=== My chromium crash === - On dragging any draggable item (images or selectable text), chromium crashes. Happens with epipany too. - Error message is X Window System error, BadPixmap: The program 'epiphany' received an X Window System error. This probably reflects a bug in the program. The error was 'BadPixmap (invalid Pixmap parameter)'. (Details: serial 6282 error_code 4 request_code 2 minor_code 0) (Note to programmers: normally, X errors are reported asynchronously; that is, you will receive the error a while after causing it. To debug your program, run it with the --sync command line option to change this behavior. You can then get a meaningful backtrace from your debugger if you break on the gdk_x_error() function.) - When run with --sync, it is now a segmentation fault. Which is good, because it means I can get a backtrace from gdb, see the bottom of this page. - When I tried to build gtk+ ./configure --enable-debug, the crash went away. So I fiddled around and found the following interesting information: ## If a non-debug gtk+ is built with -DG_DISABLE_CAST_CHECKS, the crashing occurs ## If a non-debug gtk+ is built with -UG_DISABLE_CAST_CHECKS, the crashing doesn't occur ## If a debug gtk+ is built with -DG_DISABLE_CAST_CHECKS, the crashing doesn't occur Which means that -DG_DISABLE_CAST_CHECKS stimulates the crash, but even when forcing that, something else from --enable-debug in gtk+ is undoing the damage. - Only happens with 32-bit (x86) build. 64-bit (amd64) build with identical options, and identical versions of libraries with identical options (excepting the -m32 flag to gcc and similar) does not exhibit a crash. - For text from the URL bar, the crash is immediate (on non-crashy build, a pixmap containing the selected text appears). - For selected text from elsewhere, or images, the default dragging pixmap with the document item appears, but if let go of anywhere, same crash occurs (on non-crashy build, the pixmap flies back towards its origin). - Occurs with 4.0.266.0 and 5.0.307.0, debug and release output, self-compiled and binary and official google chrome binary. - 100% reproducible on this machine. Once the default dragging pixmap appears, a crash is only avoidable by letting go of the mouse button in the URL bar. Weird. - In chromium, no useful log lines appear with --enable-logging or --log-level or --gdk-debug=all. No functions appear in the pretty table when running in xtrace. Crash can be created even when setting --renderer-cmd-prefix='echo'. - In chromium, with IPC logging enabled, the last thing I see is: ipc 31739.0xbdc0180.1052384305 1 ViewHostMsg_UpdateDragCursor 0 ipc 31739.0xbdc0180.1052384305 1 [unknown type 69] (653, 194), (654, 296), false, 0 ipc 31739.0xbdc0180.1052384305 1 [unknown type 66] (653, 194), (654, 296), 17 ipc 31739.0xbdc0180.1052384305 1 [unknown type 69] (648, 189), (649, 291), false, 0 ipc 31739.0xbdc0180.1052384305 1 [unknown type 66] (648, 189), (649, 291), 17 ipc 31739.0xbdc0180.1052384305 1 [unknown type 69] (645, 186), (646, 288), false, 0 ipc 31739.0xbdc0180.1052384305 1 [unknown type 66] (645, 186), (646, 288), 17 ipc 31739.0xbdc0180.1052384305 1 [unknown type 69] (643, 184), (644, 286), false, 0 ipc 31739.0xbdc0180.1052384305 1 [unknown type 66] (643, 184), (644, 286), 17 ipc 31739.0xbdc0180.1052384305 1 ViewMsg_DragSourceEndedOrMoved (643, 184), (644, 286), true, 0 Program received signal SIGSEGV, Segmentation fault. 0xf7aa0663 in tmp_reset_bg (window=0xbe1b690, recurse=1) at gdkwindow-x11.c:253 253 gdkwindow-x11.c: No such file or directory. in gdkwindow-x11.c Current language: auto The current source language is "auto; currently c". (gdb) bt #0 0xf7aa0663 in tmp_reset_bg (window=0xbe1b690, recurse=1) at gdkwindow-x11.c:253 #1 _gdk_x11_window_tmp_reset_bg (window=0xbe1b690, recurse=1) at gdkwindow-x11.c:336 #2 0xf7aa22b8 in gdk_window_x11_show (window=0xbe1b690, already_mapped=0) at gdkwindow-x11.c:1345 #3 0xf7a719ef in gdk_window_show_internal (window=0xbe1b690, raise=1) at gdkwindow.c:6534 #4 0xf7d4934f in gtk_window_map (widget=0xbe22180) at gtkwindow.c:4592 #5 0xf77a2cec in g_cclosure_marshal_VOID__VOID () from /usr/lib32/libgobject-2.0.so.0 #6 0x0be22180 in ?? () #7 0x0bc62108 in ?? () #8 0x00000000 in ?? () (gdb)