Closed Bug 915095 Opened 12 years ago Closed 12 years ago

crash in nsXPCOMCycleCollectionParticipant::Unroot(void*)

Categories

(Core :: Graphics: Layers, defect)

Product:
Core
Component:
Graphics: Layers
Platform:
All
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 912725

People

(Reporter: nhirata, Unassigned)

Details

(Keywords: crash, Whiteboard: b2g-crash)

Crash Data

This bug was filed from the Socorro interface and is report bp-e7d13a87-eceb-49b7-a710-f83842130911. ============================================================= Frame Module Signature Source 0 libxul.so nsXPCOMCycleCollectionParticipant::Unroot(void*) /builds/slave/b2g_m-cen_leo_ntly-00000000000/build/objdir-gecko/xpcom/build/nsCycleCollectionParticipant.cpp 1 libxul.so mozilla::layers::GrallocBufferActor::ActorDestroy(mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::ActorDestroyReason) gfx/layers/ipc/ShadowLayerUtilsGralloc.cpp 2 libxul.so mozilla::docshell::POfflineCacheUpdateParent::DestroySubtree(mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::ActorDestroyReason) /builds/slave/b2g_m-cen_leo_ntly-00000000000/build/objdir-gecko/ipc/ipdl/POfflineCacheUpdateParent.cpp 3 libxul.so mozilla::layers::PGrallocBufferParent::OnMessageReceived(IPC::Message const&) /builds/slave/b2g_m-cen_leo_ntly-00000000000/build/objdir-gecko/ipc/ipdl/PGrallocBufferParent.cpp 4 libxul.so mozilla::layers::PCompositorParent::OnMessageReceived(IPC::Message const&) /builds/slave/b2g_m-cen_leo_ntly-00000000000/build/objdir-gecko/ipc/ipdl/PCompositorParent.cpp 5 libxul.so mozilla::ipc::AsyncChannel::OnDispatchMessage(IPC::Message const&) ipc/glue/AsyncChannel.cpp 6 libxul.so mozilla::ipc::RPCChannel::OnMaybeDequeueOne() ipc/glue/RPCChannel.cpp 7 libxul.so RunnableMethod<WebCore::ReverbConvolver, void (WebCore::ReverbConvolver::*)(), Tuple0>::Run() ipc/chromium/src/base/tuple.h 8 libxul.so mozilla::ipc::RPCChannel::DequeueTask::Run() /builds/slave/b2g_m-cen_leo_ntly-00000000000/build/objdir-gecko/ipc/glue/../../dist/include/mozilla/ipc/RPCChannel.h 9 libxul.so MessageLoop::RunTask(Task*) ipc/chromium/src/base/message_loop.cc 10 libxul.so MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) ipc/chromium/src/base/message_loop.cc 11 libxul.so MessageLoop::DoWork() ipc/chromium/src/base/message_loop.cc 12 libxul.so base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ipc/chromium/src/base/message_pump_default.cc 13 libxul.so MessageLoop::RunInternal() ipc/chromium/src/base/message_loop.cc 14 libxul.so MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 15 libxul.so base::Thread::ThreadMain() ipc/chromium/src/base/thread.cc 16 libxul.so ThreadFunc ipc/chromium/src/base/platform_thread_posix.cc 17 libc.so __thread_entry bionic/libc/bionic/pthread.c 18 libc.so pthread_create bionic/libc/bionic/pthread.c More Crashes : https://crash-stats.mozilla.com/report/list?product=B2G&signature=nsXPCOMCycleCollectionParticipant%3A%3AUnroot%28void*%29 I also crashed w/ https://crash-stats.mozilla.com/report/index/06c08492-9b6b-43db-8ff6-47bcf2130911 STR: 1. launch Usage app 2. go through the FTE with default values 3. select settings 4. toggle on the data use alert 5. toggle off the data use alert right after Expected: no crash Actual: crash (see above)
Note: this happens on leo and buri
Component: Gaia::Cost Control → Graphics: Layers
Product: Boot2Gecko → Core
Component: Graphics: Layers → IPC
Component: IPC → Graphics
Component: Graphics → IPC
Whiteboard: b2g-crash
Component: IPC → Graphics: Layers
huh, why does a compositor-side class have cycle collection?
The stack in https://crash-stats.mozilla.com/report/index/06c08492-9b6b-43db-8ff6-47bcf2130911 shows the crash in http://hg.mozilla.org/mozilla-central/annotate/be1053dc223b/gfx/layers/ipc/ShadowLayerUtilsGralloc.cpp#l274 which is the same crash as in bug 912725 and has nothing to do with cycle collection. It appears that the symbol nsXPCOMCycleCollectionParticipant::Unroot(void*) is just wrong, an error typically caused by Identical Code Folding (ICF) which can be locally disabled with --disable-icf. Bug 912725 is fixed so this should not happen again. It landed on Sep. 11, so let me know if you see this crash again in builds from Sep. 12 or newer. Otherwise, please close this bug.
Closing this bug as a duplicate based on comment 3
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.