745243 - Startup crash in AndroidGLController::ProvideEGLSurface during LayerManagerOGL::CreateContext

Status: RESOLVED FIXED

(Firefox for Android Graveyard :: General, defect)

Description

[Scoobidiver (away)]

This bug tracks residual crashes after the fix of bug 741166, 3 crashes so far.

There are two kinds of stack, the one in bug 741166 on startup and the following one:
Frame 	Module 	Signature 	Source
0 	libdvm.so 	libdvm.so@0x431ae 	
1 	libxul.so 	AndroidGLController::ProvideEGLSurface 	jni.h:706
2 	libxul.so 	mozilla::AndroidBridge::ProvideEGLSurface 	widget/android/AndroidBridge.cpp:1135
3 	libxul.so 	mozilla::gl::GLContextEGL::RenewSurface 	gfx/gl/GLContextProviderEGL.cpp:1522
4 	libxul.so 	mozilla::layers::CompositorParent::ResumeComposition 	gfx/layers/ipc/CompositorParent.cpp:146
5 	libxul.so 	RunnableMethod<mozilla::layers::CompositorParent, void , Tuple0>::Run 	ipc/chromium/src/base/tuple.h:383
6 	libxul.so 	MessageLoop::RunTask 	ipc/chromium/src/base/message_loop.cc:318
7 	libxul.so 	MessageLoop::DeferOrRunPendingTask 	ipc/chromium/src/base/message_loop.cc:326
8 	libxul.so 	MessageLoop::DoWork 	ipc/chromium/src/base/message_loop.cc:426
9 	libxul.so 	base::MessagePumpDefault::Run 	ipc/chromium/src/base/message_pump_default.cc:23
10 	libxul.so 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:208
11 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:201
12 	libxul.so 	base::Thread::ThreadMain 	ipc/chromium/src/base/thread.cc:156
13 	libxul.so 	ThreadFunc 	ipc/chromium/src/base/platform_thread_posix.cc:26
14 	libc.so 	libc.so@0x11e32 	
15 	libc.so 	libc.so@0x11a06 	

More reports at:
https://crash-stats.mozilla.com/report/list?signature=AndroidGLController%3A%3AProvideEGLSurface

Comment 1

[Naoki Hirata :nhirata (please use needinfo instead of cc)]

top crash in 14a1 in 3 day period. (4/16/2012)

Comment 2

[Scoobidiver (away)]

There are 3 crashes with the AndroidGLController::ProvideEGLSurface signature and 5 crashes with the JNI_GetCreatedJavaVMs signature.

Comment 3

[Naoki Hirata :nhirata (please use needinfo instead of cc)]

received this crash on the nexus s when going to dartlang.org and then typing something in the editable content using 4/18/2012

Comment 4

[Erin Lancaster [:elan]]

Just got this crash on an HTC phone; signing into Google Reader [http://www.google.com/reader/i] navigate to BBC article and play back flash content. Not able to repro but will keep trying.

Comment 5

[Naoki Hirata :nhirata (please use needinfo instead of cc)]

Possible regression or similar from bug 741166?  Removing topcrash as it's no longer in the topcrash listings.

Comment 6

[Scoobidiver (away)]

(In reply to Naoki Hirata :nhirata from comment #5)
> Removing topcrash as it's no longer in the topcrash listings.
I have to disagree. With combined signatures, there are 60 crashes in 14.0a2 over the last week making it #13 top crasher in 14.0a2.

Comment 7

[Scoobidiver (away)]

In Aurora, with combined signatures, it's #4 top crasher over the last day, #10 over the last 3 days, #16 over the last week.

Comment 8

[Ali Juma [:ajuma]]

Attachment: Wait for surfaceChanged before calling GLController.provideEGLSurface.

There are really two groups of crashes here: those occurring at startup (during LayerManagerOGL::CreateContext) and those occurring later (during CompositorParent::ResumeComposition).

It's conceivable that the startup crashes are caused by us calling GLController.provideEGLSurface before receiving surfaceChanged. Right now, we only wait for surfaceCreated, and hence the surface might still be zero-sized at this point. This patch makes us wait for surfaceChanged instead.

Comment 9

[Ali Juma [:ajuma]]

https://hg.mozilla.org/integration/mozilla-inbound/rev/47c8f2d06763

The bug should be kept open when this merges to m-c, since it likely will not fix the non-startup crashes.

Comment 10

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/mozilla-central/rev/47c8f2d06763

Comment 11

[Ali Juma [:ajuma]]

Comment on attachment 625106 [details] [diff] [review]
Wait for surfaceChanged before calling GLController.provideEGLSurface.

[Approval Request Comment]
User impact if declined: Possible startup crashes.
Testing completed (on m-c, etc.): On m-c since May 18.
Risk to taking this patch (and alternatives if risky): Low risk.
String or UUID changes made by this patch: None.

Comment 12

[Ali Juma [:ajuma]]

(In reply to Ali Juma [:ajuma] from comment #11)
> Comment on attachment 625106 [details] [diff] [review]
> Risk to taking this patch (and alternatives if risky): Low risk.

Forgot to add that this code is mobile-only.

Comment 13

[Ali Juma [:ajuma]]

https://hg.mozilla.org/releases/mozilla-aurora/rev/6a1f7e039216

Comment 14

[Ali Juma [:ajuma]]

(In reply to Ali Juma [:ajuma] from comment #9)
> https://hg.mozilla.org/integration/mozilla-inbound/rev/47c8f2d06763
> 
> The bug should be kept open when this merges to m-c, since it likely will
> not fix the non-startup crashes.

Indeed, looking at crash reports on 14.0b3, the startup crashes (during LayerManagerOGL::CreateContext) are virtually all gone (there is only one such crash so far), but the non-startup crashes remain.

Comment 15

[Joe Drew (not getting mail)]

Ali, for easier tracking, can you open a new bug for the second half of this bug, and mark this one as fixed?

Comment 16

[Ali Juma [:ajuma]]

(In reply to Joe Drew (:JOEDREW!) from comment #15)
> Ali, for easier tracking, can you open a new bug for the second half of this
> bug, and mark this one as fixed?

Filed bug 759162 for the remaining crashes.

Comment 17

[Kevin Brosnan [Ex-Mozilla]]

This cut the crash rate on Beta in half for this signature. With there being a follow up bug for the other crashers I'm willing to call this verified.

Comment 18

[Scoobidiver (away)]

There are still crashes in 14.0b6: bp-21c93fef-dbb0-4666-ba7e-508de2120608, bp-ad52d022-4820-4ab9-91b0-0dfba2120608, bp-71b70694-3b5d-4a01-8daf-56d542120608.

Comment 19

[Ali Juma [:ajuma]]

Re-nomming since the crash volume is low.

There was only a single crash with this signature during LayerManagerOGL::CreateContext in 14.0b5. The fact that we already have 3 crashes in 14.0b6 is a bit concerning (it's too early to say whether this is a real increase or just noise), but the volume is still low.

Comment 20

[Scoobidiver (away)]

(In reply to Ali Juma [:ajuma] from comment #19)
> There was only a single crash with this signature during
> LayerManagerOGL::CreateContext in 14.0b5.
There are more than that (without counting dalvik-LinearAlloc (deleted) signatures).
* 12 crashes https://crash-stats.mozilla.com/report/list?product=FennecAndroid&version=FennecAndroid%3A14.0b5&signature=AndroidGLController%3A%3AProvideEGLSurface
* one crash: https://crash-stats.mozilla.com/report/list?product=FennecAndroid&version=FennecAndroid%3A14.0b5&signature=JNI_GetCreatedJavaVMs%20|%20AndroidGLController%3A%3AProvideEGLSurface
* 3 crashes: https://crash-stats.mozilla.com/report/list?product=FennecAndroid&version=FennecAndroid%3A14.0b5&signature=JNI_GetCreatedJavaVMs

Comment 21

[Ali Juma [:ajuma]]

(In reply to Scoobidiver from comment #20)
> (In reply to Ali Juma [:ajuma] from comment #19)
> > There was only a single crash with this signature during
> > LayerManagerOGL::CreateContext in 14.0b5.
> There are more than that (without counting dalvik-LinearAlloc (deleted)
> signatures).

Ah, indeed, I missed those. Nevertheless, the crash volume still seems too low for this to be a release blocker.

Comment 22

[Joe Drew (not getting mail)]

We should probably open a new bug if startup crashes remain, since bug 759162 tracks the other crashes. I'm going to leave this bug closed for now; makes tracking easier.