Closed Bug 765082 Opened 12 years ago Closed 8 years ago

unhelpful crash reports in gfxAndroidPlatform::~gfxAndroidPlatform

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: ted, Unassigned)

Details

(Keywords: crash, Whiteboard: [native-crash])

Crash Data

This bug was filed from the Socorro interface and is 
report bp-afa526f5-20f4-42f0-924b-181122120610 .
============================================================= 

We have a bunch of Fennec crashes that just show up [@ libxul.so@0xea2fb6 ] in crash-stats. Running the crash mentioned above through a tool I wrote to trawl the entire stack in the minidump gives (with non-helpful entries removed):
0x511d0984: libxul.so!gfxAndroidPlatform::~gfxAndroidPlatform [gfxAndroidPlatform.cpp:95d1bb200f4e : 46 + 0x1]
0x511d0994: libxul.so!gfxAndroidPlatform::~gfxAndroidPlatform [mozalloc.h : 224 + 0x1]
0x511d099c: libxul.so!gfxPlatform::Shutdown [gfxPlatform.cpp:95d1bb200f4e : 363 + 0x1]
0x511d09a4: libxul.so!nsThebesGfxModuleDtor [nsThebesGfxFactory.cpp:95d1bb200f4e : 70 + 0x1]
0x511d09ac: libxul.so!nsComponentManagerImpl::KnownModule::~KnownModule [nsCOMPtr.h : 446 + 0x1]
0x511d09b4: libxul.so!nsTArray<nsAutoPtr<nsComponentManagerImpl::KnownModule>, nsTArrayDefaultAllocator>::Clear [mozalloc.h : 224 + 0x1]
0x511d09d4: libxul.so!nsComponentManagerImpl::Shutdown [nsComponentManager.cpp:95d1bb200f4e : 739 + 0x1]
0x511d09ec: libxul.so!mozilla::ShutdownXPCOM [nsXPComInit.cpp:95d1bb200f4e : 687 + 0x1]
0x511d0a08: libxul.so!nsObserverService::NotifyObservers [nsObserverService.cpp:95d1bb200f4e : 141 + 0x1]
0x511d0a2c: libxul.so!NS_ShutdownXPCOM_P [nsXPComInit.cpp:95d1bb200f4e : 537 + 0x1]
0x511d0a34: libxul.so!ScopedXPCOMStartup::~ScopedXPCOMStartup [nsAppRunner.cpp:95d1bb200f4e : 1104 + 0x1]
0x511d0a4c: libxul.so!XREMain::XRE_main [mozalloc.h : 224 + 0x1]
0x511d0a74: libxul.so!XRE_main [nsAppRunner.cpp:95d1bb200f4e : 2715 + 0x1]
0x511d0ae4: libmozglue.so!malloc_mutex_unlock [jemalloc.c:50c9995aa7d0 : 1622 + 0x1]
0x511d0aec: libmozglue.so!arena_dalloc [jemalloc.c:50c9995aa7d0 : 4619 + 0x1]
0x511d0b0c: libmozglue.so!__wrap_realloc [jemalloc.c:50c9995aa7d0 : 4630 + 0x7]
0x511d0b2c: libmozglue.so!arena_malloc [jemalloc.c:50c9995aa7d0 : 3842 + 0x0]
0x511d0b84: libxul.so!GeckoStart [nsAndroidStartup.cpp:95d1bb200f4e : 73 + 0x11]
0x511d0ba8: libxul.so!GeckoStart [nsAndroidStartup.cpp:95d1bb200f4e : 46 + 0x1]
0x511d0bbc: libmozglue.so!Java_org_mozilla_gecko_GeckoAppShell_nativeRun [APKOpen.cpp:50c9995aa7d0 : 971 + 0x1]
0x511d0c08: libmozglue.so!Java_org_mozilla_gecko_GeckoAppShell_nativeRun [APKOpen.cpp:50c9995aa7d0 : 959 + 0x1]
0x511d0c8c: libmozglue.so!Java_org_mozilla_gecko_GeckoAppShell_nativeRun [APKOpen.cpp:50c9995aa7d0 : 959 + 0x1]
0x511d0cac: libmozglue.so!Java_org_mozilla_gecko_GeckoAppShell_nativeRun [APKOpen.cpp:50c9995aa7d0 : 959 + 0x1]

So for this example, we're crashing during shutdown, apparently in the gfxAndroidPlatform destructor. The frame that's in mozalloc.h is just "operator delete". I suspect this means we've previously corrupted memory, and we're just crashing here by happenstance.

I need to grab a few more minidumps from this crash and see if the same stack shows up.
Summary: crash in libxul → unhelpful crash reports in gfxAndroidPlatform::~gfxAndroidPlatform
Whiteboard: [native-crash]
Closing this bug as incomplete since there are no reports of this crash in the last year. Please reopen if you can reproduce it in the latest Fennec.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.