Closed Bug 1073088 Opened 10 years ago Closed 10 years ago

pthread_kill | raise | __libc_android_abort | ? | close | mozilla::system::OpenFileFinder::Next(mozilla::system::OpenFileFinder::Info*)

Categories

(Firefox OS Graveyard :: Stability, defect, P2)

Product:
Firefox OS Graveyard
Component:
Stability
Platform:
ARM
Gonk (Firefox OS)
Type:
defect

Tracking

(blocking-b2g:2.0+, firefox33 wontfix, firefox34 fixed, firefox35 fixed, b2g-v2.0 unaffected, b2g-v2.1 fixed, b2g-v2.2 fixed)

Status:
RESOLVED FIXED
Milestone:
2.1 S6 (10oct)
Project Flags:
blocking-b2g 2.0+
Tracking Flags:
Tracking Status
firefox33 --- wontfix
firefox34 --- fixed
firefox35 --- fixed
b2g-v2.0 --- unaffected
b2g-v2.1 --- fixed
b2g-v2.2 --- fixed

People

(Reporter: dhirnyj, Assigned: dhylands)

References

Details

(Keywords: crash, Whiteboard: [caf-crash 372][b2g-crash][caf priority: p1][CR 730173])

Attachments

(6 files, 2 obsolete files)

Decoded minidump
573.69 KB, text/plain
Details
Extra file dump
567.12 KB, text/plain
Details
Don't close the mtp file descriptor when MtpServer::run does
895 bytes, patch
mwu
: review+
bajaj
: approval-mozilla-aurora+
Details | Diff | Splinter Review
EXTRA file attachment - AU_LINUX_GECKO_B2G_KK_3.6.01.04.00.000.100
142.42 KB, text/plain
Details
decoded minidump - AU_LINUX_GECKO_B2G_KK_3.6.01.04.00.000.100
496.25 KB, text/plain
Details
1637.MP4
2.48 MB, video/mp4
Details 
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0
Build ID: 20130329030832

Steps to reproduce:

UTRAN: W+G
Hardware used: 8926 MTP
Meta Build location: \\holi\builds516\INTEGRATION\M8926AAAAANFGD200007H.1
Logs content: QPST logs location
Mini dumps location: None
ADB logs & QPST Logs Location: \\range\TargetPST\B2G_8926_2.0\M8926AAAAANFGD200007.1\25sep\1a5a62a_W_Manual_B4_C17
Test steps:
1.Select USB storage ON
2.Check MTP radio button option in USB storage
3.Select media storage and do eject SD card
4.Select USB storage OFF, device got crashed, dumps got collected


Actual results:

Device Crashed, see attached files (to be added later).


Expected results:

Not crashed
[Blocking Requested - why for this release]:
blocking-b2g: --- → 2.1?
OS: All → Gonk (Firefox OS)
Priority: -- → P2
Hardware: All → ARM
Component: Gaia::System → General
Whiteboard: [CR 730173]
Whiteboard: [CR 730173] → [caf priority: p1][CR 730173]
Whiteboard: [caf priority: p1][CR 730173] → [b2g-crash][caf-crash 336][caf priority: p1][CR 730173]
Keywords: crash
Observed on: 

Device: msm8226
Gonk Version: AU_LINUX_GECKO_B2G_KK_2.0.01.04.00.114.092
Moz BuildID: 20140916000206
B2G Version: 2.1
Gecko Version: 34.0a2
Gaia:  http://git.mozilla.org/?p=releases/gaia.git;a=commit;h=713448b8963cd53c561f4b38640f8c63b655ce33
Gecko: http://git.mozilla.org/?p=releases/gecko.git;a=commit;h=395370094caa386ebf8fe8831d030bc5484fa599
Patches: bug 1055299, bug 1068978, bug 1067205, bug 1070431, bug 1068394, bug 1051633, bug 1057220
Component: General → Stability
I am NI :dhylands to start here.. as he may be familiar the storage code or will be able to pass this around for investigation.
Flags: needinfo?(dhylands)
blocking-b2g: 2.1? → 2.1+
Flags: needinfo?(mwu)
We may have attached the wrong log, I'm looking into it.
Flags: needinfo?(ggrisco)
Attached file Decoded minidump 

        Attachment #8496085 -
        Attachment is obsolete: true

    
    

    
  

      
      
      
      

        Attached file
          
        Extra file dump
      

    


  

        Attachment #8496084 -
        Attachment is obsolete: true

    
  
Flags: needinfo?(ggrisco)
Whiteboard: [b2g-crash][caf-crash 336][caf priority: p1][CR 730173] → [b2g-crash][caf priority: p1][CR 730173]
Whiteboard: [b2g-crash][caf priority: p1][CR 730173] → [caf-crash 336][b2g-crash][caf priority: p1][CR 730173]

    
    

    
  
fwiw, on a flame running current trunk we are not crashing we the steps in comment 0. Can we get QA to do a branch test?
Keywords: qawanted

    
    

    
  
Dave, please investigate. Assigning this to you. 

Copying Eric Chou too
Assignee: nobody → dhylands
Flags: needinfo?(mwu)

    
  
Whiteboard: [caf-crash 336][b2g-crash][caf priority: p1][CR 730173] → [caf-crash 372][b2g-crash][caf priority: p1][CR 730173]

    
    

    
  
So this is crashing inside some custom version of close that CAF is using.

On our builds, close is found inside of close.S and is just a system call into the kernel.

Which would explain why we aren't seeing any crash - since the kernel will just return -1 with errno set to EBADF and doesn't raise an exception.

So, I'd like to see the source for the custom close to determine why it thinks it should be raising an exception.

In all likelyhood, this is still a bug on our side, but we can't reproduce the problem because we aren't running the same code.
Flags: needinfo?(dhylands)

    
    

    
  
ni mvines to find out if we'll be allowed to see the source, or if we have to debug this in the dark...
Flags: needinfo?(mvines)

    
    

    
  
It seems that we're hitting a double close here.

Android's MtpServer::run calls close here:
https://github.com/mozilla-b2g/platform_frameworks_av/blob/master/media/mtp/MtpServer.cpp#L240

and then we call close again in the ScopedClose descriptor:
http://dxr.mozilla.org/mozilla-central/source/dom/system/gonk/MozMtpServer.cpp#207

So we need to forget the file descriptor if we call run.

I'll put together a patch.

    
    

    
  
Dave -- I guess you figured out the issue but for reference here is the source we are using.
It's available on CAF website:
https://www.codeaurora.org/cgit/quic/la/platform/frameworks/av/tree/?h=LNX.LF.3.5.1_RB1.2
Flags: needinfo?(mvines)

    
    

    
  


  
MTP seems to behave the same as before this patch.

CAF will need to verify if it fixes their crash since we don't have the same libc.

        Attachment #8496321 -
        Flags: review?(mwu)

    
  

        Attachment #8496321 -
        Flags: review?(mwu) → review+

    
    

    
  
Comment on attachment 8496321 [details] [diff] [review]
Don't close the mtp file descriptor when MtpServer::run does

Approval Request Comment
[Feature/regressing bug #]: When MTP was added
[User impact if declined]: Most likely None.
[Describe test coverage new/current, TBPL]: I verified that MTP still behaves the same as before the patch (none of our tests catch this problem).
[Risks and why]: Low
[String/UUID change made/needed]: None

This affects MTBF tests being done by CAF. There is a small window where the wrong file handle could be closed (So the user impact isn't none, but it is still a bug).

        Attachment #8496321 -
        Flags: approval-mozilla-aurora?
Keywords: qawanted

    
    

    
  
(In reply to Inder from comment #15)
> Dave -- I guess you figured out the issue but for reference here is the
> source we are using.
> It's available on CAF website:
> https://www.codeaurora.org/cgit/quic/la/platform/frameworks/av/tree/?h=LNX.
> LF.3.5.1_RB1.2

I meant the source for libc that you're using. Because the stack trace shows that it doesn't match the source that we're using for libc.
Flags: needinfo?(ikumar)

    
    

    
  
Yeah we have some additional stuff that help us catch issues like this quicker during stability runs.
Flags: needinfo?(ikumar)

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/81cc689e42b1
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED

        Attachment #8496321 -
        Flags: approval-mozilla-aurora? → approval-mozilla-aurora+

    
    

    
  
The description of this bug doesn't seem to match the crash dump.

The description says:

pthread_kill | raise | __libc_android_abort | ? | close | mozilla::system::OpenFileFinder::Next(mozilla::system::OpenFileFinder::Info*)

which implies to me that the crash occurred in OpenFileFinder. But OpenFileFnder doesn't show up in the attached crash dump.

Is there another problem?
Flags: needinfo?(dhirnyj)

    
    

    
  
We're seeing this on 2.0, would like it fixed there.

          status-b2g-v2.0:
          --- → affected
Flags: needinfo?(bbajaj)

    
    

    
  
Comment on attachment 8496321 [details] [diff] [review]
Don't close the mtp file descriptor when MtpServer::run does

NOTE: Please see https://wiki.mozilla.org/Release_Management/B2G_Landing to better understand the B2G approval process and landings.

[Approval Request Comment]
Bug caused by (feature/regressing bug #): When MTP was added
User impact if declined: Most likely None.
Testing completed: I verified that MTP still behaves the same as before the patch (none of our tests catch this problem).
Risk to taking this patch (and alternatives if risky): Low
String or UUID changes made by this patch: None

        Attachment #8496321 -
        Flags: approval-mozilla-b2g32?
blocking-b2g: 2.1+ → 2.0+
Flags: needinfo?(bbajaj)

        Attachment #8496321 -
        Flags: approval-mozilla-b2g32? → approval-mozilla-b2g32+

    
    

    
  
(In reply to Greg Grisco from comment #24)
> We're seeing this on 2.0, would like it fixed there.

Bug 1029533 didn't land on v2.0, so I'm not sure what I'm supposed to be uplifting to b2g32 here.
Flags: needinfo?(dhylands)

    
    

    
  
Greg - are you seeing the title of the bug, or the description?

The backtraces included in this bug are what was fixed and don't match the title.

I put a needinfo on comment 22 to get this clarified, but never received a response.

If you're seeing the title, then we should change the title of this one and open a new bug.
Flags: needinfo?(dhylands) → needinfo?(ggrisco)

    
    

    
  
Hi Dave, sorry for the confusion.  You're right, we messed up the title on this one.  Also, the minidump that we uploaded was for v2.1, but we see this crash on both v2.0 and v2.1.  Although we haven't seen this crash recur in past two weeks, I think we still might want to fix on v2.0.  Is there any harm in bringing it to 2.0?
Flags: needinfo?(ggrisco) → needinfo?(dhylands)

    
    

    
  
Greg - so the issue is that the minidump is for a crash in MTP. We never landed MTP on 2.0, so there is no way of uplifting this patch to 2.0 (the files to apply the patch to don't even exist in 2.0).

So that's why there is some confusion about how you could be seeing this in 2.0. Perhaps you're seeing the crash described in the title, and not the crash described by the minidump?
Flags: needinfo?(dhylands) → needinfo?(ggrisco)

    
    

    
  
(In reply to Dave Hylands [:dhylands] from comment #29)
> Greg - so the issue is that the minidump is for a crash in MTP. We never
> landed MTP on 2.0, so there is no way of uplifting this patch to 2.0 (the
> files to apply the patch to don't even exist in 2.0).
> 
> So that's why there is some confusion about how you could be seeing this in
> 2.0. Perhaps you're seeing the crash described in the title, and not the
> crash described by the minidump?

Ok, I see.  We are seeing same crash signature on v2.0 (cafbot just uploaded minidump for such) but I guess the root cause is different and the top part of crash signature is overly generic.  For the one just uploaded, we're not seeing the crash in past couple of weeks.  Since it's not an MTP issue then we will open another bug if it ever reproduces. Thanks!
Flags: needinfo?(ggrisco)

    
    

    
  
Comment on attachment 8496321 [details] [diff] [review]
Don't close the mtp file descriptor when MtpServer::run does

Removing b2g32 approval since this patch can't be uplifted to 2.0.

        Attachment #8496321 -
        Flags: approval-mozilla-b2g32+

    
    

    
  
And changing v2.0 to unaffected (since MTP never landed on 2.0)

          status-b2g-v2.0:
          affectedunaffected

    
    

    
  
This issue has been verified successfully on Flame 2.1, 2.2. We have verified with or without USB plugged in.
See attachment: 1556.MP4
Reproducing rate: 0/5

Test steps:
1.Launch Settings, then turn on USB storage.
2.Check MTP radio button option in USB storage.
3.Select media storage and do eject SD card.
4.Select USB storage OFF.

Actual results:
Not crashed

Flame 2.1 version:
Gaia-Rev        ccb49abe412c978a4045f0c75abff534372716c4
Gecko-Rev       https://hg.mozilla.org/releases/mozilla-2g34_v2_1/rev/18fb67530b22
Build-ID        20141201001201
Version         34.0
Device-Name     flame
FW-Release      4.4.2
FW-Incremental  eng.cltbld.20141201.034405
FW-Date         Mon Dec  1 03:44:15 EST 2014
Bootloader      L1TC00011880

Flame 2.2 version:
Gaia-Rev        39214fb22c203e8849aaa1c27b773eeb73212921
Gecko-Rev       https://hg.mozilla.org/mozilla-central/rev/08be3008650f
Build-ID        20141201040205
Version         37.0a1
Device-Name     flame
FW-Release      4.4.2
FW-Incremental  eng.cltbld.20141201.074509
FW-Date         Mon Dec  1 07:45:20 EST 2014
Bootloader      L1TC00011880

    
    

    
  
This issue has been verified successfully on Flame 2.1, 2.2. We have verified with or without USB plugged in.
See attachment: 1637.MP4
Reproducing rate: 0/5

Test steps:
1.Launch Settings, then turn on USB storage.
2.Check MTP radio button option in USB storage.
3.Select media storage and do eject SD card.
4.Select USB storage OFF.

Actual results:
Not crashed

Flame 2.1 version:
Gaia-Rev        ccb49abe412c978a4045f0c75abff534372716c4
Gecko-Rev       https://hg.mozilla.org/releases/mozilla-2g34_v2_1/rev/18fb67530b22
Build-ID        20141201001201
Version         34.0
Device-Name     flame
FW-Release      4.4.2
FW-Incremental  eng.cltbld.20141201.034405
FW-Date         Mon Dec  1 03:44:15 EST 2014
Bootloader      L1TC00011880

Flame 2.2 version:
Gaia-Rev        39214fb22c203e8849aaa1c27b773eeb73212921
Gecko-Rev       https://hg.mozilla.org/mozilla-central/rev/08be3008650f
Build-ID        20141201040205
Version         37.0a1
Device-Name     flame
FW-Release      4.4.2
FW-Incremental  eng.cltbld.20141201.074509
FW-Date         Mon Dec  1 07:45:20 EST 2014
Bootloader      L1TC00011880

    
    

    
  

      
      
      
      

        Attached video
          
        1637.MP4
      

    


  

    
    

    
  
Clearning ni since this bug is resolved.
Flags: needinfo?(dhirnyj)

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: