Gecko crash when keyboard "click sound" is on and typing a few characters in any text field

RESOLVED FIXED in B2G C3 (12dec-1jan)

Status

RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: kairo, Assigned: mchen)

Tracking

({crash})

unspecified
B2G C3 (12dec-1jan)
ARM
Gonk (Firefox OS)
crash

Firefox Tracking Flags

(blocking-basecamp:+, b2g18 fixed)

Details

(crash signature)

(Reporter)

Description

6 years ago
For testing (and because I like having *some* acoustic feedback when typing, even if I find our current sound a bit too hrash), I usually have "click sound" on for the keyboard.
With that setting, I crash the Gecko process on my otoro after typing a few characters into any text field, e.g. the SIM PIN enter field (but the browser awesomebar or a wifi password field will do nicely as well).
Two crash reports I sent with that are bp-17322233-a8cb-4b77-acdc-f52502121210 and bp-555cf5d3-372f-4ce3-83ff-2f0ae2121209.
(Reporter)

Updated

6 years ago
blocking-basecamp: --- → ?
backtrace:

Program received signal SIGSEGV, Segmentation fault.
mozilla::dom::AudioChannelAgent::StopPlaying (this=0x469816a0) at /home/cervantes/git/unagi/B2G/gecko/dom/audiochannel/AudioChannelAgent.cpp:91
91        gAudioChannelService->UnregisterAudioChannelAgent(this);
(gdb) bt
#0  mozilla::dom::AudioChannelAgent::StopPlaying (this=0x469816a0) at /home/cervantes/git/unagi/B2G/gecko/dom/audiochannel/AudioChannelAgent.cpp:91
#1  0x40c6374c in nsHTMLMediaElement::UpdateAudioChannelPlayingState (this=0x4a723540) at /home/cervantes/git/unagi/B2G/gecko/content/html/content/src/nsHTMLMediaElement.cpp:3562
#2  0x40c637ce in nsHTMLMediaElement::ChangeReadyState (this=0x0, aState=5792) at /home/cervantes/git/unagi/B2G/gecko/content/html/content/src/nsHTMLMediaElement.cpp:2858
#3  0x40c649fc in nsHTMLMediaElement::UpdateReadyStateForData (this=0x4a723540, aNextFrame=mozilla::MediaDecoderOwner::NEXT_FRAME_UNAVAILABLE)
    at /home/cervantes/git/unagi/B2G/gecko/content/html/content/src/nsHTMLMediaElement.cpp:2810
#4  0x40df8088 in mozilla::MediaDecoder::UpdateReadyStateForData (this=0x4a9eb680) at /home/cervantes/git/unagi/B2G/gecko/content/media/MediaDecoder.cpp:1008
#5  0x40df8f5e in mozilla::MediaDecoder::PlaybackEnded (this=0x4a9eb680) at /home/cervantes/git/unagi/B2G/gecko/content/media/MediaDecoder.cpp:819
#6  0x40998600 in nsRunnableMethodImpl<void (nsPACMan::*)(), true>::Run (this=<value optimized out>) at ../../../dist/include/nsThreadUtils.h:350
#7  0x411548c2 in nsThread::ProcessNextEvent (this=0x40309880, mayWait=<value optimized out>, result=0xbea187e7) at /home/cervantes/git/unagi/B2G/gecko/xpcom/threads/nsThread.cpp:627
#8  0x41134aca in NS_ProcessNextEvent_P (thread=0x0, mayWait=false) at /home/cervantes/git/unagi/B2G/objdir-gecko/xpcom/build/nsThreadUtils.cpp:221
#9  0x4104c24c in mozilla::ipc::MessagePump::Run (this=0x40302400, aDelegate=0x4032d0c0) at /home/cervantes/git/unagi/B2G/gecko/ipc/glue/MessagePump.cpp:82
#10 0x41176564 in MessageLoop::RunInternal (this=0x1000000) at /home/cervantes/git/unagi/B2G/gecko/ipc/chromium/src/base/message_loop.cc:215
#11 0x4117661a in MessageLoop::RunHandler (this=0x4032d0c0) at /home/cervantes/git/unagi/B2G/gecko/ipc/chromium/src/base/message_loop.cc:208
#12 MessageLoop::Run (this=0x4032d0c0) at /home/cervantes/git/unagi/B2G/gecko/ipc/chromium/src/base/message_loop.cc:182
#13 0x40fd6b58 in nsBaseAppShell::Run (this=0x4293d6a0) at /home/cervantes/git/unagi/B2G/gecko/widget/xpwidgets/nsBaseAppShell.cpp:163
#14 0x40f337a4 in nsAppStartup::Run (this=0x42a7cb50) at /home/cervantes/git/unagi/B2G/gecko/toolkit/components/startup/nsAppStartup.cpp:291
#15 0x4097aa20 in XREMain::XRE_mainRun (this=0xbea189a4) at /home/cervantes/git/unagi/B2G/gecko/toolkit/xre/nsAppRunner.cpp:3824
#16 0x4097d0b4 in XREMain::XRE_main (this=0xbea189a4, argc=<value optimized out>, argv=0xbea1ab84, aAppData=<value optimized out>) at /home/cervantes/git/unagi/B2G/gecko/toolkit/xre/nsAppRunner.cpp:3891
#17 0x4097d218 in XRE_main (argc=1, argv=0xbea1ab84, aAppData=0x1f184, aFlags=<value optimized out>) at /home/cervantes/git/unagi/B2G/gecko/toolkit/xre/nsAppRunner.cpp:4089
#18 0x0000a15e in do_main (argc=1, argv=0xbea1ab84) at /home/cervantes/git/unagi/B2G/gecko/b2g/app/nsBrowserApp.cpp:164
#19 main (argc=1, argv=0xbea1ab84) at /home/cervantes/git/unagi/B2G/gecko/b2g/app/nsBrowserApp.cpp:253

It happens when I was trying to type gmail.com quickly in the URL bar of the browser app
(Assignee)

Comment 2

6 years ago
It will be fixed after landing bug 819275.
Depends on: 819275
Don we need to check if service is nullptr in AudioChannelAgent::StopPlaying(), as this crash shows?
(Assignee)

Comment 4

6 years ago
(In reply to Cervantes Yu from comment #3)
> Don we need to check if service is nullptr in
> AudioChannelAgent::StopPlaying(), as this crash shows?

In StopPlaying(), we will check the value of mIsRegToService. If mIsRegToService is true then it means we already got audio channel service. So there is no necessary to check it again.

The root cause of this bug is that I didn't use the nsRefPtr correctly or the ref count will protect the service got on StartPlaying(). Thanks.

Updated

6 years ago
blocking-basecamp: ? → +

Updated

6 years ago
Assignee: nobody → mchen

Updated

6 years ago
Target Milestone: --- → B2G C3 (12dec-1jan)

Comment 5

6 years ago
Bug 819275 is landed and uplifted, can we close this now?
Flags: needinfo?(mchen)
(Reporter)

Updated

6 years ago
Crash Signature: [@ mozilla::dom::AudioChannelAgent::StopPlaying ]
(Reporter)

Comment 6

6 years ago
(In reply to JP Rosevear [:jpr] from comment #5)
> Bug 819275 is landed and uplifted, can we close this now?

At least it WFM on a current (20121218) otoro build from b2g18.

Comment 7

6 years ago
Closing as per #6.  Re-open if not the case.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Flags: needinfo?(mchen)
Resolution: --- → FIXED
status-b2g18: --- → fixed
You need to log in before you can comment on or make changes to this bug.