Closed
Bug 720400
Opened 13 years ago
Closed 13 years ago
Crash in nsPluginInstanceOwner::RemovePluginView @ mozilla::AndroidBridge::EnsureJNIThread
Categories
(Firefox for Android Graveyard :: General, defect)
Tracking
(firefox11+ fixed, firefox12 verified)
RESOLVED
FIXED
Firefox 12
People
(Reporter: scoobidiver, Assigned: mbrubeck)
References
Details
(4 keywords, Whiteboard: [mobile-crash][has patch])
Crash Data
Attachments
(2 files)
2.79 KB,
patch
|
blassey
:
review+
|
Details | Diff | Splinter Review |
850 bytes,
patch
|
mbrubeck
:
review+
akeybl
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
It's #1 top crasher in Fennec 11.0a2 (97% of all crashes!) and 12.0a1 (76% of all crashes).
Signature mozilla::AndroidBridge::EnsureJNIThread More Reports Search
UUID 1e9cd6dc-8d47-4e81-a731-43e4f2120122
Date Processed 2012-01-22 19:39:33
Process Type content
Uptime 100
Install Age 21.8 minutes since version was first installed.
Install Time 2012-01-22 19:17:48
Product Fennec
Version 12.0a1
Build ID 20120122031050
Release Channel nightly
OS Linux
OS Version 0.0.0 Linux 2.6.36.3 #1 SMP PREEMPT Wed Sep 7 21:26:24 KST 2011 armv7l
Build Architecture arm
Build Architecture Info
Crash Reason SIGSEGV
Crash Address 0x0
App Notes
EGL? EGL+
AdapterVendorID: , AdapterDeviceID: .
AdapterDescription: 'Android'.
Processor Notes WARNING: JSON file missing Add-ons
EMCheckCompatibility True
Frame Module Signature Source
0 libxul.so mozilla::AndroidBridge::EnsureJNIThread widget/android/AndroidBridge.cpp:261
1 libxul.so mozilla::AndroidBridge::AutoLocalJNIFrame::AutoLocalJNIFrame AndroidBridge.h:116
2 libxul.so nsPluginInstanceOwner::RemovePluginView dom/plugins/base/nsPluginInstanceOwner.cpp:1736
3 libxul.so nsPluginInstanceOwner::UpdateWindowPositionAndClipRect dom/plugins/base/nsPluginInstanceOwner.cpp:3598
4 libxul.so nsObjectFrame::FixupWindow layout/generic/nsObjectFrame.cpp:782
5 libxul.so nsObjectFrame::Instantiate layout/generic/nsObjectFrame.cpp:2240
6 libxul.so nsObjectLoadingContent::Instantiate content/base/src/nsObjectLoadingContent.cpp:1900
7 libxul.so nsAsyncInstantiateEvent::Run content/base/src/nsObjectLoadingContent.cpp:169
8 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:657
9 libxul.so NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:245
10 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110
11 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:229
12 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:208
13 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:201
14 libxul.so nsBaseAppShell::Run widget/xpwidgets/nsBaseAppShell.cpp:189
15 libxul.so XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp:674
16 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:215
17 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:208
18 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:201
19 libxul.so XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp:513
20 libmozglue.so restore_non_core_regs unwind-arm.c:192
21 @0xbeab06aa
22 libplugin-container.so main ipc/app/MozillaRuntimeMainAndroid.cpp:68
23 libc.so __libc_init
24 @0xb0004589
More reports at:
https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3AAndroidBridge%3A%3AEnsureJNIThread
Reporter | ||
Updated•13 years ago
|
tracking-fennec: --- → ?
Comment 1•13 years ago
|
||
This is trivial to reproduce in an XUL build. Opening any complex page ex. http://arstechinca.com or http://engadget.com can cause this crash.
Comment 2•13 years ago
|
||
Regression range
Good Firefox Nightly XUL 2011-12-14 - http://hg.mozilla.org/mozilla-central/rev/221eccfa6a3f
Bad Firefox Nightly XUL 2011-12-15 - http://hg.mozilla.org/mozilla-central/rev/beac16509534
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=221eccfa6a3f&tochange=beac16509534
CC'ed mobile devs that checked in or approved code during the above range.
Reporter | ||
Updated•13 years ago
|
Keywords: regression
Version: Trunk → Firefox 11
Comment 3•13 years ago
|
||
Ccing snorp, as it's plug-in/flash related.
Looking at the stack, it looks as if mJavaVM in AndroidBridge has become invalid, but as far as I can tell, this would only happen if you quit the browser, or the Java side bailed out?
It would be good to get the logcat output from around when the crash happens, to see if there are any errors on the Java side, but I don't have a gingerbread device handy at the moment.
Comment 4•13 years ago
|
||
Sorry, I didn't realise this was a XUL build... My previous comment may or may not be valid. (I'd have thought it was, but the circumstances are quite different)
Updated•13 years ago
|
Keywords: fennecnative-betablocker
Updated•13 years ago
|
tracking-firefox11:
--- → +
Reporter | ||
Comment 5•13 years ago
|
||
These crashes occur only on XUL Fennec. It's a Beta blocker for XUL Fennec, not Native Fennec.
Comment 7•13 years ago
|
||
you are right, thank you. kw removed.
Assignee | ||
Comment 8•13 years ago
|
||
I'll start bisecting to find the precise cause of the regression.
Assignee: nobody → mbrubeck
Assignee | ||
Comment 9•13 years ago
|
||
The first bad revision is: https://hg.mozilla.org/mozilla-central/rev/bc84b3376e14
Margaret Leibovic <margaret.leibovic@gmail.com>
Bug 707886 - Platform support for non-e10s click-to-play plugins. r=jst,blassey
Blocks: 707886
Assignee | ||
Comment 10•13 years ago
|
||
The AutoLocalJNIFrame crash from comment 0 was happening because we were constructing the frame in the content process. This patch avoids that crash by checking the JNI environment before constructing the frame.
After that was fixed, my XUL fennec build was still crashing within libflashplayer.so. I fixed that by reverting part of bug 707886, to again disable plugin loading in the content process.
Attachment #592450 -
Flags: review?(blassey.bugs)
Comment 11•13 years ago
|
||
Comment on attachment 592450 [details] [diff] [review]
patch
Review of attachment 592450 [details] [diff] [review]:
-----------------------------------------------------------------
::: dom/plugins/base/nsPluginInstanceOwner.cpp
@@ +1741,5 @@
>
> void* surface = mInstance->GetJavaSurface();
> if (surface) {
> JNIEnv* env = GetJNIForThread();
> if (env) {
make the surface and env null checks early returns
Attachment #592450 -
Flags: review?(blassey.bugs) → review+
Assignee | ||
Comment 12•13 years ago
|
||
This patch just sets the plugin.disable pref for XUL Fennec. This seems to be sufficient to work around this crash. I think this is the best fix to push to Aurora for Firefox 11. r=blassey on IRC.
[Approval Request Comment]
Regression caused by (bug #): bug 707886
User impact if declined: Frequent crashes on many web sites.
Testing completed (on m-c, etc.): Not landed on m-c. We'd like to land a more complete fix on m-c (the other patch attached to this bug).
Risk to taking this patch (and alternatives if risky): Patch is XUL-fennec-only, and only flips a pref to disable a new feature that was never fully implemented in XUL Fennec and is now causing crashes.
Attachment #592451 -
Flags: review+
Attachment #592451 -
Flags: approval-mozilla-aurora?
Assignee | ||
Comment 13•13 years ago
|
||
Pushed to Try to make sure these don't break any tests:
https://tbpl.mozilla.org/?tree=Try&rev=80ccaeca6302
https://tbpl.mozilla.org/?tree=Try&rev=3367e84935d0 (Aurora patch)
Status: NEW → ASSIGNED
Whiteboard: [mobile-crash] → [mobile-crash][has patch]
Assignee | ||
Comment 14•13 years ago
|
||
Target Milestone: --- → Firefox 12
Reporter | ||
Updated•13 years ago
|
Keywords: reproducible
Reporter | ||
Comment 15•13 years ago
|
||
Will Flash be enabled in XUL Fx 11 for Android?
See: https://wiki.mozilla.org/Fennec/Features/Plugins
Comment 16•13 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment 17•13 years ago
|
||
Comment on attachment 592451 [details] [diff] [review]
patch for Aurora
[Triage Comment]
Approved for Aurora. Please land ASAP.
Attachment #592451 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Assignee | ||
Comment 18•13 years ago
|
||
Reporter | ||
Comment 19•13 years ago
|
||
I have seen no crashes in 12.0a1/20120130 and above.
Updated•11 years ago
|
tracking-fennec: ? → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•