Closed
Bug 889167
Opened 10 years ago
Closed 10 years ago
[A/V] Crash on MediaResourceManagerService::cancelClientLocked()
Categories
(Firefox OS Graveyard :: General, defect)
Tracking
(blocking-b2g:leo+)
People
(Reporter: leo.bugzilla.gecko, Assigned: sotaro)
References
Details
(Keywords: crash, Whiteboard: [b2g-crash][TD-55377])
Crash Data
Attachments
(1 file)
|
1.64 MB,
text/plain
|
Details |
Crash is reported to here.. https://crash-stats.mozilla.com/report/index/d7affc9d-2eea-4404-b4c3-8a5ff2130701 STR 1. Play any video file by video application. 2. Send video file from other device 3. Receiving video file while playing 4. Try to play received video by touching notification. Then, Crash occur. I think this is kind of timing problem. I reported this problem from tester but I cannot reproduce it.
|
Reporter | |
Comment 1•10 years ago
|
||
From my build, crash point is here.. libxu.so 0x6fc63c android::MediaResourceManagerService::onMessageReceived(android::sp<android::AMessage> const&) MediaResourceManagerService.cpp:154 I think it needs null check for client. But I have no idea what should do if there's no client. (call cancelClientLocked()???)
|
|
Reporter | |
Updated•10 years ago
|
blocking-b2g: --- → leo+
Whiteboard: [TD-55377]
Target Milestone: --- → 1.1 QE4 (15jul)
|
|
Reporter | |
Comment 2•10 years ago
|
||
Operating system: Android
0.0.0 Linux 3.0.21-perf-g0715ea2 #1 PREEMPT Sat Jun 29 15:56:05 KST 2013 armv7l qcom/d300_viv_br/d300:4.0.4/IMM76I/eng.sungmin.hwang.20130629.154907:userdebug/test-keys
CPU: arm
ARMv0
0 CPUs
Crash reason: SIGSEGV
Crash address: 0x0
Thread 12 (crashed)
0 libxul.so!android::MediaResourceManagerService::onMessageReceived [MediaResourceManagerService.cpp : 154 + 0x2]
r0 = 0x00000000 r1 = 0x00000001 r2 = 0x43769754 r3 = 0x00000000
r4 = 0x4376975c r5 = 0x43769754 r6 = 0x454ffe0c r7 = 0x43769740
r8 = 0x00000000 r9 = 0x43769760 r10 = 0x00000000 r12 = 0x400347b8
fp = 0x00000001 sp = 0x454ffe08 lr = 0x414cf639 pc = 0x414cf63c
Found by: given as instruction pointer in context
1 libxul.so!android::AHandlerReflector<android::MediaResourceManagerService>::onMessageReceived [AHandlerReflector.h : 35 + 0x5]
r0 = 0x43769740 r1 = 0x00000000 r4 = 0x443c4220 r5 = 0x454ffe78
r6 = 0x454ffe78 r7 = 0x443c4220 r8 = 0x454ffeb0 r9 = 0x435df680
r10 = 0x00100000 fp = 0x00000001 sp = 0x454ffe30 pc = 0x414cf74b
Found by: call frame info
2 libstagefright_foundation.so!android::ALooperRoster::deliverMessage [ALooperRoster.cpp : 133 + 0x7]
r0 = 0x443c4220 r1 = 0x43769740 r2 = 0x00000001 r4 = 0x403f1678
r5 = 0x00000000 r6 = 0x454ffe78 r7 = 0x443c4220 r8 = 0x454ffeb0
r9 = 0x435df680 r10 = 0x00100000 fp = 0x00000001 sp = 0x454ffe48
pc = 0x403ee265
Found by: call frame info
3 libstagefright_foundation.so!android::ALooper::loop [ALooper.cpp : 212 + 0xb]
r4 = 0x00000001 r5 = 0x443bb168 r6 = 0x443736a0 r7 = 0x0004e080
r8 = 0x454ffeb0 r9 = 0x435df680 r10 = 0x00100000 fp = 0x00000001
sp = 0x454ffe70 pc = 0x403eddcf
Found by: call frame info
4 libstagefright_foundation.so!android::ALooper::LooperThread::threadLoop [ALooper.cpp : 47 + 0x5]
r4 = 0x43768ac0 r5 = 0x43768ac0 r6 = 0x43768acc r7 = 0x454ffeb4
r8 = 0x454ffeb0 r9 = 0x435df680 r10 = 0x00100000 fp = 0x00000001
sp = 0x454ffea0 pc = 0x403edf45
Found by: call frame info
5 libutils.so!android::Thread::_threadLoop [Threads.cpp : 834 + 0x5]
r4 = 0x43768ac0 r5 = 0x43768ac0 r6 = 0x43768acc r7 = 0x454ffeb4
r8 = 0x454ffeb0 r9 = 0x435df680 r10 = 0x00100000 fp = 0x00000001
sp = 0x454ffea8 pc = 0x4018fe59
Found by: call frame info
6 libutils.so!thread_data_t::trampoline [Threads.cpp : 127 + 0x3]
r0 = 0x43768ac0 r1 = 0x435df670 r2 = 0x43768ac0 r3 = 0x43768ac0
r4 = 0x443c4260 r5 = 0x4018fde5 r6 = 0x43768ac0 r7 = 0x00000000
r8 = 0x40190409 r9 = 0x435df680 r10 = 0x00100000 fp = 0x00000001
sp = 0x454ffed0 pc = 0x4019049f
Found by: call frame info
7 libc.so!__thread_entry [pthread.c : 217 + 0x6]
r0 = 0x00000000 r1 = 0x00823260 r2 = 0x454ffffc r4 = 0x454fff00
r5 = 0x40190409 r6 = 0x435df680 r7 = 0x00000078 r8 = 0x40190409
r9 = 0x435df680 r10 = 0x00100000 fp = 0x00000001 sp = 0x454ffef0
pc = 0x400950ec
Found by: call frame info
8 libc.so!pthread_create [pthread.c : 357 + 0xe]
r4 = 0x454fff00 r5 = 0x00823260 r6 = 0xbeb87554 r7 = 0x00000078
r8 = 0x40190409 r9 = 0x435df680 r10 = 0x00100000 fp = 0x00000001
sp = 0x454fff00 pc = 0x40094c40
Found by: call frame info|
|
Reporter | |
Comment 3•10 years ago
|
||
07-02 14:10:28.619 W 580 IMediaResourceManagerDeathNotifier media server died 07-02 14:10:28.619 V 149 AudioFlinger removeNotificationClient() 0xcf5f50, binder 0xcf5ee0 07-02 14:10:28.619 V 149 AudioFlinger 149 died, releasing its sessions 07-02 14:10:28.619 V 149 AudioFlinger pid 580 @ 0 07-02 14:10:28.909 I 426 Bluez external/bluetooth/bluez/src/agent.c:agent_exited()Agent exited without calling Unregister 07-02 14:10:28.909 I 426 Bluez external/bluetooth/bluez/plugins/mgmtops.c:mgmt_set_io_capability()hci0 io_capability 0x03 07-02 14:10:28.909 I 580 Gecko [Child 580] WARNING: pipe error (3): Connection reset by peer: file /home1/sungmin.hwang/ffos/d300_qe4_viv_br_0629/b2g/gecko/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 432 07-02 14:10:28.909 I 580 Gecko [Child 580] WARNING: pipe error (19): Connection reset by peer: file /home1/sungmin.hwang/ffos/d300_qe4_viv_br_0629/b2g/gecko/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 432 07-02 14:10:28.909 I 580 Gecko 07-02 14:10:28.909 I 580 Gecko ###!!! [Child][SyncChannel] Error: Channel error: cannot send/recv 07-02 14:10:28.909 I 580 Gecko 07-02 14:10:28.919 I 426 Bluez external/bluetooth/bluez/plugins/mgmtops.c:mgmt_event()cond 1 07-02 14:10:28.919 I 426 Bluez external/bluetooth/bluez/plugins/mgmtops.c:mgmt_event()Received 8 bytes from management socket 07-02 14:10:28.919 I 426 Bluez external/bluetooth/bluez/plugins/mgmtops.c:mgmt_event()Opcode: 1 07-02 14:10:28.919 I 426 Bluez external/bluetooth/bluez/plugins/mgmtops.c:mgmt_cmd_complete() 07-02 14:10:28.919 I 426 Bluez external/bluetooth/bluez/plugins/mgmtops.c:mgmt_cmd_complete()set_io_capability complete 07-02 14:10:29.069 W 660 SRS_QDSP_Adapter Not creating SRS DSP thread. 07-02 14:10:29.079 I 661 B2G B2G system start!
|
|
Reporter | |
Comment 4•10 years ago
|
||
Same problem in followed STR 1. Play any direct linked video in browser. 2. while playing, push home button. 3. Restart browser. 4. After resume the play, refresh the browser and home button. Then device start to reboot.
|
||
Comment 5•10 years ago
|
||
Similar to bug 884440.
Crash Signature: [@ android::MediaResourceManagerService::onMessageReceived]
Keywords: crash
Whiteboard: [TD-55377] → [b2g-crash][TD-55377]
|
|
Reporter | |
Comment 6•10 years ago
|
||
Patch in Bug 884440 is not landed on LG side. I'm checking if the patch can solve this crash also or not. If it's working, I will mark this issue as duplicated
|
|
Reporter | |
Comment 7•10 years ago
|
||
After I applied patch in Bug 884440, I got another crash by same procedure. Crash reason: SIGSEGV Crash address: 0x44200000 Thread 46 (crashed) 0 libxul.so!android::MediaResourceManagerService::cancelClientLocked [StrongPointer.h : 97 + 0x0] r0 = 0x43d53830 r1 = 0x00000159 r2 = 0x00000000 r3 = 0x00000000 r4 = 0x44200000 r5 = 0x438fe760 r6 = 0x438fe740 r7 = 0x4e87ad70 r8 = 0x4e87ad44 r9 = 0x00000099 r10 = 0x00000000 r12 = 0x420e1dc8 fp = 0x00000000 sp = 0x4e87ad10 lr = 0x4016407f pc = 0x41480584 Found by: given as instruction pointer in context 1 libxul.so!android::MediaResourceManagerService::cancelClient [MediaResourceManagerService.cpp : 114 + 0x7] r4 = 0x438fe740 r5 = 0x4e87ad44 r6 = 0x438fe75c r7 = 0x4e87ad70 r8 = 0x4e87adf0 r9 = 0x00000099 r10 = 0x00000000 fp = 0x00000000 sp = 0x4e87ad40 pc = 0x4148073b Found by: call frame info 2 libxul.so!android::BnMediaResourceManagerService::onTransact [IMediaResourceManagerService.cpp : 75 + 0x9] r0 = 0x438fe740 r1 = 0x44984ac0 r2 = 0x00000004 r4 = 0x438fe740 r5 = 0x4e87ad70 r6 = 0x4e87adc0 r7 = 0x4e87ad6c r8 = 0x4e87adf0 r9 = 0x00000099 r10 = 0x00000000 fp = 0x00000000 sp = 0x4e87ad60 pc = 0x4147fce1 Found by: call frame info 3 libbinder.so!android::BBinder::transact [Binder.cpp : 107 + 0xf] r4 = 0x4e87adc0 r5 = 0x438fe744 r6 = 0x00000002 r7 = 0x4147fc49 r8 = 0x4e87adf0 r9 = 0x00000099 r10 = 0x00000000 fp = 0x00000000 sp = 0x4e87ad90 pc = 0x407cee8b Found by: call frame info 4 libbinder.so!android::IPCThreadState::executeCommand [IPCThreadState.cpp : 1028 + 0x13] r0 = 0x00000010 r1 = 0x00000002 r4 = 0x404ec5e0 r5 = 0x00000000 r6 = 0x407df32c r7 = 0x407cee4d r8 = 0x4e87adc0 r9 = 0x00000099 r10 = 0x00000000 fp = 0x00000000 sp = 0x4e87adb0 pc = 0x407d2195 Found by: call frame info 5 libbinder.so!android::IPCThreadState::joinThreadPool [IPCThreadState.cpp : 468 + 0x5] r4 = 0x404ec5e0 r5 = 0x00000000 r6 = 0x404ec610 r7 = 0x404ec640 r8 = 0x00000000 r9 = 0x404ec5fc r10 = 0x404ec5e8 fp = 0x00000000 sp = 0x4e87ae78 pc = 0x407d2373 Found by: call frame info 6 libbinder.so!android::PoolThread::threadLoop [ProcessState.cpp : 67 + 0xb] r3 = 0x00000000 r4 = 0x4371d640 r5 = 0x00000001 r6 = 0x4371d64c r7 = 0x4e87aeb4 r8 = 0x4e87aeb0 r9 = 0x4945f2b0 r10 = 0x00100000 fp = 0x00000001 sp = 0x4e87aea0 pc = 0x407d74b5 Found by: call frame info 7 libutils.so!android::Thread::_threadLoop [Threads.cpp : 834 + 0x5] r4 = 0x4371d640 r5 = 0x00000001 r6 = 0x4371d64c r7 = 0x4e87aeb4 r8 = 0x4e87aeb0 r9 = 0x4945f2b0 r10 = 0x00100000 fp = 0x00000001 sp = 0x4e87aea8 pc = 0x40162e59 Found by: call frame info 8 libutils.so!thread_data_t::trampoline [Threads.cpp : 127 + 0x3] r0 = 0x4371d640 r1 = 0x44af7030 r2 = 0x00000000 r3 = 0x4371d640 r4 = 0x436a8560 r5 = 0x40162de5 r6 = 0x4371d640 r7 = 0x00000000 r8 = 0x40163409 r9 = 0x4945f2b0 r10 = 0x00100000 fp = 0x00000001 sp = 0x4e87aed0 pc = 0x4016349f Found by: call frame info 9 libc.so!__thread_entry [pthread.c : 217 + 0x6] r0 = 0x00000000 r1 = 0x00a1c9e0 r2 = 0x4e87affc r4 = 0x4e87af00 r5 = 0x40163409 r6 = 0x4945f2b0 r7 = 0x00000078 r8 = 0x40163409 r9 = 0x4945f2b0 r10 = 0x00100000 fp = 0x00000001 sp = 0x4e87aef0 pc = 0x400860ec Found by: call frame info 10 libc.so!pthread_create [pthread.c : 357 + 0xe] r4 = 0x4e87af00 r5 = 0x00a1c9e0 r6 = 0x40ccfcf4 r7 = 0x00000078 r8 = 0x40163409 r9 = 0x4945f2b0 r10 = 0x00100000 fp = 0x00000001 sp = 0x4e87af00 pc = 0x40085c40 Found by: call frame info
|
|
||
Updated•10 years ago
|
Crash Signature: [@ android::MediaResourceManagerService::onMessageReceived] → [@ android::MediaResourceManagerService::onMessageReceived]
[@ android::MediaResourceManagerService::cancelClientLocked]
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → sotaro.ikeda.g
|
|
Assignee | |
Comment 8•10 years ago
|
||
Hi leo, is the crash in comment #2 still happens since applied the patch in Bug 884440?
|
|
||
Comment 9•10 years ago
|
||
(In reply to Sotaro Ikeda [:sotaro] from comment #8) > Hi leo, is the crash in comment #2 still happens since applied the patch in > Bug 884440? See comment 7.
|
|
Reporter | |
Comment 10•10 years ago
|
||
(In reply to Sotaro Ikeda [:sotaro] from comment #8) > Hi leo, is the crash in comment #2 still happens since applied the patch in > Bug 884440? Yes, it just change the crash point as comment 7.
|
|
Assignee | |
Comment 11•10 years ago
|
||
(In reply to leo.bugzilla.gecko from comment #10) > (In reply to Sotaro Ikeda [:sotaro] from comment #8) > > Hi leo, is the crash in comment #2 still happens since applied the patch in > > Bug 884440? > > Yes, it just change the crash point as comment 7. Sorry, my question was not clear. Does the crash still happen in MediaResourceManagerService::onMessageReceived() since applied the patch in Bug 884440?
|
|
Assignee | |
Comment 12•10 years ago
|
||
(In reply to Sotaro Ikeda [:sotaro] from comment #11) > (In reply to leo.bugzilla.gecko from comment #10) > > (In reply to Sotaro Ikeda [:sotaro] from comment #8) > > > Hi leo, is the crash in comment #2 still happens since applied the patch in > > > Bug 884440? > > > > Yes, it just change the crash point as comment 7. > > Sorry, my question was not clear. Does the crash still happen in > MediaResourceManagerService::onMessageReceived() since applied the patch in > Bug 884440? I understand comment 7 that the crash happens at MediaResourceManagerService::cancelClientLocked().
|
|
Assignee | |
Updated•10 years ago
|
Flags: needinfo?(leo.bugzilla.gecko)
|
|
Reporter | |
Comment 13•10 years ago
|
||
(In reply to Sotaro Ikeda [:sotaro] from comment #12) > I understand comment 7 that the crash happens at > MediaResourceManagerService::cancelClientLocked(). Yes, right. After applying the patch, another crash (in comment 7) occurs
Flags: needinfo?(leo.bugzilla.gecko)
|
|
Assignee | |
Comment 14•10 years ago
|
||
Change the summary from comment 13.
Summary: [A/V] Crash on receiving alooper message → [A/V] Crash on MediaResourceManagerService::cancelClientLocked()
|
|
Assignee | |
Comment 15•10 years ago
|
||
I can not reproduce the crash on v1.1 leo MozBuiltROM. How often does the crash happen in the case of comment #0 and comment #4?
|
|
Assignee | |
Comment 16•10 years ago
|
||
Leo, stack of comment #7 does not have information of where the crash happens. [StrongPointer.h : 97 + 0x0] seems not correct place of the crash. Can you confirm where the crash happens?
|
|
Reporter | |
Comment 17•10 years ago
|
||
(In reply to Sotaro Ikeda [:sotaro] from comment #15) > I can not reproduce the crash on v1.1 leo MozBuiltROM. How often does the > crash happen in the case of comment #0 and comment #4? I received report two cases to reproduce this crash. First one is in comment #0 and second one is in comment #4. I think STR in comment #4 is not happen after applying patch in bug 889233. (if you remove patch in bug 889233, it happen about more than 80% by the case of comment #4) But the case in comment #0 is reported by internal Q and Europe, two times, and I cannot reproduce it also. I think the crash by comment #0 can be fixed when this problem is solved. (https://bugzilla.mozilla.org/show_bug.cgi?id=887650#c3) Is it possible to guess the reason of crash by the call stack? Maybe crash in case of comment #0 and comment #4 can be fixed anyway. But there's still potential risk of crash by that we didn't discover yet.
|
|
Reporter | |
Comment 18•10 years ago
|
||
(In reply to Sotaro Ikeda [:sotaro] from comment #16) > Leo, stack of comment #7 does not have information of where the crash > happens. [StrongPointer.h : 97 + 0x0] seems not correct place of the crash. > Can you confirm where the crash happens? 1. Apply patch bug 884440 2. Remove patch bug 889233 3. Do the case in comment #4. Then you can see the same call stack in comment #7.
|
|
Reporter | |
Comment 19•10 years ago
|
||
|
|
Reporter | |
Comment 20•10 years ago
|
||
I got the 100% reproducible procedure from the tester. 1. Play any video file. 2. Receive any video file from the other device. 3. Try to play received file from notification while (1) is still playing. 4. Then, press back button 3~4 times while player screen remain black with spinner. The attached file is logcat when I reproduce this problem.
|
|
Reporter | |
Comment 21•10 years ago
|
||
I have tested several times, cases of comment #4 and comment comment #20 is not occur after I apply patch both bug 884440 and bug 889233. Could you please confirm that both patch can affect case comment #20, by checking attachment #772561 [details]?
Flags: needinfo?(sotaro.ikeda.g)
|
|
Reporter | |
Comment 22•10 years ago
|
||
FYI
In the attachment #772561 [details]
Crash happen and reboot the device here..
01-05 21:20:50.351 I 3648 B2G B2G system start!|
|
Assignee | |
Comment 23•10 years ago
|
||
I still can not reproduce it. But find another symptom from STR in comment #4. - Video tag wait for playing a video almost infinite time. I am going to create a new bug for it. The root cause seems same.
Flags: needinfo?(sotaro.ikeda.g)
|
|
Assignee | |
Comment 24•10 years ago
|
||
(In reply to leo.bugzilla.gecko from comment #21) > I have tested several times, cases of comment #4 and comment comment #20 is > not occur after I apply patch both bug 884440 and bug 889233. > > Could you please confirm that both patch can affect case comment #20, by > checking attachment #772561 [details]? It seems that the patches does not directly affect to this bug.
|
|
Assignee | |
Updated•10 years ago
|
Component: Gaia::Video → General
|
|
Assignee | |
Comment 25•10 years ago
|
||
Leo, can you check if attachment 772750 [details] [diff] [review] in Bug 891445 works for this bug?
Flags: needinfo?(leo.bugzilla.gecko)
|
|
Reporter | |
Comment 26•10 years ago
|
||
(In reply to Sotaro Ikeda [:sotaro] from comment #25) > Leo, can you check if attachment 772750 [details] [diff] [review] in Bug > 891445 works for this bug? Even after I applied patch, there's still same crash in comment #7.
Flags: needinfo?(leo.bugzilla.gecko)
|
|
Reporter | |
Comment 27•10 years ago
|
||
(In reply to leo.bugzilla.gecko from comment #26) > (In reply to Sotaro Ikeda [:sotaro] from comment #25) > > Leo, can you check if attachment 772750 [details] [diff] [review] in Bug > > 891445 works for this bug? > > Even after I applied patch, there's still same crash in comment #7. Sorry, please ignore comment above. I got crash after your patch and it still has crash. But call stack is little different in smart pointer. Crash reason: SIGSEGV Crash address: 0x49400000 Thread 1 (crashed) 0 libxul.so!android::MediaResourceManagerService::cancelClientLocked [StrongPointer.h : 93 + 0x0] r0 = 0x4aa3fdd0 r1 = 0xffa476b1 r2 = 0x00000000 r3 = 0x00000000 r4 = 0x49400000 r5 = 0x43dd9760 r6 = 0x43dd9740 r7 = 0x100ffd70 r8 = 0x100ffd44 r9 = 0x0000008e r10 = 0x00000000 r12 = 0x41ffdf58 fp = 0x00000000 sp = 0x100ffd10 lr = 0x4014c07f pc = 0x4139b6a4 Found by: given as instruction pointer in context 1 libxul.so!android::MediaResourceManagerService::cancelClient [MediaResourceManagerService.cpp : 115 + 0x7] r4 = 0x43dd9740 r5 = 0x100ffd44 r6 = 0x43dd975c r7 = 0x100ffd70 r8 = 0x100ffdf0 r9 = 0x0000008e r10 = 0x00000000 fp = 0x00000000 sp = 0x100ffd40 pc = 0x4139b85b Found by: call frame info 2 libxul.so!android::BnMediaResourceManagerService::onTransact [IMediaResourceManagerService.cpp : 75 + 0x9] r0 = 0x43dd9740 r1 = 0x45ce2bc0 r2 = 0x00000004 r4 = 0x43dd9740 r5 = 0x100ffd70 r6 = 0x100ffdc0 r7 = 0x100ffd6c r8 = 0x100ffdf0 r9 = 0x0000008e r10 = 0x00000000 fp = 0x00000000 sp = 0x100ffd60 pc = 0x4139ae01 Found by: call frame info 3 libbinder.so!android::BBinder::transact [Binder.cpp : 107 + 0xf] r4 = 0x100ffdc0 r5 = 0x43dd9744 r6 = 0x00000002 r7 = 0x4139ad69 r8 = 0x100ffdf0 r9 = 0x0000008e r10 = 0x00000000 fp = 0x00000000 sp = 0x100ffd90 pc = 0x407cee8b Found by: call frame info 4 libbinder.so!android::IPCThreadState::executeCommand [IPCThreadState.cpp : 1028 + 0x13] r0 = 0x00000010 r1 = 0x00000002 r4 = 0x4040a1c0 r5 = 0x00000000 r6 = 0x407df32c r7 = 0x407cee4d r8 = 0x100ffdc0 r9 = 0x0000008e r10 = 0x00000000 fp = 0x00000000 sp = 0x100ffdb0 pc = 0x407d2195 Found by: call frame info 5 libbinder.so!android::IPCThreadState::joinThreadPool [IPCThreadState.cpp : 468 + 0x5] r4 = 0x4040a1c0 r5 = 0x00000000 r6 = 0x4040a1f0 r7 = 0x4040a220 r8 = 0x00000001 r9 = 0x4040a1dc r10 = 0x4040a1c8 fp = 0x00000000 sp = 0x100ffe78 pc = 0x407d2373 Found by: call frame info 6 libbinder.so!android::PoolThread::threadLoop [ProcessState.cpp : 67 + 0xb] r3 = 0x00000000 r4 = 0x40402130 r5 = 0x00000001 r6 = 0x4040213c r7 = 0x100ffeb4 r8 = 0x100ffeb0 r9 = 0x40403120 r10 = 0x00100000 fp = 0x00000001 sp = 0x100ffea0 pc = 0x407d74b5 Found by: call frame info 7 libutils.so!android::Thread::_threadLoop [Threads.cpp : 834 + 0x5] r4 = 0x40402130 r5 = 0x00000001 r6 = 0x4040213c r7 = 0x100ffeb4 r8 = 0x100ffeb0 r9 = 0x40403120 r10 = 0x00100000 fp = 0x00000001 sp = 0x100ffea8 pc = 0x4014ae59 Found by: call frame info 8 libutils.so!thread_data_t::trampoline [Threads.cpp : 127 + 0x3] r0 = 0x40402130 r1 = 0x40403110 r2 = 0x00000000 r3 = 0x40402130 r4 = 0x40401080 r5 = 0x4014ade5 r6 = 0x40402130 r7 = 0x00000000 r8 = 0x4014b409 r9 = 0x40403120 r10 = 0x00100000 fp = 0x00000001 sp = 0x100ffed0 pc = 0x4014b49f Found by: call frame info 9 libc.so!__thread_entry [pthread.c : 217 + 0x6] r0 = 0x00000000 r1 = 0x01fb2658 r2 = 0x100ffffc r4 = 0x100fff00 r5 = 0x4014b409 r6 = 0x40403120 r7 = 0x00000078 r8 = 0x4014b409 r9 = 0x40403120 r10 = 0x00100000 fp = 0x00000001 sp = 0x100ffef0 pc = 0x400750ec Found by: call frame info 10 libc.so!pthread_create [pthread.c : 357 + 0xe] r4 = 0x100fff00 r5 = 0x01fb2658 r6 = 0xbed469b4 r7 = 0x00000078 r8 = 0x4014b409 r9 = 0x40403120 r10 = 0x00100000 fp = 0x00000001 sp = 0x100fff00 pc = 0x40074c40 Found by: call frame info
|
|
Assignee | |
Comment 28•10 years ago
|
||
Leo, can you debug more by attaching GDB?
|
|
Reporter | |
Comment 29•10 years ago
|
||
(In reply to Sotaro Ikeda [:sotaro] from comment #28) > Leo, can you debug more by attaching GDB? I'm trying....
|
|
Reporter | |
Comment 30•10 years ago
|
||
oops... I think the patch from bug 884440 is merged incorrectly. it = mVideoCodecRequestQueue.erase(it); "it =" is missing and it make the loop infinite. I am checking it again. Sorry.
|
|
Reporter | |
Comment 31•10 years ago
|
||
I'm so sorry. It's totally my mistake. This problem is duplicate of But 884440.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•