Closed
Bug 884440
Opened 10 years ago
Closed 10 years ago
Crash in libxul.so!android::MediaResourceManagerService::onMessageReceived
Categories
(Firefox OS Graveyard :: General, defect)
Tracking
(blocking-b2g:leo+, firefox22 wontfix, firefox23 wontfix, firefox24 fixed, b2g18 fixed, b2g18-v1.0.0 wontfix, b2g18-v1.0.1 wontfix, b2g-v1.1hd fixed)
People
(Reporter: ikumar, Assigned: sotaro)
References
Details
(Keywords: crash, Whiteboard: [b2g-crash][btg-1601])
Crash Data
Attachments
(2 files, 1 obsolete file)
|
144.28 KB,
text/plain
|
Details | |
|
1.03 KB,
patch
|
sotaro
:
review+
|
Details | Diff | Splinter Review |
Test Steps:
1. Run test scripts with Music, Video, Camera , Camcorder, Call, SMS and Airplane mode on/off test cases.
2. After night run device generated mini dumps.
Reproducibility: Seen once
Decoded minidump:
Crash reason: SIGSEGV
Crash address: 0x0
Thread 12 (crashed)
0 libxul.so!android::MediaResourceManagerService::onMessageReceived [MediaResourceManagerService.cpp : 154 + 0x2]
r0 = 0x00000000 r1 = 0x00000001 r2 = 0x4400f6b4 r3 = 0x4aaf36b0
r4 = 0x4400f6bc r5 = 0x4400f6b4 r6 = 0x44678e0c r7 = 0x4400f6a0
r8 = 0x00000000 r9 = 0x4400f6c0 r10 = 0x00000000 fp = 0x00000001
sp = 0x44678e08 lr = 0x410157a1 pc = 0x410157a4
Found by: given as instruction pointer in context
1 libxul.so!android::AHandlerReflector<android::MediaResourceManagerService>::onMessageReceived [AHandlerReflector.h : 35 + 0x5]
r0 = 0x4400f6a0 r1 = 0x00000000 r4 = 0x4400cf80 r5 = 0x44678e78
r6 = 0x44678e78 r7 = 0x4400cf80 r8 = 0x44678eb0 r9 = 0x440074e0
r10 = 0x00100000 fp = 0x00000001 sp = 0x44678e30 pc = 0x410158b3
Found by: call frame info
2 libstagefright_foundation.so!android::ALooperRoster::deliverMessage [ALooperRoster.cpp : 133 + 0x7]
r0 = 0x4400cf80 r1 = 0x4400f6a0 r2 = 0x00000000 r4 = 0x403f4678
r5 = 0x00000000 r6 = 0x44678e78 r7 = 0x4400cf80 r8 = 0x44678eb0
r9 = 0x440074e0 r10 = 0x00100000 fp = 0x00000001 sp = 0x44678e48
pc = 0x403f1265
Found by: call frame info
3 libstagefright_foundation.so!android::ALooper::loop [ALooper.cpp : 212 + 0xb]
r4 = 0x00000001 r5 = 0x4400df78 r6 = 0x4a0f03e0 r7 = 0x0004df57
r8 = 0x44678eb0 r9 = 0x440074e0 r10 = 0x00100000 fp = 0x00000001
sp = 0x44678e70 pc = 0x403f0dcf
Found by: call frame info
4 libstagefright_foundation.so!android::ALooper::LooperThread::threadLoop [ALooper.cpp : 47 + 0x5]
r4 = 0x4400ea80 r5 = 0x4400ea80 r6 = 0x4400ea8c r7 = 0x44678eb4
r8 = 0x44678eb0 r9 = 0x440074e0 r10 = 0x00100000 fp = 0x00000001
sp = 0x44678ea0 pc = 0x403f0f45
Found by: call frame info
5 libutils.so!android::Thread::_threadLoop [Threads.cpp : 834 + 0x5]
r4 = 0x4400ea80 r5 = 0x4400ea80 r6 = 0x4400ea8c r7 = 0x44678eb4
r8 = 0x44678eb0 r9 = 0x440074e0 r10 = 0x00100000 fp = 0x00000001
sp = 0x44678ea8 pc = 0x40165e59
Found by: call frame info
6 libutils.so!thread_data_t::trampoline [Threads.cpp : 127 + 0x3]
r0 = 0x4400ea80 r1 = 0x440074d0 r2 = 0x4400ea80 r3 = 0x4400ea80
r4 = 0x4400cfc0 r5 = 0x40165de5 r6 = 0x4400ea80 r7 = 0x00000000
r8 = 0x40166409 r9 = 0x440074e0 r10 = 0x00100000 fp = 0x00000001
sp = 0x44678ed0 pc = 0x4016649f
Found by: call frame info
7 libc.so!__thread_entry [pthread.c : 217 + 0x6]
r0 = 0x00000000 r1 = 0x0170f1e0 r2 = 0x44678ffc r4 = 0x44678f00
r5 = 0x40166409 r6 = 0x440074e0 r7 = 0x00000078 r8 = 0x40166409
r9 = 0x440074e0 r10 = 0x00100000 fp = 0x00000001 sp = 0x44678ef0
pc = 0x40057114
Found by: call frame info
8 libc.so!pthread_create [pthread.c : 357 + 0xe]
r4 = 0x44678f00 r5 = 0x0170f1e0 r6 = 0xbe8535ec r7 = 0x00000078
r8 = 0x40166409 r9 = 0x440074e0 r10 = 0x00100000 fp = 0x00000001
sp = 0x44678f00 pc = 0x40056c68
Found by: call frame info
Thread 0
0 libc.so + 0xe430
r0 = 0xfffffffc r1 = 0xbe8536a8 r2 = 0x00000010 r3 = 0xffffffff
r4 = 0xbe8536a8 r5 = 0x4331ac40 r6 = 0xbe8536a8 r7 = 0x000000fc
r8 = 0x00000014 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000
sp = 0xbe853680 lr = 0x413d44df pc = 0x40052430
Found by: given as instruction pointer in context
1 libxul.so!nsAppShell::ProcessNextNativeEvent [nsAppShell.cpp : 722 + 0x5]
sp = 0xbe8536a8 pc = 0x41213171
Found by: stack scanning
2 libxul.so!nsBaseAppShell::DoProcessNextNativeEvent [nsBaseAppShell.cpp : 139 + 0x5]
r4 = 0x4331ac40 r5 = 0x40407c40 r6 = 0x00000000 r7 = 0x00000000
r8 = 0x00000014 sp = 0xbe8537c8 pc = 0x4122fe37
Found by: call frame info
3 libxul.so!nsBaseAppShell::OnProcessNextEvent [nsBaseAppShell.cpp : 298 + 0x5]
r4 = 0x4331ac40 r5 = 0x40407c40 r6 = 0x003c11ad r7 = 0x00000000
r8 = 0x00000014 sp = 0xbe8537e0 pc = 0x4122ff15
Found by: call frame info
4 libxul.so!nsThread::ProcessNextEvent [nsThread.cpp : 593 + 0x5]
r0 = 0x4331ac40 r1 = 0x01407c40 r4 = 0x40407c40 r5 = 0x00000001
r6 = 0x4122fe59 r7 = 0x00000001 r8 = 0xbe85384f r9 = 0x4042d000
r10 = 0x00000000 sp = 0xbe853808 pc = 0x413b81d7
Found by: call frame info
5 libxul.so!NS_ProcessNextEvent_P [nsThreadUtils.cpp : 237 + 0xb]
r4 = 0x00000001 r5 = 0x4044c0c0 r6 = 0x40402530 r7 = 0x00000000
r8 = 0x00000000 r9 = 0x4042d000 r10 = 0x00000000 sp = 0xbe853848
pc = 0x4139865f
Found by: call frame info
6 libxul.so!mozilla::ipc::MessagePump::Run [MessagePump.cpp : 117 + 0x7]
r0 = 0x40407c40 r1 = 0x00000001 r4 = 0x40402520 r5 = 0x4044c0c0
r6 = 0x40402530 r7 = 0x00000000 r8 = 0x00000000 r9 = 0x4042d000
r10 = 0x00000000 sp = 0xbe853858 pc = 0x412aac53
Found by: call frame info
7 libxul.so!MessageLoop::RunInternal [message_loop.cc : 219 + 0x5]
r4 = 0x4044c0c0 r5 = 0x4331ac40 r6 = 0x40407c40 r7 = 0xbe853afd
r8 = 0x00000000 r9 = 0x4042d000 r10 = 0x00000000 sp = 0xbe853880
pc = 0x413da201
Found by: call frame info
8 libxul.so!MessageLoop::Run [message_loop.cc : 212 + 0x5]
r4 = 0x4044c0c0 r5 = 0x4331ac40 r6 = 0x40407c40 r7 = 0xbe853afd
r8 = 0x00000000 r9 = 0x4042d000 r10 = 0x00000000 sp = 0xbe853888
pc = 0x413da2ab
Found by: call frame info
9 libxul.so!nsBaseAppShell::Run [nsBaseAppShell.cpp : 163 + 0x7]
r0 = 0x00000001 r1 = 0x41c85700 r2 = 0x4044c0c0 r3 = 0x00000000
r4 = 0x00000000 r5 = 0x4331ac40 r6 = 0x40407c40 r7 = 0xbe853afd
r8 = 0x00000000 r9 = 0x4042d000 r10 = 0x00000000 sp = 0xbe8538a0
pc = 0x4122f9fd
Found by: call frame info
10 libxul.so!nsAppStartup::Run [nsAppStartup.cpp : 290 + 0x5]
r4 = 0x4400deb0 r5 = 0x413a2fbd r6 = 0x00000000 r7 = 0xbe853afd
r8 = 0x00000000 r9 = 0x4042d000 r10 = 0x00000000 sp = 0xbe8538b0
pc = 0x41193c0d
Found by: call frame info
11 libxul.so!XREMain::XRE_mainRun [nsAppRunner.cpp : 3794 + 0x5]
r4 = 0xbe853a0c r5 = 0x413a2fbd r6 = 0x00000000 r7 = 0xbe853afd
r8 = 0x00000000 r9 = 0x4042d000 r10 = 0x00000000 sp = 0xbe8538b8
pc = 0x40bb94fb
Found by: call frame info
12 libxul.so!XREMain::XRE_main [nsAppRunner.cpp : 3860 + 0x5]
r4 = 0xbe853a0c r5 = 0xbe8539e7 r6 = 0x00000000 r7 = 0xbe855bf4
r8 = 0x40428000 r9 = 0x4042d000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbe8539e0 pc = 0x40bbbc99
Found by: call frame info
13 libxul.so!XRE_main [nsAppRunner.cpp : 3935 + 0x3]
r0 = 0x40428000 r1 = 0x00000001 r2 = 0xbe855bf4 r4 = 0x0001f170
r5 = 0xbe855bf4 r6 = 0x00000001 r7 = 0x00000000 r8 = 0xbe853a0c
r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe853a08
pc = 0x40bbbde5
Found by: call frame info
14 b2g!main [nsBrowserApp.cpp : 168 + 0xf]
r4 = 0x40bbbd99 r5 = 0x00000000 r6 = 0x00000001 r7 = 0xbe855bf4
r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbe853b18 pc = 0x0000999f
Found by: call frame info
15 libc.so!__libc_init [libc_init_dynamic.c : 114 + 0x7]
r4 = 0x00009714 r5 = 0xbe855bf4 r6 = 0x00000001 r7 = 0xbe855bfc
r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbe855bd8 pc = 0x4005aa77
Found by: call frame info
16 libc.so!__cxa_atexit [atexit.c : 99 + 0x3]
r4 = 0x00000000 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000000
r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbe855bf0 pc = 0x40063437
Found by: call frame info
17 0xbe855db3
r0 = 0x00000001 r1 = 0xbe855cf3 r4 = 0x00000000 r5 = 0xbe855d03
r6 = 0xbe855d15 r7 = 0xbe855d28 r8 = 0xbe855d4b r9 = 0xbe855d64
r10 = 0xbe855d81 fp = 0x00000000 sp = 0xbe855c18 pc = 0xbe855db5
Found by: call frame info
Complete decoded minidump is attached.
|
||
Updated•10 years ago
|
Severity: normal → critical
Crash Signature: [@ android::MediaResourceManagerService::onMessageReceived]
[@ android::MediaResourceManagerService::onMessageReceived(android::sp<android::AMessage> const&)]
Keywords: crash
Whiteboard: [btg-1601] → [b2g-crash][btg-1601]
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → sotaro.ikeda.g
|
|
Assignee | |
Comment 1•10 years ago
|
||
|
|
Assignee | |
Updated•10 years ago
|
Attachment #764542 -
Attachment description: patch - remove item correctly from ector → patch - remove item correctly from vector
|
|
Assignee | |
Updated•10 years ago
|
Attachment #764542 -
Flags: review?(chris.double)
|
||
Updated•10 years ago
|
Attachment #764542 -
Flags: review?(chris.double) → review+
|
||
Updated•10 years ago
|
|
|
||
Comment 2•10 years ago
|
||
Could this fix please be landed right away?
|
|
Assignee | |
Comment 3•10 years ago
|
||
Add a header. Carry "chris.double: review+"
Attachment #764542 -
Attachment is obsolete: true
Attachment #764756 -
Flags: review+
|
|
Assignee | |
Updated•10 years ago
|
Keywords: checkin-needed
|
||
Comment 4•10 years ago
|
||
https://hg.mozilla.org/projects/birch/rev/dd48a19a10fe
Keywords: checkin-needed
|
|
||
Comment 5•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/dd48a19a10fe
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
|
||
Comment 6•10 years ago
|
||
https://hg.mozilla.org/releases/mozilla-b2g18/rev/f9eb89ee2a50
status-b2g18-v1.0.0:
--- → wontfix
status-b2g18-v1.0.1:
--- → wontfix
status-b2g-v1.1hd:
--- → affected
status-firefox22:
--- → wontfix
status-firefox23:
--- → wontfix
status-firefox24:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•