crash in mozilla::layers::GrallocBufferActor::ActorDestroy

RESOLVED DUPLICATE of bug 901705

Status

RESOLVED DUPLICATE of bug 901705
5 years ago
5 years ago

People

(Reporter: dougc, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

(Reporter)

Description

5 years ago
B2G, master branch, Nexus 4.  After playing a game in the web browser, closing the tab crashes b2g.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 11634.11713]
0xb577eb54 in mozilla::layers::GrallocBufferActor::ActorDestroy (this=<optimized out>) at ../../../gecko/gfx/layers/ipc/ShadowLayerUtilsGralloc.cpp:257
257	    mDeprecatedTextureHost->ForgetBuffer();
(gdb) back
#0  0xb577eb54 in mozilla::layers::GrallocBufferActor::ActorDestroy (this=<optimized out>) at ../../../gecko/gfx/layers/ipc/ShadowLayerUtilsGralloc.cpp:257
#1  0xb550b158 in mozilla::dom::bluetooth::PBluetoothRequestChild::DestroySubtree (this=0xaed8693c, why=mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::AbnormalShutdown)
    at PBluetoothRequestChild.cpp:340
#2  0xb5569e28 in mozilla::layers::PLayerTransactionParent::DestroySubtree (this=0xaf41c1f0, why=mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::AbnormalShutdown)
    at PLayerTransactionParent.cpp:873
#3  0xb555e9b0 in mozilla::layers::PCompositorParent::DestroySubtree (this=0xb2276f00, why=mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::AbnormalShutdown) at PCompositorParent.cpp:863
#4  0xb555e9de in mozilla::layers::PCompositorParent::OnChannelError (this=0xb2276f00) at PCompositorParent.cpp:726
#5  0xb5501c98 in mozilla::ipc::AsyncChannel::NotifyMaybeChannelError (this=0xb2276f0c) at ../../../gecko/ipc/glue/AsyncChannel.cpp:582
#6  0xb5502302 in mozilla::ipc::AsyncChannel::OnNotifyMaybeChannelError (this=0xb2276f0c) at ../../../gecko/ipc/glue/AsyncChannel.cpp:547
#7  0xb51d3746 in DispatchToMethod<WebCore::ReverbConvolver, void (WebCore::ReverbConvolver::*)()> (method=
    (void (WebCore::ReverbConvolver::*)(WebCore::ReverbConvolver * const)) 0xb55022a1 <mozilla::ipc::AsyncChannel::OnNotifyMaybeChannelError()>, obj=<optimized out>, arg=<optimized out>)
    at ../../../../../gecko/ipc/chromium/src/base/tuple.h:383
#8  RunnableMethod<WebCore::ReverbConvolver, void (WebCore::ReverbConvolver::*)(), Tuple0>::Run (this=<optimized out>) at ../../../../../gecko/ipc/chromium/src/base/task.h:307
#9  0xb5756fbc in MessageLoop::RunTask (this=0xb0bedde8, task=0xaed93a80) at ../../../gecko/ipc/chromium/src/base/message_loop.cc:338
#10 0xb5757646 in MessageLoop::DeferOrRunPendingTask (this=<optimized out>, pending_task=<optimized out>) at ../../../gecko/ipc/chromium/src/base/message_loop.cc:346
#11 0xb57586b0 in DoWork (this=<optimized out>) at ../../../gecko/ipc/chromium/src/base/message_loop.cc:446
#12 MessageLoop::DoWork (this=0xb0bedde8) at ../../../gecko/ipc/chromium/src/base/message_loop.cc:425
#13 0xb57587e2 in base::MessagePumpDefault::Run (this=0xb1624b60, delegate=0xb0bedde8) at ../../../gecko/ipc/chromium/src/base/message_pump_default.cc:23
#14 0xb5756f4a in MessageLoop::RunInternal (this=<optimized out>) at ../../../gecko/ipc/chromium/src/base/message_loop.cc:220
#15 0xb5756ffc in RunHandler (this=0xb0bedde8) at ../../../gecko/ipc/chromium/src/base/message_loop.cc:213
#16 MessageLoop::Run (this=0xb0bedde8) at ../../../gecko/ipc/chromium/src/base/message_loop.cc:187
#17 0xb5759916 in base::Thread::ThreadMain (this=0xb1634b50) at ../../../gecko/ipc/chromium/src/base/thread.cc:160
#18 0xb575a240 in ThreadFunc (closure=<optimized out>) at ../../../gecko/ipc/chromium/src/base/platform_thread_posix.cc:39
#19 0xb6eaba5c in __thread_entry (func=0xb575a239 <ThreadFunc(void*)>, arg=0xb1634b50, tls=0xb0bedf00) at bionic/libc/bionic/pthread_create.cpp:92
#20 0xb6eabbd8 in pthread_create (thread_out=0xb1634b58, attr=<optimized out>, start_routine=0x78, arg=0xb1634b50) at bionic/libc/bionic/pthread_create.cpp:201
#21 0x00000000 in ?? ()
(gdb) 
(gdb) list
252	
253	// used only for hacky fix in gecko 23 for bug 862324
254	void GrallocBufferActor::ActorDestroy(ActorDestroyReason)
255	{
256	  if (mDeprecatedTextureHost) {
257	    mDeprecatedTextureHost->ForgetBuffer();
258	  }
259	}
260	
261	// used only for hacky fix in gecko 23 for bug 862324
(gdb) info registers 
r0             0xaf0ad6d0	-1358244144
r1             0x4	4
r2             0x0	0
r3             0x680063	6815843
r4             0xaed8693c	-1361548996
r5             0x4	4
r6             0x1	1
r7             0x4	4
r8             0x4	4
r9             0xb6404808	-1237301240
r10            0xb0bedf00	-1329668352
r11            0x19aa590	26912144
r12            0x1	1
sp             0xb0bedca0	0xb0bedca0
lr             0xb550b159	-1253002919
pc             0xb577eb54	0xb577eb54 <mozilla::layers::GrallocBufferActor::ActorDestroy(mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::ActorDestroyReason)+8>
cpsr           0x200e0030	537788464

Dump of assembler code for function mozilla::layers::GrallocBufferActor::ActorDestroy(mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::ActorDestroyReason):
   0xb577eb4c <+0>:	push	{r3, lr}
   0xb577eb4e <+2>:	ldr	r0, [r0, #64]	; 0x40
   0xb577eb50 <+4>:	cbz	r0, 0xb577eb58 <mozilla::layers::GrallocBufferActor::ActorDestroy(mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::ActorDestroyReason)+12>
   0xb577eb52 <+6>:	ldr	r3, [r0, #0]
=> 0xb577eb54 <+8>:	ldr	r3, [r3, #84]	; 0x54
   0xb577eb56 <+10>:	blx	r3
   0xb577eb58 <+12>:	pop	{r3, pc}

Updated

5 years ago
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 901705
You need to log in before you can comment on or make changes to this bug.