Closed
Bug 946437
Opened 11 years ago
Closed 11 years ago
[Buri] FX OS crash in mozilla::dom::network::MobileConnection::Listener::NotifyVoiceChanged()
Categories
(Core :: DOM: Device Interfaces, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox28 | --- | fixed |
People
(Reporter: marcia, Assigned: mrbkap)
References
Details
(Keywords: crash, regression, reproducible, Whiteboard: [b2g-crash])
Crash Data
Attachments
(1 file)
4.28 KB,
patch
|
hsinyi
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-cab56611-d6a6-498d-be70-21c442131204. ============================================================= STR: 1. Unsure, happened after tweaking something in settings. jsmith suggested adding vicamo to the bug. Will try to get better STR Frame Module Signature Source 0 libxul.so mozilla::dom::network::MobileConnection::Listener::NotifyVoiceChanged() dom/network/src/MobileConnection.cpp 1 libxul.so NS_InvokeByIndex xpcom/reflect/xptcall/src/md/unix/xptcinvoke_arm.cpp 2 libxul.so XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) js/xpconnect/src/XPCWrappedNative.cpp 3 libxul.so XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) js/xpconnect/src/XPCWrappedNativeJSOps.cpp 4 libxul.so js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/jscntxtinlines.h 5 libxul.so js_fun_call(JSContext*, unsigned int, JS::Value*) js/src/jsfun.cpp 6 libxul.so js_fun_apply(JSContext*, unsigned int, JS::Value*) js/src/jsfun.cpp 7 libxul.so js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/jscntxtinlines.h 8 libxul.so Interpret js/src/vm/Interpreter.cpp 9 libxul.so js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp 10 libxul.so js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 11 libxul.so js::Invoke js/src/vm/Interpreter.cpp 12 libxul.so JS_CallFunctionValue(JSContext*, JSObject*, JS::Value, unsigned int, JS::Value*, JS::Value*) js/src/jsapi.cpp 13 libxul.so nsFrameMessageManager::ReceiveMessage(nsISupports*, nsAString_internal const&, bool, mozilla::dom::StructuredCloneData const*, CpowHolder*, nsIPrincipal*, nsTArray<nsString>*) content/base/src/nsFrameMessageManager.cpp 14 libxul.so mozilla::dom::ContentChild::RecvAsyncMessage(nsString const&, mozilla::dom::ClonedMessageData const&, nsTArray<mozilla::jsipc::CpowEntry> const&, IPC::Principal const&) dom/ipc/ContentChild.cpp 15 libxul.so mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) /builds/slave/b2g_m-cen_ham_ntly-00000000000/build/objdir-gecko/ipc/ipdl/PContentChild.cpp 16 libxul.so mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) ipc/glue/MessageChannel.cpp 17 libxul.so mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message const&) ipc/glue/MessageChannel.cpp 18 libxul.so mozilla::ipc::MessageChannel::OnMaybeDequeueOne() ipc/glue/MessageChannel.cpp 19 libxul.so RunnableMethod<WebCore::ReverbConvolver, void (WebCore::ReverbConvolver::*)(), Tuple0>::Run() ipc/chromium/src/base/tuple.h 20 libxul.so mozilla::ipc::MessageChannel::DequeueTask::Run() /builds/slave/b2g_m-cen_ham_ntly-00000000000/build/objdir-gecko/ipc/glue/../../dist/include/mozilla/ipc/MessageChannel.h 21 libxul.so MessageLoop::RunTask(Task*) ipc/chromium/src/base/message_loop.cc 22 libxul.so MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) ipc/chromium/src/base/message_loop.cc 23 libxul.so MessageLoop::DoWork() ipc/chromium/src/base/message_loop.cc 24 libxul.so mozilla::ipc::DoWorkRunnable::Run() ipc/glue/MessagePump.cpp 25 libxul.so nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp 26 libxul.so NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp 27 libxul.so mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 28 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 29 libxul.so MessageLoop::RunInternal() ipc/chromium/src/base/message_loop.cc 30 libxul.so MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 31 libxul.so nsBaseAppShell::Run() widget/xpwidgets/nsBaseAppShell.cpp 32 libxul.so XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp 33 libxul.so mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 34 libxul.so MessageLoop::RunInternal() ipc/chromium/src/base/message_loop.cc 35 libxul.so MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 36 libxul.so XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp 37 plugin-container main ipc/app/MozillaRuntimeMain.cpp 38 libc.so __libc_init bionic/libc/bionic/libc_init_dynamic.c 39
Comment 1•11 years ago
|
||
Steps to repro: 1. Go through and complete FTU 2. Navigate into the Usage app 3. Complete the Usage app tutorial and tap "Let's go!" 4. Allow device to idle (~1 minute) 5. Unlock the device Actual: Device will crash Repro Rate: 3/5 60% Environmental Variables: Device: Buri v1.3 mozRIL BuildID: 20131204040204 Gaia: 45564d6318cdab2fae2de0eb801308e2bcf4e472 Gecko: 9688476c1544 Version: 28.0a1
Reporter | ||
Comment 2•11 years ago
|
||
I am able to reproduce this as well, without going through the FTU. If you just go through the Usage app setup and stay on the last page), let the screen lock engage, unlock -> crash.
Keywords: reproducible
Reporter | ||
Updated•11 years ago
|
Summary: crash in mozilla::dom::network::MobileConnection::Listener::NotifyVoiceChanged() → [Buri] FX OS crash in mozilla::dom::network::MobileConnection::Listener::NotifyVoiceChanged()
Comment 3•11 years ago
|
||
Does this reproduce on 1.2 or 1.1?
blocking-b2g: --- → 1.3?
Keywords: qawanted
Comment 5•11 years ago
|
||
Seems the root cause might be the same as https://bugzilla.mozilla.org/show_bug.cgi?id=933203#c38 ...
See Also: → 933203
Updated•11 years ago
|
QA Contact: nkhristoforov
Comment 6•11 years ago
|
||
The bug does not reproduce on the 1.2 or 1.1. I let the device go to sleep on the screen after the Usage set-up. The device did not crash after unlocking the device. Tried 5 times on both FxOS versions. Device: Leo v1.1 Moz RIL BuildID: 20131203041431 Gaia: 19c9ff3a46a4389e40253c97b359763243af4531 Gecko: 617eb9d9bcc2 Version: 18.0 Device: Buri v1.2 Moz RIL BuildID: 20131205004003 Gaia: 0659f16b9790b1cf9eba4d80743fcc774d2ffe3a Gecko: af2c7ebb5967 Version: 26.0
Keywords: qawanted
Assignee | ||
Comment 7•11 years ago
|
||
Gregor saw something like this on his phone and we debugged a little. We haven't gotten it to crash since then, but this fixes a bug where we won't call Shutdown on our MobileConnection objects if we call Unlink before we destruct the MobileConnectionArray.
Attachment #8343438 -
Flags: review?(htsai)
Assignee | ||
Updated•11 years ago
|
Assignee: nobody → mrbkap
(In reply to Blake Kaplan (:mrbkap) from comment #7) > Created attachment 8343438 [details] [diff] [review] > Possible fix > > Gregor saw something like this on his phone and we debugged a little. We > haven't gotten it to crash since then, but this fixes a bug where we won't > call Shutdown on our MobileConnection objects if we call Unlink before we > destruct the MobileConnectionArray. FWIW, it should be easy to construct a testcase that makes the MobileConnectionArray participate in a cycle to see this crash.
Comment 9•11 years ago
|
||
(In reply to Kyle Huey [:khuey] (khuey@mozilla.com) from comment #8) > (In reply to Blake Kaplan (:mrbkap) from comment #7) > > Created attachment 8343438 [details] [diff] [review] > > Possible fix > > > > Gregor saw something like this on his phone and we debugged a little. We > > haven't gotten it to crash since then, but this fixes a bug where we won't > > call Shutdown on our MobileConnection objects if we call Unlink before we > > destruct the MobileConnectionArray. > > FWIW, it should be easy to construct a testcase that makes the > MobileConnectionArray participate in a cycle to see this crash. (In reply to Blake Kaplan (:mrbkap) from comment #7) > Created attachment 8343438 [details] [diff] [review] > Possible fix > > Gregor saw something like this on his phone and we debugged a little. We > haven't gotten it to crash since then, but this fixes a bug where we won't > call Shutdown on our MobileConnection objects if we call Unlink before we > destruct the MobileConnectionArray. Thanks for the patch. Now I am sure bug 947042 is a duplicate of this. The patch looks good and the solution is exactly what bug 947042 is talking about. Bug 947042 comment 0 mentions STR, and I am trying to reproduce with the patch. Once the test passes, I am going to give r+. :)
Comment 11•11 years ago
|
||
Comment on attachment 8343438 [details] [diff] [review] Possible fix Review of attachment 8343438 [details] [diff] [review]: ----------------------------------------------------------------- I don't see crash per STR in Bug 947042 comment 0. Thanks!
Attachment #8343438 -
Flags: review?(htsai) → review+
Updated•11 years ago
|
Keywords: regression
Updated•11 years ago
|
blocking-b2g: 1.3? → 1.3+
Assignee | ||
Updated•11 years ago
|
Keywords: checkin-needed
Comment 12•11 years ago
|
||
Thanks! https://hg.mozilla.org/integration/b2g-inbound/rev/1b6e515ec0b1
Keywords: checkin-needed
Comment 13•11 years ago
|
||
Tested: 12/04 master Gecko c63c0a6 Gaia f615ae7 Steps: 1. Go through and complete FTU 2. Navigate into the Usage app 3. Complete the Usage app tutorial and tap "Let's go!" 4. Complete process Actual: user can't finish process Usage just crashed Would you like to send Mozilla a report about the crash to help us fix the problem? (Report are sent over WI-FI only.) Expected result: FTE process finished
Comment 14•11 years ago
|
||
tested 12/09 actual: user can't finish process NO see this message Usage just crashed Would you like to send Mozilla a report about the crash to help us fix the problem? (Report are sent over WI-FI only.)
Comment 15•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/1b6e515ec0b1
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
Updated•11 years ago
|
status-firefox28:
--- → fixed
Comment 16•11 years ago
|
||
Tested 1.3 12/12 Gecko c8ebb7f Gaia cbd2921 This bug still ocurre in this branch, this bug should be resolve in 1.3?
Comment 17•11 years ago
|
||
Tested 1.3 12/17 Gecko fb3888e Gaia 8d29694 Verified
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•