Closed
Bug 575013
Opened 14 years ago
Closed 11 years ago
crash [@ arena_avail_tree_remove]
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: philor, Unassigned)
References
Details
(Keywords: crash, intermittent-failure)
Crash Data
Attachments
(1 file)
|
19.16 KB,
text/plain
|
Details |
http://tinderbox.mozilla.org/showlog.cgi?log=Firefox/1277585354.1277586720.17943.gz Rev3 WINNT 6.1 mozilla-central opt test reftest-d2d on 2010/06/26 13:49:14 s: talos-r3-w7-006 PROCESS-CRASH | Shutdown | application crashed (minidump found) Operating system: Windows NT 6.1.7600 CPU: x86 GenuineIntel family 6 model 23 stepping 10 2 CPUs Crash reason: EXCEPTION_ACCESS_VIOLATION Crash address: 0xec Thread 0 (crashed) 0 mozcrt19.dll!arena_avail_tree_remove [jemalloc.c:3433ea03964f : 2773 + 0x436] eip = 0x6f2f6bb6 esp = 0x0016f410 ebp = 0x0ab00910 ebx = 0x00000001 esi = 0x00000000 edi = 0x00000000 eax = 0x06000580 ecx = 0x000000ec edx = 0x000000ed efl = 0x00210202 Found by: given as instruction pointer in context 1 mozcrt19.dll!arena_run_dalloc [jemalloc.c:3433ea03964f : 3377 + 0x2c] eip = 0x6f2f82ad esp = 0x0016f43c ebp = 0x00000099 ebx = 0x09f00000 Found by: call frame info 2 mozcrt19.dll!arena_dalloc_small [jemalloc.c:3433ea03964f : 4129 + 0x9] eip = 0x6f2f8441 esp = 0x0016f464 ebp = 0x09f00000 ebx = 0x003e0040 Found by: call frame info 3 mozcrt19.dll!arena_dalloc [jemalloc.c:3433ea03964f : 4227 + 0xa] eip = 0x6f2f852b esp = 0x0016f480 ebp = 0x09fcd5e0 Found by: call frame info 4 mozcrt19.dll!free [jemalloc.c:3433ea03964f : 6053 + 0x15] eip = 0x6f2f967f esp = 0x0016f498 ebp = 0x00000000 ebx = 0x05c7b7c0 Found by: call frame info 5 xul.dll!nsTArray_base::ShrinkCapacity(unsigned int) [nsTArray.cpp:3433ea03964f : 139 + 0x6] eip = 0x69a7c68a esp = 0x0016f4a4 ebp = 0x00000000 Found by: call frame info 6 xul.dll!nsTArray_base::ShiftData(unsigned int,unsigned int,unsigned int,unsigned int) [nsTArray.cpp:3433ea03964f : 164 + 0x9] eip = 0x69a7c610 esp = 0x0016f4b4 ebp = 0x00000000 Found by: call frame info with scanning 7 xul.dll!gfxGlyphExtents::GlyphWidths::~GlyphWidths() [gfxFont.cpp:3433ea03964f : 1533 + 0x10] eip = 0x69b7b1b7 esp = 0x0016f4c0 ebp = 0x69a7c610 Found by: call frame info with scanning 8 xul.dll!gfxFont::~gfxFont() [gfxFont.cpp:3433ea03964f : 946 + 0x21] eip = 0x69b487bb esp = 0x0016f4d4 ebp = 0x69a7c610 Found by: call frame info 9 xul.dll!gfxGDIFont::`scalar deleting destructor'(unsigned int) + 0x7 eip = 0x69b510ab esp = 0x0016f4ec ebp = 0x0016f508 Found by: call frame info with scanning 10 xul.dll!gfxFontCache::DestroyFont(gfxFont *) [gfxFont.cpp:3433ea03964f : 905 + 0x7] eip = 0x69b2b5e0 esp = 0x0016f4f4 ebp = 0x0016f508 Found by: call frame info with scanning 11 xul.dll!gfxFontCache::NotifyExpired(gfxFont *) [gfxFont.cpp:3433ea03964f : 893 + 0xa] eip = 0x69b51549 esp = 0x0016f510 ebp = 0x0016f530 Found by: previous frame's frame pointer 12 xul.dll!nsExpirationTracker<gfxFont,3>::AgeOneGeneration() [nsExpirationTracker.h:3433ea03964f : 210 + 0xa] eip = 0x69b5158f esp = 0x0016f51c ebp = 0x0016f530 Found by: call frame info with scanning 13 xul.dll!nsExpirationTracker<gfxFont,3>::AgeAllGenerations() [nsExpirationTracker.h:3433ea03964f : 234 + 0x6] eip = 0x69be63e8 esp = 0x0016f538 ebp = 0x0016f560 Found by: previous frame's frame pointer 14 xul.dll!gfxFontCache::~gfxFontCache() [gfxFont.h:3433ea03964f : 525 + 0x4] eip = 0x69bf12ff esp = 0x0016f544 ebp = 0x0016f560 Found by: call frame info with scanning 15 xul.dll!gfxFontCache::`scalar deleting destructor'(unsigned int) + 0x6 eip = 0x69c049ed esp = 0x0016f54c ebp = 0x0016f560 Found by: call frame info with scanning 16 xul.dll!gfxFontCache::Shutdown() [gfxFont.cpp:3433ea03964f : 818 + 0xe] eip = 0x69c049dd esp = 0x0016f550 ebp = 0x0016f560 Found by: call frame info 17 xul.dll!gfxPlatform::Shutdown() [gfxPlatform.cpp:3433ea03964f : 297 + 0x4] eip = 0x69bf5da0 esp = 0x0016f558 ebp = 0x0016f560 Found by: call frame info with scanning
|
||
Comment 1•14 years ago
|
||
Any idea how a GDIFont ended up in the font cache on a D2D build?
Similar crash tickled by different code http://tinderbox.mozilla.org/showlog.cgi?log=Firefox/1278982230.1278983716.13264.gz#err0 Rev3 WINNT 6.1 mozilla-central opt test reftest on 2010/07/12 17:50:30 Crash reason: EXCEPTION_ACCESS_VIOLATION Crash address: 0xec Thread 0 (crashed) 0 mozcrt19.dll!arena_avail_tree_remove [jemalloc.c:9bd68d16390e : 2773 + 0x436] eip = 0x70a26bb6 esp = 0x0024f900 ebp = 0x003700ec ebx = 0x00000001 esi = 0x00000000 edi = 0x00001000 eax = 0x00500478 ecx = 0x000000ec edx = 0x000000ed efl = 0x00210202 Found by: given as instruction pointer in context 1 mozcrt19.dll!arena_run_dalloc [jemalloc.c:9bd68d16390e : 3352 + 0x1d] eip = 0x70a2823c esp = 0x0024f92c ebp = 0x0000001f ebx = 0x06100000 Found by: call frame info 2 mozcrt19.dll!arena_dalloc_small [jemalloc.c:9bd68d16390e : 4129 + 0x9] eip = 0x70a28441 esp = 0x0024f954 ebp = 0x06100000 ebx = 0x00370040 Found by: call frame info 3 mozcrt19.dll!arena_dalloc [jemalloc.c:9bd68d16390e : 4227 + 0xa] eip = 0x70a2852b esp = 0x0024f970 ebp = 0x0611f490 Found by: call frame info 4 mozcrt19.dll!free [jemalloc.c:9bd68d16390e : 6053 + 0x15] eip = 0x70a2967f esp = 0x0024f988 ebp = 0x05f38000 ebx = 0x00000000 Found by: call frame info 5 mozjs.dll!js_string_uninterner [jsatom.cpp:9bd68d16390e : 469 + 0x3b] eip = 0x6e96bf66 esp = 0x0024f994 ebp = 0x05f38000 Found by: call frame info 6 mozjs.dll!JS_DHashTableEnumerate [jsdhash.cpp:9bd68d16390e : 743 + 0x15] eip = 0x6e939f66 esp = 0x0024f99c ebp = 0x05f38000 Found by: call frame info 7 mozjs.dll!js_FinishAtomState [jsatom.cpp:9bd68d16390e : 486 + 0x14] eip = 0x6e8e1c23 esp = 0x0024f9d4 ebp = 0x00000b34 Found by: call frame info with scanning 8 mozjs.dll!JSRuntime::~JSRuntime() [jsapi.cpp:9bd68d16390e : 613 + 0x6] eip = 0x6e967936 esp = 0x0024f9ec ebp = 0x00000b34 Found by: call frame info with scanning 9 mozjs.dll!JS_Finish [jsapi.cpp:9bd68d16390e : 713 + 0x8] eip = 0x6e96a4fa esp = 0x0024f9f4 ebp = 0x00000b34 Found by: call frame info with scanning 10 xul.dll!XPCJSRuntime::~XPCJSRuntime() [xpcjsruntime.cpp:9bd68d16390e : 1032 + 0x6] eip = 0x6a3280d5 esp = 0x0024f9fc ebp = 0x00000b34 Found by: call frame info with scanning 11 xul.dll!nsXPConnect::~nsXPConnect() [nsXPConnect.cpp:9bd68d16390e : 143 + 0x13] eip = 0x6a33eff3 esp = 0x0024fa10 ebp = 0x6a3280d5 Found by: call frame info with scanning 12 xul.dll!nsXPConnect::`scalar deleting destructor'(unsigned int) + 0x7 eip = 0x6a35a700 esp = 0x0024fa24 ebp = 0x0024faa4 Found by: call frame info with scanning 13 xul.dll!nsXPConnect::Release() [nsXPConnect.cpp:9bd68d16390e : 65 + 0x2f] eip = 0x6a1c1d30 esp = 0x0024fa2c ebp = 0x0024faa4 Found by: call frame info with scanning 14 xul.dll!nsScriptSecurityManager::Shutdown() [nsScriptSecurityManager.cpp:9bd68d16390e : 3428 + 0xe] eip = 0x6a33bae5 esp = 0x0024fa3c ebp = 0x0024faa4 Found by: call frame info with scanning 15 xul.dll!nsComponentManagerImpl::KnownModule::~KnownModule() [nsComponentManager.h:9bd68d16390e : 220 + 0x1] eip = 0x6a289a89 esp = 0x0024fa48 ebp = 0x0024faa4 Found by: call frame info with scanning 16 xul.dll!nsTArray<nsAutoPtr<nsComponentManagerImpl::KnownModule> >::DestructRange(unsigned int,unsigned int) [nsTArray.h:9bd68d16390e : 987 + 0xa] eip = 0x6a2bb14e esp = 0x0024fa4c ebp = 0x0024faa4 Found by: call frame info 17 xul.dll!nsTArray<nsAutoPtr<nsComponentManagerImpl::KnownModule> >::RemoveElementsAt(unsigned int,unsigned int) [nsTArray.h:9bd68d16390e : 718 + 0xc] eip = 0x6a3250ee esp = 0x0024fa5c ebp = 0x0024faa4 Found by: call frame info with scanning 18 xul.dll!nsComponentManagerImpl::Shutdown() [nsComponentManager.cpp:9bd68d16390e : 1010 + 0xf] eip = 0x6a33264e esp = 0x0024fa64 ebp = 0x0024faa4 Found by: call frame info 19 xul.dll + 0xa5e2b3 eip = 0x6ab5e2b4 esp = 0x0024fa70 ebp = 0x0024faa4 Found by: call frame info 20 xul.dll!ScopedXPCOMStartup::~ScopedXPCOMStartup() [nsAppRunner.cpp:9bd68d16390e : 1082 + 0x6] eip = 0x6a324fdf esp = 0x0024faac ebp = 0x0024fab8 Found by: previous frame's frame pointer 21 xul.dll!XRE_main [nsAppRunner.cpp:9bd68d16390e : 3668 + 0x11] eip = 0x6a294e42 esp = 0x0024fac0 ebp = 0x0024fd2c Found by: previous frame's frame pointer
Summary: Intermittent reftest-d2d shutdown crash [@ arena_avail_tree_remove][@ gfxGlyphExtents::GlyphWidths::~GlyphWidths()] → Intermittent reftest-d2d and reftest shutdown crash [@ arena_avail_tree_remove]
| Comment hidden (Legacy TBPL/Treeherder Robot) |
| Comment hidden (Legacy TBPL/Treeherder Robot) |
|
||
Comment 5•13 years ago
|
||
Users are seeing this crash as well, see https://crash-stats.mozilla.com/report/list?signature=arena_avail_tree_remove
|
||
Comment 6•13 years ago
|
||
We're not seeing the reftest crashes anymore on Tinderbox. But we still have many crashes with this signature (500+ crashes on Firefox 8 over the past 4 weeks). A lot of these are in js, but some are in gfx, for example: bp-44bf947d-5a46-46ad-bc66-379af2111209 bp-309185a6-862f-431a-adc9-5f8432111209
Crash Signature: [@ arena_avail_tree_remove]
Keywords: crash
Summary: Intermittent reftest-d2d and reftest shutdown crash [@ arena_avail_tree_remove] → crash [@ arena_avail_tree_remove]
|
Assignee | |
Updated•12 years ago
|
Keywords: intermittent-failure
|
|
Assignee | |
Updated•12 years ago
|
Whiteboard: [orange]
|
||
Updated•12 years ago
|
Crash Signature: [@ arena_avail_tree_remove] → [@ arena_avail_tree_remove]
[@ arena_avail_tree_remove | arena_run_dalloc | arena_dalloc_small | arena_dalloc | free | nsTArray_base::ShrinkCapacity(unsigned int)]
|
||
Comment 7•11 years ago
|
||
Resolving WFM keyword:intermittent-failure bugs last modified >3 months ago, whose whiteboard contains none of:
{random,disabled,marked,fuzzy,todo,fails,failing,annotated,time-bomb,leave open}
There will inevitably be some false positives; for that (and the bugspam) I apologise. Filter on orangewfm.Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•