776329 - crash in nsSurfaceTexture::GetTransformMatrix on Honeycomb and above

Status: RESOLVED FIXED

(Core :: Graphics: Layers, defect)

Description

[Scoobidiver (away)]

It first appeared in 17.0a1/20120721041038. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=3a05d298599e&tochange=446b788ab99d
It's likely a regression from bug 687267.

Signature 	_JNIEnv::CallVoidMethod | nsSurfaceTexture::GetTransformMatrix More Reports Search
UUID	cb9b528f-24c5-4bfe-b19d-089932120722
Date Processed	2012-07-22 05:38:20
Uptime	30
Last Crash	45 seconds before submission
Install Age	4.9 hours since version was first installed.
Install Time	2012-07-22 00:41:12
Product	FennecAndroid
Version	17.0a1
Build ID	20120721041038
Release Channel	nightly
OS	Linux
OS Version	0.0.0 Linux 2.6.36.3 #1 SMP PREEMPT Thu Dec 1 09:13:52 KST 2011 armv7l
Build Architecture	arm
Build Architecture Info	
Crash Reason	SIGSEGV
Crash Address	0x0
App Notes 	
AdapterDescription: 'NVIDIA Corporation -- NVIDIA Tegra -- OpenGL ES 2.0 -- Model: GT-P7500, Product: GT-P7500, Manufacturer: samsung, Hardware: p3'
EGL? EGL+ GL Context? GL Context+ GL Layers? GL Layers+ 
samsung GT-P7500
samsung/GT-P7500/GT-P7500:3.2/HTJ85B/UBKL1:user/release-keys
EMCheckCompatibility	True
Adapter Vendor ID	NVIDIA Corporation
Adapter Device ID	NVIDIA Tegra

Frame 	Module 	Signature 	Source
0 	libdvm.so 	libdvm.so@0x446c6 	
1 	dalvik-heap (deleted) 	dalvik-heap @0x65d6ee 	
2 	libdvm.so 	libdvm.so@0x446af 	
3 	dalvik-heap (deleted) 	dalvik-heap @0x65d6ee 	
4 	libxul.so 	_JNIEnv::CallVoidMethod 	jni.h:631
5 	libxul.so 	nsSurfaceTexture::GetTransformMatrix 	gfx/thebes/nsSurfaceTexture.cpp:94
6 	libxul.so 	mozilla::gl::GLContextEGL::GetSharedHandleDetails 	gfx/gl/GLContextProviderEGL.cpp:1004
7 	libxul.so 	mozilla::layers::ShadowImageLayerOGL::RenderLayer 	gfx/layers/opengl/ImageLayerOGL.cpp:932
8 	libxul.so 	mozilla::layers::ShadowContainerLayerOGL::RenderLayer 	gfx/layers/opengl/ContainerLayerOGL.cpp:220
9 	libxul.so 	mozilla::layers::ShadowContainerLayerOGL::RenderLayer 	gfx/layers/opengl/ContainerLayerOGL.cpp:220
10 	libxul.so 	mozilla::layers::ShadowContainerLayerOGL::RenderLayer 	gfx/layers/opengl/ContainerLayerOGL.cpp:220
11 	libxul.so 	mozilla::layers::LayerManagerOGL::Render 	gfx/layers/opengl/LayerManagerOGL.cpp:792
12 	libxul.so 	mozilla::layers::LayerManagerOGL::EndTransaction 	gfx/layers/opengl/LayerManagerOGL.cpp:415
13 	libxul.so 	mozilla::layers::LayerManagerOGL::EndEmptyTransaction 	gfx/layers/opengl/LayerManagerOGL.cpp:388
14 	libxul.so 	mozilla::layers::CompositorParent::Composite 	gfx/layers/ipc/CompositorParent.cpp:425
15 	libxul.so 	RunnableMethod<mozilla::layers::CompositorParent, void , Tuple0>::Run 	ipc/chromium/src/base/tuple.h:383
16 	libxul.so 	MessageLoop::RunTask 	ipc/chromium/src/base/message_loop.cc:326
17 	libxul.so 	MessageLoop::DeferOrRunPendingTask 	ipc/chromium/src/base/message_loop.cc:334
18 	libxul.so 	MessageLoop::DoWork 	ipc/chromium/src/base/message_loop.cc:434
19 	libxul.so 	base::MessagePumpDefault::Run 	ipc/chromium/src/base/message_pump_default.cc:23
20 	libxul.so 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:208
21 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:201
22 	libxul.so 	base::Thread::ThreadMain 	ipc/chromium/src/base/thread.cc:156
23 	libxul.so 	ThreadFunc 	ipc/chromium/src/base/platform_thread_posix.cc:31
24 	libc.so 	__thread_entry 	
25 	libc.so 	pthread_create 	

More reports at:
https://crash-stats.mozilla.com/report/list?signature=_JNIEnv%3A%3ACallVoidMethod+|+nsSurfaceTexture%3A%3AGetTransformMatrix
https://crash-stats.mozilla.com/report/list?signature=JNI_CreateJavaVM+|+_JNIEnv%3A%3ACallVoidMethod+|+nsSurfaceTexture%3A%3AGetTransformMatrix

Comment 1

[Scoobidiver (away)]

With combined signatures, it's #3 top crasher in 15.0b2 and #7 in 16.0a2 over the last 3 days.

Comment 2

[Robert Kaiser]

The full list of URLs is somewhat long, as esp. for the _JNIEnv::CallVoidMethod | nsSurfaceTexture::GetTransformMatrix signature, there's a lot of URLs with only a single crash in the last week. Those are the URLs from both signature variants that have more than 1 hit:

3 	http://www.barafranca.com/game.php
3 	https://www.facebook.com/
2 	http://www.pinoy-ako.info/tv-show-replay/73-maalaala-mo-kaya/69569-maalaala-mo-kaya-28-july-2012.html
2 	http://globoesporte.globo.com/futebol/times/sao-paulo/noticia/2012/07/falante-rogerio-ceni-volta-para-fazer-time-conquistar-o-torcedor-tricolor.html?utm_source=SPFCNetworking&utm_medium=twitter
2 	about:home

There doesn't seem to be any really visible pattern in the sites I'm seeing listed in the full lists.

Comment 3

[Alex Keybl [:akeybl]]

Suspected regression from bug 687267. Sending over to snorp for investigation of the stack and what part of the code may be crashing.

Leaving qawanted on to test a few of the URLs you've listed. Testing the Flash video from http://globoesporte.globo.com/futebol/times/sao-paulo/noticia/2012/07/falante-rogerio-ceni-volta-para-fazer-time-conquistar-o-torcedor-tricolor.html?utm_source=SPFCNetworking&utm_medium=twitter on a tablet may yield some results, if we're right about the cause.

Comment 4

[Alex Keybl [:akeybl]]

Although it's not clear to me how bug 687267 could cause JB crashes.

Comment 5

[Martijn Wargers (dead)]

I just got this crash on the TF101, Honeycomb with the latest Aurora build:
https://crash-stats.mozilla.com/report/index/bp-48d2667d-5717-4804-9001-78f282120730
I did some panning on this page: http://people.mozilla.org/~mwargers/tests/plugins/flash/flashembed_20.html

Comment 6

[Scoobidiver (away)]

There are crashes on ICS.

Comment 7

[Bill Gianopoulos [:WG9s]]

(In reply to Scoobidiver from comment #6)
> There are crashes on ICS.

Well does that mean it is the same issue? or a different issue with the similar crash signature?

Perhaps that issue should be different bug if the issue here is Honeycomb only?

Comment 8

[Scoobidiver (away)]

(In reply to Bill Gianopoulos [:WG9s] from comment #7)
> Well does that mean it is the same issue? or a different issue with the similar
> crash signature?
Crashes on ICS appeared after the landing of bug 687267 like on Honeycomb and JB.
It's bad that an Honeycomb bug impacts other Android versions.

Comment 9

[Robert Kaiser]

snorp, this is another regression from the Flash for Honeycomb landing, and it adds up to over 10% of all 15.0b4 crashes. Does the bug 776334 fix also fix this or do you need to look into this separately?

Comment 10

[James Willcox (:snorp) (jwillcox@mozilla.com) (he/him)]

(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #9)
> snorp, this is another regression from the Flash for Honeycomb landing, and
> it adds up to over 10% of all 15.0b4 crashes. Does the bug 776334 fix also
> fix this or do you need to look into this separately?

Yes, I believe this one should now be fixed as well. Marking as such.

Comment 11

[Lukas Blakk [:lsblakk] use ?needinfo]

marking 15/16 fixed as well then, as per bug 776334.