x7fffdc21c480, aMayWait=aMayWait at entry=false)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/xpcom/threads/nsThreadUtils.cpp:517
#65 0x00007fffe7b7859a in mozilla::ipc::MessagePump::Run
(this=0x7fffdc2550c0, aDelegate=0x7fffdc254040)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/ipc/glue/MessagePump.cpp:97
#66 0x00007fffe7b4de20 in MessageLoop::RunInternal (this=<optimized out>)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/ipc/chromium/src/base/message_loop.cc:326
#67 MessageLoop::RunHandler (this=<optimized out>) at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/ipc/chromium/src/base/message_loop.cc:319
#68 MessageLoop::Run (this=<optimized out>) at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/ipc/chromium/src/base/message_loop.cc:299
#69 0x00007fffe96fad38 in nsBaseAppShell::Run (this=0x7fffd2b84040) at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/widget/nsBaseAppShell.cpp:157
#70 0x00007fffea5cdd2e in nsAppStartup::Run (this=0x7fffd351eb50)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/toolkit/components/startup/nsAppStartup.cpp:288
#71 0x00007fffea666c3b in XREMain::XRE_mainRun
(this=this at entry=0x7fffffffc030)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/toolkit/xre/nsAppRunner.cpp:4710
#72 0x00007fffea667ae6 in XREMain::XRE_main
(this=this at entry=0x7fffffffc030, argc=argc at entry=1,
argv=argv at entry=0x7fffffffd358, aConfig=...)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/toolkit/xre/nsAppRunner.cpp:4849
#73 0x00007fffea667e52 in XRE_main (argc=1, argv=0x7fffffffd358,
aConfig=...)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/toolkit/xre/nsAppRunner.cpp:4941
#74 0x0000555555559d1c in do_main (argc=1, argv=0x7fffffffd358,
envp=<optimized out>)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/browser/app/nsBrowserApp.cpp:231
#75 0x0000555555559489 in main (argc=1, argv=0x7fffffffd358,
envp=0x7fffffffd368)
at
/usr/src/debug/firefox-59.0-0.6.fc27.x86_64/browser/app/nsBrowserApp.cpp:304
(gdb) info threads
What this shows is that Firefox is unmapping the window on expose events (step
#27), and an expose event is precisely what's emitted to update the content.
So basically, Firefox is unmapping the window while we're updating it, which
leads to the crash.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/wayland-bugs/attachments/20180219/0acb531a/attachment-0001.html>
More information about the wayland-bugs
mailing list