Closed
Bug 829960
Opened 13 years ago
Closed 13 years ago
crash in libxul.so + 0xed1baa (plugin-container)
Categories
(Firefox OS Graveyard :: General, defect)
Tracking
(blocking-b2g:-)
RESOLVED
DUPLICATE
of bug 827833
| blocking-b2g | - |
People
(Reporter: m1, Assigned: mrbkap)
Details
(Keywords: crash, Whiteboard: [BTG-959][b2g-crash])
Crash Data
Attachments
(2 files)
This crash was seen with reboot.py (reboots the device all night) with AU 172 [1]
Crash reason: SIGSEGV
Crash address: 0x0
Thread 8 (crashed)
0 libxul.so + 0xed1baa
r4 = 0x4362dc34 r5 = 0x00000000 r6 = 0xffffffff r7 = 0x4362d848
r8 = 0x40c0ace9 r9 = 0x00000001 r10 = 0x4362d848 fp = 0x410f58c5
sp = 0x4362d830 lr = 0x4107dba7 pc = 0x4107dbaa
Found by: given as instruction pointer in context
1 libxul.so + 0xa5eacf
sp = 0x4362d838 pc = 0x40c0aad1
Found by: stack scanning
2 libxul.so + 0xf4984b
sp = 0x4362d848 pc = 0x410f584d
Found by: stack scanning
3 libxul.so + 0x105611f
sp = 0x4362d85c pc = 0x41202121
Found by: stack scanning
Very little to go on right now unfortunately. No logs captured, .xtra file unhelpful. Raising this bug at this point mostly for visibility and in the off chance that it triggers somebody to have an aha moment.
[1] https://www.codeaurora.org/gitweb/quic/b2g/?p=manifest.git;a=commitdiff;h=c74e0aaa8398d2a17c085851271708ce18453346
|
Reporter | |
Updated•13 years ago
|
Whiteboard: [BTG-959]
|
|
||
Comment 1•13 years ago
|
||
Debug symbols are missing.
Severity: normal → critical
Crash Signature: [@ libxul.so@0xed1baa]
Keywords: crash
Whiteboard: [BTG-959] → [BTG-959][b2g-crash]
|
|
Reporter | |
Comment 2•13 years ago
|
||
Actually this was from build with symbols, and minidumps from other crashes in this build decoded to source as expected.
|
|
Reporter | |
Comment 3•13 years ago
|
||
Ugh, the build that generated this minidump is invalid. :(
Withdrawing this bug.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
|
|
Reporter | |
Comment 4•13 years ago
|
||
Err, I was too quick to close this out. Checked more and minidump is good afterall.
Are there are known parts of libxul.so that are missing symbols? Some of the autogenerated pidl glue maybe?
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
|
|
Reporter | |
Comment 5•13 years ago
|
||
This unhelpful backtrace looks very close to an OOM crash that we captured last night in the b2g process, where we hit a NS_RUNTIMEABORT [1].
Perhaps this bug is another symptom of bug 825802.
[1] http://mxr.mozilla.org/mozilla-beta/source/xpcom/string/public/nsTSubstring.h#530
|
||
Updated•13 years ago
|
blocking-b2g: tef? → tef+
This crash has occurred in my local build.
(Equivalent to AU172)
Crash reason: SIGSEGV
Crash address: 0x0
Thread 8 (crashed)
0 libxul.so!mozalloc_abort [mozalloc_abort.cpp : 30 + 0x4]
r4 = 0x4362dc34 r5 = 0x00000000 r6 = 0xffffffff r7 = 0x4362d848
r8 = 0x40c0ace9 r9 = 0x00000001 r10 = 0x4362d848 fp = 0x410f58c5
sp = 0x4362d830 lr = 0x4107dba7 pc = 0x4107dbaa
Found by: given as instruction pointer in context
1 libxul.so!NS_DebugBreak_P [nsDebugImpl.cpp : 423 + 0x5]
r4 = 0x4362dc34 r5 = 0x00000000 r6 = 0xffffffff r7 = 0x4362d848
r8 = 0x40c0ace9 r9 = 0x00000001 r10 = 0x4362d848 fp = 0x410f58c5
sp = 0x4362d838 pc = 0x40c0aad1
Found by: call frame info
2 libxul.so!mozilla::layers::PImageContainerChild::FatalError [PImageContainerChild.cpp : 527 + 0x15]
r4 = 0x00000007 r5 = 0x00000000 r6 = 0x4362dc78 r7 = 0x00160000
r8 = 0x4362dd78 r9 = 0x4321c690 r10 = 0x00000000 fp = 0x00000001
sp = 0x4362dc68 pc = 0x40b87a71
Found by: call frame info
3 libxul.so!mozilla::layers::PImageContainerChild::OnMessageReceived [PImageContainerChild.cpp : 383 + 0x7]
r4 = 0x00000007 r5 = 0x00000000 r6 = 0x4362dc78 r7 = 0x00160000
r8 = 0x4362dd78 r9 = 0x4321c690 r10 = 0x00000000 fp = 0x00000001
sp = 0x4362dc78 pc = 0x40b88011
Found by: call frame info
4 libxul.so!mozilla::layers::PCompositorChild::OnMessageReceived [PCompositorChild.cpp : 637 + 0x7]
r4 = 0x426d85c0 r5 = 0x4362dd14 r6 = 0x4362dd14 r7 = 0x4362ddf8
r8 = 0x4362dd78 r9 = 0x4321c690 r10 = 0x00000000 fp = 0x00000001
sp = 0x4362dce0 pc = 0x40b859a1
Found by: call frame info
5 libxul.so!mozilla::ipc::AsyncChannel::OnDispatchMessage [AsyncChannel.cpp : 473 + 0x9]
r4 = 0x426d85c8 r5 = 0x4362dd14 r6 = 0x4362dd14 r7 = 0x4362ddf8
r8 = 0x4362dd78 r9 = 0x4321c690 r10 = 0x00000000 fp = 0x00000001
sp = 0x4362dd00 pc = 0x40b1a519
Found by: call frame info
6 libxul.so!mozilla::ipc::RPCChannel::OnMaybeDequeueOne [RPCChannel.cpp : 402 + 0x7]
r4 = 0x426d85c8 r5 = 0x4362dd14 r6 = 0x4362dd14 r7 = 0x4362ddf8
r8 = 0x4362dd78 r9 = 0x4321c690 r10 = 0x00000000 fp = 0x00000001
sp = 0x4362dd10 pc = 0x40b1f35b
Found by: call frame info
7 libxul.so!RunnableMethod<IPC::ChannelProxy::Context, void (IPC::ChannelProxy::Context::*)(), Tuple0>::Run [tuple.h : 383 + 0x5]
r4 = 0x4362ddf0 r5 = 0x45797668 r6 = 0x4362dd80 r7 = 0x4362ddf8
r8 = 0x4362dd78 r9 = 0x4321c690 r10 = 0x00000000 fp = 0x00000001
sp = 0x4362dd48 pc = 0x40b01be7
Found by: call frame info
8 libxul.so!mozilla::ipc::RPCChannel::DequeueTask::Run [RPCChannel.h : 425 + 0x9]
r4 = 0x4362ddf0 r5 = 0x45797668 r6 = 0x4362dd80 r7 = 0x4362ddf8
r8 = 0x4362dd78 r9 = 0x4321c690 r10 = 0x00000000 fp = 0x00000001
sp = 0x4362dd50 pc = 0x40b1dd11
Found by: call frame info
9 libxul.so!MessageLoop::RunTask [message_loop.cc : 333 + 0x5]
r4 = 0x4362ddf0 r5 = 0x45797668 r6 = 0x4362dd80 r7 = 0x4362ddf8
r8 = 0x4362dd78 r9 = 0x4321c690 r10 = 0x00000000 fp = 0x00000001
sp = 0x4362dd58 pc = 0x40c280c5
Found by: call frame info
10 libxul.so!MessageLoop::DeferOrRunPendingTask [message_loop.cc : 341 + 0x5]
r4 = 0x00000001 r5 = 0x4362dd70 r6 = 0x4362dd80 r7 = 0x4362ddf8
r8 = 0x4362dd78 r9 = 0x4321c690 r10 = 0x00000000 fp = 0x00000001
sp = 0x4362dd68 pc = 0x40c28ef7
Found by: call frame info
11 libxul.so!MessageLoop::DoWork [message_loop.cc : 441 + 0x7]
r4 = 0x4362ddf0 r5 = 0x4362dd70 r6 = 0x4362dd80 r7 = 0x4362ddf8
r8 = 0x4362dd78 r9 = 0x4321c690 r10 = 0x00000000 fp = 0x00000001
sp = 0x4362dd70 pc = 0x40c29ad5
Found by: call frame info
12 libxul.so!base::MessagePumpDefault::Run [message_pump_default.cc : 23 + 0x7]
r4 = 0x4321c680 r5 = 0x4362ddf0 r6 = 0x4321c68c r7 = 0x4362dda8
r8 = 0x4362dda0 r9 = 0x4321c690 r10 = 0x00000000 fp = 0x00000001
sp = 0x4362dda0 pc = 0x40c29d55
Found by: call frame info
13 libxul.so!MessageLoop::RunInternal [message_loop.cc : 215 + 0x5]
r4 = 0x4362ddf0 r5 = 0x4362ddf0 r6 = 0x00000010 r7 = 0x01875880
r8 = 0x01875870 r9 = 0x01876348 r10 = 0x00100000 fp = 0x00000001
sp = 0x4362ddd0 pc = 0x40c28075
Found by: call frame info
14 libxul.so!MessageLoop::Run [message_loop.cc : 208 + 0x5]
r4 = 0x4362ddf0 r5 = 0x4362ddf0 r6 = 0x00000010 r7 = 0x01875880
r8 = 0x01875870 r9 = 0x01876348 r10 = 0x00100000 fp = 0x00000001
sp = 0x4362ddd8 pc = 0x40c2812b
Found by: call frame info
15 libxul.so!base::Thread::ThreadMain [thread.cc : 156 + 0x5]
r4 = 0x426fbd30 r5 = 0x4362ddf0 r6 = 0x00000010 r7 = 0x01875880
r8 = 0x01875870 r9 = 0x01876348 r10 = 0x00100000 fp = 0x00000001
sp = 0x4362ddf0 pc = 0x40c30435
Found by: call frame info
16 libxul.so!ThreadFunc [platform_thread_posix.cc : 39 + 0x5]
r4 = 0x4362df00 r5 = 0x40c3a401 r6 = 0x426fbd30 r7 = 0x00000078
r8 = 0x40c3a401 r9 = 0x426fbd30 r10 = 0x00100000 fp = 0x00000001
sp = 0x4362dee8 pc = 0x40c3a409
Found by: call frame info
17 libc.so!__thread_entry [pthread.c : 217 + 0x6]
r4 = 0x4362df00 r5 = 0x40c3a401 r6 = 0x426fbd30 r7 = 0x00000078
r8 = 0x40c3a401 r9 = 0x426fbd30 r10 = 0x00100000 fp = 0x00000001
sp = 0x4362def0 pc = 0x4008c114
Found by: call frame info
18 libc.so!pthread_create [pthread.c : 357 + 0xe]
r4 = 0x4362df00 r5 = 0x018773f0 r6 = 0xbeceaba0 r7 = 0x00000078
r8 = 0x40c3a401 r9 = 0x426fbd30 r10 = 0x00100000 fp = 0x00000001
sp = 0x4362df00 pc = 0x4008bc68
Found by: call frame info
Thanks! And phew!
(Assuming comment 7 and comment 0 are the same crash based on both dying on thread 8, and same pc's in frame 0.)
Status: REOPENED → RESOLVED
Closed: 13 years ago → 13 years ago
Resolution: --- → DUPLICATE
|
|
||
Updated•13 years ago
|
blocking-b2g: tef+ → -
You need to log in
before you can comment on or make changes to this bug.
Description
•