1049357 - B2G: SIGSEGV when trying to watch a video clip from Gallery app

Status: RESOLVED DUPLICATE of bug 1045291

(Core :: JavaScript Engine: JIT, defect)

Description

[Eric Chou [:ericchou] [:echou]]

Gecko: 

commit 6253da73012656812e45c05168d292a8c0d53795
Merge: a238aab 5240870
Author: Ryan VanderMeulen <ryanvm@gmail.com>
Date:   Mon Aug 4 16:06:19 2014 -0400

    Merge inbound to m-c on a CLOSED TREE. a=merge

STR:

(1) Make sure there is a recorded video clip in Flame's sd card.
(2) Reboot the phone (to make sure no other interference)
(3) Launch Gallery
(4) Click on the video and try to play.

Result:

Without attaching gdb, it looks fine. However a SIGSEGV signal would be caught while using gdb.

backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 284.545]
js::jit::Assembler::TraceJumpRelocations (trc=0xb1058898, 
    code=0xb01bc290, reader=<optimized out>)
    at ../../../js/src/jit/arm/Assembler-arm.cpp:791
791	    while (iter.read()) {
(gdb) bt
#0  js::jit::Assembler::TraceJumpRelocations (trc=0xb1058898, 
    code=0xb01bc290, reader=<optimized out>)
    at ../../../js/src/jit/arm/Assembler-arm.cpp:791
#1  0xb5edf3ae in js::jit::JitCode::trace (this=0xb01bc290, 
    trc=0xb1058898) at ../../../js/src/jit/Ion.cpp:747
#2  0xb5e7932c in MarkChildren (code=0xb01bc290, trc=0xb1058898)
    at ../../../js/src/gc/Marking.cpp:1421
#3  processMarkStackOther (addr=2954609296, tag=5, this=<optimized out>)
    at ../../../js/src/gc/Marking.cpp:1595
#4  processMarkStackTop (budget=<optimized out>, this=0xb1058898)
    at ../../../js/src/gc/Marking.cpp:1633
#5  js::GCMarker::drainMarkStack (this=0xb1058898, budget=...)
    at ../../../js/src/gc/Marking.cpp:1747
#6  0xb5fc749a in drainMarkStack (phase=js::gcstats::PHASE_MARK, 
    sliceBudget=..., this=0xb10581a0) at ../../../js/src/jsgc.cpp:4333
#7  js::gc::GCRuntime::incrementalCollectSlice (this=0xb10581a0, 
    budget=0, reason=JS::gcreason::DOM_WORKER, gckind=js::GC_SHRINK)
    at ../../../js/src/jsgc.cpp:4839
#8  0xb5fc7b4e in js::gc::GCRuntime::gcCycle (this=0xb10581a0, 
    incremental=<optimized out>, budget=0, gckind=js::GC_SHRINK, 
    reason=JS::gcreason::DOM_WORKER) at ../../../js/src/jsgc.cpp:5047
#9  0xb5fc7cc4 in js::gc::GCRuntime::collect (this=0xb10581a0, 
    incremental=<optimized out>, budget=0, gckind=js::GC_SHRINK, 
    reason=JS::gcreason::DOM_WORKER) at ../../../js/src/jsgc.cpp:5174
#10 0xb5fc9b78 in JS::ShrinkingGC (rt=0xb1058000, 
    reason=JS::gcreason::DOM_WORKER)
    at ../../../js/src/jsfriendapi.cpp:199
#11 0xb56fcf4c in mozilla::dom::workers::WorkerPrivate::GarbageCollectInternal (this=0xb2646000, aCx=0xb1022280, aShrinking=<optimized out>, 
    aCollectChildren=<optimized out>)
    at ../../../dom/workers/WorkerPrivate.cpp:5572
#12 0xb56fcf92 in (anonymous namespace)::GarbageCollectRunnable::WorkerRun (this=<optimized out>, aCx=<optimized out>, 
    aWorkerPrivate=<optimized out>)
    at ../../../dom/workers/WorkerPrivate.cpp:1645
#13 0xb57016c0 in mozilla::dom::workers::WorkerRunnable::Run (
    this=0xb1729d80) at ../../../dom/workers/WorkerRunnable.cpp:312
#14 0xb56ff640 in mozilla::dom::workers::WorkerPrivate::ProcessAllControlRunnablesLocked (this=0xb2646000)
    at ../../../dom/workers/WorkerPrivate.cpp:4464
#15 0xb5700f0a in mozilla::dom::workers::WorkerPrivate::DoRunLoop (
    this=0xb2646000, aCx=0xb1022280)
    at ../../../dom/workers/WorkerPrivate.cpp:3953
#16 0xb56f2d0e in (anonymous namespace)::WorkerThreadPrimaryRunnable::Run (this=0xb262fce0) at ../../../dom/workers/RuntimeService.cpp:2733
#17 0xb4f824e2 in ProcessNextEvent (aResult=0xb21ffe57, 
    aMayWait=<optimized out>, this=0xb2680f90)
    at ../../../xpcom/threads/nsThread.cpp:766
#18 nsThread::ProcessNextEvent (this=0xb2680f90, 
    aMayWait=<optimized out>, aResult=0xb21ffe57)
    at ../../../xpcom/threads/nsThread.cpp:685
#19 0xb4f90596 in NS_ProcessNextEvent (aThread=<optimized out>, 
    aMayWait=<optimized out>)
    at /home/eric30/Mozilla/github/gecko-dev/xpcom
#20 0xb50caed8 in mozilla::ipc::MessagePumpForNonMainThreads::Run (
    this=0xb3066100, aDelegate=0xb3056120)
    at ../../../ipc/glue/MessagePump.cpp:326
#21 0xb50c010e in MessageLoop::RunInternal (this=<optimized out>)
    at ../../../ipc/chromium/src/base/message_loop.cc:229
#22 0xb50c01c0 in RunHandler (this=0xb3056120)
    at ../../../ipc/chromium/src/base/message_loop.cc:222
#23 MessageLoop::Run (this=0xb3056120)
    at ../../../ipc/chromium/src/base/message_loop.cc:196
#24 0xb4f854d0 in nsThread::ThreadFunc (aArg=0xb2680f90)
    at ../../../xpcom/threads/nsThread.cpp:346
#25 0xb6a2099a in _pt_root (arg=0xb2625780)
    at ../../../../../nsprpub/pr/src/pthreads/ptthread.c:212
#26 0xb6f32ba4 in __thread_entry (func=0xb6a20901 <_pt_root>, 
    arg=0xb2625780, tls=0xb21fff00)
    at bionic/libc/bionic/pthread_create.cpp:92
#27 0xb6f32d20 in pthread_create (thread_out=0xbeb4a8e4, 
    attr=<optimized out>, start_routine=0x78, arg=0xb2625780)
    at bionic/libc/bionic/pthread_create.cpp:201
#28 0x00000000 in ?? ()

Comment 1

[Eric Chou [:ericchou] [:echou]]

I have the same feeling as Gregor -- it's quite annoying while using gdb (bug 1045291 comment 4).

Comment 2

[Eric Chou [:ericchou] [:echou]]

Attachment: the video I mentioned in comment 0

Comment 3

[Benjamin Bouvier [:bbouvier] (inactive)]

It's another instance of a legit use of segfaults in the JITs, to speed things up. As it also concerns debugging b2g, dup of bug 1045291, where possible solutions are discussed.

Comment 4

[Eric Chou [:ericchou] [:echou]]

(In reply to Benjamin Bouvier [:bbouvier] from comment #3)
> It's another instance of a legit use of segfaults in the JITs, to speed
> things up. As it also concerns debugging b2g, dup of bug 1045291, where
> possible solutions are discussed.
> 
> *** This bug has been marked as a duplicate of bug 1045291 ***

ok, thanks. :)