Created attachment 374800 [details] backtrace.txt This has also happened with at least one previous version of Firefox (27). When scrolling certain web pages (mostly on stackoverflow.com) the browser crashes sometimes. Really annoying. Full backtrace attached.
Please post your `emerge --info' output in a comment.
More specifically: "emerge --info cairo firefox". Firefox bundles an internal copy of cairo, but can optionally use the system cairo library. We need to know which cairo is crashing.
(In reply to Alexandre Rostovtsev from comment #2) > More specifically: "emerge --info cairo firefox". Firefox bundles an > internal copy of cairo, but can optionally use the system cairo library. We > need to know which cairo is crashing. system-cairo made it crash on my side; rebuilding without it prevents the crashes from happening. Here's the emerge --info, for the working version (i.e. USE='-system-cairo'): (note that when building firefox, I use CFLAGS="-march=native -O2 -pipe" — I remove the -ggdb options as they need too much memory). Portage 2.2.8-r1 (default/linux/x86/13.0/desktop, gcc-4.7.3, glibc-2.17, 3.13.6-gentoo-dvd i686) ================================================================= System Settings ================================================================= System uname: Linux-3.13.6-gentoo-dvd-i686-Intel-R-_Core-TM-_i5-3570K_CPU_@_3.40GHz-with-gentoo-2.2 KiB Mem: 7983576 total, 877552 free KiB Swap: 1004056 total, 513240 free Timestamp of tree: Sun, 20 Apr 2014 15:15:01 +0000 ld GNU ld (GNU Binutils) 2.23.2 distcc 3.1 i686-pc-linux-gnu [disabled] ccache version 3.1.9 [enabled] app-shells/bash: 4.2_p45 dev-java/java-config: 2.2.0 dev-lang/python: 2.7.5-r3, 3.2.5-r3, 3.3.3 dev-util/ccache: 3.1.9-r3 dev-util/cmake: 2.8.12.2 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.12.4 sys-apps/sandbox: 2.6-r1 sys-devel/autoconf: 2.13, 2.69 sys-devel/automake: 1.4_p6-r1, 1.5-r1, 1.6.3-r1, 1.7.9-r2, 1.8.5-r4, 1.9.6-r3, 1.10.3, 1.11.6, 1.12.6, 1.13.4 sys-devel/binutils: 2.23.2 sys-devel/gcc: 4.7.3-r1 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4.2 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.10 (virtual/os-headers) sys-libs/glibc: 2.17 Repositories: gentoo proaudio gamerlay multimedia rion vmware sunrise eigenlay flameeyes-overlay stuff anyc-overlay local ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="*" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe -ggdb -ggdb3" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /var/lib/hsqldb /var/spool/torque" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.5/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/cli-php5.5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=native -O2 -pipe -ggdb -ggdb3" DISTDIR="/home/backups/tarballs" EMERGE_DEFAULT_OPTS="--alphabetical" FCFLAGS="-O2 -march=i686 -pipe" FEATURES="assume-digests binpkg-logs ccache compress-build-logs compressdebug config-protect-if-modified distlocks ebuild-locks fixlafiles installsources merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -march=i686 -pipe" GENTOO_MIRRORS="http://gentoo.arcticnetwork.ca/ http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo" LANG="en_US.UTF-8" LC_ALL="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_COMPRESS="xz" PORTAGE_COMPRESS_FLAGS="-9 -e" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/portagebuild" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/pro-audio /var/lib/layman/gamerlay /var/lib/layman/multimedia /var/lib/layman/rion /var/lib/layman/vmware /var/lib/layman/sunrise /var/lib/layman/eigenlay /var/lib/layman/flameeyes-overlay /var/lib/layman/stuff /var/lib/layman/anyc /usr/local/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="X a52 aac aalib acl acpi aim alsa ao apache2 apm aspell audiofile avx bash-completion bcmath berkdb bluetooth bonobo branding bzip2 cairo calendar caps cdda cddb cdparanoia cdr cli consolekit cracklib crypt cscope ctype cups curl curlwrappers cxx dba dbase dbm dbus dbx dev dga dio djvu doc dri dts dv dvb dvd dvdr dvdread emboss encode evo examples exif expat exwindows fam fastcgi ffmpeg fftw firefox flac flatfile fltk foomaticdb fortran ftp gcj gd gdbm geoip gif ginac glep glitz glut gmp gnome gnustep gnutls gphoto2 gpm gps graphviz gtk gtk2 gtk3 gtkhtml guile handbook hscolour htmlhandbook iconv icq idn ieee1394 imagemagick imap imlib inifile innodb ipv6 jabber jack jbig joystick jpeg jpeg2k kde ladspa lame lapack lash lcms ldap lesstif libcaca libgda libnotify libsamplerate libwww lirc lm_sensors lua lzma lzo mad maildir mailwrapper matroska mbox mcal mhash midi mikmod mime mmap mmx mmxext mng mnogosearch modules motif mozilla mp3 mp4 mpeg mpi mplayer msession msn musepack mysql mysqli ncurses nis nls nntp nptl nsplugin ocaml offensive ofx ogg openal openexr opengl openmp oscar oss pam pango pcntl pcre pdf perl php plotutils png policykit posix ppds python qt3 qt3support qt4 quicktime rdesktop readline ruby ruby18 ruby19 samba sasl scanner sdl semantic-desktop session sharedext shorten simplexml slang slp sndfile soap sockets socks5 source sox speex spell spl sqlite sqlite3 sse sse2 sse3 sse4 sse4_1 ssl ssse3 startup-notification static-libs svg sysvipc szip taglib tcl tcpd tetex theora threads tidy tiff tk tokenizer truetype udev udisks unicode upower usb v4l vaapi vcd vhosts videos vim-syntax vorbis wddx win32codecs wmf wxwidgets x264 x86 xattr xcb xcomposite xface xine xinerama xinetd xml xmlrpc xosd xpm xprint xsl xv xvid yahoo yaz zlib" ABI_X86="32" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CURL_SSL="gnutls" ELIBC="glibc" ENLIGHTENMENT_MODULES="appmenu bluez4 clock conf-applications conf-comp conf-dialogs conf-display conf-edgebindings conf-interaction conf-intl conf-keybindings conf-menus conf-paths conf-performance conf-randr conf-shelves conf-theme conf-wallpaper2 conf-window-manipulation conf-window-remembers contact dropshadow everything gadman ibar ibox illume2 msgbus music-control notification pager quickaccess shot start syscon systray tasks teamwork temperature tiling winlist wizard" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="nlpsolver pdfimport wiki-publisher" LINGUAS="en fr en_CA en_US fr_CA" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2 python3_3" RUBY_TARGETS="jruby ruby ruby19 ruby20" SANE_BACKENDS="xerox_mfp" USERLAND="GNU" VIDEO_CARDS="intel nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, PORTAGE_BUNZIP2_COMMAND, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON ================================================================= Package Settings ================================================================= x11-libs/cairo-1.12.16 was built with the following: USE="X (-aqua) -debug -directfb doc (-drm) (-gallium) (-gles2) glib -legacy-drivers opengl openvg (-qt4) static-libs svg -valgrind xcb xlib-xcb" www-client/firefox-28.0 was built with the following: USE="alsa -appmenu -bindist -custom-cflags -custom-optimization dbus -debug gstreamer jit libnotify -minimal (-pgo) -pulseaudio (-selinux) startup-notification -system-cairo system-icu system-jpeg system-sqlite -test -wifi" LINGUAS="-af -ar -as -ast -be -bg -bn_BD -bn_IN -br -bs -ca -cs -csb -cy -da -de -el -en_GB -en_ZA -eo -es_AR -es_CL -es_ES -es_MX -et -eu -fa -fi fr -fy_NL -ga_IE -gd -gl -gu_IN -he -hi_IN -hr -hu -hy_AM -id -is -it -ja -kk -km -kn -ko -ku -lt -lv -mai -mk -ml -mr -nb_NO -nl -nn_NO -or -pa_IN -pl -pt_BR -pt_PT -rm -ro -ru -si -sk -sl -son -sq -sr -sv_SE -ta -te -th -tr -uk -vi -xh -zh_CN -zh_TW -zu" CFLAGS="-march=native -pipe -mno-avx" CXXFLAGS="-march=native -pipe -mno-avx"
(In reply to Patrice Levesque from comment #3) > (In reply to Alexandre Rostovtsev from comment #2) > > More specifically: "emerge --info cairo firefox". Firefox bundles an > > internal copy of cairo, but can optionally use the system cairo library. We > > need to know which cairo is crashing. > > system-cairo made it crash on my side; rebuilding without it prevents the > crashes from happening. Here's the emerge --info, for the working version > (i.e. USE='-system-cairo'): Just to clarify: firefox crashes in _cairo_clip_path_destroy with USE=system-cairo and when using cairo-1.12.16? Or were you seeing this problem with an earlier cairo version?
The backtrace suggests that _clip_and_composite_boxes (or some function called from _clip_and_composite_boxes) isn't properly checking for the case where _cairo_clip_is_all_clipped(clip) is true. Please test if the following two patches from cairo-1.13 fix the problem: http://cgit.freedesktop.org/cairo/patch/?id=3b261bea7d8e8094ff3899aefab6bbc8628a3585 and http://cgit.freedesktop.org/cairo/patch/?id=ed175b2a2bebb6def85133257bc11a875d13b0dd
> Just to clarify: firefox crashes in _cairo_clip_path_destroy with > USE=system-cairo and when using cairo-1.12.16? Or were you seeing this > problem with an earlier cairo version? Exactly. Not 100% positive it started to happen with that cairo version though, but the timeframe seems to match.
> Please test if the following two patches from cairo-1.13 fix the problem: > http://cgit.freedesktop.org/cairo/patch/?id=3b261bea7d8e8094ff3899aefab6bbc8628a3585 > and > http://cgit.freedesktop.org/cairo/patch/?id=ed175b2a2bebb6def85133257bc11a875d13b0dd Applied those two patches to cairo; recompiled firefox with 'system-cairo'. Been using it for something like 20 minutes, no crash yet. I'll reply to this as soon as it crashes again — FF is my main browser so odds are that I'll hit the bug soon enough, if it's still present of course. Thanks for your investigation,
> Applied those two patches to cairo; recompiled firefox with 'system-cairo'. > Been using it for something like 20 minutes, no crash yet. I'll reply to > this as soon as it crashes again — FF is my main browser so odds are that > I'll hit the bug soon enough, if it's still present of course. After 24 hours of moderate use, I'd be willing to suggest those 2 patches fixed the original issue for me. Jaak, are you able to reproduce?
> After 24 hours of moderate use, I'd be willing to suggest those 2 patches > fixed the original issue for me. Jaak, are you able to reproduce? Of course, I had to post this for the issue to come back and bite me. This is my backtrace (which is almost pointless as I miss most of the debugging symbols): #0 0xffffe424 in ?? () #1 0xb375c8ba in _cairo_clip_path_destroy (clip_path=0x0) at cairo-clip.c:90 #2 0xbfeac330 in ?? () Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(In reply to Patrice Levesque from comment #9) > Of course, I had to post this for the issue to come back and bite me. This > is my backtrace (which is almost pointless as I miss most of the debugging > symbols): Could you rebuild just cairo with debugging symbols (preferably with -ggdb in CFLAGS, to get more detail about parameter values)?
(In reply to Alexandre Rostovtsev from comment #10) > Could you rebuild just cairo with debugging symbols (preferably with -ggdb > in CFLAGS, to get more detail about parameter values)? It was already the case unfortunately: ================================================================= Package Settings ================================================================= x11-libs/cairo-1.12.16 was built with the following: USE="X (-aqua) -debug -directfb doc (-drm) (-gallium) (-gles2) glib -legacy-drivers opengl openvg (-qt4) static-libs svg -valgrind xcb xlib-xcb" CFLAGS="-march=native -O2 -pipe -ggdb -ggdb3" CXXFLAGS="-march=native -O2 -pipe -ggdb -ggdb3" But I could run firefox from gdb and get a backtrace. Attaching to this ticket.
Created attachment 375450 [details] GDB full backtrace of firefox crashing when using system-cairo
Created attachment 375454 [details, diff] proposed patch for cairo OK, please test with this patch (in addition to the other two from upstream).
(In reply to Alexandre Rostovtsev from comment #13) > Created attachment 375454 [details, diff] [details, diff] > proposed patch for cairo > > OK, please test with this patch (in addition to the other two from upstream). So far so good, running without a crash for > 24 hours.
> So far so good, running without a crash for > 24 hours. Still running the same browser session ever since; I'd suggest this combination of patches successfully prevents the crashes.
Thanks for testing, I've submitted the patch upstream: https://bugs.freedesktop.org/show_bug.cgi?id=77931
(In reply to Alexandre Rostovtsev from comment #16) > Thanks for testing, I've submitted the patch upstream: > https://bugs.freedesktop.org/show_bug.cgi?id=77931 Great; thanks for the fix and follow-up.
+*cairo-1.12.16-r3 (02 May 2014) + + 02 May 2014; Alexandre Rostovtsev <tetromino@gentoo.org> + +cairo-1.12.16-r3.ebuild, cairo-9999.ebuild, + +files/cairo-1.12.16-all-clipped-1.patch, + +files/cairo-1.12.16-all-clipped-2.patch, + +files/cairo-1.12.16-all-clipped-3.patch, + +files/cairo-1.12.16-lto-optional.patch, metadata.xml: + Fix firefox crash (bug #507478, thanks to Jaak Ristioja and Patrice + Levesque). Make lto optional (but enabled by default because cairo is a + performance-critical library) and check for enough memory for it (bug + #467278, thanks to Alex). Fix build with USE="opengl -X" (bug #483574, thanks + to Sergey Popov).
