Crash in [@ libGLESv2_adreno.so@0x13f790]
Categories
(Core :: Graphics: WebRender, defect, P3)
Tracking
()
People
(Reporter: yoasif, Assigned: jnicol)
References
(Blocks 1 open bug)
Details
(Keywords: crash)
Crash Data
Filed from https://www.reddit.com/r/firefox/comments/mq2dj3/firefox_app_is_crashing_everyday_on_my_mobile/
533 crashes in the last week.
Most of the crashes seem to be from moto g(6)
Crash report: https://crash-stats.mozilla.org/report/index/586a9178-4728-461d-903e-0b2560210414
Reason: SIGSEGV /SEGV_MAPERR
Top 10 frames of crashing thread:
0 libGLESv2_adreno.so libGLESv2_adreno.so@0x13f790
1 libGLESv2_adreno.so libGLESv2_adreno.so@0x13ed09
2 libGLESv2_adreno.so libGLESv2_adreno.so@0x287d15
3 libGLESv2_adreno.so libGLESv2_adreno.so@0x172c5f
4 libGLESv2_adreno.so libGLESv2_adreno.so@0xd2ba9
5 libGLESv2_adreno.so libGLESv2_adreno.so@0xa2ca3
6 libxul.so <gleam::gl::GlesFns as gleam::gl::Gl>::bind_renderbuffer third_party/rust/gleam/src/gles_fns.rs:512
7 libxul.so webrender::device::gl::Device::bind_draw_target gfx/wr/webrender/src/device/gl.rs:2103
8 libxul.so webrender::renderer::Renderer::draw_frame gfx/wr/webrender/src/renderer/mod.rs:4472
9 libxul.so webrender::renderer::Renderer::render_impl gfx/wr/webrender/src/renderer/mod.rs:2150
|
Reporter | |
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
Assignee | |
Comment 1•3 years ago
|
||
Looking at the proto signatures, they mainly seem to be
a) bind_draw_target() | glBindRenderbuffer (Maybe the same as bug 1704153)
or b) glCopyImageSubData (I think we only call this when resizing the GPU cache on adreno, but the stacks aren't helpful)
Interestingly we never call glBindRenderbuffer from bind_draw_target().. Perhaps it's actually glBindFramebuffer that is crashing (it's declared just afterwards in gleam, so maybe a similar address). There's also some glLineWidth calls in some of the proto signatures, and I'm pretty certain we never ever call that. So take android crash stacks with a pinch of salt!
About a 3rd of the reports have PBO mapping failures or surface allocation errors in the graphicsCriticalError. So potentially OOM related, though not smoking gun levels.
Unfortunately not a lot to go on yet. Hopefully another user will come forward with some reliable steps to reproduce.
|
|
Assignee | |
Comment 2•3 years ago
•
|
||
Oh, on my moto g6 I've been able to reproduce on https://www.bose.com/en_us/products/headphones/over_ear_headphones/quietcomfort-35-wireless-ii.html#v=qc35_ii_black (from bug 1680999). Open the page and then it quickly starts to spew warning about allocation failures while the screen is blank. Pan or zoom on the blank screen just to cause it some more grief and it sometimes crashes with this signature.
Both of my crashes have the stack Renderer::draw_frame() | Device::invalidate_render_target() | mdb_env_cthr_toggle | then several libGLESv2_adreno.so@...
We do call glBindFramebuffer (not glBindRenderbuffer) from invaldiate_render_target.
|
|
Assignee | |
Comment 3•3 years ago
|
||
Local crash stack from an opt gecko + debug fenix build:
#00 pc 0013f9d0 /vendor/lib/egl/libGLESv2_adreno.so (EsxRenderBucket::AddUnbucketedEntries(EsxCmdBufType, unsigned int)+132)
#01 pc 0013ef47 /vendor/lib/egl/libGLESv2_adreno.so (EsxRenderBucket::BucketRenderingCmds(EsxRenderBucketParams*)+740)
#02 pc 00172e9d /vendor/lib/egl/libGLESv2_adreno.so (EsxContext::BucketRenderingCmds(int)+712)
#03 pc 000d2de7 /vendor/lib/egl/libGLESv2_adreno.so (EsxContext::BindDrawFramebuffer(EsxFramebufferObject*)+178)
#04 pc 000a2e81 /vendor/lib/egl/libGLESv2_adreno.so (EsxContext::GlBindFramebuffer(unsigned int, unsigned int)+272)
#05 pc 05546947 /data/app/org.mozilla.fenix.debug-g_KH-CBBeQT6pqI1ITjB4A==/lib/arm/libxul.so (offset 0x269a000) (webrender::device::gl::Device::link_program::h1861562ffbe726a6+70)
#06 pc 0556eaf3 /data/app/org.mozilla.fenix.debug-g_KH-CBBeQT6pqI1ITjB4A==/lib/arm/libxul.so (offset 0x269a000)
#07 pc 05567b9f /data/app/org.mozilla.fenix.debug-g_KH-CBBeQT6pqI1ITjB4A==/lib/arm/libxul.so (offset 0x269a000) (webrender::renderer::Renderer::update::h66f1424ff0cfdacb+5022)
#08 pc 055672cb /data/app/org.mozilla.fenix.debug-g_KH-CBBeQT6pqI1ITjB4A==/lib/arm/libxul.so (offset 0x269a000) (webrender::renderer::Renderer::update::h66f1424ff0cfdacb+2762)
Again, Device::link_program() does not call glBindFramebuffer, so I wouldn't trust the libxul symbols here. But at this point I'm fairly certain this is a crash in glBindFramebuffer.
|
||
Updated•3 years ago
|
|
||
Comment 4•10 months ago
|
||
Closing this crash as a duplicate of libGLESv2_adreno.so meta bug 1218607.
Description
•