Open Bug 586594 Opened 14 years ago Updated 2 years ago

[QT][E10S] Content process of Qt-Fennec crashes when closing the main window

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Platform:
x86
Linux
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
e10s - ---

People

(Reporter: tero.koskinen, Unassigned)

Details

Attachments

(1 file)

Investigatory Patch
733 bytes, patch
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; fi-FI; rv:1.9.2.7) Gecko/20100715 Ubuntu/10.04 (lucid) Firefox/3.6.7
Build Identifier: 

Qt version of Fennec crashes when one tries to close the main window (and whole Fennec).

$ gdb /work/tkoskine/mobile/mc-e10s-mobile-qt-debug-trunk13/mobile/dist/bin/xulrunner/plugin-container 19028
GNU gdb (GDB) 7.1-ubuntu
...
0xb7768832 in ?? () from /lib/ld-linux.so.2
(gdb) bt
#0  0xb7768832 in ?? () from /lib/ld-linux.so.2
#1  0xb43abce6 in nanosleep () from /lib/tls/i686/cmov/libc.so.6
#2  0xb43abb10 in sleep () from /lib/tls/i686/cmov/libc.so.6
#3  0xb57bc7fd in ah_crap_handler (signum=11) at /work/tkoskine/mobile/mc-e10s/toolkit/xre/nsSigHandlers.cpp:132
#4  0xb57bc856 in child_ah_crap_handler (signum=11) at /work/tkoskine/mobile/mc-e10s/toolkit/xre/nsSigHandlers.cpp:145
#5  <signal handler called>
#6  0xb39cd2b3 in XFreePixmap () from /usr/lib/libX11.so.6
#7  0xb6de68ce in ~gfxXlibSurface (this=0xae13fd00, __in_chrg=<value optimized out>) at /work/tkoskine/mobile/mc-e10s/gfx/thebes/gfxXlibSurface.cpp:106
#8  0xb6dac304 in gfxASurface::SurfaceDestroyFunc (data=0xae13fd00) at /work/tkoskine/mobile/mc-e10s/gfx/thebes/gfxASurface.cpp:131
#9  0xb6e95aac in _cairo_user_data_array_fini (array=0xb2ab1b3c) at /work/tkoskine/mobile/mc-e10s/gfx/cairo/cairo/src/cairo-array.c:389
#10 0xb6ebadfe in *INT__moz_cairo_surface_destroy (surface=0xb2ab1b20) at /work/tkoskine/mobile/mc-e10s/gfx/cairo/cairo/src/cairo-surface.c:583
#11 0xb6dac28e in gfxASurface::Release (this=0xae13fd00) at /work/tkoskine/mobile/mc-e10s/gfx/thebes/gfxASurface.cpp:112
#12 0xb59c23d2 in ~nsRefPtr (this=0xae166944, __in_chrg=<value optimized out>) at ../../../dist/include/nsAutoPtr.h:969
#13 0xb59c4302 in ~imgFrame (this=0xae166940, __in_chrg=<value optimized out>) at /work/tkoskine/mobile/mc-e10s/modules/libpr0n/src/imgFrame.cpp:185
#14 0xb59b9cc1 in ~imgContainer (this=0xafbf6b00, __in_chrg=<value optimized out>) at /work/tkoskine/mobile/mc-e10s/modules/libpr0n/src/imgContainer.cpp:179
#15 0xb59b9146 in imgContainer::Release (this=0xafbf6b00) at /work/tkoskine/mobile/mc-e10s/modules/libpr0n/src/imgContainer.cpp:136
#16 0xb59c20f1 in ~nsRefPtr (this=0xafbcb3b4, __in_chrg=<value optimized out>) at ../../../dist/include/nsAutoPtr.h:969
#17 0xb59d6361 in ~imgRequest (this=0xafbcb380, __in_chrg=<value optimized out>) at /work/tkoskine/mobile/mc-e10s/modules/libpr0n/src/imgRequest.cpp:184
#18 0xb59d55f4 in imgRequest::Release (this=0xafbcb380) at /work/tkoskine/mobile/mc-e10s/modules/libpr0n/src/imgRequest.cpp:162
#19 0xb59d175b in ~nsRefPtr (this=0xae148768, __in_chrg=<value optimized out>) at ../../../dist/include/nsAutoPtr.h:969
#20 0xb59c8b8d in ~imgCacheEntry (this=0xae148760, __in_chrg=<value optimized out>) at /work/tkoskine/mobile/mc-e10s/modules/libpr0n/src/imgLoader.cpp:517
#21 0xb59d08fa in imgCacheEntry::Release (this=0xae148760) at /work/tkoskine/mobile/mc-e10s/modules/libpr0n/src/imgLoader.h:95
#22 0xb59d1b40 in ~nsRefPtr (this=0xae039158, __in_chrg=<value optimized out>) at ../../../dist/include/nsAutoPtr.h:969
#23 0xb59d4c6f in nsTArrayElementTraits<nsRefPtr<imgCacheEntry> >::Destruct (e=0xae039158) at ../../../dist/include/nsTArray.h:204
#24 0xb59d4b11 in nsTArray<nsRefPtr<imgCacheEntry> >::DestructRange (this=0xbfec4ec8, start=0, count=9) at ../../../dist/include/nsTArray.h:987
#25 0xb59d44e5 in nsTArray<nsRefPtr<imgCacheEntry> >::RemoveElementsAt (this=0xbfec4ec8, start=0, count=9) at ../../../dist/include/nsTArray.h:718
#26 0xb59d3a2c in nsTArray<nsRefPtr<imgCacheEntry> >::Clear (this=0xbfec4ec8) at ../../../dist/include/nsTArray.h:729
#27 0xb59d2747 in ~nsTArray (this=0xbfec4ec8, __in_chrg=<value optimized out>) at ../../../dist/include/nsTArray.h:274
#28 0xb59ccf82 in imgLoader::EvictEntries (aCacheToClear=...) at /work/tkoskine/mobile/mc-e10s/modules/libpr0n/src/imgLoader.cpp:1484
#29 0xb59cafce in imgLoader::ClearChromeImageCache () at /work/tkoskine/mobile/mc-e10s/modules/libpr0n/src/imgLoader.cpp:980
#30 0xb59caf4c in imgLoader::Shutdown () at /work/tkoskine/mobile/mc-e10s/modules/libpr0n/src/imgLoader.cpp:971
#31 0xb59b8c26 in imglib_Shutdown () at /work/tkoskine/mobile/mc-e10s/modules/libpr0n/build/nsImageModule.cpp:260
#32 0xb6cc1577 in ~KnownModule (this=0xb358a470, __in_chrg=<value optimized out>) at /work/tkoskine/mobile/mc-e10s/xpcom/components/nsComponentManager.h:214
#33 0xb6cc4acc in ~nsAutoPtr (this=0xb357d2ac, __in_chrg=<value optimized out>) at ../../dist/include/nsAutoPtr.h:104
#34 0xb6cc49bb in nsTArrayElementTraits<nsAutoPtr<nsComponentManagerImpl::KnownModule> >::Destruct (e=0xb357d2ac) at ../../dist/include/nsTArray.h:204
#35 0xb6cc44af in nsTArray<nsAutoPtr<nsComponentManagerImpl::KnownModule> >::DestructRange (this=0xb352c3a8, start=0, count=48) at ../../dist/include/nsTArray.h:987
#36 0xb6cc368b in nsTArray<nsAutoPtr<nsComponentManagerImpl::KnownModule> >::RemoveElementsAt (this=0xb352c3a8, start=0, count=48) at ../../dist/include/nsTArray.h:718
#37 0xb6cc21c2 in nsTArray<nsAutoPtr<nsComponentManagerImpl::KnownModule> >::Clear (this=0xb352c3a8) at ../../dist/include/nsTArray.h:729
---Type <return> to continue, or q <return> to quit---
#38 0xb6cbe5d0 in nsComponentManagerImpl::Shutdown (this=0xb352c300) at /work/tkoskine/mobile/mc-e10s/xpcom/components/nsComponentManager.cpp:986
#39 0xb6c621db in mozilla::ShutdownXPCOM (servMgr=0x0) at /work/tkoskine/mobile/mc-e10s/xpcom/build/nsXPComInit.cpp:708
#40 0xb6c61c8e in NS_ShutdownXPCOM_P (servMgr=0x0) at /work/tkoskine/mobile/mc-e10s/xpcom/build/nsXPComInit.cpp:580
#41 0xb57bcdf6 in XRE_TermEmbedding () at /work/tkoskine/mobile/mc-e10s/toolkit/xre/nsEmbedFunctions.cpp:219
#42 0xb6afd8d3 in mozilla::ipc::ScopedXREEmbed::Stop (this=0xb351f1bc) at /work/tkoskine/mobile/mc-e10s/ipc/glue/ScopedXREEmbed.cpp:100
#43 0xb6ac2806 in mozilla::dom::ContentProcess::CleanUp (this=0xb351f020) at /work/tkoskine/mobile/mc-e10s/dom/ipc/ContentProcess.cpp:63
#44 0xb57bd3cb in XRE_InitChildProcess (aArgc=1, aArgv=0xbfec5db4, aProcess=GeckoProcessType_Content) at /work/tkoskine/mobile/mc-e10s/toolkit/xre/nsEmbedFunctions.cpp:437
#45 0x080492b0 in main (argc=3, argv=0xbfec5db4) at /work/tkoskine/mobile/mc-e10s/ipc/app/MozillaRuntimeMain.cpp:87
(gdb)


Reproducible: Always

Steps to Reproduce:
1. Build Fennec with --enable-default-toolkit=cairo-qt option
2. Open Fennec with browser.tabs.remote set to true
3. Open a web page, for example www.google.com
4. Close Fennec's window
5. Ask yes if Fennec asks to confirm the close.
Actual Results:  
Crash in XFreePixmap.

Expected Results:  
Fennec exits cleanly.

Platform:
 Ubuntu Linux 10.04/i386

Used revisions:
 4c38f7705a71 from http://hg.mozilla.org/mozilla-central
 2c8340d06d8d from http://hg.mozilla.org/mobile-browser

mozconfig:
# Options for client.mk.
mk_add_options MOZ_BUILD_PROJECTS="xulrunner mobile"
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/../mc-e10s-mobile-qt-debug-trunk13

# Global options
ac_add_options --enable-debug
ac_add_options --disable-optimize
ac_add_options --enable-tests
ac_add_options --disable-crashreporter

# XULRunner options
ac_add_app_options xulrunner --enable-application=xulrunner
ac_add_app_options xulrunner --disable-javaxpcom

# mobile options
ac_add_app_options mobile --enable-application=mobile
ac_add_app_options mobile --with-libxul-sdk=../xulrunner/dist

ac_add_app_options mobile --enable-chrome-format=flat

ac_add_options --enable-default-toolkit=cairo-qt
ac_add_options --disable-crashreporter

ac_add_options --enable-ipc

# export MOZ_MAKE_FLAGS=-j9
# mk_add_options MOZ_MAKE_FLAGS=-j9
##END

Note: The crash does not happen with GTK version.
Summary: [E10S] Content process of Qt-Fennec crashes when closing the main window → [QT][E10S] Content process of Qt-Fennec crashes when closing the main window
Status: UNCONFIRMED → NEW
Ever confirmed: true
I can confirm this bug, with the following stack trace (up to date mozilla-central),

(gdb) where
#0  0x00007f8d9234938d in nanosleep () from /lib/libc.so.6
#1  0x00007f8d92349200 in sleep () from /lib/libc.so.6
#2  0x00007f8d953f6e4f in ah_crap_handler (signum=11) at /home/alon/Dev/mozilla-central/toolkit/xre/nsSigHandlers.cpp:132
#3  0x00007f8d953f6e9a in child_ah_crap_handler (signum=11) at /home/alon/Dev/mozilla-central/toolkit/xre/nsSigHandlers.cpp:145
#4  <signal handler called>
#5  0x00007f8d8fb0a408 in XFreePixmap () from /usr/lib/libX11.so.6
#6  0x00007f8d96c0c8e0 in ~gfxXlibSurface (this=0x7f8d7c40c840, __in_chrg=<value optimized out>)
    at /home/alon/Dev/mozilla-central/gfx/thebes/gfxXlibSurface.cpp:107
#7  0x00007f8d96bcb18c in gfxASurface::SurfaceDestroyFunc (data=0x7f8d7c40c840)
    at /home/alon/Dev/mozilla-central/gfx/thebes/gfxASurface.cpp:131
#8  0x00007f8d96f5d6ef in _cairo_user_data_array_fini (array=0x7f8d7c74b020)
    at /home/alon/Dev/mozilla-central/gfx/cairo/cairo/src/cairo-array.c:389
#9  0x00007f8d96f86293 in *INT__moz_cairo_surface_destroy (surface=0x7f8d7c74b000)
    at /home/alon/Dev/mozilla-central/gfx/cairo/cairo/src/cairo-surface.c:583
#10 0x00007f8d96bcb101 in gfxASurface::Release (this=0x7f8d7c40c840) at /home/alon/Dev/mozilla-central/gfx/thebes/gfxASurface.cpp:112
#11 0x00007f8d95631ac3 in ~nsRefPtr (this=0x7f8d7c7ec6a8, __in_chrg=<value optimized out>) at ../../../dist/include/nsAutoPtr.h:969
#12 0x00007f8d9563a009 in ~imgFrame (this=0x7f8d7c7ec6a0, __in_chrg=<value optimized out>)
    at /home/alon/Dev/mozilla-central/modules/libpr0n/src/imgFrame.cpp:186
#13 0x00007f8d95629265 in ~RasterImage (this=0x7f8d7dc56b70, __in_chrg=<value optimized out>)
    at /home/alon/Dev/mozilla-central/modules/libpr0n/src/RasterImage.cpp:219
#14 0x00007f8d9562854d in mozilla::imagelib::RasterImage::Release (this=0x7f8d7dc56b70)
    at /home/alon/Dev/mozilla-central/modules/libpr0n/src/RasterImage.cpp:173
#15 0x00007f8d956510e3 in ~nsRefPtr (this=0x7f8d7dcc5530, __in_chrg=<value optimized out>) at ../../../dist/include/nsAutoPtr.h:969
#16 0x00007f8d9564b928 in ~imgRequest (this=0x7f8d7dcc54c0, __in_chrg=<value optimized out>)
    at /home/alon/Dev/mozilla-central/modules/libpr0n/src/imgRequest.cpp:203
#17 0x00007f8d9564aa0d in imgRequest::Release (this=0x7f8d7dcc54c0) at /home/alon/Dev/mozilla-central/modules/libpr0n/src/imgRequest.cpp:181
#18 0x00007f8d95646715 in ~nsRefPtr (this=0x7f8d7de17170, __in_chrg=<value optimized out>) at ../../../dist/include/nsAutoPtr.h:969
#19 0x00007f8d9563d8cb in ~imgCacheEntry (this=0x7f8d7de17160, __in_chrg=<value optimized out>)
    at /home/alon/Dev/mozilla-central/modules/libpr0n/src/imgLoader.cpp:525
#20 0x00007f8d95645770 in imgCacheEntry::Release (this=0x7f8d7de17160) at /home/alon/Dev/mozilla-central/modules/libpr0n/src/imgLoader.h:90
#21 0x00007f8d95646ac5 in ~nsRefPtr (this=0x7f8d7ca35268, __in_chrg=<value optimized out>) at ../../../dist/include/nsAutoPtr.h:969
#22 0x00007f8d9564a026 in nsTArrayElementTraits<nsRefPtr<imgCacheEntry> >::Destruct (e=0x7f8d7ca35268)
    at ../../../dist/include/nsTArray.h:204
#23 0x00007f8d95649e83 in nsTArray<nsRefPtr<imgCacheEntry> >::DestructRange (this=0x7fff75510dd0, start=0, count=24)
    at ../../../dist/include/nsTArray.h:987
#24 0x00007f8d956497bc in nsTArray<nsRefPtr<imgCacheEntry> >::RemoveElementsAt (this=0x7fff75510dd0, start=0, count=24)
    at ../../../dist/include/nsTArray.h:718
#25 0x00007f8d95648c47 in nsTArray<nsRefPtr<imgCacheEntry> >::Clear (this=0x7fff75510dd0) at ../../../dist/include/nsTArray.h:729
---Type <return> to continue, or q <return> to quit---
#26 0x00007f8d956477fe in ~nsTArray (this=0x7fff75510dd0, __in_chrg=<value optimized out>) at ../../../dist/include/nsTArray.h:274
#27 0x00007f8d95641ef5 in imgLoader::EvictEntries (aCacheToClear=...)
    at /home/alon/Dev/mozilla-central/modules/libpr0n/src/imgLoader.cpp:1492
#28 0x00007f8d9563fda4 in imgLoader::ClearImageCache () at /home/alon/Dev/mozilla-central/modules/libpr0n/src/imgLoader.cpp:993
#29 0x00007f8d9563fd17 in imgLoader::Shutdown () at /home/alon/Dev/mozilla-central/modules/libpr0n/src/imgLoader.cpp:980
#30 0x00007f8d95625d75 in imglib_Shutdown () at /home/alon/Dev/mozilla-central/modules/libpr0n/build/nsImageModule.cpp:167
#31 0x00007f8d96ad19af in ~KnownModule (this=0x7f8d8cbae0d0, __in_chrg=<value optimized out>)
    at /home/alon/Dev/mozilla-central/xpcom/components/nsComponentManager.h:204
#32 0x00007f8d96ad57b3 in ~nsAutoPtr (this=0x7f8d8cb15898, __in_chrg=<value optimized out>) at ../../dist/include/nsAutoPtr.h:104
#33 0x00007f8d96ad563b in nsTArrayElementTraits<nsAutoPtr<nsComponentManagerImpl::KnownModule> >::Destruct (e=0x7f8d8cb15898)
    at ../../dist/include/nsTArray.h:204
#34 0x00007f8d96ad503f in nsTArray<nsAutoPtr<nsComponentManagerImpl::KnownModule> >::DestructRange (this=0x7f8d8cb76280, start=0, count=49)
    at ../../dist/include/nsTArray.h:987
#35 0x00007f8d96ad4074 in nsTArray<nsAutoPtr<nsComponentManagerImpl::KnownModule> >::RemoveElementsAt (this=0x7f8d8cb76280, start=0, 
    count=49) at ../../dist/include/nsTArray.h:718
#36 0x00007f8d96ad29e3 in nsTArray<nsAutoPtr<nsComponentManagerImpl::KnownModule> >::Clear (this=0x7f8d8cb76280)
    at ../../dist/include/nsTArray.h:729
#37 0x00007f8d96ace420 in nsComponentManagerImpl::Shutdown (this=0x7f8d8cb76170)
    at /home/alon/Dev/mozilla-central/xpcom/components/nsComponentManager.cpp:1006
#38 0x00007f8d96a6c88c in mozilla::ShutdownXPCOM (servMgr=0x0) at /home/alon/Dev/mozilla-central/xpcom/build/nsXPComInit.cpp:717
#39 0x00007f8d96a6c2da in NS_ShutdownXPCOM_P (servMgr=0x0) at /home/alon/Dev/mozilla-central/xpcom/build/nsXPComInit.cpp:587
#40 0x00007f8d953f745e in XRE_TermEmbedding () at /home/alon/Dev/mozilla-central/toolkit/xre/nsEmbedFunctions.cpp:223
#41 0x00007f8d968d3196 in mozilla::ipc::ScopedXREEmbed::Stop (this=0x7f8d8cb13320)
    at /home/alon/Dev/mozilla-central/ipc/glue/ScopedXREEmbed.cpp:100
#42 0x00007f8d96891f62 in mozilla::dom::ContentProcess::CleanUp (this=0x7f8d8cb13000)
    at /home/alon/Dev/mozilla-central/dom/ipc/ContentProcess.cpp:63
#43 0x00007f8d953f7a3d in XRE_InitChildProcess (aArgc=1, aArgv=0x7fff755126d8, aProcess=GeckoProcessType_Content)
    at /home/alon/Dev/mozilla-central/toolkit/xre/nsEmbedFunctions.cpp:510
#44 0x000000000040182e in main (argc=2, argv=0x7fff755126d8) at /home/alon/Dev/mozilla-central/ipc/app/MozillaRuntimeMain.cpp:83
(gdb)
Just to narrow down the issue, this patch disables use of mOptSurface in imgFrame, which prevents the crash.
Component: General → ImageLib
Product: Fennec → Core
QA Contact: general → imagelib
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: