Closed Bug 829410 Opened 11 years ago Closed 11 years ago

Assertion failure: _mOwningThread.GetThread() == PR_GetCurrentThread() (nsVolumeService not thread-safe), at /home/mikeh/dev/mozilla/btg019/gecko/dom/system/gonk/nsVolumeService.cpp:42

Categories

(Firefox OS Graveyard :: General, defect)

ARM
Gonk (Firefox OS)
defect
Not set
normal

Tracking

(blocking-basecamp:+, firefox19 wontfix, firefox20 wontfix, firefox21 fixed, b2g18 fixed)

RESOLVED FIXED
B2G C4 (2jan on)
blocking-basecamp +
Tracking Status
firefox19 --- wontfix
firefox20 --- wontfix
firefox21 --- fixed
b2g18 --- fixed

People

(Reporter: mikeh, Assigned: dougt)

Details

Attachments

(1 file)

logcat output from debug build:

F( 2369:0x946) Assertion failure: _mOwningThread.GetThread() == PR_GetCurrentThread() (nsVolumeService not thread-safe), at /home/mikeh/dev/mozilla/btg019/gecko/dom/system/gonk/nsVolumeService.cpp:42
F( 2369:0x946) Fatal signal 11 (SIGSEGV) at 0x00000000 (code=1)
I( 2369:0x941) WARNING: Failed to create Addons Manager.: file /home/mikeh/dev/mozilla/btg019/gecko/toolkit/xre/nsXREDirProvider.cpp, line 801
I( 2368:0x940) debuggerd committing suicide to free the zombie!

This is build git.mozilla.org/releases/gecko.git:e981d8fa6a7c68fbafbe6a61f2775e158fe93e0e
mike, is this easy to repro?
dougt, 100%.  It keeps my Unagi from booting.

I've just backed out the change locally to see if that resolves the problem.
is it possible to get a stack at that assertion?
dougt, I should be able to.

With that change above reverted, my unagi boots to the lock screen; but then I see this:

F( 8459:0x210c) Assertion failure: XRE_GetProcessType() == GeckoProcessType_Default, at /home/mikeh/dev/mozilla/btg019/gecko/dom/system/gonk/Volume.cpp:155
F( 8459:0x210c) Fatal signal 11 (SIGSEGV) at 0x00000000 (code=1)

When I see this, I get a lock screen, but I don't get a home screen.
Here's one backtrace, with the volume manager changes backed out as per comment 3:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 9323.9354]
0x40b596c0 in nsTArray_base<nsTArrayDefaultAllocator>::IncrementLength (aObserver=0x43287d94)
    at ../../../dist/include/nsTArray.h:256
256	    MOZ_ASSERT(mHdr != EmptyHdr() || n == 0, "bad data pointer");
(gdb) bt
#0  0x40b596c0 in nsTArray_base<nsTArrayDefaultAllocator>::IncrementLength (aObserver=0x43287d94)
    at ../../../dist/include/nsTArray.h:256
#1  AppendElements<mozilla::Observer<mozilla::system::Volume*>*> (aObserver=0x43287d94)
    at ../../../dist/include/nsTArray.h:881
#2  AppendElement<mozilla::Observer<mozilla::system::Volume*>*> (aObserver=0x43287d94)
    at ../../../dist/include/nsTArray.h:894
#3  mozilla::ObserverList<mozilla::system::Volume*>::AddObserver (aObserver=0x43287d94)
    at ../../../dist/include/mozilla/Observer.h:49
#4  mozilla::system::Volume::RegisterObserver (aObserver=0x43287d94)
    at /home/mikeh/dev/mozilla/btg019/gecko/dom/system/gonk/Volume.cpp:158
#5  0x40b5bfe4 in VolumeServiceIOThread (this=0x43287d90)
    at /home/mikeh/dev/mozilla/btg019/gecko/dom/system/gonk/VolumeServiceIOThread.cpp:20
#6  0x40b5c0ae in mozilla::system::InitVolumeServiceIOThread ()
    at /home/mikeh/dev/mozilla/btg019/gecko/dom/system/gonk/VolumeServiceIOThread.cpp:70
#7  0x40b5353a in DispatchToFunction<void (*)()> (this=0x99)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/tuple.h:439
#8  RunnableFunction<void (*)(), Tuple0>::Run (this=0x99)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/task.h:415
#9  0x4115a28e in MessageLoop::RunTask (this=0x100ffdd0, task=0x43d12c40)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_loop.cc:333
#10 0x4115aab8 in MessageLoop::DeferOrRunPendingTask (this=0x99, pending_task=<value optimized out>)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_loop.cc:341
#11 0x4115b80a in MessageLoop::DoWork (this=0x100ffdd0)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_loop.cc:441
#12 0x41171a6e in base::MessagePumpLibevent::Run (this=0x42402310, delegate=0x100ffdd0)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_pump_libevent.cc:310
#13 0x4115a842 in MessageLoop::RunInternal (this=0x100ffdd0)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_loop.cc:215
#14 0x4115a8a2 in MessageLoop::RunHandler (this=0x100ffdd0)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_loop.cc:208
#15 MessageLoop::Run (this=0x100ffdd0)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_loop.cc:182
#16 0x4116480c in base::Thread::ThreadMain (this=0x4240d0c8)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/thread.cc:156
#17 0x411721de in ThreadFunc (closure=0x99)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/platform_thread_posix.cc:39
#18 0x40063e18 in __thread_entry (func=0x411721d5 <ThreadFunc>, arg=0x4240d0c8, tls=<value optimized out>)
    at bionic/libc/bionic/pthread.c:217
#19 0x4006396c in pthread_create (thread_out=<value optimized out>, attr=0xbec1fe48, 
    start_routine=0x411721d5 <ThreadFunc>, arg=0x4240d0c8) at bionic/libc/bionic/pthread.c:357
#20 0x00000000 in ?? ()
And from the second child process:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 9324.9360]
0x40bbf6c0 in nsTArray_base<nsTArrayDefaultAllocator>::IncrementLength (
    aObserver=0x43187d94) at ../../../dist/include/nsTArray.h:256
256	    MOZ_ASSERT(mHdr != EmptyHdr() || n == 0, "bad data pointer");
(gdb) bt
#0  0x40bbf6c0 in nsTArray_base<nsTArrayDefaultAllocator>::IncrementLength (
    aObserver=0x43187d94) at ../../../dist/include/nsTArray.h:256
#1  AppendElements<mozilla::Observer<mozilla::system::Volume*>*> (
    aObserver=0x43187d94) at ../../../dist/include/nsTArray.h:881
#2  AppendElement<mozilla::Observer<mozilla::system::Volume*>*> (
    aObserver=0x43187d94) at ../../../dist/include/nsTArray.h:894
#3  mozilla::ObserverList<mozilla::system::Volume*>::AddObserver (
    aObserver=0x43187d94) at ../../../dist/include/mozilla/Observer.h:49
#4  mozilla::system::Volume::RegisterObserver (aObserver=0x43187d94)
    at /home/mikeh/dev/mozilla/btg019/gecko/dom/system/gonk/Volume.cpp:158
#5  0x40bc1fe4 in VolumeServiceIOThread (this=0x43187d90)
    at /home/mikeh/dev/mozilla/btg019/gecko/dom/system/gonk/VolumeServiceIOThread.cpp:20
#6  0x40bc20ae in mozilla::system::InitVolumeServiceIOThread ()
    at /home/mikeh/dev/mozilla/btg019/gecko/dom/system/gonk/VolumeServiceIOThread.cpp:70
#7  0x40bb953a in DispatchToFunction<void (*)()> (this=0x99)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/tuple.h:439
#8  RunnableFunction<void (*)(), Tuple0>::Run (this=0x99)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/task.h:415
#9  0x411c028e in MessageLoop::RunTask (this=0x100ffdd0, task=0x43e12be0)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_loop.cc:333
---Type <return> to continue, or q <return> to quit---
#10 0x411c0ab8 in MessageLoop::DeferOrRunPendingTask (this=0x99, 
    pending_task=<value optimized out>)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_loop.cc:341
#11 0x411c180a in MessageLoop::DoWork (this=0x100ffdd0)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_loop.cc:441
#12 0x411d7a6e in base::MessagePumpLibevent::Run (this=0x42402310, 
    delegate=0x100ffdd0)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_pump_libevent.cc:310
#13 0x411c0842 in MessageLoop::RunInternal (this=0x100ffdd0)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_loop.cc:215
#14 0x411c08a2 in MessageLoop::RunHandler (this=0x100ffdd0)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_loop.cc:208
#15 MessageLoop::Run (this=0x100ffdd0)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_loop.cc:182
#16 0x411ca80c in base::Thread::ThreadMain (this=0x4240d0c8)
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/thread.cc:156
#17 0x411d81de in ThreadFunc (closure=0x99)
---Type <return> to continue, or q <return> to quit---
    at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/platform_thread_posix.cc:39
#18 0x400fde18 in __thread_entry (func=0x411d81d5 <ThreadFunc>, 
    arg=0x4240d0c8, tls=<value optimized out>)
    at bionic/libc/bionic/pthread.c:217
#19 0x400fd96c in pthread_create (thread_out=<value optimized out>, 
    attr=0xbea58e48, start_routine=0x411d81d5 <ThreadFunc>, arg=0x4240d0c8)
    at bionic/libc/bionic/pthread.c:357
#20 0x00000000 in ?? ()
Will add the patches back and get backtraces for that build as well.
Backtrace from build with all patches applied:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 445.449]
0x411de2b8 in mozilla::system::nsVolumeService::AddRef (this=0x44309f20) at /home/mikeh/dev/mozilla/btg019/gecko/dom/system/gonk/nsVolumeService.cpp:42
42	NS_IMPL_ISUPPORTS2(nsVolumeService, nsIVolumeService, nsIDOMMozWakeLockListener)
(gdb) bt
#0  0x411de2b8 in mozilla::system::nsVolumeService::AddRef (this=0x44309f20) at /home/mikeh/dev/mozilla/btg019/gecko/dom/system/gonk/nsVolumeService.cpp:42
#1  0x411e2456 in mozilla::RefPtr<mozilla::system::nsVolumeService>::ref (this=0x434b9640, aVolumeService=0x42ea9828) at ../../../dist/include/mozilla/RefPtr.h:153
#2  RefPtr (this=0x434b9640, aVolumeService=0x42ea9828) at ../../../dist/include/mozilla/RefPtr.h:104
#3  VolumeServiceIOThread (this=0x434b9640, aVolumeService=0x42ea9828) at /home/mikeh/dev/mozilla/btg019/gecko/dom/system/gonk/VolumeServiceIOThread.cpp:16
#4  0x411e25a6 in mozilla::system::InitVolumeServiceIOThread (aVolumeService=@0x44309f94) at /home/mikeh/dev/mozilla/btg019/gecko/dom/system/gonk/VolumeServiceIOThread.cpp:71
#5  0x411d8694 in DispatchToFunction<void (*)(int32_t const&), int> (this=<value optimized out>) at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/tuple.h:449
#6  RunnableFunction<void (*)(int const&), Tuple1<int> >::Run (this=<value optimized out>) at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/task.h:415
#7  0x417e0b6e in MessageLoop::RunTask (this=0x42ea9dd0, task=0x44309f80) at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_loop.cc:333
#8  0x417e1398 in MessageLoop::DeferOrRunPendingTask (this=0xc6, pending_task=<value optimized out>) at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_loop.cc:341
#9  0x417e20ea in MessageLoop::DoWork (this=0x42ea9dd0) at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_loop.cc:441
#10 0x417f834e in base::MessagePumpLibevent::Run (this=0x40402460, delegate=0x42ea9dd0) at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_pump_libevent.cc:310
#11 0x417e1122 in MessageLoop::RunInternal (this=0x42ea9dd0) at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_loop.cc:215
#12 0x417e1182 in MessageLoop::RunHandler (this=0x42ea9dd0) at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_loop.cc:208
#13 MessageLoop::Run (this=0x42ea9dd0) at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/message_loop.cc:182
#14 0x417eb0ec in base::Thread::ThreadMain (this=0x40407280) at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/thread.cc:156
#15 0x417f8abe in ThreadFunc (closure=0xc6) at /home/mikeh/dev/mozilla/btg019/gecko/ipc/chromium/src/base/platform_thread_posix.cc:39
#16 0x400f7e18 in __thread_entry (func=0x417f8ab5 <ThreadFunc>, arg=0x40407280, tls=<value optimized out>) at bionic/libc/bionic/pthread.c:217
#17 0x400f796c in pthread_create (thread_out=<value optimized out>, attr=0xbecd8828, start_routine=0x417f8ab5 <ThreadFunc>, arg=0x40407280) at bionic/libc/bionic/pthread.c:357
#18 0x00000000 in ?? ()
Confirmed that this problem exists in m-i as well, at 118474:7d0aa0231e37.
This crashes during startup -- blocking...


nsVolumeService needs a threadsafe isupports.
Attached patch patch v.1Splinter Review
Assignee: nobody → doug.turner
Attachment #700833 - Flags: review?
Comment on attachment 700833 [details] [diff] [review]
patch v.1

Review of attachment 700833 [details] [diff] [review]:
-----------------------------------------------------------------

Confirmed that this fixes the assertion failure.
Attachment #700833 - Flags: review? → review+
https://hg.mozilla.org/releases/mozilla-b2g18/rev/fb011a7d8798

Only pushing to b2g18 right now.  David, can you make sure that this fix (or a better one !) makes it to the right places?
(Also, camera is still able to write pictures to the sdcard, and gallery can read them.)
Comment on attachment 700833 [details] [diff] [review]
patch v.1

Review of attachment 700833 [details] [diff] [review]:
-----------------------------------------------------------------

Good catch. This was due to one of those last minute changes that Doug had me do, so it missed my DEBUG=1 testing phase.
blocking-basecamp: ? → +
marking fixed per the new jst rules.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
I'll see about delivering this to m-i once my bb+ stuff is done.
Looks like it's already there (see comment 17).
Target Milestone: --- → B2G C4 (2jan on)
You need to log in before you can comment on or make changes to this bug.