crash in mozilla::system::SetStatusRunnable::Run()

VERIFIED FIXED in Firefox 28, Firefox OS v1.2

Status

Firefox OS
GonkIntegration
--
critical
VERIFIED FIXED
5 years ago
5 years ago

People

(Reporter: nhirata, Assigned: dhylands)

Tracking

({crash, regression, topcrash-b2g})

unspecified
1.3 Sprint 4 - 11/8
All
Android
crash, regression, topcrash-b2g

Firefox Tracking Flags

(blocking-b2g:koi+, firefox26 wontfix, firefox27 wontfix, firefox28 fixed, b2g-v1.2 fixed)

Details

(Whiteboard: [b2g-crash], crash signature)

Attachments

(1 attachment)

This bug was filed from the Socorro interface and is 
report bp-018b7ac8-d770-457d-ba73-09c042131021.
=============================================================
Crashing Thread
Frame 	Module 	Signature 	Source
0 	libxul.so 	mozilla::system::SetStatusRunnable::Run() 	dom/system/gonk/AutoMounterSetting.cpp
1 	libxul.so 	nsThread::ProcessNextEvent(bool, bool*) 	xpcom/threads/nsThread.cpp
2 	libxul.so 	NS_ProcessNextEvent(nsIThread*, bool) 	xpcom/glue/nsThreadUtils.cpp
3 	libxul.so 	nsThread::Shutdown() 	xpcom/threads/nsThread.cpp
4 	libxul.so 	mozilla::LazyIdleThread::ShutdownThread() 	xpcom/threads/LazyIdleThread.cpp
5 	libxul.so 	mozilla::LazyIdleThread::Shutdown() 	xpcom/threads/LazyIdleThread.cpp
6 	libxul.so 	mozilla::dom::quota::QuotaManager::Observe(nsISupports*, char const*, unsigned short const*) 	dom/quota/QuotaManager.cpp
7 	libxul.so 	nsObserverList::NotifyObservers(nsISupports*, char const*, unsigned short const*) 	xpcom/ds/nsObserverList.cpp
8 	libxul.so 	nsObserverService::NotifyObservers(nsISupports*, char const*, unsigned short const*) 	xpcom/ds/nsObserverService.cpp
9 	libxul.so 	mozilla::dom::power::PowerManagerService::SyncProfile() 	dom/power/PowerManagerService.cpp
10 	libxul.so 	mozilla::dom::power::PowerManagerService::PowerOff() 	dom/power/PowerManagerService.cpp
11 	libxul.so 	mozilla::dom::PowerManager::PowerOff(mozilla::ErrorResult&) 	dom/power/PowerManager.cpp
12 	libxul.so 	mozilla::dom::MozPowerManagerBinding::powerOff 	/builds/slave/b2g_m-aurora_hamachi_ntly-0000/build/objdir-gecko/dom/bindings/MozPowerManagerBinding.cpp
13 	libxul.so 	mozilla::dom::MozPowerManagerBinding::genericMethod 	/builds/slave/b2g_m-aurora_hamachi_ntly-0000/build/objdir-gecko/dom/bindings/MozPowerManagerBinding.cpp
14 	libxul.so 	js::Invoke 	js/src/jscntxtinlines.h
15 	libxul.so 	Interpret 	js/src/vm/Interpreter.cpp
16 	libxul.so 	js::Invoke 	js/src/vm/Interpreter.cpp
17 	libxul.so 	JS_CallFunctionValue(JSContext*, JSObject*, JS::Value, unsigned int, JS::Value*, JS::Value*) 	js/src/jsapi.cpp
18 	libxul.so 	nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS*, unsigned short, XPTMethodDescriptor const*, nsXPTCMiniVariant*) 	js/xpconnect/src/XPCWrappedJSClass.cpp
19 	libxul.so 	nsXPCWrappedJS::CallMethod(unsigned short, XPTMethodDescriptor const*, nsXPTCMiniVariant*) 	js/xpconnect/src/XPCWrappedJS.cpp
20 	libxul.so 	PrepareAndDispatch 	xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp
21 	libxul.so 	libxul.so@0xceea57 	
22 	libxul.so 	nsEventListenerManager::HandleEventSubType(nsListenerStruct*, mozilla::dom::CallbackObjectHolder<mozilla::dom::EventListener, nsIDOMEventListener> const&, nsIDOMEvent*, mozilla::dom::EventTarget*, nsCxPusher*) 	content/events/src/nsEventListenerManager.cpp
23 	libxul.so 	nsEventListenerManager::HandleEventInternal(nsPresContext*, nsEvent*, nsIDOMEvent**, mozilla::dom::EventTarget*, nsEventStatus*, nsCxPusher*) 	content/events/src/nsEventListenerManager.cpp
24 	libxul.so 	nsEventTargetChainItem::HandleEvent(nsEventChainPostVisitor&, ELMCreationDetector&, nsCxPusher*) 	content/events/src/nsEventListenerManager.h
25 	libxul.so 	nsEventTargetChainItem::HandleEventTargetChain(nsTArray<nsEventTargetChainItem>&, nsEventChainPostVisitor&, nsDispatchingCallback*, ELMCreationDetector&, nsCxPusher*) 	content/events/src/nsEventDispatcher.cpp
26 	libxul.so 	nsEventDispatcher::Dispatch(nsISupports*, nsPresContext*, nsEvent*, nsIDOMEvent*, nsEventStatus*, nsDispatchingCallback*, nsCOMArray<mozilla::dom::EventTarget>*) 	content/events/src/nsEventDispatcher.cpp
27 	libxul.so 	nsAnimationManager::DoDispatchEvents() 	layout/style/nsAnimationManager.cpp
28 	libxul.so 	nsAnimationManager::FlushAnimations(mozilla::css::CommonAnimationManager::FlushFlags) 	layout/style/nsAnimationManager.h
29 	libxul.so 	nsAnimationManager::WillRefresh(mozilla::TimeStamp) 	layout/style/nsAnimationManager.cpp
30 	libxul.so 	nsRefreshDriver::Tick(long long, mozilla::TimeStamp) 	layout/base/nsRefreshDriver.cpp
31 	libxul.so 	mozilla::RefreshDriverTimer::TimerTick(nsITimer*, void*) 	layout/base/nsRefreshDriver.cpp
32 	libxul.so 	nsTimerImpl::Fire() 	xpcom/threads/nsTimerImpl.cpp
33 	libxul.so 	nsTimerEvent::Run() 	xpcom/threads/nsTimerImpl.cpp
34 	libxul.so 	nsThread::ProcessNextEvent(bool, bool*) 	xpcom/threads/nsThread.cpp
35 	libxul.so 	NS_ProcessNextEvent(nsIThread*, bool) 	xpcom/glue/nsThreadUtils.cpp
36 	libxul.so 	mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) 	ipc/glue/MessagePump.cpp
37 	libxul.so 	MessageLoop::RunInternal() 	ipc/chromium/src/base/message_loop.cc
38 	libxul.so 	MessageLoop::Run() 	ipc/chromium/src/base/message_loop.cc
39 	libxul.so 	nsBaseAppShell::Run() 	widget/xpwidgets/nsBaseAppShell.cpp
40 	libxul.so 	nsAppStartup::Run() 	toolkit/components/startup/nsAppStartup.cpp
41 	libxul.so 	XREMain::XRE_mainRun() 	toolkit/xre/nsAppRunner.cpp
42 	libxul.so 	XREMain::XRE_main(int, char**, nsXREAppData const*) 	toolkit/xre/nsAppRunner.cpp
43 	libxul.so 	XRE_main 	toolkit/xre/nsAppRunner.cpp
44 	b2g 	main 	b2g/app/nsBrowserApp.cpp
45 	libc.so 	__libc_init 	bionic/libc/bionic/libc_init_dynamic.c
46 		@0xb00045a9

More Crashes : 
https://crash-stats.mozilla.com/report/list?product=B2G&signature=mozilla%3A%3Asystem%3A%3ASetStatusRunnable%3A%3ARun%28%29
See Bug 928976 as I am getting this stack with the Marketplace crash in that bug.

Comment 2

5 years ago
Having the same crash when restarting device, 100% reproducible 

Device: Buri 1.2 Aurora COM RIL
BuildID: 20131021004006
Gaia: 1fd315337d8ae891c3024e4c682c4c50797ea40e
Gecko: d585fe28cd55
Version: 26.0a2
Firmware Version:  US_20130930
We should confirm if this is a dupe of bug 928976 or not.
Whiteboard: [Dupe of bug 928976?]
This crash still occurs on the 10/25 build bug 928976 was fixed the day before according to jsmith in comment 10
Whiteboard: [Dupe of bug 928976?] → [b2g-crash]
Keywords: topcrash-b2g

Comment 5

5 years ago
http://hg.mozilla.org/releases/mozilla-aurora/annotate/d585fe28cd55/dom/system/gonk/AutoMounterSetting.cpp#l194

This is using the settings lock without actually checking that it was created successfully. createLock is implemented in JS and it looks as if there are lots of ways that it could fail, so this should error-check at least.

Also note that in this crash report at least, there is a nested event loop via mozilla::LazyIdleThread::ShutdownThread() so it's possible that the nested loop is causing the settings service to fail in ways that it otherwise wouldn't.

Assigning to dhylands and marking as a regression from bug 927961 per hg blame.
Assignee: nobody → dhylands
Blocks: 927961
Sounds like this is a top crash b2g regression with a known bug that caused this that's a koi+. Noming to block.
blocking-b2g: --- → koi?
Keywords: regression
Is this reproducible on all devices? Just want to make sure its not a corner case.
Flags: needinfo?(jsmith)
(In reply to Preeti Raghunath(:Preeti) from comment #7)
> Is this reproducible on all devices? Just want to make sure its not a corner
> case.

Crash stats shows this present on the following devices:

* Buri
* Leo
* Unagi
* Peak
* Keon
Flags: needinfo?(jsmith)
blocking as it crashes all devices in 1.2.
blocking-b2g: koi? → koi+
(Assignee)

Comment 10

5 years ago
Created attachment 828871 [details] [diff] [review]
Check that lock is non-null before using.
(Assignee)

Comment 11

5 years ago
Comment on attachment 828871 [details] [diff] [review]
Check that lock is non-null before using.

Review of attachment 828871 [details] [diff] [review]:
-----------------------------------------------------------------

I haven't been able to reproduce this, but this fix should address the problem being reported.
Attachment #828871 - Flags: review?(kyle)
fixed on mozilla-central https://hg.mozilla.org/mozilla-central/rev/23cbec7af1fa seems the commit message had the wrong bug number (949004) in it :)
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
https://hg.mozilla.org/releases/mozilla-b2g26_v1_2/rev/01c830e90241
status-b2g-v1.2: --- → fixed
status-firefox26: --- → wontfix
status-firefox27: --- → wontfix
status-firefox28: --- → fixed
Target Milestone: --- → 1.3 Sprint 4 - 11/8
You need to log in before you can comment on or make changes to this bug.