Closed Bug 720400 Opened 13 years ago Closed 13 years ago

Crash in nsPluginInstanceOwner::RemovePluginView @ mozilla::AndroidBridge::EnsureJNIThread

Categories

(Firefox for Android Graveyard :: General, defect)

Firefox 11
ARM
Android
defect
Not set
critical

Tracking

(firefox11+ fixed, firefox12 verified)

RESOLVED FIXED
Firefox 12
Tracking Status
firefox11 + fixed
firefox12 --- verified

People

(Reporter: scoobidiver, Assigned: mbrubeck)

References

Details

(4 keywords, Whiteboard: [mobile-crash][has patch])

Crash Data

Attachments

(2 files)

It's #1 top crasher in Fennec 11.0a2 (97% of all crashes!) and 12.0a1 (76% of all crashes). Signature mozilla::AndroidBridge::EnsureJNIThread More Reports Search UUID 1e9cd6dc-8d47-4e81-a731-43e4f2120122 Date Processed 2012-01-22 19:39:33 Process Type content Uptime 100 Install Age 21.8 minutes since version was first installed. Install Time 2012-01-22 19:17:48 Product Fennec Version 12.0a1 Build ID 20120122031050 Release Channel nightly OS Linux OS Version 0.0.0 Linux 2.6.36.3 #1 SMP PREEMPT Wed Sep 7 21:26:24 KST 2011 armv7l Build Architecture arm Build Architecture Info Crash Reason SIGSEGV Crash Address 0x0 App Notes EGL? EGL+ AdapterVendorID: , AdapterDeviceID: . AdapterDescription: 'Android'. Processor Notes WARNING: JSON file missing Add-ons EMCheckCompatibility True Frame Module Signature Source 0 libxul.so mozilla::AndroidBridge::EnsureJNIThread widget/android/AndroidBridge.cpp:261 1 libxul.so mozilla::AndroidBridge::AutoLocalJNIFrame::AutoLocalJNIFrame AndroidBridge.h:116 2 libxul.so nsPluginInstanceOwner::RemovePluginView dom/plugins/base/nsPluginInstanceOwner.cpp:1736 3 libxul.so nsPluginInstanceOwner::UpdateWindowPositionAndClipRect dom/plugins/base/nsPluginInstanceOwner.cpp:3598 4 libxul.so nsObjectFrame::FixupWindow layout/generic/nsObjectFrame.cpp:782 5 libxul.so nsObjectFrame::Instantiate layout/generic/nsObjectFrame.cpp:2240 6 libxul.so nsObjectLoadingContent::Instantiate content/base/src/nsObjectLoadingContent.cpp:1900 7 libxul.so nsAsyncInstantiateEvent::Run content/base/src/nsObjectLoadingContent.cpp:169 8 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:657 9 libxul.so NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:245 10 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110 11 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:229 12 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:208 13 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:201 14 libxul.so nsBaseAppShell::Run widget/xpwidgets/nsBaseAppShell.cpp:189 15 libxul.so XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp:674 16 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:215 17 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:208 18 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:201 19 libxul.so XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp:513 20 libmozglue.so restore_non_core_regs unwind-arm.c:192 21 @0xbeab06aa 22 libplugin-container.so main ipc/app/MozillaRuntimeMainAndroid.cpp:68 23 libc.so __libc_init 24 @0xb0004589 More reports at: https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3AAndroidBridge%3A%3AEnsureJNIThread
tracking-fennec: --- → ?
This is trivial to reproduce in an XUL build. Opening any complex page ex. http://arstechinca.com or http://engadget.com can cause this crash.
Regression range Good Firefox Nightly XUL 2011-12-14 - http://hg.mozilla.org/mozilla-central/rev/221eccfa6a3f Bad Firefox Nightly XUL 2011-12-15 - http://hg.mozilla.org/mozilla-central/rev/beac16509534 http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=221eccfa6a3f&tochange=beac16509534 CC'ed mobile devs that checked in or approved code during the above range.
Keywords: regression
Version: Trunk → Firefox 11
Ccing snorp, as it's plug-in/flash related. Looking at the stack, it looks as if mJavaVM in AndroidBridge has become invalid, but as far as I can tell, this would only happen if you quit the browser, or the Java side bailed out? It would be good to get the logcat output from around when the crash happens, to see if there are any errors on the Java side, but I don't have a gingerbread device handy at the moment.
Sorry, I didn't realise this was a XUL build... My previous comment may or may not be valid. (I'd have thought it was, but the circumstances are quite different)
These crashes occur only on XUL Fennec. It's a Beta blocker for XUL Fennec, not Native Fennec.
you are right, thank you. kw removed.
you are right, thank you. kw removed.
I'll start bisecting to find the precise cause of the regression.
Assignee: nobody → mbrubeck
The first bad revision is: https://hg.mozilla.org/mozilla-central/rev/bc84b3376e14 Margaret Leibovic <margaret.leibovic@gmail.com> Bug 707886 - Platform support for non-e10s click-to-play plugins. r=jst,blassey
Blocks: 707886
Attached patch patchSplinter Review
The AutoLocalJNIFrame crash from comment 0 was happening because we were constructing the frame in the content process. This patch avoids that crash by checking the JNI environment before constructing the frame. After that was fixed, my XUL fennec build was still crashing within libflashplayer.so. I fixed that by reverting part of bug 707886, to again disable plugin loading in the content process.
Attachment #592450 - Flags: review?(blassey.bugs)
Comment on attachment 592450 [details] [diff] [review] patch Review of attachment 592450 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/plugins/base/nsPluginInstanceOwner.cpp @@ +1741,5 @@ > > void* surface = mInstance->GetJavaSurface(); > if (surface) { > JNIEnv* env = GetJNIForThread(); > if (env) { make the surface and env null checks early returns
Attachment #592450 - Flags: review?(blassey.bugs) → review+
Attached patch patch for AuroraSplinter Review
This patch just sets the plugin.disable pref for XUL Fennec. This seems to be sufficient to work around this crash. I think this is the best fix to push to Aurora for Firefox 11. r=blassey on IRC. [Approval Request Comment] Regression caused by (bug #): bug 707886 User impact if declined: Frequent crashes on many web sites. Testing completed (on m-c, etc.): Not landed on m-c. We'd like to land a more complete fix on m-c (the other patch attached to this bug). Risk to taking this patch (and alternatives if risky): Patch is XUL-fennec-only, and only flips a pref to disable a new feature that was never fully implemented in XUL Fennec and is now causing crashes.
Attachment #592451 - Flags: review+
Attachment #592451 - Flags: approval-mozilla-aurora?
Pushed to Try to make sure these don't break any tests: https://tbpl.mozilla.org/?tree=Try&rev=80ccaeca6302 https://tbpl.mozilla.org/?tree=Try&rev=3367e84935d0 (Aurora patch)
Status: NEW → ASSIGNED
Whiteboard: [mobile-crash] → [mobile-crash][has patch]
Keywords: reproducible
Will Flash be enabled in XUL Fx 11 for Android? See: https://wiki.mozilla.org/Fennec/Features/Plugins
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment on attachment 592451 [details] [diff] [review] patch for Aurora [Triage Comment] Approved for Aurora. Please land ASAP.
Attachment #592451 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
I have seen no crashes in 12.0a1/20120130 and above.
tracking-fennec: ? → ---
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: