Crash in [@ mozilla::layers::AndroidNativeWindowTextureData::AndroidNativeWindowTextureData]
Categories
(Core :: Graphics, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr102 | --- | unaffected |
| firefox109 | --- | unaffected |
| firefox110 | --- | unaffected |
| firefox111 | + | fixed |
People
(Reporter: cpeterson, Assigned: jnicol)
References
(Regression)
Details
(Keywords: crash, regression, topcrash)
Crash Data
Attachments
(1 file)
This crash looks like it might be a new regression in Fenix Nightly 111 build ID 20230119093127. This is Fenix Nightly's top content process crash right now.
Crash report: https://crash-stats.mozilla.org/report/index/8857f799-facf-44c2-838a-ce60e0230123
Reason: SIGSEGV / SEGV_MAPERR
Top 10 frames of crashing thread:
0 ? @0x00000079632e5d9c
1 ? @0x00000079632a9088
2 libandroid_runtime.so libandroid_runtime.so@0x10a604
3 libandroid_runtime.so libandroid_runtime.so@0x10a57c
4 libandroid.so libandroid.so@0x123fc
5 libxul.so mozilla::layers::AndroidNativeWindowTextureData::AndroidNativeWindowTextureData gfx/layers/opengl/TextureClientOGL.cpp:115
5 libxul.so mozilla::layers::AndroidNativeWindowTextureData::Create gfx/layers/opengl/TextureClientOGL.cpp:104
6 libxul.so mozilla::layers::TextureData::Create gfx/layers/client/TextureClient.cpp:369
6 libxul.so mozilla::layers::TextureClient::CreateForDrawing gfx/layers/client/TextureClient.cpp:1156
7 libxul.so mozilla::layers::CreateTexture gfx/layers/PersistentBufferProvider.cpp:155
|
Reporter | |
Updated•1 year ago
|
|
|
Reporter | |
Comment 1•1 year ago
|
||
Jamie, do you think this AndroidNativeWindowTextureData content process crash could have been caused by any of the following changes?
ANGLE update bug 1753349
webgl.out-of-process bug 1810623
SurfaceTexture bug 1706656
They are all in the pushlog for build ID 20230119093127, which was the first crashing build:
|
||
Updated•1 year ago
|
|
Assignee | |
Comment 2•1 year ago
|
||
Definitely a regression from bug 1706656
|
|
Assignee | |
Comment 3•1 year ago
|
||
The crash occurs here. ANativeWindow_fromSurface() takes a jobject as an argument, and that jobject is supposed to be a Surface.
Bug 1706656 made GeckoSurface no longer inherit from Surface, so the object we are passing is not of the correct type, which causes the crash. We need to pass mSurface->GetSurface()->Get().
What is odd is that we should only be using this AndroidNativeWindowTextureData if the pref gfx.use-surfacetexture-textures is set (see here), and the crash volume is rather high. But it looks like it might be all from a few installs.
|
|
Assignee | |
Comment 4•1 year ago
|
||
Yep this is reproducible by going to any canvas2d page after setting gfx.use-surfacetexture-textures to true.
|
|
Assignee | |
Updated•1 year ago
|
|
|
Assignee | |
Comment 5•1 year ago
|
||
The function ANativeWindow_fromSurface() takes a jobject that is
supposed to be a Surface. Prior to bug 1706656 GeckoSurface was a
subclass of Surface, meaning we passed the correct type. However,
GeckoSurface no longer derives from Surface meaning we hit this JNI
crash.
To fix this, call GeckoSurface->GetSurface() to get the underlying
Surface object.
Note that this code path is only active if the user has modified the
pref gfx.use-surfacetexture-textures. So although the volume is high,
it appears to be limited to a small number of users.
|
||
Comment 6•1 year ago
|
||
Set release status flags based on info from the regressing bug 1706656
Pushed by jnicol@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/27fa39e98e4c Fix JNI crash caused by passing incorrect jobject type. r=gfx-reviewers,nical
|
||
Comment 8•1 year ago
|
||
| bugherder | ||
Description
•