901559 - [Contacts] [Gallery] Segfault when picking a picture for MMS or Contacts

Status: VERIFIED FIXED

(Core :: Graphics: Layers, defect)

Description

[isabelrios]

Attachment: AddingPicture.txt

Unagi device master branch 08/05 build:
Gecko-471aca0
Gaia-deab57d
Ref RIL

STR
1. Create a new contact
2. Add a picture from Gallery
3. Tap on 'Done'

EXPECTED
The contact is correctly added

ACTUAL 
The device reboots and the contact is not added

Adb logcat attached

Comment 1

[:gerard-majax]

That smells like bug 903944

Comment 2

[:gerard-majax]

Crash report for this one is at https://crash-stats.mozilla.com/report/index/62de8f1b-b387-4f2f-aeb5-65e382130821

Comment 3

[:gerard-majax]

Nevermind comment #1, I meant bug 901705

Comment 4

[:gerard-majax]

This is a crash reproduced with bug 901705: https://crash-stats.mozilla.com/report/index/5090bc5b-b094-4da5-9593-c33a12130821
And this one if from the current bug: https://crash-stats.mozilla.com/report/index/0b6664bb-ebd9-4804-9fff-68c6a2130821

Comment 5

[:gerard-majax]

Looks like they are not similar.

Comment 6

[:gerard-majax]

Stacktrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1434.1461]
jemalloc_crash () at /media/alex/FirefoxOS/Inari/B2G/gecko/memory/mozjemalloc/jemalloc.c:1572
1572		MOZ_CRASH();
(gdb) bt
#0  jemalloc_crash () at /media/alex/FirefoxOS/Inari/B2G/gecko/memory/mozjemalloc/jemalloc.c:1572
#1  0x400b3424 in arena_run_reg_dalloc (ptr=<value optimized out>, offset=<value optimized out>) at /media/alex/FirefoxOS/Inari/B2G/gecko/memory/mozjemalloc/jemalloc.c:3314
#2  arena_dalloc_small (ptr=<value optimized out>, offset=<value optimized out>) at /media/alex/FirefoxOS/Inari/B2G/gecko/memory/mozjemalloc/jemalloc.c:4518
#3  arena_dalloc (ptr=<value optimized out>, offset=<value optimized out>) at /media/alex/FirefoxOS/Inari/B2G/gecko/memory/mozjemalloc/jemalloc.c:4646
#4  0x400b435c in free (ptr=0x0) at /media/alex/FirefoxOS/Inari/B2G/gecko/memory/mozjemalloc/jemalloc.c:6556
#5  0x41e687f2 in moz_free (ptr=0x0) at /media/alex/FirefoxOS/Inari/B2G/gecko/memory/mozalloc/mozalloc.cpp:48
#6  0x410195ca in operator delete (this=0x46006040, __in_chrg=<value optimized out>) at ../../dist/include/mozilla/mozalloc.h:225
#7  ~Task (this=0x46006040, __in_chrg=<value optimized out>) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/task.h:21
#8  0x4182b5e0 in mozilla::layers::GrallocBufferActor::ActorDestroy (this=<value optimized out>) at /media/alex/FirefoxOS/Inari/B2G/gecko/gfx/layers/ipc/ShadowLayerUtilsGralloc.cpp:257
#9  0x4156eeac in mozilla::dom::bluetooth::PBluetoothRequestChild::DestroySubtree (this=0x47552c0c, why=mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::AbnormalShutdown)
    at /media/alex/FirefoxOS/Inari/B2G/objdir-gecko/ipc/ipdl/PBluetoothRequestChild.cpp:340
#10 0x415e1574 in mozilla::layers::PLayerTransactionParent::DestroySubtree (this=0x473f0240, why=mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::AbnormalShutdown)
    at /media/alex/FirefoxOS/Inari/B2G/objdir-gecko/ipc/ipdl/PLayerTransactionParent.cpp:873
#11 0x415d4866 in mozilla::layers::PCompositorParent::DestroySubtree (this=0x48204b80, why=mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::AbnormalShutdown)
    at /media/alex/FirefoxOS/Inari/B2G/objdir-gecko/ipc/ipdl/PCompositorParent.cpp:863
#12 0x415d4892 in mozilla::layers::PCompositorParent::OnChannelError (this=0x48204b80) at /media/alex/FirefoxOS/Inari/B2G/objdir-gecko/ipc/ipdl/PCompositorParent.cpp:726
#13 0x415600ae in mozilla::ipc::AsyncChannel::NotifyMaybeChannelError (this=0x48204b8c) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/glue/AsyncChannel.cpp:582
#14 0x41560366 in mozilla::ipc::AsyncChannel::OnNotifyMaybeChannelError (this=0x48204b8c) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/glue/AsyncChannel.cpp:547
#15 0x411db8da in DispatchToMethod<WebCore::ReverbConvolver, void (WebCore::ReverbConvolver::*)()> (this=<value optimized out>) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/tuple.h:383
#16 RunnableMethod<WebCore::ReverbConvolver, void (WebCore::ReverbConvolver::*)(), Tuple0>::Run (this=<value optimized out>) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/task.h:307
#17 0x417fe898 in MessageLoop::RunTask (this=0x459ffdec, task=0x0) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/message_loop.cc:338
#18 0x417ff606 in MessageLoop::DeferOrRunPendingTask (this=0x48204b8c, pending_task=<value optimized out>) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/message_loop.cc:346
#19 0x418001c4 in MessageLoop::DoWork (this=0x459ffdec) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/message_loop.cc:446
#20 0x41800460 in base::MessagePumpDefault::Run (this=0x44d82940, delegate=0x459ffdec) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/message_pump_default.cc:23
#21 0x417fe85c in MessageLoop::RunInternal (this=0x0) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/message_loop.cc:220
#22 0x417fe8da in MessageLoop::RunHandler (this=0x459ffdec) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/message_loop.cc:213
#23 MessageLoop::Run (this=0x459ffdec) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/message_loop.cc:187
#24 0x41801432 in base::Thread::ThreadMain (this=0x44dbed90) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/thread.cc:160
#25 0x41802024 in ThreadFunc (closure=0x1) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/platform_thread_posix.cc:39
#26 0x400f3e18 in __thread_entry (func=0x4180201d <ThreadFunc>, arg=0x44dbed90, tls=<value optimized out>) at bionic/libc/bionic/pthread.c:217
#27 0x400f396c in pthread_create (thread_out=<value optimized out>, attr=0xbe83f3a8, start_routine=0x4180201d <ThreadFunc>, arg=0x44dbed90) at bionic/libc/bionic/pthread.c:357
#28 0x00000000 in ?? ()

Comment 7

[:gerard-majax]

Trace for bug 901705:
(gdb) bt
warning: (Internal error: pc 0x0 in read in psymtab, but not in symtab.)

warning: (Internal error: pc 0x0 in read in psymtab, but not in symtab.)

#0  ?? (warning: (Internal error: pc 0x0 in read in psymtab, but not in symtab.)

) at bionic/linker/linker.c:2072
#1  0x416285e0 in mozilla::layers::GrallocBufferActor::ActorDestroy (this=<value optimized out>) at /media/alex/FirefoxOS/Inari/B2G/gecko/gfx/layers/ipc/ShadowLayerUtilsGralloc.cpp:257
#2  0x4136beac in mozilla::dom::bluetooth::PBluetoothRequestChild::DestroySubtree (this=0x435e393c, why=mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::AbnormalShutdown)
    at /media/alex/FirefoxOS/Inari/B2G/objdir-gecko/ipc/ipdl/PBluetoothRequestChild.cpp:340
#3  0x413de574 in mozilla::layers::PLayerTransactionParent::DestroySubtree (this=0x435e31f0, why=mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::AbnormalShutdown)
    at /media/alex/FirefoxOS/Inari/B2G/objdir-gecko/ipc/ipdl/PLayerTransactionParent.cpp:873
#4  0x413d1866 in mozilla::layers::PCompositorParent::DestroySubtree (this=0x40344900, why=mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::AbnormalShutdown)
    at /media/alex/FirefoxOS/Inari/B2G/objdir-gecko/ipc/ipdl/PCompositorParent.cpp:863
#5  0x413d1892 in mozilla::layers::PCompositorParent::OnChannelError (this=0x40344900) at /media/alex/FirefoxOS/Inari/B2G/objdir-gecko/ipc/ipdl/PCompositorParent.cpp:726
#6  0x4135d0ae in mozilla::ipc::AsyncChannel::NotifyMaybeChannelError (this=0x4034490c) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/glue/AsyncChannel.cpp:582
#7  0x4135d366 in mozilla::ipc::AsyncChannel::OnNotifyMaybeChannelError (this=0x4034490c) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/glue/AsyncChannel.cpp:547
#8  0x40fd88da in DispatchToMethod<WebCore::ReverbConvolver, void (WebCore::ReverbConvolver::*)()> (this=<value optimized out>) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/tuple.h:383
#9  RunnableMethod<WebCore::ReverbConvolver, void (WebCore::ReverbConvolver::*)(), Tuple0>::Run (this=<value optimized out>) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/task.h:307
#10 0x415fb898 in MessageLoop::RunTask (this=0x45affdec, task=0x0) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/message_loop.cc:338
#11 0x415fc606 in MessageLoop::DeferOrRunPendingTask (this=0x4034490c, pending_task=<value optimized out>) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/message_loop.cc:346
#12 0x415fd1c4 in MessageLoop::DoWork (this=0x45affdec) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/message_loop.cc:446
#13 0x415fd460 in base::MessagePumpDefault::Run (this=0x4524d980, delegate=0x45affdec) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/message_pump_default.cc:23
#14 0x415fb85c in MessageLoop::RunInternal (this=0x0) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/message_loop.cc:220
#15 0x415fb8da in MessageLoop::RunHandler (this=0x45affdec) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/message_loop.cc:213
#16 MessageLoop::Run (this=0x45affdec) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/message_loop.cc:187
#17 0x415fe432 in base::Thread::ThreadMain (this=0x45248d90) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/thread.cc:160
#18 0x415ff024 in ThreadFunc (closure=0x1) at /media/alex/FirefoxOS/Inari/B2G/gecko/ipc/chromium/src/base/platform_thread_posix.cc:39
#19 0x400fee18 in __thread_entry (func=0x415ff01d <ThreadFunc>, arg=0x45248d90, tls=<value optimized out>) at bionic/libc/bionic/pthread.c:217
#20 0x400fe96c in pthread_create (thread_out=<value optimized out>, attr=0xbe9063a8, start_routine=0x415ff01d <ThreadFunc>, arg=0x45248d90) at bionic/libc/bionic/pthread.c:357
#21 0x00000000 in ?? ()
warning: (Internal error: pc 0x0 in read in psymtab, but not in symtab.)

Comment 8

[:gerard-majax]

As far as I can compare both stacktrace, the bug seems to be the same. Much more detailed informations can be found in bug 901705.

Comment 10

[Milan Sreckovic [:milan] (needinfo for best results)]

Nical, let us know if this should block bug 907745

Comment 11

[Gregor Wagner [:gwagner]]

This blocks all contacts and sms app testing with pictures.

Comment 12

[Nicolas Silva [:nical]]

(In reply to Milan Sreckovic [:milan] from comment #10)
> Nical, let us know if this should block bug 907745

I don't think it blocks bug 907745.

Comment 13

[Alex Keybl [:akeybl]]

Milan, can you help identify the regressing bug to back out asap? This is a smoketest blocker, and needs to be treated with urgency to unblock QA.

Comment 14

[Milan Sreckovic [:milan] (needinfo for best results)]

This sounded like Unagi only problem - is that the case?  If so, there is really no hope for Unagi and master. If it is a problem on other platforms, then it likely needs bug 907745 to land.

Comment 15

[:gerard-majax]

(In reply to Milan Sreckovic [:milan] from comment #14)
> This sounded like Unagi only problem - is that the case?  If so, there is
> really no hope for Unagi and master. If it is a problem on other platforms,
> then it likely needs bug 907745 to land.

I'm reproducing this on other devices than Unagi, at least Inari :(

Comment 16

[Milan Sreckovic [:milan] (needinfo for best results)]

Got it - we're on it.  BenWa, can you take a look?

Comment 17

[Benoit Girard (:BenWa)]

On it. Will try with the hamachi.

Comment 18

[Benoit Girard (:BenWa)]

I'm marking this as depends on bug 902927 but I think it's effectively a dupe.

Comment 20

[Nick Davidson]

Attachment: AddPicToContact-log.txt

Issue repro a bit different in the last 2 days instead of crash and reboot after user trying to add picture from gallery to contact user just returned back to "edit contact" screen.
Here is errors from a log:

09-04 09:43:31.989: E/QCALOG(190): [MessageQ] ProcessNewMessage: [XT-CS] unknown deliver target [OS-Agent]
09-04 09:43:32.030: E/QCALOG(190): [MessageQ] ProcessNewMessage: [XTWiFi-PE] unknown deliver target [OS-Agent]
09-04 09:43:33.149: E/memalloc(1209): /dev/pmem: No more pmem available
09-04 09:43:33.149: E/msm7627a.gralloc(1209): gralloc failed err=Out of memory
See complete log attached.

Environmental Variables
Build ID: 20130904040205
Gecko: http://hg.mozilla.org/mozilla-central/rev/7ff96bd19c1c
Gaia: b6c5bf1d24230bfed4a8f680e625fa2175001f82
Platform Version: 26.0a1
RIL Version: 01.01.00.019.206

Comment 21

[Natalya Kot [:nkot]]

regression range:

Build ID: 20130803070217 - Does NOT Reproduce
Gecko: http://hg.mozilla.org/mozilla-central/rev/0a63cd911b4f
Gaia: 33984fd5596c7bd329819700b01294896e30ccfb
Platform Version: 25.0a1

Build ID: 20130805070203 - Reproduces
Gecko: http://hg.mozilla.org/mozilla-central/rev/ad0ae007aa9e
Gaia: 0ca0dba246d1372eb815772c8108395ab0abd0a4
Platform Version: 25.0a1

*on 8/03 build the user still unable to add picture to a contact but it doesn't get to a point when it's crashing, the picture does not show up in crop window

Comment 22

[Benoit Girard (:BenWa)]

This works fine without HWComposer and new layers.

Comment 25

[Andreas Gal :gal]

What's the status here?

Comment 26

[Nicolas Silva [:nical]]

(In reply to Andreas Gal :gal from comment #25)
> What's the status here?

It is probable that the patch in bug 912725 will fix this bug too.

Comment 27

[Nicolas Silva [:nical]]

I just tested with benoit's patch from bug 912725 and I confirm that it fixes this bug.

Comment 28

[Nicolas Silva [:nical]]

(In reply to Nicolas Silva [:nical] from comment #27)
> I just tested with benoit's patch from bug 912725 and I confirm that it
> fixes this bug.

On unagi

Comment 30

[Jason Smith [:jsmith]]

Should be fixed now with the dependent bugs landed. Can someone confirm on central build?

Comment 31

[Natalya Kot [:nkot]]

have tested on two Buri devices updated to 9/12 m-r build - the crash is no longer reproducible,
tried STR from this bug and from the dup (bug 915293)

Build ID: 20130912040201
Gecko: http://hg.mozilla.org/mozilla-central/rev/a98569f21abe
Gaia: 9ffd2899eb91388f7fc1ce6f7a895a6f5f922c05
Platform Version: 26.0a1

Comment 32

[Chris Kreinbring [:CKreinbring]]

Bug 915293 not repro to the full extent on Buri 1.2 mozilla RIL.  The device no longer crashes after using an editing tool, but the Done icon will sometimes not respond after using the editing tools.

Build ID: 20130912040201
Gecko: http://hg.mozilla.org/mozilla-central/rev/a98569f21abe
Gaia: 9ffd2899eb91388f7fc1ce6f7a895a6f5f922c05
Platform Version: 26.0a1

Comment 33

[Jason Smith [:jsmith]]

Sounds good - looks like we can close this out. I would suggest filing a separate bug for the done icon issue you saw.

Comment 34

[Milan Sreckovic [:milan] (needinfo for best results)]

We should not try and verify this until after bug 916112 is verified because the preference change completely removed some code paths from active use.

Comment 35

[Natalya Kot [:nkot]]

So now when the bug 916112 has been resolved this can be Verified fixed 

- the issue does not reproduce, the user now is able to add a gallery picture to a contact as well as for MMS without issues 

Verified on 9/16 m-r(firefox26) and on recent 9/23 m-r build

Build ID: 20130916040205
Gecko: http://hg.mozilla.org/mozilla-central/rev/c4bcef90cef9
Gaia: a0079597d510ce8ea0b9cbb02c506030510b9eeb
Platform Version: 26.0a1

Build ID: 20130923040214
Gecko: http://hg.mozilla.org/mozilla-central/rev/f97307cb4c95
Gaia: 3408cc3f6b190c8cd31832fbb8cd2ae571041f29
Platform Version: 27.0a1