Closed Bug 743938 Opened 8 years ago Closed 8 years ago

crash in glClear @ WSEGL_GetDrawableParameters

Categories

(Firefox for Android :: General, defect, critical)

ARM
Android
defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 752368
Tracking Status
blocking-fennec1.0 --- +

People

(Reporter: xti, Assigned: bjacob)

References

Details

(Keywords: crash, reproducible, topcrash, Whiteboard: [native-crash][gfx][QA^] fixed by patch in bug 752368)

Crash Data

Attachments

(1 file, 1 obsolete file)

This bug was filed from the Socorro interface and is 
report bp-02674a6e-e511-4ba9-9dd5-a14462120410 .
============================================================= 

Frame 	Module 	Signature 	Source
0 	libpvrANDROID_WSEGL.so 	WSEGL_GetDrawableParameters 	android_ws.c:977
1 	libIMGegl.so 	KEGLGetDrawableParameters 	generic_ws.c:735
2 	libGLESv2_POWERVR_SGX540_120.so 	libGLESv2_POWERVR_SGX540_120.so@0x16b3a 	
3 	libGLESv2_POWERVR_SGX540_120.so 	libGLESv2_POWERVR_SGX540_120.so@0x128de 	
4 	libGLESv2_POWERVR_SGX540_120.so 	libGLESv2_POWERVR_SGX540_120.so@0x62e6 	
5 	libGLESv2.so 	glClear 	
6 	libxul.so 	mozilla::layers::LayerManagerOGL::Render 	GLContext.h:2024
7 	libxul.so 	mozilla::layers::LayerManagerOGL::EndTransaction 	gfx/layers/opengl/LayerManagerOGL.cpp:454
8 	libxul.so 	mozilla::layers::LayerManagerOGL::EndEmptyTransaction 	gfx/layers/opengl/LayerManagerOGL.cpp:427
9 	libxul.so 	mozilla::layers::CompositorParent::Composite 	gfx/layers/ipc/CompositorParent.cpp:224
10 	libxul.so 	RunnableMethod<mozilla::layers::CompositorParent, void , Tuple0>::Run 	ipc/chromium/src/base/tuple.h:383
11 	libxul.so 	MessageLoop::RunTask 	ipc/chromium/src/base/message_loop.cc:318
12 	libxul.so 	MessageLoop::DeferOrRunPendingTask 	ipc/chromium/src/base/message_loop.cc:326
13 	libxul.so 	MessageLoop::DoWork 	ipc/chromium/src/base/message_loop.cc:426
14 	libxul.so 	base::MessagePumpDefault::Run 	ipc/chromium/src/base/message_pump_default.cc:23
15 	libxul.so 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:208
16 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:201
17 	libxul.so 	base::Thread::ThreadMain 	ipc/chromium/src/base/thread.cc:156
18 	libxul.so 	ThreadFunc 	ipc/chromium/src/base/platform_thread_posix.cc:26
19 	libc.so 	__thread_entry 	
20 	libc.so 	pthread_create

This crash occurred while Fennec was partially locked on kevs3d.co.uk/dev

--
Firefox 14.0a1 (2012-04-09)
Device: Samsung Galaxy S (Captivate)
OS: Android 2.2
Summary: crash [@ WSEGL_GetDrawableParameters ] → crash in glClear @ WSEGL_GetDrawableParameters
Whiteboard: [native-crash][gfx]
Nicolae, can you place in specific STRs for this please?
Keywords: topcrash
(In reply to Naoki Hirata :nhirata from comment #1)
> Nicolae, can you place in specific STRs for this please?

I can only reproduce this bug by following these steps:

1. Open Fennec
2. Browse to http://kevs3d.co.uk/dev/
3. Tap on Tabs Menu button
4. Tap on device Back button
5. Repeat steps 3-4 for a couple of times

Expected result:
No crash should occur after step 5

Actual result:
Fennec crashes
Keywords: reproducible
I uploaded a video that might be useful: http://youtu.be/kOO6cEoiFIk
blocking-fennec1.0: --- → ?
Related to bug 736436? Otherwise, any ideas?
Assignee: nobody → bjacob
No reason why Benoit has to be the only person looking into GL issues - Jeff Gilbert can too!
This has dropped to #22 recently; please renom if it spikes.

In the mean time, Jeff or Benoit can look at this!
blocking-fennec1.0: ? → -
Keywords: topcrash
It's #14 in 14.0a1 data over the last week and #3 in early 15.0a1 data, so still a topcrash.
Keywords: topcrash
blocking-fennec1.0: - → ?
blocking-fennec1.0: ? → +
I'm looking into this now, sorry for the delay, but is there a known testcase? How can I reproduce?
Oh OK, saw comment 2. Looking.
(In reply to Cristian Nicolae (:xti) from comment #2)
> (In reply to Naoki Hirata :nhirata from comment #1)
> > Nicolae, can you place in specific STRs for this please?
> 
> I can only reproduce this bug by following these steps:
> 
> 1. Open Fennec
> 2. Browse to http://kevs3d.co.uk/dev/
> 3. Tap on Tabs Menu button

In Step 3, what do you call the 'Tabs Menu button'? Is it the big '+' button that opens a new tab? I can't see another button in the Fennec UI.
Attached file stack trace for crash on Nexus S (obsolete) —
Attached is a stack trace for a crash I get on Nexus S, when I follow these STR, interpreting 'Tabs Menu' as the big '+' button that opens a new tab.

On a Galaxy S, I don't get a crash, but I get this:

E/libEGL  ( 3469): call to OpenGL ES API with no current context (logged once per thread)

After which compositing stops working. Will try to get a stack trace for this once I've pulled the symbols off that Galaxy S.
Running into serious trouble with GDB on the Galaxy S, filed android-gdb bug:
https://github.com/darchons/android-gdb/issues/5

Continuing debugging on Nexus S for now.
The Nexus S crash above was bug 754056 which has a patch now.

With that patch, I can now reproduce the present WSEGL_GetDrawableParameters crash on the Nexus S. Debugging.
Depends on: 754056
Here are the stacks of the compositor thread and of the main thread during the crash. The main thread is doing a box blur while the compositor thread is doing a glClear().
Attachment #622942 - Attachment is obsolete: true
The patch in bug 754426 removes the spurious non-threadsafe-refcounting assert failures before the crash, but doesn't change the crash itself.
It's #1 unfixed top crasher in the first days of 14.0b1.
Whiteboard: [native-crash][gfx] → [native-crash][gfx][QA^]
I know how to predict when this crash will imminently happen: that's when SwapBuffers() fails in LayerManagerOGL::Render(). Currently it doesn't check the return value of SwapBuffers(). Only question is what should we do when it fails. Recreate the LayerManager?
This crash is fixed by the patch in bug 752368.
Depends on: 752368
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Whiteboard: [native-crash][gfx][QA^] → [native-crash][gfx][QA^] fixed by patch in bug 752368
Oops, didn't really mean to set as RESOLVED until more people had a chance to verify it. But let's call it a dupe.
Resolution: FIXED → DUPLICATE
Duplicate of bug: 752368
No longer depends on: 752368
You need to log in before you can comment on or make changes to this bug.