Closed Bug 688513 Opened 13 years ago Closed 13 years ago

Mobile crash while compiling shaders

Categories

(Core :: Graphics: CanvasWebGL, defect)

ARM
Android
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: jdm, Unassigned)

Details

(Keywords: crash, topcrash, Whiteboard: [native-crash], [QA+])

Crash Data

This bug was filed from the Socorro interface and is report bp-82351257-03fa-4077-bb8a-7748e2110918 . ============================================================= This is a new crash this week on Fennec 9.0. All stacks seem to involve compiling shaders and crash at 0xdeadbaad. 0 libc.so abort 1 libc.so dlfree 2 libc.so free 3 libstdc++.so _ZdaPvRKSt9nothrow_t 4 libxul.so TOutputESSL::writeVariablePrecision _new.h:135 5 libxul.so TOutputGLSLBase::writeVariableType gfx/angle/src/compiler/OutputGLSLBase.cpp:123 6 libxul.so TOutputGLSLBase::visitAggregate gfx/angle/src/compiler/OutputGLSLBase.cpp:539 7 libxul.so TIntermAggregate::traverse gfx/angle/src/compiler/IntermTraverse.cpp:135 8 libxul.so TOutputGLSLBase::visitAggregate gfx/angle/src/compiler/OutputGLSLBase.cpp:454 9 libxul.so TIntermAggregate::traverse gfx/angle/src/compiler/IntermTraverse.cpp:135 10 libxul.so TranslatorESSL::translate gfx/angle/src/compiler/OutputGLSLBase.h:17 11 libxul.so TCompiler::compile gfx/angle/src/compiler/Compiler.cpp:181 12 libxul.so ShCompile gfx/angle/src/compiler/ShaderLang.cpp:169 13 libxul.so mozilla::WebGLContext::CompileShader content/canvas/src/WebGLContextGL.cpp:4015 14 libxul.so nsIDOMWebGLRenderingContext_CompileShader obj-firefox/js/src/xpconnect/src/dom_quickstubs.cpp:29817 15 libxul.so js::Interpret js/src/jscntxtinlines.h:305 16 libxul.so js::RunScript js/src/jsinterp.cpp:614 17 libxul.so js::Invoke js/src/vm/Stack.h:1002 18 libxul.so JS_CallFunctionValue js/src/jscntxt.h:1302 19 libxul.so nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:1928 20 libxul.so nsJSEventListener::HandleEvent dom/src/events/nsJSEventListener.cpp:213 21 libxul.so nsEventListenerManager::HandleEventSubType content/events/src/nsEventListenerManager.cpp:727 22 libxul.so nsEventListenerManager::HandleEventInternal content/events/src/nsEventListenerManager.cpp:777 23 libxul.so nsEventTargetChainItem::HandleEvent content/events/src/nsEventListenerManager.h:160 24 libxul.so nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:346 25 libxul.so nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:674 26 libxul.so DocumentViewerImpl::LoadComplete layout/base/nsDocumentViewer.cpp:1068 27 libxul.so nsDocShell::EndPageLoad docshell/base/nsDocShell.cpp:6162 28 libxul.so nsDocShell::OnStateChange nsCOMPtr.h:482 29 libxul.so nsDocLoader::DoFireOnStateChange uriloader/base/nsDocLoader.cpp:1367 30 libxul.so nsDocLoader::doStopDocumentLoad uriloader/base/nsDocLoader.cpp:962 31 libxul.so nsDocLoader::DocLoaderIsEmpty nsAutoPtr.h:1036 32 libxul.so nsDocLoader::OnStopRequest uriloader/base/nsDocLoader.cpp:740 33 libxul.so nsLoadGroup::RemoveRequest netwerk/base/src/nsLoadGroup.cpp:734 34 libxul.so nsDocument::DoUnblockOnload nsCOMPtr.h:482 35 libxul.so nsDocument::UnblockOnload content/base/src/nsDocument.cpp:7181 36 libxul.so nsDocument::DispatchContentLoadedEvents nsCOMPtr.h:482 37 libxul.so nsRunnableMethodImpl<void , true>::Run nsThreadUtils.h:347 38 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:631 39 libxul.so NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:245 40 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:111 41 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:230 42 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:209 43 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:487 44 libxul.so nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:191 45 libxul.so XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp:677 46 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:222 47 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:209 48 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:487 49 libxul.so XRE_InitChildProcess nsAutoPtr.h:155 50 libmozutils.so ChildProcessInit other-licenses/android/APKOpen.cpp:778 51 plugin-container main ipc/app/MozillaRuntimeMainAndroid.cpp:69 More crashes at https://crash-stats.mozilla.com/report/list?range_value=7&range_unit=days&date=2011-09-22%2005%3A00%3A00&signature=abort&version=Fennec%3A9.0a1
OS: Mac OS X → Android
Hardware: x86 → ARM
$ echo _ZdaPvRKSt9nothrow_t | c++filt operator delete[](void*, std::nothrow_t const&) http://hg.mozilla.org/mozilla-central/annotate/f2a2adaaacba/gfx/angle/src/compiler/OutputGLSLBase.cpp#l123 is: if (writeVariablePrecision(type.getPrecision())) writeVariablePrecision is a virtual function and on Mobile we call bool TOutputESSL::writeVariablePrecision(TPrecision precision) { if (precision == EbpUndefined) return false; TInfoSinkBase& out = objSink(); out << getPrecisionString(precision); return true; } the crash suggests that we are making an invalid free here. Hard to debug. Can anyone reproduce?
Crash Signature: [@ abort] → [@ abort] [@ TOutputESSL::writeVariablePrecision ]
Keywords: topcrash
Whiteboard: [native-crash], [QA+]
There have been no crashes in Fennec for the last four weeks. I close it as WFM.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.