Crash in gfxUserFontEntry::LoadPlatformFont
Categories
(Core :: Layout: Text and Fonts, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox64 | --- | unaffected |
| firefox65 | --- | unaffected |
| firefox66 | + | disabled |
| firefox67 | + | fixed |
People
(Reporter: philipp, Assigned: emilio)
References
Details
(4 keywords, Whiteboard: [arm64:m3][post-critsmash-triage])
Crash Data
Attachments
(2 files)
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
3.35 KB,
patch
|
lizzard
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug is for crash report bp-9f907b34-6b2c-46c5-b227-5a32d0190124.
Top 10 frames of crashing thread:
0 libxul.so gfxUserFontEntry::LoadPlatformFont gfx/thebes/gfxUserFontSet.cpp:747
1 libxul.so gfxUserFontEntry::FontDataDownloadComplete gfx/thebes/gfxUserFontSet.cpp:805
2 libxul.so nsFontFaceLoader::OnStreamComplete layout/style/nsFontFaceLoader.cpp:256
3 libxul.so mozilla::net::nsStreamLoader::OnStopRequest netwerk/base/nsStreamLoader.cpp:94
4 libxul.so nsCORSListenerProxy::OnStopRequest netwerk/protocol/http/nsCORSListenerProxy.cpp:615
5 libxul.so mozilla::extensions::ChannelWrapper::RequestListener::OnStopRequest toolkit/components/extensions/webrequest/ChannelWrapper.cpp:948
6 libxul.so mozilla::net::nsStreamListenerTee::OnStopRequest netwerk/base/nsStreamListenerTee.cpp:42
7 libxul.so mozilla::net::nsHttpChannel::ContinueOnStopRequest netwerk/protocol/http/nsHttpChannel.cpp:7752
8 libxul.so mozilla::net::nsHttpChannel::OnStopRequest netwerk/protocol/http/nsHttpChannel.cpp:7517
9 libxul.so nsInputStreamPump::OnStateStop netwerk/base/nsInputStreamPump.cpp:656
these crashes appear cross-platform since nightly build 20190121175139. so far they look more common on android, on windows they're manifesting themselves as content crashes. could this be related to the changes of bug 1519918?
|
Assignee | |
Comment 1•6 years ago
|
||
I haven't managed to find a way stuff should unexpectedly die around these
functions, so add a few diagnostics to catch this hopefully, before papering
over the bug / backing out / adding a kungfudeathgrip.
|
|
Assignee | |
Comment 2•6 years ago
|
||
Will add some diagnostics for now, to try to catch the bug, since I couldn't via code inspection.
|
|
Assignee | |
Comment 3•6 years ago
|
||
May be related to bug 1519918 or bug 1520062 in any case, yeah.
|
||
Comment 4•6 years ago
|
||
Bug 1520062 got backed out for causing a crash in a different OnStop method, FWIW.
|
|
Assignee | |
Updated•6 years ago
|
|
|
||
Comment 5•6 years ago
|
||
It looks like there were a bunch of crashes on the 22 and not many since then, so maybe the backout did the trick?
|
|
Assignee | |
Comment 6•6 years ago
|
||
Yeah, perhaps. Still the diagnostics don't hurt probably, let's see if they catch something. Otherwise let's WFM.
|
||
Comment 7•6 years ago
|
||
|
||
Comment 8•6 years ago
•
|
||
There are 13 crashes with signatures "nsFontFaceLoader::Cancel" and the crash reason is:
MOZ_RELEASE_ASSERT(!mInLoadTimerCallback)
|
|
Assignee | |
Comment 11•6 years ago
|
||
I think bug 1523181 will fix this, I'll add more diagnostics otherwise.
|
|
||
Updated•6 years ago
|
|
||
Comment 13•6 years ago
|
||
Curiously, I see 16x more crash reports with this signature from ARM64 builds of Fennec 67 Nightly than from ARMv7 builds.
|
Reporter | |
Comment 14•6 years ago
|
||
(In reply to Emilio Cobos Álvarez (:emilio) from comment #11)
I think bug 1523181 will fix this, I'll add more diagnostics otherwise.
there still reports from nightly builds including the changes in bug 1523181:
bp-875266cb-7e7b-4966-9c13-cba5f0190206
bp-64a55734-b758-413a-95ad-81f370190206
|
|
Assignee | |
Comment 15•6 years ago
|
||
Yup, I realized they were different in bug 1524246. I think that matches this bug better.
|
|
Assignee | |
Comment 16•6 years ago
|
||
(And that landed just today)
|
|
Reporter | |
Comment 17•6 years ago
|
||
thanks!
|
|
||
Comment 18•6 years ago
|
||
Are you still planning to work on this for 66? Or do you think it's better aimed at 67? I can keep tracking for 66 and we can still potentially take an uplift.
|
|
Assignee | |
Comment 19•6 years ago
|
||
Oh, I see why this is still crashing on beta, we forgot to back out the diagnostics patch, but they're MOZ_DIAGNOSTIC_ASSERTs so shouldn't crash on release. I can back out that patch from beta just like we backed out bug 1526252, if you want me to. Though again shouldn't crash release, so should be fine.
It seems there are no crashes on Nightly at all, which makes sense because this was fixed in all the dependent bugs.
|
|
||
Comment 20•6 years ago
|
||
Sure, if you can do the backout, it seems like a good idea. I get that it won't make any substantial difference but I like to have less noise in beta crashes. (And to have a good idea of the overall crash rate across different beta releases, too.) Thanks!
|
|
Assignee | |
Comment 21•6 years ago
|
||
I guess that was supposed to go to me :)
|
|
||
Comment 22•6 years ago
|
||
Oops, yes.
|
|
Assignee | |
Comment 23•6 years ago
|
||
Beta/Release Uplift Approval Request
Feature/Bug causing the regression
User impact if declined
DIAGNOSTIC_ASSERT crashes on beta.
Is this code covered by automated tests?
No
Has the fix been verified in Nightly?
No
Needs manual test from QE?
No
If yes, steps to reproduce
List of other uplifts needed
None
Risk to taking this patch
Low
Why is the change risky/not risky? (and alternatives if risky)
Just reverting the diagnostics added here since the patches that introduced the regression were backed out from beta.
String changes made/needed
none
|
|
||
Comment 24•6 years ago
|
||
|
||
Comment 25•6 years ago
|
||
| uplift | ||
|
|
||
Updated•6 years ago
|
|
||
Updated•6 years ago
|
|
||
Updated•6 years ago
|
|
|
||
Updated•5 years ago
|
Description
•