Persona is no longer an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 750272 - OOM crash in mozilla::layers::ThebesLayerBuffer::GetContextForQuadrantUpdate
: OOM crash in mozilla::layers::ThebesLayerBuffer::GetContextForQuadrantUpdate
: crash, reproducible
Product: Core
Classification: Components
Component: Graphics: Layers (show other bugs)
: 14 Branch
: ARM Android
: -- critical (vote)
: mozilla15
Assigned To: Vladimir Vukicevic [:vlad] [:vladv]
: Milan Sreckovic [:milan]
Depends on:
Blocks: 763175
  Show dependency treegraph
Reported: 2012-04-30 07:58 PDT by Cristian Nicolae (:xti)
Modified: 2012-06-24 12:28 PDT (History)
14 users (show)
ryanvm: in‑testsuite-
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

protct against exceptions (979 bytes, patch)
2012-05-17 11:40 PDT, Vladimir Vukicevic [:vlad] [:vladv]
blassey.bugs: review-
Details | Diff | Splinter Review
fix, v2 (719 bytes, patch)
2012-05-17 13:21 PDT, Vladimir Vukicevic [:vlad] [:vladv]
blassey.bugs: review+
bugzilla: approval‑mozilla‑beta+
Details | Diff | Splinter Review

Description Cristian Nicolae (:xti) 2012-04-30 07:58:32 PDT
This bug was filed from the Socorro interface and is 
report bp-59898e5d-1c48-4252-9c74-4b6542120430 .
Frame 	Module 	Signature 	Source
0 	TouchBadMemory 	memory/mozalloc/mozalloc_abort.cpp:68
1 	mozalloc_abort 	memory/mozalloc/mozalloc_abort.cpp:89
2 	moz_xmalloc 	memory/mozalloc/mozalloc.cpp:89
3 	mozilla::layers::ThebesLayerBuffer::GetContextForQuadrantUpdate 	mozalloc.h:229
4 	mozilla::layers::ThebesLayerBuffer::BeginPaint 	gfx/layers/ThebesLayerBuffer.cpp:307
5 	mozilla::layers::BasicThebesLayer::PaintThebes 	gfx/layers/basic/BasicLayers.cpp:653
6 	mozilla::layers::BasicLayerManager::PaintLayer 	gfx/layers/basic/BasicLayers.cpp:1875
7 	mozilla::layers::BasicLayerManager::PaintLayer 	gfx/layers/basic/BasicLayers.cpp:1890
8 	mozilla::layers::BasicLayerManager::EndTransactionInternal 	gfx/layers/basic/BasicLayers.cpp:1580
9 	mozilla::layers::BasicShadowLayerManager::EndTransaction 	gfx/layers/basic/BasicLayers.cpp:1527
10 	nsDisplayList::PaintForFrame 	layout/base/nsDisplayList.cpp:651
11 	nsDisplayList::PaintRoot 	layout/base/nsDisplayList.cpp:556
12 	nsLayoutUtils::PaintFrame 	layout/base/nsLayoutUtils.cpp:1802
13 	PresShell::Paint 	layout/base/nsPresShell.cpp:5428
14 	nsViewManager::Refresh 	view/src/nsViewManager.cpp:377
15 	nsViewManager::DispatchEvent 	view/src/nsViewManager.cpp:813
16 	HandleEvent 	view/src/nsView.cpp:158
17 	nsWindow::DispatchEvent 	widget/android/nsWindow.cpp:673
18 	nsWindow::DrawTo 	widget/android/nsWindow.cpp:1036
19 	nsWindow::DrawTo 	widget/android/nsWindow.cpp:1084
20 	nsWindow::OnDraw 	widget/android/nsWindow.cpp:1151
21 	nsWindow::OnGlobalAndroidEvent 	widget/android/nsWindow.cpp:898
22 	nsAppShell::ProcessNextNativeEvent 	widget/android/nsAppShell.cpp:574
23 	nsBaseAppShell::DoProcessNextNativeEvent 	widget/xpwidgets/nsBaseAppShell.cpp:171
24 	nsBaseAppShell::OnProcessNextEvent 	widget/xpwidgets/nsBaseAppShell.cpp:306
25 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:618
26 	NS_ProcessNextEvent_P 	obj-firefox/xpcom/build/nsThreadUtils.cpp:245
27 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:110
28 	MessageLoop::RunInternal 	ipc/chromium/src/base/
29 	MessageLoop::Run 	ipc/chromium/src/base/
30 	nsBaseAppShell::Run 	widget/xpwidgets/nsBaseAppShell.cpp:189
31 	nsAppStartup::Run 	toolkit/components/startup/nsAppStartup.cpp:295
32 	XREMain::XRE_mainRun 	toolkit/xre/nsAppRunner.cpp:3780
33 	XREMain::XRE_main 	toolkit/xre/nsAppRunner.cpp:3857
34 	XRE_main 	toolkit/xre/nsAppRunner.cpp:3933
35 	GeckoStart 	toolkit/xre/nsAndroidStartup.cpp:109
36 	Java_org_mozilla_gecko_GeckoAppShell_nativeRun 	mozglue/android/APKOpen.cpp:996
37 	dvmPlatformInvoke 	
38 	dvmCallJNIMethod_general 	
39 	dvmResolveNativeMethod 	
40 	dvmAsmSisterStart 	
41 	dvmMterpStd 	
42 	dvmInterpret 	
43 	dvmCallMethodV 	
44 	dvmCallMethod 	
45 	dvmDetachCurrentThread 	
46 	__thread_entry 	
47 	pthread_create 	

Steps to reproduce:
1. Open Fennec
2. Go to ( and install the add-on
3. When install is complete, a popup is triggered. Tap on Restart button
4. After Fennec restarts, wait

Expected result:
No crash should occur

Actual result:
After step 4, Fennec will crash.

Firefox 14.0a2 (2012-04-30)
Device: Samsung Captivate
OS: Android 2.2
Comment 1 Cristian Nicolae (:xti) 2012-04-30 08:04:16 PDT
Note: This crash is always reproducible on a clean profile
Comment 2 Cristian Nicolae (:xti) 2012-05-03 02:33:08 PDT
I guess that this crash might be related to this bug:

Before performing step 2, I opened several webpages, each one in a new tab.
Comment 3 Vladimir Vukicevic [:vlad] [:vladv] 2012-05-17 10:26:20 PDT
I can reproduce this on a Galaxy Nexus, latest m-c build, with original STR.
Comment 4 Vladimir Vukicevic [:vlad] [:vladv] 2012-05-17 11:27:38 PDT
Hrm.  Curious.  My crash on a Galaxy Nexus is different than the one here; my stack looks like:

#0  0x4084aa2a in dvmAbort () from /home/vladimir/proj/android/moz-gdb/lib/01467D5504010005/system/lib/
#1  0x4084f762 in dvmDecodeIndirectRef(_JNIEnv*, _jobject*) ()
   from /home/vladimir/proj/android/moz-gdb/lib/01467D5504010005/system/lib/
#2  0x40850f44 in ?? () from /home/vladimir/proj/android/moz-gdb/lib/01467D5504010005/system/lib/
#3  0x6262e772 in GetIntField (fieldID=<optimized out>, obj=<optimized out>, this=<optimized out>)
    at /home/vladimir/proj/android/android-ndk-r5c/platforms/android-5/arch-arm/usr/include/jni.h:706
#4  AndroidGLController::ProvideEGLSurface (this=0x62f36404)
    at /home/vladimir/proj/mozilla-central/widget/android/AndroidLayerViewWrapper.cpp:100
#5  0x6262cf9e in mozilla::AndroidBridge::ProvideEGLSurface (this=<optimized out>)
    at /home/vladimir/proj/mozilla-central/widget/android/AndroidBridge.cpp:1213
#6  0x6279728c in CreateSurfaceForWindow (config=<optimized out>, aWidget=<optimized out>)
    at /home/vladimir/proj/mozilla-central/gfx/gl/GLContextProviderEGL.cpp:1435
#7  mozilla::gl::GLContextProviderEGL::CreateForWindow (aWidget=0x64e22080)
    at /home/vladimir/proj/mozilla-central/gfx/gl/GLContextProviderEGL.cpp:1522
#8  0x62786f24 in mozilla::layers::LayerManagerOGL::CreateContext (this=<optimized out>)
    at /home/vladimir/proj/mozilla-central/gfx/layers/opengl/LayerManagerOGL.cpp:177
#9  0x6278df50 in Initialize (force=<optimized out>, this=<optimized out>) at ../../dist/include/LayerManagerOGL.h:110
#10 mozilla::layers::CompositorParent::AllocPLayers (this=0x64e7bb40, backendType=<optimized out>)
    at /home/vladimir/proj/mozilla-central/gfx/layers/ipc/CompositorParent.cpp:473
#11 0x626bdbb0 in mozilla::layers::PCompositorParent::OnMessageReceived (this=0x64e7bb40, __msg=<optimized out>, 
    __reply=@0x661ffcfc) at /home/vladimir/proj/fx-android-debug/ipc/ipdl/PCompositorParent.cpp:470

AndroidGLController::ProvideEGLSurface uses CallObjectMethod(mJObj, jProvideEGLSurfaceMethod) and then uses jObj without checking its return value (or checking for an exception -- return value might be bogus in this case anyway).  ProvideEGLSurface is throwing an exception here, as per the log:

E/SurfaceTexture(  117): [SurfaceView] connect: already connected (cur=1, req=1)
E/libEGL  (30454): EGLNativeWindowType 0xff860 already connected to another API
E/libEGL  (30454): eglCreateWindowSurface:374 error 300b (EGL_BAD_NATIVE_WINDOW)
W/dalvikvm(30454): Invalid indirect reference 0x41a5b170 in decodeIndirectRef
E/dalvikvm(30454): VM aborting
Comment 5 Vladimir Vukicevic [:vlad] [:vladv] 2012-05-17 11:40:13 PDT
Created attachment 624812 [details] [diff] [review]
protct against exceptions

Protect against an exception raised java-side here.  I don't know why we're getting the exception or anything like that, but this stops a crash without any ill effects that I can see.
Comment 6 Brad Lassey [:blassey] (use needinfo?) 2012-05-17 12:03:00 PDT
Comment on attachment 624812 [details] [diff] [review]
protct against exceptions

Review of attachment 624812 [details] [diff] [review]:

::: widget/android/AndroidLayerViewWrapper.cpp
@@ +92,5 @@
>      jobject jObj = mJEnv->CallObjectMethod(mJObj, jProvideEGLSurfaceMethod);
> +    if (mJEnv->ExceptionOccurred()) {
> +        mJEnv->ExceptionDescribe();
> +        mJEnv->ExceptionClear();
> +        return NULL;

use if (jniFrame.CheckForException())

@@ +114,5 @@
> +
> +
> +
> +
> +

oh god the white space
Comment 7 Brad Lassey [:blassey] (use needinfo?) 2012-05-17 12:03:53 PDT
not enough volume to block on this, but nominate it for uplift once it lands on m-c and we'll probably take it.
Comment 8 Vladimir Vukicevic [:vlad] [:vladv] 2012-05-17 13:21:37 PDT
Created attachment 624861 [details] [diff] [review]
fix, v2

I have no idea where that whitespace came from.  Now with CheckForException.
Comment 9 Brad Lassey [:blassey] (use needinfo?) 2012-05-18 00:59:54 PDT
Comment on attachment 624861 [details] [diff] [review]
fix, v2

Review of attachment 624861 [details] [diff] [review]:

::: widget/android/AndroidLayerViewWrapper.cpp
@@ +91,5 @@
>      AutoLocalJNIFrame jniFrame(mJEnv);
>      jobject jObj = mJEnv->CallObjectMethod(mJObj, jProvideEGLSurfaceMethod);
> +    if (jniFrame.CheckForException()) {
> +        return NULL;
> +    }

nit, no curly braces
Comment 10 Vladimir Vukicevic [:vlad] [:vladv] 2012-05-18 06:14:46 PDT
On inbound, sans curly braces:
Comment 11 Vladimir Vukicevic [:vlad] [:vladv] 2012-05-18 11:09:17 PDT
xti, can you try to reproduce with tomorrow (Saturday's) nightly?
Comment 12 Ryan VanderMeulen [:RyanVM] 2012-05-18 18:09:53 PDT
Comment 13 Cristian Nicolae (:xti) 2012-05-21 01:55:04 PDT
(In reply to Vladimir Vukicevic (:vlad) from comment #11)
> xti, can you try to reproduce with tomorrow (Saturday's) nightly?

I cannot reproduce this issue anymore on the latest Nightly build. However, when I perform the str from comment #0, the following bugs can be reproduced: Bug 737928 (if I install the add-on without opening any webpage) and Bug 738935 (if ~3-4 webpages are opened in new tabs before installing the add-on).

I will close the bug as verified fixed on:

Firefox 15.0a1 (2012-05-20)
Device: Samsung Captivate
OS: Android 2.2
Comment 14 Vladimir Vukicevic [:vlad] [:vladv] 2012-05-22 06:35:15 PDT
Comment on attachment 624861 [details] [diff] [review]
fix, v2

[Approval Request Comment]
User impact if declined: potential uncaught exception leading to GL weirdness
Testing completed (on m-c, etc.): on m-c for a few days
Risk to taking this patch (and alternatives if risky): very little; adds an exception check.  might introduce NULL-related crashes, but the alternative is random-memory-related crashes
Comment 15 Ali Juma [:ajuma] 2012-06-19 08:10:14 PDT
This was approved for 14 (when 14 was Aurora) but never landed there. This is almost certainly what fixed the AndroidGLController::ProvideEGLSurface crashes on 15 and 16. Since these crashes are the #2 and #5 top crashers on 14.0b7 (Bug 763175, which is .N+ blocker), we should consider uplifting this to Beta.
Comment 16 Joe Drew (not getting mail) 2012-06-19 09:20:59 PDT
Given comment 15, renomming.
Comment 17 Johnathan Nightingale [:johnath] 2012-06-19 11:34:06 PDT
Comment on attachment 624861 [details] [diff] [review]
fix, v2

[Triage Comment]

This can land on beta for 14.0.1 but please land on mozilla-beta tip only, not the release branch
Comment 18 Alex Keybl [:akeybl] 2012-06-24 12:23:21 PDT
This hasn't yet landed - is anything blocking?
Comment 19 Ryan VanderMeulen [:RyanVM] 2012-06-24 12:28:46 PDT
Problem solved ;-)

Note You need to log in before you can comment on or make changes to this bug.