916951 - [B2G] [Buri] [Camera] Device crashes after taking many pictures then launching Gallery

Status: RESOLVED DUPLICATE of bug 915869

(Firefox OS Graveyard :: Gaia::Camera, defect)

Description

[Chris Kreinbring [:CKreinbring]]

Attachment: Log of crash after loading gallery with multiple pictures

Description:
After taking a large amount of pictures with the camera, the device will crash after navigating to the gallery.

Repro Steps:
1) Update Buri to Build ID: 20130916040205
2) Launch the Camera app.
3) Take a large amount of pictures, about 20 will be enough.
4) Tap the gallery button to launch the Gallery app.
5) Observe the device's behavior as the pictures are loaded.

Actual:
The device crashes after loading one or two pictures.

Expected:
All of the pictures taken are loaded with no errors.

Environmental Variables
Occurs on Buri 1.2 mozilla RIL
Build ID: 20130916040205
Gecko: http://hg.mozilla.org/mozilla-central/rev/c4bcef90cef9
Gaia: a0079597d510ce8ea0b9cbb02c506030510b9eeb
Platform Version: 26.0a1

Notes:
Repro frequency: 100%
See attached logcat logs
Crash ID: bp-71b1ade5-cad5-4886-b048-ef7002130916

Comment 1

[Mike Habicher [:mikeh] (high bugzilla latency)]

I can reproduce this with m-c:dc909122bcf5 on hamachi. Just to confirm: this isn't a Gallery crash; I see the blue Firefox OS startup screen with this issue occurs.

Comment 2

[Mike Habicher [:mikeh] (high bugzilla latency)]

The gdb bt is pretty thin:

Program received signal SIGSEGV, Segmentation fault.
0xb0005496 in unwind_phase2_forced (ucbp=0x0, entry_vrs=<value optimized out>, resuming=143360)
    at /tmp/android-build-bb7e003d31d08f72cabc269a652912b7/src/build/../gcc/gcc-4.4.3/libgcc/../gcc/config/arm/unwind-arm.c:717
717	/tmp/android-build-bb7e003d31d08f72cabc269a652912b7/src/build/../gcc/gcc-4.4.3/libgcc/../gcc/config/arm/unwind-arm.c: No such file or directory.
	in /tmp/android-build-bb7e003d31d08f72cabc269a652912b7/src/build/../gcc/gcc-4.4.3/libgcc/../gcc/config/arm/unwind-arm.c
(gdb) bt
#0  0xb0005496 in unwind_phase2_forced (ucbp=0x0, entry_vrs=<value optimized out>, resuming=143360)
    at /tmp/android-build-bb7e003d31d08f72cabc269a652912b7/src/build/../gcc/gcc-4.4.3/libgcc/../gcc/config/arm/unwind-arm.c:717
#1  0x46fd77a8 in ?? ()
#2  0x46fd77a8 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Comment 3

[Mike Habicher [:mikeh] (high bugzilla latency)]

Attachment: 'thread apply all bt' output

Not sure if this is useful, but here it is.

Comment 4

[Mike Habicher [:mikeh] (high bugzilla latency)]

Here's the output if you step through the exception handler and signal handler. At this point my knowledge is exhausted. :)

Program received signal SIGSEGV, Segmentation fault.
0xb0005496 in unwind_phase2_forced (ucbp=0x0, entry_vrs=<value optimized out>, resuming=143360)
    at /tmp/android-build-bb7e003d31d08f72cabc269a652912b7/src/build/../gcc/gcc-4.4.3/libgcc/../gcc/config/arm/unwind-arm.c:717
717	/tmp/android-build-bb7e003d31d08f72cabc269a652912b7/src/build/../gcc/gcc-4.4.3/libgcc/../gcc/config/arm/unwind-arm.c: No such file or directory.
	in /tmp/android-build-bb7e003d31d08f72cabc269a652912b7/src/build/../gcc/gcc-4.4.3/libgcc/../gcc/config/arm/unwind-arm.c
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
syscall () at bionic/libc/arch-arm/bionic/syscall.S:50
50	    ldmfd   sp!, {r4, r5, r6, r7}
(gdb) bt
#0  syscall () at bionic/libc/arch-arm/bionic/syscall.S:50
#1  0x40d47164 in tgkill (sig=11, info=0xbece4038, uc=0xbece40b8)
    at /home/mikeh/dev/mozilla/m-c/src/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.cc:105
#2  google_breakpad::ExceptionHandler::SignalHandler (sig=11, info=0xbece4038, uc=0xbece40b8)
    at /home/mikeh/dev/mozilla/m-c/src/toolkit/crashreporter/google-breakpad/src/client/linux/handler/exception_handler.cc:346
#3  0x40d2ee46 in nsProfileLock::FatalSignalHandler (signo=11, info=0xbece4038, context=0xbece40b8)
    at /home/mikeh/dev/mozilla/m-c/src/profile/dirserviceprovider/src/nsProfileLock.cpp:185
#4  0x41c34638 in AsmJSFaultHandler (signum=11, info=0xbece4038, context=0xbece40b8) at /home/mikeh/dev/mozilla/m-c/src/js/src/jit/AsmJSSignalHandlers.cpp:963
#5  0xffff0514 in ?? ()
#6  0xffff0514 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0xb00054be in unwind_phase2_forced (ucbp=0x0, entry_vrs=<value optimized out>, resuming=-3)
    at /tmp/android-build-bb7e003d31d08f72cabc269a652912b7/src/build/../gcc/gcc-4.4.3/libgcc/../gcc/config/arm/unwind-arm.c:730
730	/tmp/android-build-bb7e003d31d08f72cabc269a652912b7/src/build/../gcc/gcc-4.4.3/libgcc/../gcc/config/arm/unwind-arm.c: No such file or directory.
	in /tmp/android-build-bb7e003d31d08f72cabc269a652912b7/src/build/../gcc/gcc-4.4.3/libgcc/../gcc/config/arm/unwind-arm.c
(gdb) c
Continuing.
[New Thread 140.258]

Program received signal SIGCONT, Continued.
[Switching to Thread 140.258]
__ioctl () at bionic/libc/arch-arm/syscalls/__ioctl.S:9
9	    swi     #0
(gdb) c
Continuing.

Child terminated with signal = 0xb (SIGSEGV)

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb)

Comment 5

[Natalya Kot [:nkot]]

Regression range:
Build ID: 20130915040205 - Does NOT Reproduce
Gecko: http://hg.mozilla.org/mozilla-central/rev/9366ee039645
Gaia: 3f51f302c3a0c57d8bad482ec7ee86b2819389fb
Platform Version: 26.0a1

Build ID: 20130916040205 - Reproduces
Gecko: http://hg.mozilla.org/mozilla-central/rev/c4bcef90cef9
Gaia: a0079597d510ce8ea0b9cbb02c506030510b9eeb
Platform Version: 26.0a1

Comment 7

[Naoki Hirata :nhirata (please use needinfo instead of cc)]

To note: the crash signature needs to be placed in the crash signature field for the bugs.  This helps to figure out duplicates faster.