863156 - [SMS] Firefox OS crashes with OOM when opening message history of old contacts [@ mozalloc_abort | abort | js::InvokeKernel ]

Status: RESOLVED WORKSFORME

(Firefox OS Graveyard :: Gaia::SMS, defect)

Description

[Henrik Skupin [:whimboo][⌚️UTC+1]]

Seen with yesterdays build (20130417230203) of B2G. This is another manifestation of bug 858492. If you open the message history of an old contact the screen goes black, comes back, goes black, and finally B2G restarts after an OOM crash.

Crash report: bp-e5cfe212-4a36-46ec-9a87-fdcf52130418

0 	libxul.so 	mozalloc_abort 	mozalloc_abort.cpp:30
1 	libxul.so 	abort 	mozalloc_abort.cpp:39
2 	libxul.so 	js::InvokeKernel 	jsinterp.cpp:378
3 	libxul.so 	js::CallOrConstructBoundFunction 	jsinterp.h:109
4 	libxul.so 	js::InvokeKernel 	jscntxtinlines.h:364

Comment 1

[Henrik Skupin [:whimboo][⌚️UTC+1]]

Here the logcat output:

D/memalloc(16943):  Out of PMEM. Dumping PMEM stats for debugging
D/memalloc(16943):  ------------- PRINT PMEM STATS --------------
D/memalloc(16943):  Node 0 -> Start Address : 0 Size 19200 Free info 0
D/memalloc(16943):  Node 1 -> Start Address : 19200 Size 19200 Free info 0
D/memalloc(16943):  Node 2 -> Start Address : 38400 Size 19200 Free info 0
D/memalloc(16943):  Node 3 -> Start Address : 57600 Size 16640 Free info 0
D/memalloc(16943):  Node 4 -> Start Address : 74240 Size 7680 Free info 0
D/memalloc(16943):  Node 5 -> Start Address : 81920 Size 1536 Free info 0
D/memalloc(16943):  Node 6 -> Start Address : 83456 Size 2304 Free info 1
D/memalloc(16943):  Node 7 -> Start Address : 85760 Size 19200 Free info 0
D/memalloc(16943):  Node 8 -> Start Address : 104960 Size 19200 Free info 0
D/memalloc(16943):  Node 9 -> Start Address : 124160 Size 19200 Free info 0
D/memalloc(16943):  Node 10 -> Start Address : 143360 Size 19200 Free info 0
D/memalloc(16943):  Node 11 -> Start Address : 162560 Size 19200 Free info 0
D/memalloc(16943):  Node 12 -> Start Address : 181760 Size 6400 Free info 1
D/memalloc(16943):  Node 13 -> Start Address : 188160 Size 19200 Free info 0
D/memalloc(16943):  Node 14 -> Start Address : 207360 Size 16640 Free info 0
D/memalloc(16943):  Node 15 -> Start Address : 224000 Size 19200 Free info 0
D/memalloc(16943):  Node 16 -> Start Address : 243200 Size 7680 Free info 0
D/memalloc(16943):  Node 17 -> Start Address : 250880 Size 11264 Free info 1
D/memalloc(16943):  Total Allocated: Total Free: 
D/memalloc(16943): ----------------------------------------------
E/memalloc(16943): /dev/pmem: No more pmem available
W/memalloc(16943): Falling back to ashmem
D/memalloc(16943): ashmem: Allocated buffer base:0x4384f000 size:614400 fd:146
D/wpa_supplicant(16992): nl80211: survey data missing!
D/memalloc(17074): ashmem: Mapped buffer base:0x4283e000 size:614400 fd:44
D/memalloc(17074): /dev/pmem: Unmapping buffer base:0x481ca000 size:5816320 offset:5201920
D/memalloc(16943): /dev/pmem: Freeing buffer base:0x4a9f6000 size:614400 offset:5201920 fd:108
D/memalloc(16943): /dev/pmem: Freeing buffer base:0x4abd6000 size:614400 offset:7168000 fd:133
D/memalloc(17074): /dev/pmem: Unmapping buffer base:0x45ad4000 size:5201920 offset:4587520
D/memalloc(17074): /dev/pmem: Unmapping buffer base:0x44e00000 size:2375680 offset:1843200
D/memalloc(17074): /dev/pmem: Unmapping buffer base:0x46efc000 size:2621440 offset:2375680
D/memalloc(17074): /dev/pmem: Unmapping buffer base:0x47245000 size:7782400 offset:7168000
D/memalloc(16943): /dev/pmem: Freeing buffer base:0x4a960000 size:614400 offset:4587520 fd:99
D/memalloc(16943): /dev/pmem: Freeing buffer base:0x4aabe000 size:614400 offset:6021120 fd:111
D/memalloc(16943): /dev/pmem: Freeing buffer base:0x4a6c2000 size:532480 offset:1843200 fd:102
D/memalloc(16943): /dev/pmem: Freeing buffer base:0x4ab54000 size:532480 offset:6635520 fd:122
D/memalloc(16943): /dev/pmem: Freeing buffer base:0x4a744000 size:245760 offset:2375680 fd:130
D/memalloc(16943): /dev/pmem: Freeing buffer base:0x4ac6c000 size:245760 offset:7782400 fd:105
D/memalloc(16943): /dev/pmem: Freeing buffer base:0x4a780000 size:49152 offset:2621440 fd:141
E/Gecko   (16943): mozalloc_abort: Redirecting call to abort() to mozalloc_abort
D/memalloc(16943): /dev/pmem: Allocated buffer base:0x4a500000 size:614400 offset:1843200 fd:102
D/memalloc(17074): /dev/pmem: Mapped buffer base:0x452d0000 size:2457600 offset:1843200 fd:38
D/memalloc(17074): /dev/pmem: Unmapping buffer base:0x46119000 size:6635520 offset:6021120
D/memalloc(17074): /dev/pmem: Unmapping buffer base:0x46816000 size:7168000 offset:6635520
D/memalloc(17074): /dev/pmem: Unmapping buffer base:0x479b1000 size:8028160 offset:7782400
D/memalloc(17074): /dev/pmem: Unmapping buffer base:0x45044000 size:2670592 offset:2621440
D/memalloc(16943): /dev/pmem: Allocated buffer base:0x4a500000 size:614400 offset:4587520 fd:106
D/memalloc(17074): /dev/pmem: Mapped buffer base:0x45528000 size:5201920 offset:4587520 fd:41
D/memalloc(17074): /dev/pmem: Unmapping buffer base:0x448ca000 size:1843200 offset:1228800
E/profiler(17104): Registering start signal
I/Gecko   (17104): [Child 17104] WARNING: pipe error (3): Connection reset by peer: file ../../../gecko/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 432
I/Gecko   (17104): 
I/Gecko   (17104): ###!!! [Child][SyncChannel] Error: Channel error: cannot send/recv
I/Gecko   (17104):

Comment 2

[Kan-Ru Chen [:kanru] (UTC+9)]

hmm.. pmem is starving, weird. Could we get a stack trace of the mozalloc_abort?

Comment 3

[Jason Smith [:jsmith]]

Is this a reproducible crash? If so, please nom for leo.

Comment 4

[Henrik Skupin [:whimboo][⌚️UTC+1]]

(In reply to Kan-Ru Chen [:kanru] from comment #2)
> hmm.. pmem is starving, weird. Could we get a stack trace of the
> mozalloc_abort?

Yes, this crash happens all the time and prevents me from sending any text message to the contact. So how can I get you this stack trace? Can you please explain or give steps what to do? Thanks.

Comment 5

[Kan-Ru Chen [:kanru] (UTC+9)]

(In reply to Henrik Skupin (:whimboo) from comment #4)
> (In reply to Kan-Ru Chen [:kanru] from comment #2)
> > hmm.. pmem is starving, weird. Could we get a stack trace of the
> > mozalloc_abort?
> 
> Yes, this crash happens all the time and prevents me from sending any text
> message to the contact. So how can I get you this stack trace? Can you
> please explain or give steps what to do? Thanks.

An STR would be great. Ie. how to create the "old contacts" or "old sms messages"

Comment 6

[Henrik Skupin [:whimboo][⌚️UTC+1]]

(In reply to Kan-Ru Chen [:kanru] from comment #5)
> An STR would be great. Ie. how to create the "old contacts" or "old sms
> messages"

I'm not sure when the appropriate API's have been changed which made bug 858492 to appear. So most likely flash your device with a build from mid of March. That should be safe enough. Then send some messages to one or more contacts. Right after update your device to the most recent build.

Comment 7

[Will Kahn-Greene [:willkg] ET needinfo? me]

I commented in bug #858492 this:

I just updated and now when I try to view a specific message, it crashes FirefoxOS entirely.

Same steps to reproduce as befre. Specifically:

1. start the device
2. click on messages app
3. click on a message that was causing me problems before
4. screen flickers and FirefoxOS crashes

https://bugzilla.mozilla.org/show_bug.cgi?id=858492#c23

I can reproduce it every time. The message I'm clicking on is from Sunday April 14th.

I don't know how to create old contacts or old sms messages, but I'm happy to send my device's data to someone if they want it.


OS version: 1.1.0.0-prerelease
Platform: 18.0
Build ID: 20130418070205
Channel: Beta
Git commit: 2013-04-05 21:17:35 a5a95f7

Comment 8

[Will Kahn-Greene [:willkg] ET needinfo? me]

I just updated and the problem is gone: I'm able to read all the text messages I have on my phone now.


OS version: 1.1.0.0-prerelease
Platform: 18.0
Build ID: 20130419070205
Channel: Beta
Git commit: 2013-04-17 18:21:04 a24cf9f

Comment 9

[Henrik Skupin [:whimboo][⌚️UTC+1]]

Yes, works fine now in todays build. Could this have been fixed by bug 862351? Reuben, could you imagine?

Comment 10

[Jason Smith [:jsmith]]

Should we close as wfm then?

Comment 11

[Reuben Morais [:reuben]]

(In reply to Henrik Skupin (:whimboo) from comment #9)
> Yes, works fine now in todays build. Could this have been fixed by bug
> 862351? Reuben, could you imagine?

I wouldn't imagine that bug was causing crashes, but maybe the message manager was dying when multiple windows tried to reply to the same message. A JS stack would probably confirm this.

Comment 12

[Henrik Skupin [:whimboo][⌚️UTC+1]]

There were a couple of check-ins between 04/18 and 04/19:
http://hg.mozilla.org/releases/mozilla-b2g18/pushloghtml?fromchange=efe8da9c584a&tochange=82fdff82a2d0
https://github.com/mozilla-b2g/gaia/compare/a5a95f7...a24cf9f

Not sure which could have fixed it so marking as WFM.

Comment 13

[Naoki Hirata :nhirata (please use needinfo instead of cc)]

Last Crash occurs : in build 0418 
https://crash-stats.mozilla.com/report/list?product=B2G&query_search=signature&query_type=contains&reason_type=contains&date=04%2F22%2F2013%2017%3A00%3A00&range_value=1&range_unit=weeks&hang_type=any&process_type=any&do_query=1&signature=mozalloc_abort%20|%20abort%20|%20js%3A%3AInvokeKernel

Comment 14

[Scoobidiver (away)]

(In reply to Naoki Hirata :nhirata (please use needinfo instead of cc) from comment #13)
> Last Crash occurs : in build 0418 
No in B2G 18.0/20130426070204 (bp-27bdd348-9654-43e6-a804-32c7e2130501) so after it has been declared fixed.