Crash in @0x0 | mozilla::gl::AndroidNativeWindow::~AndroidNativeWindow

RESOLVED DUPLICATE of bug 1370751

Status

()

Firefox for Android
General
--
critical
RESOLVED DUPLICATE of bug 1370751
6 months ago
3 months ago

People

(Reporter: philipp, Unassigned)

Tracking

({crash, regression, steps-wanted})

55 Branch
ARM
Android
crash, regression, steps-wanted
Points:
---

Firefox Tracking Flags

(fennec-, firefox54 unaffected, firefox55+ wontfix, firefox56 wontfix)

Details

(crash signature)

(Reporter)

Description

6 months ago
This bug was filed from the Socorro interface and is 
report bp-2e03bbc3-d05a-469a-8776-6a7180170616.
=============================================================
Crashing Thread (10)
Frame 	Module 	Signature 	Source
0 		@0x0 	
1 	libxul.so 	mozilla::gl::AndroidNativeWindow::~AndroidNativeWindow 	gfx/gl/AndroidNativeWindow.h:38
2 	libxul.so 	nsNPAPIPluginInstance::~nsNPAPIPluginInstance 	xpcom/string/nsTSubstring.h:397
3 	libxul.so 	nsNPAPIPluginInstance::~nsNPAPIPluginInstance 	dom/plugins/base/nsNPAPIPluginInstance.cpp:195
4 	libxul.so 	nsNPAPIPluginInstance::Release 	dom/plugins/base/nsNPAPIPluginInstance.cpp:119
5 	libxul.so 	RefPtr<nsNPAPIPluginInstance>::~RefPtr 	mfbt/RefPtr.h:40
6 	libxul.so 	nsNPAPIPluginStreamListener::~nsNPAPIPluginStreamListener 	dom/plugins/base/nsNPAPIPluginStreamListener.cpp:158
7 	libxul.so 	nsNPAPIPluginStreamListener::~nsNPAPIPluginStreamListener 	dom/plugins/base/nsNPAPIPluginStreamListener.cpp:185
8 	libxul.so 	nsNPAPIPluginStreamListener::Release 	dom/plugins/base/nsNPAPIPluginStreamListener.cpp:130
9 	libxul.so 	RefPtr<imgINotificationObserver>::~RefPtr 	
10 	libxul.so 	nsPluginStreamListenerPeer::~nsPluginStreamListenerPeer 	dom/plugins/base/nsPluginStreamListenerPeer.cpp:284
11 	libxul.so 	nsPluginStreamListenerPeer::~nsPluginStreamListenerPeer 	dom/plugins/base/nsPluginStreamListenerPeer.cpp:304
12 	libxul.so 	nsPluginStreamListenerPeer::Release 	dom/plugins/base/nsPluginStreamListenerPeer.cpp:258
13 	libxul.so 	detail::ProxyReleaseChooser<true>::ProxyReleaseISupports 	mfbt/RefPtr.h:40
14 	libxul.so 	nsInterfaceRequestorAgg::~nsInterfaceRequestorAgg 	xpcom/threads/nsProxyRelease.h:97
15 	libxul.so 	nsInterfaceRequestorAgg::Release 	xpcom/base/nsInterfaceRequestorAgg.cpp:40
16 	libxul.so 	detail::ProxyReleaseEvent<nsISupports>::Run 	xpcom/threads/nsProxyRelease.h:37
17 	libxul.so 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:1406
18 	libxul.so 	NS_ProcessNextEvent 	xpcom/threads/nsThreadUtils.cpp:472
19 	libxul.so 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:124
20 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:231
21 	libxul.so 	nsBaseAppShell::Run 	widget/nsBaseAppShell.cpp:156
22 	libxul.so 	nsAppStartup::Run 	toolkit/components/startup/nsAppStartup.cpp:283
23 	libxul.so 	XREMain::XRE_mainRun 	toolkit/xre/nsAppRunner.cpp:4569
24 	libxul.so 	XREMain::XRE_main 	toolkit/xre/nsAppRunner.cpp:4749
25 	libxul.so 	XRE_main 	toolkit/xre/nsAppRunner.cpp:4844
26 	libxul.so 	GeckoStart 	toolkit/xre/nsAndroidStartup.cpp:50
27 	libmozglue.so 	Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun 	mozglue/android/APKOpen.cpp:435
Ø 28 	libdvm.so 	libdvm.so@0x1dece 	
Ø 29 	libdvm.so 	libdvm.so@0x49397 	
Ø 30 	data@app@org.mozilla.firefox_beta-2.apk@classes.dex 	data@app@org.mozilla.firefox_beta-2.apk@classes.dex@0x5f0528 	
Ø 31 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0xa642e 	
Ø 32 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x64f96 	
Ø 33 	libdvm.so 	libdvm.so@0x4e3ad 	
Ø 34 	data@app@org.mozilla.firefox_beta-2.apk@classes.dex 	data@app@org.mozilla.firefox_beta-2.apk@classes.dex@0x5f0524 	
35 	libmozglue.so 	Java_org_mozilla_gecko_mozglue_GeckoLoader_loadNSSLibsNative 	mozglue/android/APKOpen.cpp:380
36 		@0x349fffff 	
37 	libmozglue.so 	Java_org_mozilla_gecko_mozglue_GeckoLoader_loadNSSLibsNative 	mozglue/android/APKOpen.cpp:380

these fennec crashes are regressing in 55 and subsequent builds.
Sebastian, can someone take a look?
Flags: needinfo?(s.kaspari)
It's kinda weird here as it seems the function pointer `decRef` of struct `common` in ANativeWindow object is null. However, the ANativeWindow object returned by ANativeWindow_fromSurface() is supposed to be ref-added through `incRef` call which means the function pointer was assigned correctly.  

frameworks/base/native/android/native_window.cpp
39void ANativeWindow_release(ANativeWindow* window) {
40    window->decStrong((void*)ANativeWindow_acquire);
41}

system/core/include/system/window.h
343 struct ANativeWindow
...
359    void decStrong(const void* id) const {
360        common.decRef(const_cast<android_native_base_t*>(&common));
361    }

http://android.macpod.net/xref/android-4.4.2_r2/system/core/include/system/window.h#360
[Tracking Requested - why for this release]: Given the increased rate of crashes, I believe it's worth tracking before FF55 goes to release.
tracking-firefox55: --- → ?
Keywords: steps-wanted
regressing fennec crash in 55beta, tracking.
tracking-firefox55: ? → +
tracking-fennec: --- → ?
Flags: needinfo?(s.kaspari)
Is this the same as bug 1370751?
It looks like the same. Lets check with snorp.
Flags: needinfo?(snorp)
Yep, same.
Status: NEW → RESOLVED
Last Resolved: 5 months ago
Flags: needinfo?(snorp)
Resolution: --- → DUPLICATE
Duplicate of bug: 1370751

Updated

5 months ago
tracking-fennec: ? → -
[triage@0712] - since already tracked elsewhere.
align with tracking bug 1370751 so that we don't need to review it on regression triage meeting.
status-firefox55: affected → fix-optional
Wontfix from bug 1370751, flash crash.
status-firefox55: fix-optional → wontfix
status-firefox56: affected → wontfix
You need to log in before you can comment on or make changes to this bug.