Last Comment Bug 678181 - large uptake in crashes in gfxFontGroup::FindFontForChar on OS X
: large uptake in crashes in gfxFontGroup::FindFontForChar on OS X
Status: RESOLVED FIXED
: crash, regression
Product: Core
Classification: Components
Component: Graphics (show other bugs)
: unspecified
: x86 Mac OS X
: -- critical (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
: Milan Sreckovic [:milan]
Mentors:
http://www.graphwar.com/play.html
: 678587 (view as bug list)
Depends on:
Blocks: 668813
  Show dependency treegraph
 
Reported: 2011-08-11 06:52 PDT by Jeff Muizelaar [:jrmuizel]
Modified: 2013-12-27 14:33 PST (History)
14 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
back out second changeset (family-charmap optimization) from bug 668813 (11.79 KB, patch)
2011-08-13 05:04 PDT, Jonathan Kew (:jfkthame)
roc: review+
Details | Diff | Splinter Review

Description Jeff Muizelaar [:jrmuizel] 2011-08-11 06:52:46 PDT
https://crash-stats.mozilla.com/query/query?query_type=simple&do_query=1&query=gfxFontGroup%3A%3AFindFontForChar


It looks like this started on the 10th of August.
Comment 1 Robert Kaiser 2011-08-11 08:26:33 PDT
https://crash-stats.mozilla.com/report/list?signature=gfxFontGroup%3A%3AFindFontForChar is a more simple query for those reports.

https://crash-stats.mozilla.com/report/list?signature=gfxFontFamily%3A%3AReadCMAP%28%29 has been coming up at the same time as well, this sounds correlated, would you agree?
Comment 2 Jonathan Kew (:jfkthame) 2011-08-11 08:41:09 PDT
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #1)
> https://crash-stats.mozilla.com/report/
> list?signature=gfxFontGroup%3A%3AFindFontForChar is a more simple query for
> those reports.
> 
> https://crash-stats.mozilla.com/report/
> list?signature=gfxFontFamily%3A%3AReadCMAP%28%29 has been coming up at the
> same time as well, this sounds correlated, would you agree?

Yes, they may well be the same issue - I notice one of the signatures is only on Windows, and the other is only on OS X.

I'm guessing this might be a regression from bug 668813, specifically the "part 2" patch there. I'll take a look at that and see if I can confirm it.
Comment 3 Jeff Muizelaar [:jrmuizel] 2011-08-11 12:39:41 PDT
This happened to me again. It happened during a tab switch.
Comment 4 Sheila Mooney 2011-08-12 10:24:41 PDT
We merge to Aurora on Tuesday. Any chance we can get this fixed before then. who is the right person to own this.
Comment 5 Robert Kaiser 2011-08-12 10:27:45 PDT
It looks like https://crash-stats.mozilla.com/report/list?signature=gfxSparseBitSet%3A%3Atest%28unsigned%20int%29 is also coming from font stuff and started at the same time, so I'd assume that's connected as well.
Comment 6 Jonathan Kew (:jfkthame) 2011-08-12 10:31:16 PDT
It seems like this could be associated with font-fallback search, but I haven't yet managed to reproduce it despite visiting a variety of pages (with both Mac and Win nightlies) that should be triggering fallback to find fonts for a mixture of languages. If anyone can identify a URL that leads to this crash, or other steps to reproduce, that would be really helpful.
Comment 7 Mike Shaver (:shaver -- probably not reading bugmail closely) 2011-08-12 13:04:29 PDT
I'm hitting this all the time today, and Firefox hadn't crashed for me otherwise in literally months.
Comment 8 Jonathan Kew (:jfkthame) 2011-08-12 13:34:45 PDT
Any chance you could catch this under a debugger, with a debug build, and get a more precise idea of where/why it's crashing? Is there a pointer or array that looks like it's been trashed?
Comment 9 Marcia Knous [:marcia - use ni] 2011-08-12 13:52:58 PDT
I filed Bug 678587 for the crash stack in Comment 5 and will add some URLs to that to see if anyone can repro.
Comment 10 Jonathan Kew (:jfkthame) 2011-08-13 05:04:32 PDT
Created attachment 552861 [details] [diff] [review]
back out second changeset (family-charmap optimization) from bug 668813

I haven't been able to reproduce this, or to identify the actual cause of the crashes, but I'm suspicious that it may somehow be related to the per-font-family character map added in bug 668813 (part 2) to optimize font-fallback searches.

So I suggest we back out that change (as per this patch) and watch crash-stats for a couple of days to check whether it resolves the crashiness.
Comment 11 Jonathan Kew (:jfkthame) 2011-08-13 05:37:52 PDT
Pushed http://hg.mozilla.org/mozilla-central/rev/8e1dd6f8b903, which backs out bug 668813 (part 2). Leaving this bug open until we have a couple days of crash-stats, to see whether it actually fixes things.
Comment 12 christian 2011-08-13 11:04:47 PDT
So, I can reproduce this 100% and I know why it looks to spike....

Steps to reproduce:

#1 open graphwar.com
#2 Deny Java access to the device (not sure if this is needed)
#3 Click the create new game button
#4 Close the tab

Crash!

Also note graph war is currently on the front page of hacker news...might be the cause of the spike :-)
Comment 13 christian 2011-08-13 11:08:44 PDT
Actually, looks like you just have to open http://www.graphwar.com/play.html and click Deny. This is on Mac OS X 10.6
Comment 14 Jonathan Kew (:jfkthame) 2011-08-13 13:20:12 PDT
Interesting.... but doesn't reproduce for me (tried on OS X 10.6 here as well). It's very possible that the reproducibility is somehow dependent on your machine's collection of installed fonts, as it seems to be occurring during font-search.

Could you try a build that includes the patch landed in comment 11 and let me know whether it still crashes?
Comment 15 Robert Kaiser 2011-08-15 10:18:48 PDT
https://crash-stats.mozilla.com/report/list?signature=gfxFontFamily%3A%3AFindFontForChar%28FontSearch%2A%29 has now been rising in builds from the 14th and 15th...
Comment 16 Robert Kaiser 2011-08-15 10:27:08 PDT
*** Bug 678587 has been marked as a duplicate of this bug. ***
Comment 17 Jonathan Kew (:jfkthame) 2011-08-15 10:41:07 PDT
Pushed http://hg.mozilla.org/mozilla-central/rev/8e1dd6f8b903, which backs out bug 668813 (part 1).

(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #15)
> https://crash-stats.mozilla.com/report/
> list?signature=gfxFontFamily%3A%3AFindFontForChar%28FontSearch%2A%29 has now
> been rising in builds from the 14th and 15th...

Yeah, the exact signatures in comment 1 no longer exist but the crashes still happen with this alternative signature. I've now backed out the first patch from bug 668813, as that seems the only plausible culprit left in the tree.

This had better stop the crashes! (Otherwise bug 668813 wasn't to blame after all, but I don't have any alternative ideas....)
Comment 18 christian 2011-08-16 13:13:06 PDT
I can confirm with the nightly from 2011-08-16 it no longer crashes as it did. If you want me to get the fonts and stuff, let me know
Comment 19 Jonathan Kew (:jfkthame) 2011-08-16 13:59:11 PDT
(In reply to Christian Legnitto [:LegNeato] from comment #18)
> I can confirm with the nightly from 2011-08-16 it no longer crashes as it
> did. If you want me to get the fonts and stuff, let me know

Any chance you can reproduce this under a debug build from before the backouts, and find out the name of the font involved when it crashes? (The mName in the gfxFontFamily object would be a start, at least.) I'd still love to figure out what was going wrong, but was never able to reproduce it here.
Comment 20 Asa Dotzler [:asa] 2011-09-22 14:51:45 PDT
This seems to have made Aurora 8. I don't think we need to track this. Please re-nom if I'm a liar.
Comment 21 Jonathan Kew (:jfkthame) 2011-10-04 05:04:45 PDT
Closing this, since backing out bug 668813 appears to have fixed it.
Comment 22 Jonathan Kew (:jfkthame) 2011-10-28 02:46:22 PDT
Those who were able to reproduce this - we need some help over in bug 668813 to figure out what was triggering these crashes, so that we can actually fix the original issue there. Please see bug 668813 comment 18 and following.

Note You need to log in before you can comment on or make changes to this bug.