Closed Bug 886405 Opened 12 years ago Closed 12 years ago

jemalloc_crash crash coming from mozilla::gfx::DrawTarget::~DrawTarget

Categories

(Firefox OS Graveyard :: Gaia::Camera, defect)

Product:
Firefox OS Graveyard
Component:
Gaia::Camera
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(blocking-b2g:leo+, b2g18 affected)

Status:
RESOLVED WORKSFORME
Project Flags:
blocking-b2g leo+
Tracking Flags:
Tracking Status
b2g18 --- affected

People

(Reporter: ikumar, Unassigned)

Details

(Keywords: crash, regression, Whiteboard: [b2g-crash][btg-1645])

Crash Data

Attachments

(1 file)

minidump
68.76 KB, text/plain
Details
Attached file minidump
Test Steps: 1. Run the scripts with MO call, MO SMS, Airplane mode , Camera ,Camcorder, Video, Music, BT_on/off and Wifi_on/off test cases. 2. After Weekend run device generated mini dumps. Reproducibility: Seen once Decoded minidump: Crash reason: SIGSEGV Crash address: 0x0 Thread 0 (crashed) 0 libmozglue.so!jemalloc_crash [jemalloc.c : 1582 + 0x0] r0 = 0x00000000 r1 = 0x00000001 r2 = 0x0000007b r3 = 0x00000000 r4 = 0x441d1000 r5 = 0x417eb2c8 r6 = 0x00000060 r7 = 0x417eb040 r8 = 0x44100000 r9 = 0x00000000 r10 = 0x417eb044 fp = 0x00000001 sp = 0xbe843ef8 lr = 0x40100a39 pc = 0x400feed6 Found by: given as instruction pointer in context 1 libmozglue.so!arena_dalloc [jemalloc.c : 3336 + 0x3] r4 = 0x441d1000 r5 = 0x417eb2c8 r6 = 0x00000060 r7 = 0x417eb040 r8 = 0x44100000 r9 = 0x00000000 r10 = 0x417eb044 fp = 0x00000001 sp = 0xbe843f00 pc = 0x40100a39 Found by: call frame info 2 libmozglue.so!free [jemalloc.c : 6589 + 0x3] r3 = 0x00000000 r4 = 0x441d10a0 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000001 r8 = 0xbe843f97 r9 = 0x41906c0c r10 = 0x00000000 fp = 0x00000000 sp = 0xbe843f28 pc = 0x40101945 Found by: call frame info 3 libmozglue.so!_ZdaPv + 0x5 r4 = 0x441d10a0 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000001 r8 = 0xbe843f97 r9 = 0x41906c0c r10 = 0x00000000 fp = 0x00000000 sp = 0xbe843f30 pc = 0x400fdb0f Found by: call frame info 4 libxul.so!mozilla::gfx::DrawTarget::~DrawTarget [2D.h : 533 + 0x5] r4 = 0x441d10a0 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000001 r8 = 0xbe843f97 r9 = 0x41906c0c r10 = 0x00000000 fp = 0x00000000 sp = 0xbe843f38 pc = 0x40db4353 Found by: call frame info 5 libxul.so!mozilla::DOMCameraPreview::Start [DOMCameraPreview.cpp : 213 + 0x5] r4 = 0x441d10a0 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000001 r8 = 0xbe843f97 r9 = 0x41906c0c r10 = 0x00000000 fp = 0x00000000 sp = 0xbe843f40 pc = 0x408247ff Found by: call frame info 6 libxul.so!PreviewControl::Run [DOMCameraPreview.cpp : 45 + 0x5] r4 = 0x41906be0 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000001 r8 = 0xbe843f97 r9 = 0x41906c0c r10 = 0x00000000 fp = 0x00000000 sp = 0xbe843f48 pc = 0x40824857 Found by: call frame info 7 libxul.so!nsThread::ProcessNextEvent [nsThread.cpp : 620 + 0x5] r4 = 0x41906be0 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000001 r8 = 0xbe843f97 r9 = 0x41906c0c r10 = 0x00000000 fp = 0x00000000 sp = 0xbe843f50 pc = 0x40bb650f Found by: call frame info 8 libxul.so!NS_ProcessNextEvent_P [nsThreadUtils.cpp : 237 + 0xb] r4 = 0x00000000 r5 = 0xbe8448ac r6 = 0x41902320 r7 = 0x00000001 r8 = 0x41923000 r9 = 0x41928000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe843f90 pc = 0x40b968e7 Found by: call frame info 9 libxul.so!mozilla::ipc::MessagePump::Run [MessagePump.cpp : 82 + 0x7] r0 = 0x41906be0 r1 = 0x01000000 r4 = 0x41902310 r5 = 0xbe8448ac r6 = 0x41902320 r7 = 0x00000001 r8 = 0x41923000 r9 = 0x41928000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe843fa0 pc = 0x40aa8e95 Found by: call frame info 10 libxul.so!mozilla::ipc::MessagePumpForChildProcess::Run [MessagePump.cpp : 231 + 0x7] r4 = 0xbe8448ac r5 = 0x41902310 r6 = 0xbe8448ac r7 = 0x00000001 r8 = 0x41923000 r9 = 0x41928000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe843fc8 pc = 0x40aa8f47 Found by: call frame info 11 libxul.so!MessageLoop::RunInternal [message_loop.cc : 219 + 0x5] r4 = 0xbe8448ac r5 = 0x4377d400 r6 = 0x41906be0 r7 = 0x00000003 r8 = 0x41923000 r9 = 0x41928000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe843fe0 pc = 0x40bd8481 Found by: call frame info 12 libxul.so!MessageLoop::Run [message_loop.cc : 212 + 0x5] r4 = 0xbe8448ac r5 = 0x4377d400 r6 = 0x41906be0 r7 = 0x00000003 r8 = 0x41923000 r9 = 0x41928000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe843fe8 pc = 0x40bd852b Found by: call frame info 13 libxul.so!nsBaseAppShell::Run [nsBaseAppShell.cpp : 163 + 0x7] r0 = 0x00000002 r1 = 0x4147dc00 r2 = 0xbe8448ac r3 = 0xbe844048 r4 = 0x00000000 r5 = 0x4377d400 r6 = 0x41906be0 r7 = 0x00000003 r8 = 0x41923000 r9 = 0x41928000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe844000 pc = 0x40a2dc85 Found by: call frame info 14 libxul.so!XRE_RunAppShell [nsEmbedFunctions.cpp : 646 + 0x5] r4 = 0xbe844014 r5 = 0x41902310 r6 = 0x00000002 r7 = 0x00000003 r8 = 0x41923000 r9 = 0x41928000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe844010 pc = 0x403bc05d Found by: call frame info 15 libxul.so!mozilla::ipc::MessagePumpForChildProcess::Run [MessagePump.cpp : 198 + 0x3] r0 = 0x41902310 r1 = 0x4377d400 r2 = 0x4375f1c0 r4 = 0xbe8448ac r5 = 0x41902310 r6 = 0x00000002 r7 = 0x00000003 r8 = 0x41923000 r9 = 0x41928000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe844028 pc = 0x40aa8f15 Found by: call frame info 16 libxul.so!MessageLoop::RunInternal [message_loop.cc : 219 + 0x5] r4 = 0xbe8448ac r5 = 0x4191b600 r6 = 0x00000002 r7 = 0x00000003 r8 = 0x41923000 r9 = 0x41928000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe844040 pc = 0x40bd8481 Found by: call frame info 17 libxul.so!MessageLoop::Run [message_loop.cc : 212 + 0x5] r4 = 0xbe8448ac r5 = 0x4191b600 r6 = 0x00000002 r7 = 0x00000003 r8 = 0x41923000 r9 = 0x41928000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe844048 pc = 0x40bd852b Found by: call frame info 18 libxul.so!XRE_InitChildProcess [nsEmbedFunctions.cpp : 485 + 0xb] r0 = 0x00000001 r1 = 0x00000000 r2 = 0xbe8448ac r3 = 0x00000000 r4 = 0xbe8448ac r5 = 0x4191b600 r6 = 0x00000002 r7 = 0x00000003 r8 = 0x41923000 r9 = 0x41928000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe844060 pc = 0x403bc401 Found by: call frame info 19 plugin-container!main [MozillaRuntimeMain.cpp : 60 + 0x5] r4 = 0xbe844a14 r5 = 0x00000005 r6 = 0xbe8449e4 r7 = 0xbe844a30 r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe8449e0 pc = 0x00008533 Found by: call frame info 20 libc.so!__libc_init [libc_init_dynamic.c : 114 + 0x7] r0 = 0x00000006 r1 = 0x41906b80 r4 = 0x000084d4 r5 = 0xbe844a14 r6 = 0x00000006 r7 = 0xbe844a30 r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe8449f8 pc = 0x400bba77 Found by: call frame info 21 0xb00045a9 r4 = 0x00000000 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000000 r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe844a10 pc = 0xb00045ab Found by: call frame info
blocking-b2g: --- → leo?
Keywords: crash
Whiteboard: [b2g-crash][btg-1645]
Severity: normal → critical
Crash Signature: [@ jemalloc_crash | arena_dalloc | free | _ZdaPv]
Summary: crash in libmozglue.so!jemalloc_crash [jemalloc.c : 1582 + 0x0] → jemalloc_crash crash coming from mozilla::gfx::DrawTarget::~DrawTarget
(leo+. This is a stability regression not seen on the CS build)
blocking-b2g: leo? → leo+
Keywords: regression
I have an extremely unscientific sneaky feeling this might be due to the DOMCameraPreview object getting destroyed before the async runnable gets handled. Inder, can you add a unique printf_stderr() call to the start of ~DOMCameraPreview() and then try to reproduce?
> Inder, can you add a unique printf_stderr() call to the start of > ~DOMCameraPreview() and then try to reproduce? Sure, these stability tests requires some setup and longer test runs. I have asked test guys to reproduce it with additional log.
Inder, have you had a chance to reproduce yet? If someone can make a try build with the suggestion from comment 3 we could try to get QA on our side to reproduce as well.
Flags: needinfo?(ikumar)
Keywords: steps-wanted
We haven't been able to reproduce the crash on a build with added log. The test folks are still trying other steps.
Flags: needinfo?(ikumar)
Test folks exhausted all the test cases and couldn't reproduce the crash. I will reopen if it reappears.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
Keywords: steps-wanted
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: