Closed
Bug 884440
Opened 10 years ago
Closed 10 years ago
Crash in libxul.so!android::MediaResourceManagerService::onMessageReceived
Categories
(Firefox OS Graveyard :: General, defect)
Tracking
(blocking-b2g:leo+, firefox22 wontfix, firefox23 wontfix, firefox24 fixed, b2g18 fixed, b2g18-v1.0.0 wontfix, b2g18-v1.0.1 wontfix, b2g-v1.1hd fixed)
People
(Reporter: ikumar, Assigned: sotaro)
References
Details
(Keywords: crash, Whiteboard: [b2g-crash][btg-1601])
Crash Data
Attachments
(2 files, 1 obsolete file)
144.28 KB,
text/plain
|
Details | |
1.03 KB,
patch
|
sotaro
:
review+
|
Details | Diff | Splinter Review |
Test Steps: 1. Run test scripts with Music, Video, Camera , Camcorder, Call, SMS and Airplane mode on/off test cases. 2. After night run device generated mini dumps. Reproducibility: Seen once Decoded minidump: Crash reason: SIGSEGV Crash address: 0x0 Thread 12 (crashed) 0 libxul.so!android::MediaResourceManagerService::onMessageReceived [MediaResourceManagerService.cpp : 154 + 0x2] r0 = 0x00000000 r1 = 0x00000001 r2 = 0x4400f6b4 r3 = 0x4aaf36b0 r4 = 0x4400f6bc r5 = 0x4400f6b4 r6 = 0x44678e0c r7 = 0x4400f6a0 r8 = 0x00000000 r9 = 0x4400f6c0 r10 = 0x00000000 fp = 0x00000001 sp = 0x44678e08 lr = 0x410157a1 pc = 0x410157a4 Found by: given as instruction pointer in context 1 libxul.so!android::AHandlerReflector<android::MediaResourceManagerService>::onMessageReceived [AHandlerReflector.h : 35 + 0x5] r0 = 0x4400f6a0 r1 = 0x00000000 r4 = 0x4400cf80 r5 = 0x44678e78 r6 = 0x44678e78 r7 = 0x4400cf80 r8 = 0x44678eb0 r9 = 0x440074e0 r10 = 0x00100000 fp = 0x00000001 sp = 0x44678e30 pc = 0x410158b3 Found by: call frame info 2 libstagefright_foundation.so!android::ALooperRoster::deliverMessage [ALooperRoster.cpp : 133 + 0x7] r0 = 0x4400cf80 r1 = 0x4400f6a0 r2 = 0x00000000 r4 = 0x403f4678 r5 = 0x00000000 r6 = 0x44678e78 r7 = 0x4400cf80 r8 = 0x44678eb0 r9 = 0x440074e0 r10 = 0x00100000 fp = 0x00000001 sp = 0x44678e48 pc = 0x403f1265 Found by: call frame info 3 libstagefright_foundation.so!android::ALooper::loop [ALooper.cpp : 212 + 0xb] r4 = 0x00000001 r5 = 0x4400df78 r6 = 0x4a0f03e0 r7 = 0x0004df57 r8 = 0x44678eb0 r9 = 0x440074e0 r10 = 0x00100000 fp = 0x00000001 sp = 0x44678e70 pc = 0x403f0dcf Found by: call frame info 4 libstagefright_foundation.so!android::ALooper::LooperThread::threadLoop [ALooper.cpp : 47 + 0x5] r4 = 0x4400ea80 r5 = 0x4400ea80 r6 = 0x4400ea8c r7 = 0x44678eb4 r8 = 0x44678eb0 r9 = 0x440074e0 r10 = 0x00100000 fp = 0x00000001 sp = 0x44678ea0 pc = 0x403f0f45 Found by: call frame info 5 libutils.so!android::Thread::_threadLoop [Threads.cpp : 834 + 0x5] r4 = 0x4400ea80 r5 = 0x4400ea80 r6 = 0x4400ea8c r7 = 0x44678eb4 r8 = 0x44678eb0 r9 = 0x440074e0 r10 = 0x00100000 fp = 0x00000001 sp = 0x44678ea8 pc = 0x40165e59 Found by: call frame info 6 libutils.so!thread_data_t::trampoline [Threads.cpp : 127 + 0x3] r0 = 0x4400ea80 r1 = 0x440074d0 r2 = 0x4400ea80 r3 = 0x4400ea80 r4 = 0x4400cfc0 r5 = 0x40165de5 r6 = 0x4400ea80 r7 = 0x00000000 r8 = 0x40166409 r9 = 0x440074e0 r10 = 0x00100000 fp = 0x00000001 sp = 0x44678ed0 pc = 0x4016649f Found by: call frame info 7 libc.so!__thread_entry [pthread.c : 217 + 0x6] r0 = 0x00000000 r1 = 0x0170f1e0 r2 = 0x44678ffc r4 = 0x44678f00 r5 = 0x40166409 r6 = 0x440074e0 r7 = 0x00000078 r8 = 0x40166409 r9 = 0x440074e0 r10 = 0x00100000 fp = 0x00000001 sp = 0x44678ef0 pc = 0x40057114 Found by: call frame info 8 libc.so!pthread_create [pthread.c : 357 + 0xe] r4 = 0x44678f00 r5 = 0x0170f1e0 r6 = 0xbe8535ec r7 = 0x00000078 r8 = 0x40166409 r9 = 0x440074e0 r10 = 0x00100000 fp = 0x00000001 sp = 0x44678f00 pc = 0x40056c68 Found by: call frame info Thread 0 0 libc.so + 0xe430 r0 = 0xfffffffc r1 = 0xbe8536a8 r2 = 0x00000010 r3 = 0xffffffff r4 = 0xbe8536a8 r5 = 0x4331ac40 r6 = 0xbe8536a8 r7 = 0x000000fc r8 = 0x00000014 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0xbe853680 lr = 0x413d44df pc = 0x40052430 Found by: given as instruction pointer in context 1 libxul.so!nsAppShell::ProcessNextNativeEvent [nsAppShell.cpp : 722 + 0x5] sp = 0xbe8536a8 pc = 0x41213171 Found by: stack scanning 2 libxul.so!nsBaseAppShell::DoProcessNextNativeEvent [nsBaseAppShell.cpp : 139 + 0x5] r4 = 0x4331ac40 r5 = 0x40407c40 r6 = 0x00000000 r7 = 0x00000000 r8 = 0x00000014 sp = 0xbe8537c8 pc = 0x4122fe37 Found by: call frame info 3 libxul.so!nsBaseAppShell::OnProcessNextEvent [nsBaseAppShell.cpp : 298 + 0x5] r4 = 0x4331ac40 r5 = 0x40407c40 r6 = 0x003c11ad r7 = 0x00000000 r8 = 0x00000014 sp = 0xbe8537e0 pc = 0x4122ff15 Found by: call frame info 4 libxul.so!nsThread::ProcessNextEvent [nsThread.cpp : 593 + 0x5] r0 = 0x4331ac40 r1 = 0x01407c40 r4 = 0x40407c40 r5 = 0x00000001 r6 = 0x4122fe59 r7 = 0x00000001 r8 = 0xbe85384f r9 = 0x4042d000 r10 = 0x00000000 sp = 0xbe853808 pc = 0x413b81d7 Found by: call frame info 5 libxul.so!NS_ProcessNextEvent_P [nsThreadUtils.cpp : 237 + 0xb] r4 = 0x00000001 r5 = 0x4044c0c0 r6 = 0x40402530 r7 = 0x00000000 r8 = 0x00000000 r9 = 0x4042d000 r10 = 0x00000000 sp = 0xbe853848 pc = 0x4139865f Found by: call frame info 6 libxul.so!mozilla::ipc::MessagePump::Run [MessagePump.cpp : 117 + 0x7] r0 = 0x40407c40 r1 = 0x00000001 r4 = 0x40402520 r5 = 0x4044c0c0 r6 = 0x40402530 r7 = 0x00000000 r8 = 0x00000000 r9 = 0x4042d000 r10 = 0x00000000 sp = 0xbe853858 pc = 0x412aac53 Found by: call frame info 7 libxul.so!MessageLoop::RunInternal [message_loop.cc : 219 + 0x5] r4 = 0x4044c0c0 r5 = 0x4331ac40 r6 = 0x40407c40 r7 = 0xbe853afd r8 = 0x00000000 r9 = 0x4042d000 r10 = 0x00000000 sp = 0xbe853880 pc = 0x413da201 Found by: call frame info 8 libxul.so!MessageLoop::Run [message_loop.cc : 212 + 0x5] r4 = 0x4044c0c0 r5 = 0x4331ac40 r6 = 0x40407c40 r7 = 0xbe853afd r8 = 0x00000000 r9 = 0x4042d000 r10 = 0x00000000 sp = 0xbe853888 pc = 0x413da2ab Found by: call frame info 9 libxul.so!nsBaseAppShell::Run [nsBaseAppShell.cpp : 163 + 0x7] r0 = 0x00000001 r1 = 0x41c85700 r2 = 0x4044c0c0 r3 = 0x00000000 r4 = 0x00000000 r5 = 0x4331ac40 r6 = 0x40407c40 r7 = 0xbe853afd r8 = 0x00000000 r9 = 0x4042d000 r10 = 0x00000000 sp = 0xbe8538a0 pc = 0x4122f9fd Found by: call frame info 10 libxul.so!nsAppStartup::Run [nsAppStartup.cpp : 290 + 0x5] r4 = 0x4400deb0 r5 = 0x413a2fbd r6 = 0x00000000 r7 = 0xbe853afd r8 = 0x00000000 r9 = 0x4042d000 r10 = 0x00000000 sp = 0xbe8538b0 pc = 0x41193c0d Found by: call frame info 11 libxul.so!XREMain::XRE_mainRun [nsAppRunner.cpp : 3794 + 0x5] r4 = 0xbe853a0c r5 = 0x413a2fbd r6 = 0x00000000 r7 = 0xbe853afd r8 = 0x00000000 r9 = 0x4042d000 r10 = 0x00000000 sp = 0xbe8538b8 pc = 0x40bb94fb Found by: call frame info 12 libxul.so!XREMain::XRE_main [nsAppRunner.cpp : 3860 + 0x5] r4 = 0xbe853a0c r5 = 0xbe8539e7 r6 = 0x00000000 r7 = 0xbe855bf4 r8 = 0x40428000 r9 = 0x4042d000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe8539e0 pc = 0x40bbbc99 Found by: call frame info 13 libxul.so!XRE_main [nsAppRunner.cpp : 3935 + 0x3] r0 = 0x40428000 r1 = 0x00000001 r2 = 0xbe855bf4 r4 = 0x0001f170 r5 = 0xbe855bf4 r6 = 0x00000001 r7 = 0x00000000 r8 = 0xbe853a0c r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe853a08 pc = 0x40bbbde5 Found by: call frame info 14 b2g!main [nsBrowserApp.cpp : 168 + 0xf] r4 = 0x40bbbd99 r5 = 0x00000000 r6 = 0x00000001 r7 = 0xbe855bf4 r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe853b18 pc = 0x0000999f Found by: call frame info 15 libc.so!__libc_init [libc_init_dynamic.c : 114 + 0x7] r4 = 0x00009714 r5 = 0xbe855bf4 r6 = 0x00000001 r7 = 0xbe855bfc r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe855bd8 pc = 0x4005aa77 Found by: call frame info 16 libc.so!__cxa_atexit [atexit.c : 99 + 0x3] r4 = 0x00000000 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000000 r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe855bf0 pc = 0x40063437 Found by: call frame info 17 0xbe855db3 r0 = 0x00000001 r1 = 0xbe855cf3 r4 = 0x00000000 r5 = 0xbe855d03 r6 = 0xbe855d15 r7 = 0xbe855d28 r8 = 0xbe855d4b r9 = 0xbe855d64 r10 = 0xbe855d81 fp = 0x00000000 sp = 0xbe855c18 pc = 0xbe855db5 Found by: call frame info Complete decoded minidump is attached.
Updated•10 years ago
|
Severity: normal → critical
Crash Signature: [@ android::MediaResourceManagerService::onMessageReceived]
[@ android::MediaResourceManagerService::onMessageReceived(android::sp<android::AMessage> const&)]
Keywords: crash
Whiteboard: [btg-1601] → [b2g-crash][btg-1601]
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → sotaro.ikeda.g
Assignee | ||
Comment 1•10 years ago
|
||
Assignee | ||
Updated•10 years ago
|
Attachment #764542 -
Attachment description: patch - remove item correctly from ector → patch - remove item correctly from vector
Assignee | ||
Updated•10 years ago
|
Attachment #764542 -
Flags: review?(chris.double)
Updated•10 years ago
|
Attachment #764542 -
Flags: review?(chris.double) → review+
Updated•10 years ago
|
Comment 2•10 years ago
|
||
Could this fix please be landed right away?
Assignee | ||
Comment 3•10 years ago
|
||
Add a header. Carry "chris.double: review+"
Attachment #764542 -
Attachment is obsolete: true
Attachment #764756 -
Flags: review+
Assignee | ||
Updated•10 years ago
|
Keywords: checkin-needed
Comment 4•10 years ago
|
||
https://hg.mozilla.org/projects/birch/rev/dd48a19a10fe
Keywords: checkin-needed
Comment 5•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/dd48a19a10fe
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Comment 6•10 years ago
|
||
https://hg.mozilla.org/releases/mozilla-b2g18/rev/f9eb89ee2a50
status-b2g18-v1.0.0:
--- → wontfix
status-b2g18-v1.0.1:
--- → wontfix
status-b2g-v1.1hd:
--- → affected
status-firefox22:
--- → wontfix
status-firefox23:
--- → wontfix
status-firefox24:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•