Closed
Bug 817514
Opened 12 years ago
Closed 11 years ago
Fennec 19 crash in arm_neon_fill
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
mozilla20
People
(Reporter: scoobidiver, Assigned: BenWa)
References
Details
(Keywords: crash, regression, topcrash)
Crash Data
It's similar to bug 795234 but this time it spiked in Fennec 19. It's indeed #5 top crasher in 19.0a2 and #3 in 20.0a1 with combined signatures. Signature libxul.so@0xca48e8 | arm_neon_fill More Reports Search UUID 455f2355-c1e8-454f-8c1b-fa3112121203 Date Processed 2012-12-03 07:48:21 Uptime 2204 Install Age 2.7 hours since version was first installed. Install Time 2012-12-03 00:01:00 Product FennecAndroid Version 20.0a1 Build ID 20121202030723 Release Channel nightly OS Android OS Version 0.0.0 Linux 3.0.31-gd5a18e0 #1 SMP PREEMPT Fri Nov 2 11:02:59 PDT 2012 armv7l google/yakju/maguro:4.2.1/JOP40D/533553:user/release-keys Build Architecture arm Build Architecture Info Crash Reason SIGSEGV Crash Address 0x64100000 App Notes AdapterDescription: 'Imagination Technologies -- PowerVR SGX 540 -- OpenGL ES 2.0 build 1.8@905891 -- Model: Galaxy Nexus, Product: yakju, Manufacturer: samsung, Hardware: tuna' EGL? EGL+ GL Context? GL Context+ GL Layers? GL Layers+ samsung Galaxy Nexus google/yakju/maguro:4.2.1/JOP40D/533553:user/release-keys Processor Notes /data/socorro/stackwalk/bin/exploitable: ERROR: unable to analyze dump EMCheckCompatibility True Adapter Vendor ID Imagination Technologies Adapter Device ID PowerVR SGX 540 Device samsung Galaxy Nexus Android API Version 17 (REL) Android CPU ABI armeabi-v7a Frame Module Signature Source 0 libxul.so libxul.so@0xca48e8 1 libxul.so arm_neon_fill pixman-arm-neon.c:226 2 libxul.so _pixman_implementation_fill pixman-implementation.c:182 3 libxul.so delegate_fill pixman-implementation.c:62 4 libxul.so _pixman_implementation_fill pixman-implementation.c:182 5 libxul.so _moz_pixman_fill pixman.c:772 6 libxul.so _clip_and_composite_boxes cairo-image-surface.c:2940 7 libxul.so _cairo_image_surface_paint cairo-image-surface.c:3282 8 libxul.so _cairo_surface_paint cairo-surface.c:2109 9 libxul.so _cairo_gstate_fill cairo-gstate.c:1285 10 libxul.so _moz_cairo_fill_preserve cairo.c:2459 11 libxul.so gfxContext::Fill gfxContext.cpp:310 12 libxul.so nsRenderingContext::FillRect nsRenderingContext.cpp:332 13 libxul.so nsDisplayCanvasBackground::Paint nsCanvasFrame.cpp:200 14 libxul.so mozilla::FrameLayerBuilder::DrawThebesLayer FrameLayerBuilder.cpp:3282 15 libxul.so mozilla::layers::BasicThebesLayer::PaintThebes BasicThebesLayer.cpp:139 16 libxul.so mozilla::layers::BasicLayerManager::PaintSelfOrChildren BasicLayerManager.cpp:829 17 libxul.so mozilla::layers::BasicLayerManager::PaintLayer BasicLayerManager.cpp:954 18 libxul.so mozilla::layers::BasicLayerManager::PaintSelfOrChildren BasicLayerManager.cpp:844 19 libxul.so mozilla::layers::BasicLayerManager::PaintLayer BasicLayerManager.cpp:954 20 libxul.so mozilla::layers::BasicLayerManager::EndTransactionInternal BasicLayerManager.cpp:593 21 libxul.so mozilla::layers::BasicLayerManager::EndTransaction BasicLayerManager.cpp:508 22 libxul.so nsDisplayList::PaintForFrame const nsDisplayList.cpp:1142 23 libxul.so nsDisplayList::PaintRoot const nsDisplayList.cpp:1003 24 libxul.so nsLayoutUtils::PaintFrame nsLayoutUtils.cpp:1872 25 libxul.so PresShell::RenderDocument nsPresShell.cpp:4388 26 libxul.so mozilla::AndroidBridge::TakeScreenshot AndroidBridge.cpp:2567 27 libxul.so ScreenshotRunnable::Run nsAppShell.cpp:92 28 libxul.so RunnableMethod<ScreenshotRunnable, tag_nsresult tuple.h:383 29 libxul.so MessageLoop::RunTask message_loop.cc:333 ... More reports at: https://crash-stats.mozilla.com/query/query?product=FennecAndroid&version=FennecAndroid%3A20.0a1&version=FennecAndroid%3A19.0a2&query_search=signature&query_type=contains&query=arm_neon_fill&reason=&do_query=1
|
||
Comment 1•12 years ago
|
||
Kairo - is there any more information you can get from these crashes to indicate what the regression might be?
tracking-firefox20:
--- → +
|
Reporter | |
Updated•12 years ago
|
Crash Signature: libxul.so@0xc984e0 | arm_neon_fill]
[@ libxul.so@0xca48e8 | arm_neon_fill]
[@ libxul.so@0xc9a8a8 | arm_neon_fill] → libxul.so@0xc984e0 | arm_neon_fill]
[@ libxul.so@0xca48e8 | arm_neon_fill]
[@ libxul.so@0xc9a8a8 | arm_neon_fill]
[@ libxul.so@0xc99568 | arm_neon_fill]
[@ libxul.so@0xca6268 | arm_neon_fill]
[@ libxul.so@0xcaed68 | arm_neon_fill]
|
||
Comment 2•12 years ago
|
||
Naoki, Kevin, I remember we had arm_neon_fill problem before, can you help here? In any case, it's not a regression, https://crash-stats.mozilla.com/report/list?signature=libxul.so%400xc920c8%20|%20arm_neon_fill is 18.0b2, and https://crash-stats.mozilla.com/report/list?signature=libxul.so%400xc36758%20|%20arm_neon_fill is 17.0, I saw a 16.0.2 variant around as well when searching for this. I took a fast look through the device reports, and I think most of what I saw look like Tegra systems, probably tegra3, but Naoki or Kevin can give you more info there, they know the scene much better than me.
Crash Signature: libxul.so@0xc984e0 | arm_neon_fill]
[@ libxul.so@0xca48e8 | arm_neon_fill]
[@ libxul.so@0xc9a8a8 | arm_neon_fill]
[@ libxul.so@0xc99568 | arm_neon_fill]
[@ libxul.so@0xca6268 | arm_neon_fill]
[@ libxul.so@0xcaed68 | arm_neon_fill] → libxul.so@0xc984e0 | arm_neon_fill]
[@ libxul.so@0xca48e8 | arm_neon_fill]
[@ libxul.so@0xc9a8a8 | arm_neon_fill]
[@ libxul.so@0xc99568 | arm_neon_fill]
[@ libxul.so@0xca6268 | arm_neon_fill]
[@ libxul.so@0xcaed68 | arm_neon_fill]
[@ libxul.so@0xc36…
|
|
Reporter | |
Comment 3•12 years ago
|
||
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #2) > In any case, it's not a regression. It's #351 top crasher in 17.0, #130 in 18.0b2, #5 in 19.0a2 and #7 in 20.0a1 so it's clearly a regression in 19.0. Previous crashes were tracked in bug 711852. They are residual crashes not fixed by bug 805355 so the regression range is in bug 805355 comment 0.
|
||
Updated•12 years ago
|
Assignee: nobody → bugmail.mozilla
tracking-fennec: ? → 19+
a couple of urls: http://www.fanfiction.net/s/7665729/31/ http://www.neogaf.com/forum/showthread.php?t=503356 We have had arm_neon_fill bugs before : https://bugzilla.mozilla.org/buglist.cgi?list_id=5180593;short_desc=arm_neon_fill;classification=Client%20Software;classification=Components;query_format=advanced;bug_status=UNCONFIRMED;bug_status=NEW;bug_status=READY;bug_status=ASSIGNED;bug_status=REOPENED;bug_status=RESOLVED;bug_status=VERIFIED;short_desc_type=allwordssubstr;product=Core;product=Fennec;product=Firefox%20for%20Android I don't see a strong correlation between versions and graphics card yet : 4.2.1, 4.0.4.
|
|
Reporter | |
Updated•12 years ago
|
Crash Signature: libxul.so@0xc36758 | arm_neon_fill]
[@ libxul.so@0xc920c8 | arm_neon_fill] → libxul.so@0xc36758 | arm_neon_fill]
[@ libxul.so@0xc920c8 | arm_neon_fill]
[@ libxul.so@0xc9d968 | arm_neon_fill]
[@ libxul.so@0xcbe828 | arm_neon_fill]
[@ libxul.so@0xc9d5e8 | arm_neon_fill]
[@ libxul.so@0xc9d928 | arm_neon_fill]
[@ libxul.so@0xcb1…
|
|
Reporter | |
Updated•12 years ago
|
Crash Signature: [@ libxul.so@0xc98b18 | arm_neon_fill]
[@ libxul.so@0xc98e98 | arm_neon_fill]
[@ libxul.so@0xc99428 | arm_neon_fill]
[@ libxul.so@0xc99468 | arm_neon_fill]
[@ libxul.so@0xc993a8 | arm_neon_fill]
[@ libxul.so@0xc9a6e8 | arm_neon_fill]
[@ libxul.so@0… → [@ fast_path_fill ]
[@ libxul.so@0xc98b18 | arm_neon_fill]
[@ libxul.so@0xc98e98 | arm_neon_fill]
[@ libxul.so@0xc99428 | arm_neon_fill]
[@ libxul.so@0xc99468 | arm_neon_fill]
[@ libxul.so@0xc993a8 | arm_neon_fill]
[@ libxul.so@0xc9a6e8 | arm_neon…
|
||
Comment 6•12 years ago
|
||
This would probably be better handled by the graphics team; they were the ones that fixed previous crashes in pixman and I don't know that code very well at all.
Flags: needinfo?(bugmail.mozilla)
|
||
Comment 7•12 years ago
|
||
Benoit, there is a suggestion this is related to a bug you fixed in the past.
Assignee: bugmail.mozilla → bgirard
|
Assignee | |
Comment 9•12 years ago
|
||
Every time we run into this the surface we were drawing into wasn't valid. Something upstream passes a bad pointer and arm_neon_fill crashes. I believe we hit this once when we were drawing to a gralloc surface. I'd imagine that the memory block backing our screenshot is either invalid or too small. We crash on arm_neon_fill since it's the first piece of code that touches the screenshot destination memory block. I'd imagine that we would get this crash under a different signature for non neon device. I see that the screenshot code got deleted in bug 817134. Can we find this crash with install time of 20121217+?
Flags: needinfo?(bgirard)
|
|
Assignee | |
Comment 10•12 years ago
|
||
builddate* of 20121217+?
|
|
||
Comment 11•12 years ago
|
||
(In reply to Benoit Girard (:BenWa) from comment #9) > I see that the screenshot code got deleted in bug 817134. Can we find this > crash with install time of 20121217+? Almost all crashes in the query of comment #0 are after that build date - but they are all on Aurora 19, not on Nightly 20. Does that mean that bug 817134 should be uplifted to 19?
|
|
Reporter | |
Comment 12•11 years ago
|
||
(In reply to Benoit Girard (:BenWa) from comment #9) > I see that the screenshot code got deleted in bug 817134. Can we find this > crash with install time of 20121217+? The latest crashes happened in 20.0a1/20121215 so I assume bug 817134 has fixed it.
Status: NEW → RESOLVED
Closed: 11 years ago
Depends on: 817134
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
|
|
Reporter | |
Comment 13•11 years ago
|
||
Bug 817134 was uplifted to 19.0 Beta.
|
|
Reporter | |
Updated•11 years ago
|
Crash Signature: arm_neon_fill]
[@ libxul.so@0xcb1aa8 | arm_neon_fill]
[@ libxul.so@0xcbe868 | arm_neon_fill] → arm_neon_fill]
[@ libxul.so@0xcb1aa8 | arm_neon_fill]
[@ libxul.so@0xcbe868 | arm_neon_fill]
[@ libxul.so@0xc85f5c | arm_neon_fill]
You need to log in
before you can comment on or make changes to this bug.
Description
•