Closed Bug 677548 Opened 14 years ago Closed 9 years ago

crash @ nsBuiltinDecoderStateMachine::AdvanceFrame

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: nhirata, Unassigned)

Details

(Keywords: crash, Whiteboard: [mobile-crash])

Crash Data

This bug was filed from the Socorro interface and is report bp-e793e8f4-cd6b-48a4-930b-5deb72110807 . ============================================================= Frame Module Signature [Expand] Source 0 libc.so libc.so@0x15dd8 1 libc.so libc.so@0x1c93e 2 libc.so libc.so@0x425b7 3 libc.so libc.so@0x425b7 4 libc.so libc.so@0x425b7 5 libmozalloc.so mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:76 6 org.mozilla.firefox_beta-1.apk org.mozilla.firefox_beta-1.apk@0x11f1120 7 libxul.so nsBuiltinDecoderStateMachine::Run ReentrantMonitor.h:103 8 @0x419f 9 libxul.so nsIFrame::InvalidateInternal layout/generic/nsFrame.cpp:4181 10 libxul.so nsBlockFrame::InvalidateInternal layout/generic/nsBlockFrame.cpp:548 11 libxul.so nsIFrame::InvalidateInternalAfterResize layout/generic/nsFrame.cpp:4160 12 libxul.so nsIFrame::InvalidateInternal layout/generic/nsFrame.cpp:4181 13 libxul.so nsBlockFrame::InvalidateInternal layout/generic/nsBlockFrame.cpp:548 14 libxul.so MessageLoop::PostTask_Helper ipc/chromium/src/base/message_loop.cc:309 15 @0x0 16 libxul.so base::RefCountedThreadSafe<base::MessagePump>::Release ipc/chromium/src/base/ref_counted.h:106 17 libxul.so MessageLoop::PostTask_Helper ipc/chromium/src/base/message_loop.cc:309 18 libmozalloc.so libmozalloc.so@0xc8db 19 libmozalloc.so je_free memory/jemalloc/jemalloc.c:1394 20 libmozalloc.so moz_free memory/mozalloc/mozalloc.cpp:95 21 libxul.so Pickle::~Pickle ipc/chromium/src/base/pickle.cc:77 22 libxul.so IPC::Message::~Message ipc/chromium/src/chrome/common/ipc_message.cc:19 23 libxul.so mozilla::ipc::RPCChannel::Send ipc/glue/RPCChannel.cpp:143 24 @0xbef6b917 25 libmozalloc.so moz_free memory/mozalloc/mozalloc.cpp:95 26 libxul.so gfxSharedImageSurface::~gfxSharedImageSurface gfx/thebes/gfxSharedImageSurface.cpp:65 27 libxul.so gfxASurface::Release gfx/thebes/gfxASurface.cpp:136 28 libxul.so mozilla::layers::ShadowLayerForwarder::AllocBuffer gfx/layers/ipc/ShadowLayers.cpp:459 29 libxul.so mozilla::layers::ShadowLayerForwarder::AllocDoubleBuffer gfx/layers/ipc/ShadowLayers.cpp:438 30 @0x4 31 libxul.so mozilla::layers::BasicShadowableThebesLayer::CreateBuffer gfx/layers/basic/BasicLayers.cpp:1828 32 libxul.so mozilla::layers::BasicThebesLayerBuffer::CreateBuffer gfx/layers/basic/BasicLayers.cpp:676 33 libxul.so mozilla::layers::ThebesLayerBuffer::BeginPaint gfx/layers/ThebesLayerBuffer.cpp:368 34 libxul.so mozilla::layers::BasicThebesLayer::PaintThebes nsRegion.h:387 35 libxul.so mozilla::layers::BasicLayerManager::PaintLayer gfx/layers/basic/BasicLayers.cpp:1543 36 libxul.so mozilla::layers::BasicLayerManager::PaintLayer gfx/layers/basic/BasicLayers.cpp:1556 37 libxul.so mozilla::layers::BasicLayerManager::PaintLayer gfx/layers/basic/BasicLayers.cpp:1556 38 libxul.so mozilla::layers::BasicLayerManager::EndTransactionInternal gfx/layers/basic/BasicLayers.cpp:1419 39 libxul.so mozilla::layers::BasicLayerManager::EndTransaction gfx/layers/basic/BasicLayers.cpp:1348 40 libxul.so mozilla::layers::BasicShadowLayerManager::EndTransaction gfx/layers/basic/BasicLayers.cpp:2917 41 libxul.so nsDisplayList::PaintForFrame layout/base/nsDisplayList.cpp:632 42 libxul.so nsDisplayList::PaintRoot layout/base/nsDisplayList.cpp:540 43 libxul.so nsLayoutUtils::PaintFrame layout/base/nsLayoutUtils.cpp:1642 44 libxul.so PresShell::Paint layout/base/nsPresShell.cpp:6250 45 libxul.so nsViewManager::RenderViews view/src/nsViewManager.cpp:428 46 libxul.so nsViewManager::Refresh view/src/nsViewManager.h:239 47 libxul.so nsViewManager::DispatchEvent nsCOMPtr.h:492 48 libxul.so HandleEvent nsCOMPtr.h:492 49 libxul.so mozilla::widget::PuppetWidget::DispatchEvent widget/src/xpwidgets/PuppetWidget.cpp:325 50 libxul.so mozilla::widget::PuppetWidget::DispatchPaintEvent widget/src/xpwidgets/PuppetWidget.cpp:534 51 libxul.so mozilla::widget::PuppetWidget::PaintTask::Run widget/src/xpwidgets/PuppetWidget.cpp:576 52 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:618 53 libxul.so NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:245 54 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:111 55 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:230 56 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:219 57 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:511 58 libxul.so nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:191 59 libxul.so XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp:671 60 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run ipc/glue/MessagePump.cpp:222 61 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:219 62 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:511 63 libxul.so XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp:514 64 libmozutils.so ChildProcessInit other-licenses/android/APKOpen.cpp:797 65 plugin-container main ipc/app/MozillaRuntimeMainAndroid.cpp:69 66 libc.so libc.so@0x14c84 More reports: https://crash-stats.mozilla.com/report/list?range_value=7&range_unit=days&date=2011-08-08%2006%3A00%3A00&signature=libc.so%400x15dd8&version=Fennec%3A6.0
Component: Layout → Video/Audio
QA Contact: layout → video.audio
6 org.mozilla.firefox_beta-1.apk org.mozilla.firefox_beta-1.apk@0x11f1120 7 libxul.so nsBuiltinDecoderStateMachine::Run ReentrantMonitor.h:103 8 @0x419f 9 libxul.so nsIFrame::InvalidateInternal layout/generic/nsFrame.cpp:4181 That stack trace looks incorrect. We never call nsBuiltinDecoderStateMachine::Run() from inside nsIFrame::InvalidateInternal(), and line 6 makes even less sense.
Similar to bug 677552, which also has a sane stack up to mozilla::layers::BasicThebesLayerBuffer::CreateBuffer or so...
Component: Video/Audio → Graphics
QA Contact: video.audio → thebes
As libc.so has been added to the Socorro skiplist, I change the signature.
Crash Signature: [@ libc.so@0x15dd8][@ nsBuiltinDecoderStateMachine::AdvanceFrame ] → [@ libc.so@0x15dd8] [@ nsBuiltinDecoderStateMachine::AdvanceFrame] [@ mozalloc_abort | org.mozilla.firefox-1.apk@0x11f1120 | nsBuiltinDecoderStateMachine::Run]
Summary: crash [@ nsBuiltinDecoderStateMachine::AdvanceFrame ][@ libc.so@0x15dd8] → crash @ nsBuiltinDecoderStateMachine::AdvanceFrame
Crash Signature: [@ libc.so@0x15dd8] [@ nsBuiltinDecoderStateMachine::AdvanceFrame] [@ mozalloc_abort | org.mozilla.firefox-1.apk@0x11f1120 | nsBuiltinDecoderStateMachine::Run] → [@ libc.so@0x15dd8] [@ nsBuiltinDecoderStateMachine::AdvanceFrame] [@ mozalloc_abort | org.mozilla.firefox-1.apk@0x11f1120]
Crash Signature: [@ libc.so@0x15dd8] [@ nsBuiltinDecoderStateMachine::AdvanceFrame] [@ mozalloc_abort | org.mozilla.firefox-1.apk@0x11f1120] → [@ libc.so@0x15dd8] [@ nsBuiltinDecoderStateMachine::AdvanceFrame] [@ mozalloc_abort | org.mozilla.firefox_beta-1.apk@0x11f1120]
I am closing this bug report as I can find no recent reports of this crash. Please reopen if you can reproduce the crash.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.