Closed Bug 720400 Opened 13 years ago Closed 13 years ago

Crash in nsPluginInstanceOwner::RemovePluginView @ mozilla::AndroidBridge::EnsureJNIThread


(Firefox for Android Graveyard :: General, defect)

Firefox 11
Not set


(firefox11+ fixed, firefox12 verified)

Firefox 12
Tracking Status
firefox11 + fixed
firefox12 --- verified


(Reporter: scoobidiver, Assigned: mbrubeck)



(4 keywords, Whiteboard: [mobile-crash][has patch])

Crash Data


(2 files)

It's #1 top crasher in Fennec 11.0a2 (97% of all crashes!) and 12.0a1 (76% of all crashes).

Signature 	mozilla::AndroidBridge::EnsureJNIThread More Reports Search
UUID	1e9cd6dc-8d47-4e81-a731-43e4f2120122
Date Processed	2012-01-22 19:39:33
Process Type	content
Uptime	100
Install Age	21.8 minutes since version was first installed.
Install Time	2012-01-22 19:17:48
Product	Fennec
Version	12.0a1
Build ID	20120122031050
Release Channel	nightly
OS	Linux
OS Version	0.0.0 Linux #1 SMP PREEMPT Wed Sep 7 21:26:24 KST 2011 armv7l
Build Architecture	arm
Build Architecture Info	
Crash Reason	SIGSEGV
Crash Address	0x0
App Notes 	
AdapterVendorID: , AdapterDeviceID: .
AdapterDescription: 'Android'.
Processor Notes 	WARNING: JSON file missing Add-ons
EMCheckCompatibility	True

Frame 	Module 	Signature 	Source
0 	mozilla::AndroidBridge::EnsureJNIThread 	widget/android/AndroidBridge.cpp:261
1 	mozilla::AndroidBridge::AutoLocalJNIFrame::AutoLocalJNIFrame 	AndroidBridge.h:116
2 	nsPluginInstanceOwner::RemovePluginView 	dom/plugins/base/nsPluginInstanceOwner.cpp:1736
3 	nsPluginInstanceOwner::UpdateWindowPositionAndClipRect 	dom/plugins/base/nsPluginInstanceOwner.cpp:3598
4 	nsObjectFrame::FixupWindow 	layout/generic/nsObjectFrame.cpp:782
5 	nsObjectFrame::Instantiate 	layout/generic/nsObjectFrame.cpp:2240
6 	nsObjectLoadingContent::Instantiate 	content/base/src/nsObjectLoadingContent.cpp:1900
7 	nsAsyncInstantiateEvent::Run 	content/base/src/nsObjectLoadingContent.cpp:169
8 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:657
9 	NS_ProcessNextEvent_P 	obj-firefox/xpcom/build/nsThreadUtils.cpp:245
10 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:110
11 	mozilla::ipc::MessagePumpForChildProcess::Run 	ipc/glue/MessagePump.cpp:229
12 	MessageLoop::RunInternal 	ipc/chromium/src/base/
13 	MessageLoop::Run 	ipc/chromium/src/base/
14 	nsBaseAppShell::Run 	widget/xpwidgets/nsBaseAppShell.cpp:189
15 	XRE_RunAppShell 	toolkit/xre/nsEmbedFunctions.cpp:674
16 	mozilla::ipc::MessagePumpForChildProcess::Run 	ipc/glue/MessagePump.cpp:215
17 	MessageLoop::RunInternal 	ipc/chromium/src/base/
18 	MessageLoop::Run 	ipc/chromium/src/base/
19 	XRE_InitChildProcess 	toolkit/xre/nsEmbedFunctions.cpp:513
20 	restore_non_core_regs 	unwind-arm.c:192
21 		@0xbeab06aa 	
22 	main 	ipc/app/MozillaRuntimeMainAndroid.cpp:68
23 	__libc_init 	
24 		@0xb0004589 

More reports at:
tracking-fennec: --- → ?
This is trivial to reproduce in an XUL build. Opening any complex page ex. or can cause this crash.
Regression range
Good Firefox Nightly XUL 2011-12-14 -
Bad Firefox Nightly XUL 2011-12-15 -

CC'ed mobile devs that checked in or approved code during the above range.
Keywords: regression
Version: Trunk → Firefox 11
Ccing snorp, as it's plug-in/flash related.

Looking at the stack, it looks as if mJavaVM in AndroidBridge has become invalid, but as far as I can tell, this would only happen if you quit the browser, or the Java side bailed out?

It would be good to get the logcat output from around when the crash happens, to see if there are any errors on the Java side, but I don't have a gingerbread device handy at the moment.
Sorry, I didn't realise this was a XUL build... My previous comment may or may not be valid. (I'd have thought it was, but the circumstances are quite different)
These crashes occur only on XUL Fennec. It's a Beta blocker for XUL Fennec, not Native Fennec.
you are right, thank you. kw removed.
you are right, thank you. kw removed.
I'll start bisecting to find the precise cause of the regression.
Assignee: nobody → mbrubeck
The first bad revision is:
Margaret Leibovic <>
Bug 707886 - Platform support for non-e10s click-to-play plugins. r=jst,blassey
Blocks: 707886
Attached patch patchSplinter Review
The AutoLocalJNIFrame crash from comment 0 was happening because we were constructing the frame in the content process.  This patch avoids that crash by checking the JNI environment before constructing the frame.

After that was fixed, my XUL fennec build was still crashing within  I fixed that by reverting part of bug 707886, to again disable plugin loading in the content process.
Attachment #592450 - Flags: review?(blassey.bugs)
Comment on attachment 592450 [details] [diff] [review]

Review of attachment 592450 [details] [diff] [review]:

::: dom/plugins/base/nsPluginInstanceOwner.cpp
@@ +1741,5 @@
>      void* surface = mInstance->GetJavaSurface();
>      if (surface) {
>        JNIEnv* env = GetJNIForThread();
>        if (env) {

make the surface and env null checks early returns
Attachment #592450 - Flags: review?(blassey.bugs) → review+
Attached patch patch for AuroraSplinter Review
This patch just sets the plugin.disable pref for XUL Fennec.  This seems to be sufficient to work around this crash.  I think this is the best fix to push to Aurora for Firefox 11.  r=blassey on IRC.

[Approval Request Comment]
Regression caused by (bug #): bug 707886

User impact if declined: Frequent crashes on many web sites.

Testing completed (on m-c, etc.): Not landed on m-c.  We'd like to land a more complete fix on m-c (the other patch attached to this bug).

Risk to taking this patch (and alternatives if risky): Patch is XUL-fennec-only, and only flips a pref to disable a new feature that was never fully implemented in XUL Fennec and is now causing crashes.
Attachment #592451 - Flags: review+
Attachment #592451 - Flags: approval-mozilla-aurora?
Pushed to Try to make sure these don't break any tests: (Aurora patch)
Whiteboard: [mobile-crash] → [mobile-crash][has patch]
Keywords: reproducible
Will Flash be enabled in XUL Fx 11 for Android?
Closed: 13 years ago
Resolution: --- → FIXED
Comment on attachment 592451 [details] [diff] [review]
patch for Aurora

[Triage Comment]
Approved for Aurora. Please land ASAP.
Attachment #592451 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
I have seen no crashes in 12.0a1/20120130 and above.
tracking-fennec: ? → ---
You need to log in before you can comment on or make changes to this bug.