Closed
Bug 1559957
Opened 2 years ago
Closed 1 year ago
WR on Pixel 2 crashes in [@ FT_Done_Face]
Categories
(Core :: Graphics: WebRender, defect, P3)
Core
Graphics: WebRender
Tracking
()
RESOLVED
FIXED
mozilla69
People
(Reporter: intermittent-bug-filer, Assigned: lsalzman)
References
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
Filed by: kgupta [at] mozilla.com
Parsed log: https://treeherder.mozilla.org/logviewer.html#?job_id=252209984&repo=try
Full log: https://queue.taskcluster.net/v1/task/YIBh6D5uQqiigZW6CL_U-Q/runs/0/artifacts/public/logs/live_backing.log
Looks like a double free of font stuff during shutdown
|
||
Comment 1•2 years ago
|
||
22:17:05 INFO - Crash reason: SIGSEGV /SEGV_ACCERR
22:17:05 INFO - Crash address: 0xe5e5e625
22:17:05 INFO - Process uptime: not available
22:17:05 INFO - Thread 11 (crashed)
22:17:05 INFO - 0 libxul.so!FT_Done_Face [ftobjs.c:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 2776 + 0x4]
22:17:05 INFO - r0 = 0xe5e5e5e5 r1 = 0xd8ccce48 r2 = 0x00000001 r3 = 0x80000000
22:17:05 INFO - r4 = 0xc0af7800 r5 = 0xf60691b8 r6 = 0xd8ccce3c r7 = 0xd8ccce30
22:17:05 INFO - r8 = 0xd8ccce40 r9 = 0xd6091a2c r10 = 0xd608ddd9 r12 = 0xd465eaf5
22:17:05 INFO - fp = 0xd60919e1 sp = 0xd8ccce18 lr = 0xd28056e1 pc = 0xd465eb08
22:17:05 INFO - Found by: given as instruction pointer in context
22:17:05 INFO - 1 libxul.so!mozilla::gfx::Factory::ReleaseFTFace(FT_FaceRec_*) [Factory.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 731 + 0x5]
22:17:05 INFO - r4 = 0xc0af7800 r5 = 0xf60691b8 r6 = 0xd8ccce3c r7 = 0xd8ccce60
22:17:05 INFO - r8 = 0xd8ccce40 r9 = 0xd6091a2c r10 = 0xd608ddd9 fp = 0xd60919e1
22:17:05 INFO - sp = 0xd8ccce38 lr = 0xd28056e1 pc = 0xd28056e1
22:17:05 INFO - Found by: call frame info
22:17:05 INFO - 2 libxul.so!mozilla::gfx::NativeFontResourceFreeType::~NativeFontResourceFreeType() [NativeFontResourceFreeType.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 20 + 0x3]
22:17:05 INFO - r4 = 0xbe50f140 r5 = 0x00000001 r6 = 0xbe5020d4 r7 = 0xd8ccce70
22:17:05 INFO - r8 = 0xf606474c r9 = 0xd6091a2c r10 = 0xd608ddd9 fp = 0xd60919e1
22:17:05 INFO - sp = 0xd8ccce68 lr = 0xd2816923 pc = 0xd2816923
22:17:05 INFO - Found by: call frame info
22:17:05 INFO - 3 libxul.so!mozilla::gfx::NativeFontResourceFreeType::~NativeFontResourceFreeType() [NativeFontResourceFreeType.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 18 + 0x7]
22:17:05 INFO - r4 = 0xbe5121fc r5 = 0x00000001 r6 = 0xbe5020d4 r7 = 0xd8ccce78
22:17:05 INFO - r8 = 0xf606474c r9 = 0xd6091a2c r10 = 0xd608ddd9 fp = 0xd60919e1
22:17:05 INFO - sp = 0xd8ccce78 lr = 0xd2816945 pc = 0xd2816945
22:17:05 INFO - Found by: call frame info
22:17:05 INFO - 4 libxul.so!_cairo_user_data_array_fini [cairo-array.c:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 417 + 0x1]
22:17:05 INFO - r4 = 0xbe5121fc r5 = 0x00000001 r6 = 0xbe5020d4 r7 = 0xd8ccce90
22:17:05 INFO - r8 = 0xf606474c r9 = 0xd6091a2c r10 = 0xd608ddd9 fp = 0xd60919e1
22:17:05 INFO - sp = 0xd8ccce80 lr = 0xd400689b pc = 0xd400689b
22:17:05 INFO - Found by: call frame info
22:17:05 INFO - 5 libxul.so!_moz_cairo_font_face_destroy [cairo-font-face.c:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 162 + 0x7]
22:17:05 INFO - r4 = 0xbe5121f0 r5 = 0xbe5121f8 r6 = 0xbe5176e8 r7 = 0xd8cccea8
22:17:05 INFO - r8 = 0xf606474c r9 = 0xd6091a2c r10 = 0xd608ddd9 fp = 0xd60919e1
22:17:05 INFO - sp = 0xd8ccce98 lr = 0xd400e877 pc = 0xd400e877
22:17:05 INFO - Found by: call frame info
22:17:05 INFO - 6 libxul.so!_cairo_ft_unscaled_font_destroy [cairo-ft-font.c:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 662 + 0x7]
22:17:05 INFO - r4 = 0xbe51e100 r5 = 0xbe51e1b0 r6 = 0xbe5176e8 r7 = 0xd8cccec0
22:17:05 INFO - r8 = 0xf606474c r9 = 0xd6091a2c r10 = 0xd608ddd9 fp = 0xd60919e1
22:17:05 INFO - sp = 0xd8ccceb0 lr = 0xd3ff6cfb pc = 0xd3ff6cfb
22:17:05 INFO - Found by: call frame info
22:17:05 INFO - 7 libxul.so!_cairo_unscaled_font_destroy [cairo-font-face.c:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 323 + 0x7]
22:17:05 INFO - r4 = 0xbe51e100 r5 = 0xbe517580 r6 = 0xbe5176e8 r7 = 0xd8ccced8
22:17:05 INFO - r8 = 0xf606474c r9 = 0xd6091a2c r10 = 0xd608ddd9 fp = 0xd60919e1
22:17:05 INFO - sp = 0xd8cccec8 lr = 0xd400ea0b pc = 0xd400ea0b
22:17:05 INFO - Found by: call frame info
22:17:05 INFO - 8 libxul.so!_cairo_scaled_font_fini_internal [cairo-scaled-font.c:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 843 + 0x3]
22:17:05 INFO - r4 = 0xbe517580 r5 = 0xbe517580 r6 = 0xbe5176e8 r7 = 0xd8cccef8
22:17:05 INFO - r8 = 0xf606474c r9 = 0xd6091a2c r10 = 0xd608ddd9 fp = 0xd60919e1
22:17:05 INFO - sp = 0xd8cccee0 lr = 0xd4028fdf pc = 0xd4028fdf
22:17:05 INFO - Found by: call frame info
22:17:05 INFO - 9 libxul.so!_cairo_scaled_font_map_destroy [cairo-scaled-font.c:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 426 + 0xb]
22:17:05 INFO - r4 = 0xd7c679dc r5 = 0xbe517580 r6 = 0xbe4e0000 r7 = 0xd8cccf28
22:17:05 INFO - r8 = 0xf606474c r9 = 0xd6091a2c r10 = 0xd608ddd9 fp = 0xd60919e1
22:17:05 INFO - sp = 0xd8cccf00 lr = 0xd4028c87 pc = 0xd4028c87
22:17:05 INFO - Found by: call frame info
22:17:05 INFO - 10 libxul.so!_moz_cairo_debug_reset_static_data [cairo-debug.c:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 64 + 0x3]
22:17:05 INFO - r4 = 0xc0a96a80 r5 = 0xc0a96aa0 r6 = 0xd7bd5584 r7 = 0xd8cccf30
22:17:05 INFO - r8 = 0xf60691b8 r9 = 0xd8ccd058 r10 = 0xd8ccd021 fp = 0xf60691b8
22:17:05 INFO - sp = 0xd8cccf30 lr = 0xd40096f1 pc = 0xd40096f1
22:17:05 INFO - Found by: call frame info
22:17:05 INFO - 11 libxul.so!gfxPlatform::~gfxPlatform() [gfxPlatform.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 1349 + 0x3]
22:17:05 INFO - r4 = 0xc0a96a80 r5 = 0xc0a96aa0 r6 = 0xd7bd5584 r7 = 0xd8cccf48
22:17:05 INFO - r8 = 0xf60691b8 r9 = 0xd8ccd058 r10 = 0xd8ccd021 fp = 0xf60691b8
22:17:05 INFO - sp = 0xd8cccf38 lr = 0xd29b6c77 pc = 0xd29b6c77
22:17:05 INFO - Found by: call frame info
22:17:05 INFO - 12 libxul.so!gfxAndroidPlatform::~gfxAndroidPlatform() [gfxAndroidPlatform.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 101 + 0x7]
22:17:05 INFO - r4 = 0xd7bda874 r5 = 0xd1f7ce9d r6 = 0xd7bd5584 r7 = 0xd8cccf50
22:17:05 INFO - r8 = 0xf60691b8 r9 = 0xd8ccd058 r10 = 0xd8ccd021 fp = 0xf60691b8
22:17:05 INFO - sp = 0xd8cccf50 lr = 0xd29a93b5 pc = 0xd29a93b5
22:17:05 INFO - Found by: call frame info
22:17:05 INFO - 13 libxul.so!gfxPlatform::Shutdown() [gfxPlatform.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 1255 + 0xb]
22:17:05 INFO - r4 = 0xd7bda874 r5 = 0xd1f7ce9d r6 = 0xd7bd5584 r7 = 0xd8cccf68
22:17:05 INFO - r8 = 0xf60691b8 r9 = 0xd8ccd058 r10 = 0xd8ccd021 fp = 0xf60691b8
22:17:05 INFO - sp = 0xd8cccf58 lr = 0xd29b6861 pc = 0xd29b6861
22:17:05 INFO - Found by: call frame info
22:17:05 INFO - 14 libxul.so!nsLayoutModuleDtor() [nsLayoutModule.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 266 + 0x3]
22:17:05 INFO - r4 = 0xd7f511c0 r5 = 0xd1f7ce9d r6 = 0xd7bd5584 r7 = 0xd8cccf70
22:17:05 INFO - r8 = 0xf60691b8 r9 = 0xd8ccd058 r10 = 0xd8ccd021 fp = 0xf60691b8
22:17:05 INFO - sp = 0xd8cccf70 lr = 0xd3e024c1 pc = 0xd3e024c1
22:17:05 INFO - Found by: call frame info
22:17:05 INFO - 15 libxul.so!nsComponentManagerImpl::Shutdown() [nsComponentManager.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 945 + 0x3]
22:17:05 INFO - r4 = 0xd7f511c0 r5 = 0xd1f7ce9d r6 = 0xd7bd5584 r7 = 0xd8cccf80
22:17:05 INFO - r8 = 0xf60691b8 r9 = 0xd8ccd058 r10 = 0xd8ccd021 fp = 0xf60691b8
22:17:05 INFO - sp = 0xd8cccf78 lr = 0xd1fbf9bb pc = 0xd1fbf9bb
22:17:05 INFO - Found by: call frame info
22:17:05 INFO - 16 libxul.so!mozilla::ShutdownXPCOM(nsIServiceManager*) [XPCOMInit.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 724 + 0x3]
22:17:05 INFO - r4 = 0x00000000 r5 = 0xd8cccf90 r6 = 0xd7bd5584 r7 = 0xd8cccfb0
22:17:05 INFO - r8 = 0xf60691b8 r9 = 0xd8ccd058 r10 = 0xd8ccd021 fp = 0xf60691b8
22:17:05 INFO - sp = 0xd8cccf88 lr = 0xd1ff1485 pc = 0xd1ff1485
22:17:05 INFO - Found by: call frame info
22:17:05 INFO - 17 libxul.so!ScopedXPCOMStartup::~ScopedXPCOMStartup() [nsAppRunner.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 1248 + 0x5]
22:17:05 INFO - r4 = 0xd7f010d4 r5 = 0xf60691b8 r6 = 0x00000000 r7 = 0xd8cccfe0
22:17:05 INFO - r8 = 0xd8ccd070 r9 = 0xd8ccd058 r10 = 0xd8ccd021 fp = 0xf60691b8
22:17:05 INFO - sp = 0xd8cccfb8 lr = 0xd45f161f pc = 0xd45f161f
22:17:05 INFO - Found by: call frame info
Keywords: intermittent-failure,
regression
Priority: -- → P3
| Comment hidden (Intermittent Failures Robot) |
|
Assignee | |
Comment 3•1 year ago
|
||
This is because gfxAndroidPlatform's destructor calls FT_Done_Library, which frees all the FT_Faces instantiated by that library, before cairo_debug_reset_static_data() is called in gfxPlatform's inherited destructor, which then tries to free all the lingering FT_Faces as well.
I am currently investigating a potential fix.
|
|
Assignee | |
Comment 4•1 year ago
|
||
Pushed by lsalzman@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/0d9f920680e3 reset Cairo data in WillShutdown before gfxPlatform destructor is called. r=jfkthame
|
||
Comment 6•1 year ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 1 year ago
status-firefox69:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla69
Assignee: nobody → lsalzman
|
||
Updated•1 year ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•