Closed Bug 796773 Opened 13 years ago Closed 12 years ago

"Jewel Treasure Match" game from everything.me always crashes and reboots

Categories

(Firefox OS Graveyard :: General, defect, P1)

Product:
Firefox OS Graveyard
Component:
General
Type:
defect

Tracking

(blocking-basecamp:+, b2g18 fixed)

Status:
RESOLVED FIXED
Milestone:
B2G C3 (12dec-1jan)
Project Flags:
blocking-basecamp +
Tracking Flags:
Tracking Status
b2g18 --- fixed

People

(Reporter: ghtobz, Assigned: cjones)

References

Details

(Keywords: crash, reproducible, Whiteboard: [label:system])

Attachments

(2 files)

log cat
30.04 KB, text/plain
Details
Jewel Treasure Match Crash Log
49 bytes, text/plain
Details
[GitHub issue by kaichih on 2012-09-28T09:58:35Z, https://github.com/mozilla-b2g/gaia/issues/5404] STR: 1. Go to everything.me and go to game category. 2. Execute "Jewel Treasure Match" game. 3. Firefox OS crashes and reboots. Always reproducible.
[GitHub comment by nhirata on 2012-09-28T23:40:24Z] Probably OOM... do you have a logcat?
[GitHub comment by jds2501 on 2012-09-29T02:08:07Z] A crash is a platform bug. Can you move to bugzilla under boottogecko general?
[mass adding reproducible keyword for any open Gaia bug with the word "STR:" in comments]
Keywords: reproducible
Wow. I don't think this is just an OOM issue any more based on logcat. On some occasions it looks like the plugin got zombied? If you try to kill the task, you don't see it in the task manager.
This is a crash 10-08 12:54:07.067: A/libc(482): Fatal signal 11 (SIGSEGV) at 0x000001e2 (code=-6) Thanks for the logcat!
Np... it was your comment in another bug that made me dig deeper. lessons learned.
Component: Gaia → Gaia::System
Does this crash still reproduce on a more recent build?
Component: Gaia::System → General
Keywords: crash
This is one of our few reproducible crashes. Can we see if this still reproduces?
blocking-basecamp: --- → ?
Keywords: qawanted
I can still reproduce this on 2012-12-03 on Unagi. We should fix it. Chris, are you the best owner here?
Assignee: nobody → jones.chris.g
blocking-basecamp: ? → +
Priority: -- → P1
Target Milestone: --- → B2G C3 (12dec-1jan)
(In reply to Andrew Overholt [:overholt] from comment #10) > Chris, are you the best owner here? Sadly yes. I was able to look at this a little today. The cause isn't obvious. What seems to be happening is - (usually) the content process running this game makes a gralloc request - the compositor thread gets into PmemUserspaceAlloc::alloc_buffer() - the allocation (seems to) succeed - PmemUserspaceAlloc::alloc_buffer() tries to zero out the newly allocated region, but segfaults writing outside the mapped area for the buffer The last part there makes no sense. There's no race condition possible in the gecko gralloc code because it's all synchronous. I also can't walk out of the PmemUserspaceAlloc::alloc_buffer() code because a library without unwind info calls into it. So the things we need to figure out are - what kind of allocation is being requested - whether the successful alloc actually returns memory that fits within the pmem region In either case, I suspect we're going to have to phone a friend at CAF. I can't reproduce this in the emulator or on desktop.
(In reply to Chris Jones [:cjones] [:warhammer] from comment #11) > - PmemUserspaceAlloc::alloc_buffer() tries to zero out the newly allocated > region, but segfaults writing outside the mapped area for the buffer I should add that gdb can't read even the base of the pmem region. But I don't trust that too much because the segfault happens on an address well above the base pointer.
(In reply to Chris Jones [:cjones] [:warhammer] from comment #11) > In either case, I suspect we're going to have to phone a friend at CAF. Want me to email?
I need to get more info before phoning friends, but hopefully we can keep the discussion in bz as much as possible.
Argh, regressions.
Blocks: 820305
No longer blocks: 820305
Depends on: 820305
Depends on: 816452
No longer depends on: 820305
Can't reproduce anymore.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
Hey Guys, When I ran this game on Unagi build 20121231070201, I got a crash message but then the game just went on launching. So I checked the reported crashes and was surprised to see a crash log for that even had posted. So I am getting the crash but for some reason it doesn't stop the game from launching. Weird.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
I wanted to clarify my comment above... When I launched Jewel Treasure Match, I received an error message "Just Crashed" on a grey screen. That message was up for about 2 seconds or less and then game loaded to the Main Menu. I am actually unable to play the game due to what seems like the game being in a frozen state once the Main Menu loads. This freeze has been seen on multiple phones but the "JUST CRASHED" message only appeared 1 time.
Keywords: qawanted
Can you give us the crash report ID of that one?
Oh, actually, that's bp-a456d1d8-2cf7-42d0-9a78-b797c2121231 - please just paste that in the bug comment instead of attaching that text file. ;-)
The crash is [@ jemalloc_crash | arena_dalloc | free | moz_free | mozilla::CameraControlImpl::~CameraControlImpl ] - that's in camera code. Did you have the camera app open?
That's bug 823955.
Status: REOPENED → RESOLVED
Closed: 12 years ago12 years ago
Resolution: --- → FIXED
I'm not sure if I had camera app open. I'm trying to repro but so far no luck.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: