Closed Bug 1559957 Opened 2 years ago Closed 2 years ago

WR on Pixel 2 crashes in [@ FT_Done_Face]

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla69

Tracking Flags:

Tracking

Status

firefox-esr60

---

wontfix

firefox67

---

wontfix

firefox68

---

wontfix

firefox69

---

fixed

People

(Reporter: intermittent-bug-filer, Assigned: lsalzman)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1559957 - reset Cairo data in WillShutdown before gfxPlatform destructor is called. r?jfkthame 2 years ago Lee Salzman [:lsalzman] 47 bytes, text/x-phabricator-request		Details \| Review

Treeherder Bug Filer

Reporter

Description

•

2 years ago

treeherder

Filed by: kgupta [at] mozilla.com
Parsed log: https://treeherder.mozilla.org/logviewer.html#?job_id=252209984&repo=try
Full log: https://queue.taskcluster.net/v1/task/YIBh6D5uQqiigZW6CL_U-Q/runs/0/artifacts/public/logs/live_backing.log

Looks like a double free of font stuff during shutdown

Kartikaya Gupta (email:kats@mozilla.staktrace.com)

Comment 1

•

2 years ago

22:17:05     INFO -  Crash reason:  SIGSEGV /SEGV_ACCERR
22:17:05     INFO -  Crash address: 0xe5e5e625
22:17:05     INFO -  Process uptime: not available
22:17:05     INFO -  Thread 11 (crashed)
22:17:05     INFO -   0  libxul.so!FT_Done_Face [ftobjs.c:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 2776 + 0x4]
22:17:05     INFO -       r0 = 0xe5e5e5e5    r1 = 0xd8ccce48    r2 = 0x00000001    r3 = 0x80000000
22:17:05     INFO -       r4 = 0xc0af7800    r5 = 0xf60691b8    r6 = 0xd8ccce3c    r7 = 0xd8ccce30
22:17:05     INFO -       r8 = 0xd8ccce40    r9 = 0xd6091a2c   r10 = 0xd608ddd9   r12 = 0xd465eaf5
22:17:05     INFO -       fp = 0xd60919e1    sp = 0xd8ccce18    lr = 0xd28056e1    pc = 0xd465eb08
22:17:05     INFO -      Found by: given as instruction pointer in context
22:17:05     INFO -   1  libxul.so!mozilla::gfx::Factory::ReleaseFTFace(FT_FaceRec_*) [Factory.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 731 + 0x5]
22:17:05     INFO -       r4 = 0xc0af7800    r5 = 0xf60691b8    r6 = 0xd8ccce3c    r7 = 0xd8ccce60
22:17:05     INFO -       r8 = 0xd8ccce40    r9 = 0xd6091a2c   r10 = 0xd608ddd9    fp = 0xd60919e1
22:17:05     INFO -       sp = 0xd8ccce38    lr = 0xd28056e1    pc = 0xd28056e1
22:17:05     INFO -      Found by: call frame info
22:17:05     INFO -   2  libxul.so!mozilla::gfx::NativeFontResourceFreeType::~NativeFontResourceFreeType() [NativeFontResourceFreeType.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 20 + 0x3]
22:17:05     INFO -       r4 = 0xbe50f140    r5 = 0x00000001    r6 = 0xbe5020d4    r7 = 0xd8ccce70
22:17:05     INFO -       r8 = 0xf606474c    r9 = 0xd6091a2c   r10 = 0xd608ddd9    fp = 0xd60919e1
22:17:05     INFO -       sp = 0xd8ccce68    lr = 0xd2816923    pc = 0xd2816923
22:17:05     INFO -      Found by: call frame info
22:17:05     INFO -   3  libxul.so!mozilla::gfx::NativeFontResourceFreeType::~NativeFontResourceFreeType() [NativeFontResourceFreeType.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 18 + 0x7]
22:17:05     INFO -       r4 = 0xbe5121fc    r5 = 0x00000001    r6 = 0xbe5020d4    r7 = 0xd8ccce78
22:17:05     INFO -       r8 = 0xf606474c    r9 = 0xd6091a2c   r10 = 0xd608ddd9    fp = 0xd60919e1
22:17:05     INFO -       sp = 0xd8ccce78    lr = 0xd2816945    pc = 0xd2816945
22:17:05     INFO -      Found by: call frame info
22:17:05     INFO -   4  libxul.so!_cairo_user_data_array_fini [cairo-array.c:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 417 + 0x1]
22:17:05     INFO -       r4 = 0xbe5121fc    r5 = 0x00000001    r6 = 0xbe5020d4    r7 = 0xd8ccce90
22:17:05     INFO -       r8 = 0xf606474c    r9 = 0xd6091a2c   r10 = 0xd608ddd9    fp = 0xd60919e1
22:17:05     INFO -       sp = 0xd8ccce80    lr = 0xd400689b    pc = 0xd400689b
22:17:05     INFO -      Found by: call frame info
22:17:05     INFO -   5  libxul.so!_moz_cairo_font_face_destroy [cairo-font-face.c:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 162 + 0x7]
22:17:05     INFO -       r4 = 0xbe5121f0    r5 = 0xbe5121f8    r6 = 0xbe5176e8    r7 = 0xd8cccea8
22:17:05     INFO -       r8 = 0xf606474c    r9 = 0xd6091a2c   r10 = 0xd608ddd9    fp = 0xd60919e1
22:17:05     INFO -       sp = 0xd8ccce98    lr = 0xd400e877    pc = 0xd400e877
22:17:05     INFO -      Found by: call frame info
22:17:05     INFO -   6  libxul.so!_cairo_ft_unscaled_font_destroy [cairo-ft-font.c:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 662 + 0x7]
22:17:05     INFO -       r4 = 0xbe51e100    r5 = 0xbe51e1b0    r6 = 0xbe5176e8    r7 = 0xd8cccec0
22:17:05     INFO -       r8 = 0xf606474c    r9 = 0xd6091a2c   r10 = 0xd608ddd9    fp = 0xd60919e1
22:17:05     INFO -       sp = 0xd8ccceb0    lr = 0xd3ff6cfb    pc = 0xd3ff6cfb
22:17:05     INFO -      Found by: call frame info
22:17:05     INFO -   7  libxul.so!_cairo_unscaled_font_destroy [cairo-font-face.c:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 323 + 0x7]
22:17:05     INFO -       r4 = 0xbe51e100    r5 = 0xbe517580    r6 = 0xbe5176e8    r7 = 0xd8ccced8
22:17:05     INFO -       r8 = 0xf606474c    r9 = 0xd6091a2c   r10 = 0xd608ddd9    fp = 0xd60919e1
22:17:05     INFO -       sp = 0xd8cccec8    lr = 0xd400ea0b    pc = 0xd400ea0b
22:17:05     INFO -      Found by: call frame info
22:17:05     INFO -   8  libxul.so!_cairo_scaled_font_fini_internal [cairo-scaled-font.c:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 843 + 0x3]
22:17:05     INFO -       r4 = 0xbe517580    r5 = 0xbe517580    r6 = 0xbe5176e8    r7 = 0xd8cccef8
22:17:05     INFO -       r8 = 0xf606474c    r9 = 0xd6091a2c   r10 = 0xd608ddd9    fp = 0xd60919e1
22:17:05     INFO -       sp = 0xd8cccee0    lr = 0xd4028fdf    pc = 0xd4028fdf
22:17:05     INFO -      Found by: call frame info
22:17:05     INFO -   9  libxul.so!_cairo_scaled_font_map_destroy [cairo-scaled-font.c:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 426 + 0xb]
22:17:05     INFO -       r4 = 0xd7c679dc    r5 = 0xbe517580    r6 = 0xbe4e0000    r7 = 0xd8cccf28
22:17:05     INFO -       r8 = 0xf606474c    r9 = 0xd6091a2c   r10 = 0xd608ddd9    fp = 0xd60919e1
22:17:05     INFO -       sp = 0xd8cccf00    lr = 0xd4028c87    pc = 0xd4028c87
22:17:05     INFO -      Found by: call frame info
22:17:05     INFO -  10  libxul.so!_moz_cairo_debug_reset_static_data [cairo-debug.c:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 64 + 0x3]
22:17:05     INFO -       r4 = 0xc0a96a80    r5 = 0xc0a96aa0    r6 = 0xd7bd5584    r7 = 0xd8cccf30
22:17:05     INFO -       r8 = 0xf60691b8    r9 = 0xd8ccd058   r10 = 0xd8ccd021    fp = 0xf60691b8
22:17:05     INFO -       sp = 0xd8cccf30    lr = 0xd40096f1    pc = 0xd40096f1
22:17:05     INFO -      Found by: call frame info
22:17:05     INFO -  11  libxul.so!gfxPlatform::~gfxPlatform() [gfxPlatform.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 1349 + 0x3]
22:17:05     INFO -       r4 = 0xc0a96a80    r5 = 0xc0a96aa0    r6 = 0xd7bd5584    r7 = 0xd8cccf48
22:17:05     INFO -       r8 = 0xf60691b8    r9 = 0xd8ccd058   r10 = 0xd8ccd021    fp = 0xf60691b8
22:17:05     INFO -       sp = 0xd8cccf38    lr = 0xd29b6c77    pc = 0xd29b6c77
22:17:05     INFO -      Found by: call frame info
22:17:05     INFO -  12  libxul.so!gfxAndroidPlatform::~gfxAndroidPlatform() [gfxAndroidPlatform.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 101 + 0x7]
22:17:05     INFO -       r4 = 0xd7bda874    r5 = 0xd1f7ce9d    r6 = 0xd7bd5584    r7 = 0xd8cccf50
22:17:05     INFO -       r8 = 0xf60691b8    r9 = 0xd8ccd058   r10 = 0xd8ccd021    fp = 0xf60691b8
22:17:05     INFO -       sp = 0xd8cccf50    lr = 0xd29a93b5    pc = 0xd29a93b5
22:17:05     INFO -      Found by: call frame info
22:17:05     INFO -  13  libxul.so!gfxPlatform::Shutdown() [gfxPlatform.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 1255 + 0xb]
22:17:05     INFO -       r4 = 0xd7bda874    r5 = 0xd1f7ce9d    r6 = 0xd7bd5584    r7 = 0xd8cccf68
22:17:05     INFO -       r8 = 0xf60691b8    r9 = 0xd8ccd058   r10 = 0xd8ccd021    fp = 0xf60691b8
22:17:05     INFO -       sp = 0xd8cccf58    lr = 0xd29b6861    pc = 0xd29b6861
22:17:05     INFO -      Found by: call frame info
22:17:05     INFO -  14  libxul.so!nsLayoutModuleDtor() [nsLayoutModule.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 266 + 0x3]
22:17:05     INFO -       r4 = 0xd7f511c0    r5 = 0xd1f7ce9d    r6 = 0xd7bd5584    r7 = 0xd8cccf70
22:17:05     INFO -       r8 = 0xf60691b8    r9 = 0xd8ccd058   r10 = 0xd8ccd021    fp = 0xf60691b8
22:17:05     INFO -       sp = 0xd8cccf70    lr = 0xd3e024c1    pc = 0xd3e024c1
22:17:05     INFO -      Found by: call frame info
22:17:05     INFO -  15  libxul.so!nsComponentManagerImpl::Shutdown() [nsComponentManager.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 945 + 0x3]
22:17:05     INFO -       r4 = 0xd7f511c0    r5 = 0xd1f7ce9d    r6 = 0xd7bd5584    r7 = 0xd8cccf80
22:17:05     INFO -       r8 = 0xf60691b8    r9 = 0xd8ccd058   r10 = 0xd8ccd021    fp = 0xf60691b8
22:17:05     INFO -       sp = 0xd8cccf78    lr = 0xd1fbf9bb    pc = 0xd1fbf9bb
22:17:05     INFO -      Found by: call frame info
22:17:05     INFO -  16  libxul.so!mozilla::ShutdownXPCOM(nsIServiceManager*) [XPCOMInit.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 724 + 0x3]
22:17:05     INFO -       r4 = 0x00000000    r5 = 0xd8cccf90    r6 = 0xd7bd5584    r7 = 0xd8cccfb0
22:17:05     INFO -       r8 = 0xf60691b8    r9 = 0xd8ccd058   r10 = 0xd8ccd021    fp = 0xf60691b8
22:17:05     INFO -       sp = 0xd8cccf88    lr = 0xd1ff1485    pc = 0xd1ff1485
22:17:05     INFO -      Found by: call frame info
22:17:05     INFO -  17  libxul.so!ScopedXPCOMStartup::~ScopedXPCOMStartup() [nsAppRunner.cpp:2410734f6659fb4bc5f852c10d4294dd9536ba85 : 1248 + 0x5]
22:17:05     INFO -       r4 = 0xd7f010d4    r5 = 0xf60691b8    r6 = 0x00000000    r7 = 0xd8cccfe0
22:17:05     INFO -       r8 = 0xd8ccd070    r9 = 0xd8ccd058   r10 = 0xd8ccd021    fp = 0xf60691b8
22:17:05     INFO -       sp = 0xd8cccfb8    lr = 0xd45f161f    pc = 0xd45f161f
22:17:05     INFO -      Found by: call frame info

Keywords: intermittent-failure, regression

Priority: -- → P3

Comment hidden (Intermittent Failures Robot)

Lee Salzman [:lsalzman]

Assignee

Comment 3

•

2 years ago

This is because gfxAndroidPlatform's destructor calls FT_Done_Library, which frees all the FT_Faces instantiated by that library, before cairo_debug_reset_static_data() is called in gfxPlatform's inherited destructor, which then tries to free all the lingering FT_Faces as well.

I am currently investigating a potential fix.

Lee Salzman [:lsalzman]

Assignee

Comment 4

•

2 years ago

Attached file Bug 1559957 - reset Cairo data in WillShutdown before gfxPlatform destructor is called. r?jfkthame — Details

Pulsebot

Comment 5

•

2 years ago

Pushed by lsalzman@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/0d9f920680e3
reset Cairo data in WillShutdown before gfxPlatform destructor is called. r=jfkthame

Arthur Iakab [arthur_iakab]

Comment 6

•

2 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/0d9f920680e3

Status: NEW → RESOLVED

Closed: 2 years ago

status-firefox69: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla69

Release mgmt bot [:sylvestre / :calixte / :marco for bugbug]

Updated

•

2 years ago

Assignee: nobody → lsalzman

Ryan VanderMeulen [:RyanVM]

Updated

•

2 years ago

status-firefox67: --- → wontfix

status-firefox68: --- → wontfix

status-firefox-esr60: --- → wontfix

You need to log in before you can comment on or make changes to this bug.

Bugzilla

WR on Pixel 2 crashes in [@ FT_Done_Face]

Categories

(Core :: Graphics: WebRender, defect, P3)

Tracking

()

People

(Reporter: intermittent-bug-filer, Assigned: lsalzman)

References

Details

(Keywords: crash)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Comment 3

Comment 4

Comment 5

Comment 6

Updated

Updated