Crash in mozilla::MediaStreamGraphImpl::RunThread() while receiving calls and sms

RESOLVED FIXED in Firefox 28, Firefox OS v1.3

Status

()

Core
Audio/Video
--
critical
RESOLVED FIXED
5 years ago
4 years ago

People

(Reporter: Greg Grisco, Assigned: padenot)

Tracking

unspecified
mozilla29
ARM
Gonk (Firefox OS)
Points:
---
Bug Flags:
in-moztrap -

Firefox Tracking Flags

(blocking-b2g:1.3+, firefox27 wontfix, firefox28 fixed, firefox29 fixed, b2g-v1.3 fixed, b2g-v1.3T fixed, b2g-v1.4 fixed)

Details

(Whiteboard: [caf priority: p2][CR 585492], crash signature)

Attachments

(5 attachments)

(Reporter)

Description

5 years ago
Test Steps:
1. Enable auto answer.
2. Receive MT call and MT SMS continuously.
3. Run adb reboot script.

Signatures:
    51: [@ pthread_kill | ... | mozilla::MediaStreamGraphImpl::RunThread() | mozilla::::MediaStreamGraphInitThreadRunnable::Run ]
(Reporter)

Updated

5 years ago
blocking-b2g: --- → 1.3?
(Reporter)

Comment 1

5 years ago
Created attachment 8343985 [details]
decoded minidump of crash
(Reporter)

Comment 2

5 years ago
Created attachment 8343989 [details]
EXTRA file attachment

Updated

5 years ago
Component: General → Video/Audio
Product: Firefox OS → Core
Blocks: 942267
blocking-b2g: 1.3? → 1.3+
(Reporter)

Updated

5 years ago
Crash Signature: [@ mozilla::MediaStreamGraphImpl::RunThread() | mozilla::::MediaStreamGraphInitThreadRunnable::Run | nsThread::ProcessNextEvent(bool, bool*) | NS_ProcessNextEvent(nsIThread*, bool) ]
Hi Robert,

Can you help us with this crash or do you know someone else who might?
Flags: needinfo?(roc)
(Assignee)

Comment 4

5 years ago
This is probably because we are shutting down and trying to get the ideal sample rate at the same time, the call in cubeb_opensl.c fails, we get zero somehow, maybe without returning an error, maybe because AudioFlinger is dead because we are rebooting, and poof, SIGFPE, because we divide by zero at [1]. Then, the usual bionic stuff with pthread_kill.

This is just pure speculation, though.

[1]: http://mxr.mozilla.org/mozilla-central/source/content/media/MediaStreamGraph.cpp#1073
(In reply to Paul Adenot (:padenot) from comment #4)
> This is probably because we are shutting down and trying to get the ideal
> sample rate at the same time, the call in cubeb_opensl.c fails, we get zero
> somehow, maybe without returning an error, maybe because AudioFlinger is
> dead because we are rebooting, and poof, SIGFPE, because we divide by zero
> at [1]. Then, the usual bionic stuff with pthread_kill.
> 
> This is just pure speculation, though.

Paul, can you throw together a wallpaper fix so we can try it?
Flags: needinfo?(roc)
(Assignee)

Comment 6

5 years ago
Yes, I'll see what I can do here.
Assignee: nobody → paul
(Assignee)

Comment 7

5 years ago
Created attachment 8346656 [details] [diff] [review]
Be more robust when getting the preferred sample rate when using the OpenSL backend. r=

Okay, so, I check Android's code, and there is a couple way we can get a rate of
0 without having an error code:

- On recent Android, if we can't get the thread, 0 is returned. There is no
error code. [1]. I'd expect this to happen when we are shutting down.
- On older Android, say we are shutting down, we can't get an outputDesc, so we
go here [2], and then here [3]. We can't get the thread, so we return 0, without
errors, and we return the value we just got to cubeb, still without errors.

THis patch just carches the zero, and returns an error to the caller
(AudioStream::InitPreferredSampleRate). Then we fallback to something
reasonnable and we don't get the SIGFPE.

[1]: http://androidxref.com/4.4_r1/xref/frameworks/av/media/libmedia/AudioSystem.cpp#772
[2]: http://androidxref.com/4.0.4/xref/frameworks/base/media/libmedia/AudioSystem.cpp#227
[3]: http://androidxref.com/4.0.4/xref/frameworks/base/services/audioflinger/AudioFlinger.cpp#482
Attachment #8346656 - Flags: review?(kinetik)
Comment on attachment 8346656 [details] [diff] [review]
Be more robust when getting the preferred sample rate when using the OpenSL backend. r=

Review of attachment 8346656 [details] [diff] [review]:
-----------------------------------------------------------------

::: media/libcubeb/src/cubeb_opensl.c
@@ +278,5 @@
> +  /* Depending on which method we called above, we can get a zero back, yet have
> +   * a non-error return value, especially if the audio system is not
> +   * ready/shutting down (i.e. when we can't get our hand on the AudioFlinger
> +   * thread). */
> +  if (!rate) {

Make this rate == 0
Attachment #8346656 - Flags: review?(kinetik) → review+
https://hg.mozilla.org/mozilla-central/rev/9fff05a1c0f3
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla29
https://hg.mozilla.org/releases/mozilla-aurora/rev/1421a38232f6
status-b2g-v1.3: --- → fixed
status-firefox27: --- → wontfix
status-firefox28: --- → fixed
status-firefox29: --- → fixed
(Reporter)

Comment 12

4 years ago
Created attachment 8386195 [details]
decoded minidump of crash (for reopen)
(Reporter)

Comment 13

4 years ago
We saw this crash again (attached stack trace).

Test steps:
1. Run a script with Call, SMS, camcorder, Music , Video and camera test cases.
2. After Day and night run, mini dumps are generated in the phone..
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Reporter)

Updated

4 years ago
Whiteboard: [CR 585492] → [CR 626053] [CR 585492]
(Reporter)

Comment 14

4 years ago
Created attachment 8386199 [details]
EXTRA file attachment (for reopen)
(Assignee)

Comment 15

4 years ago
I'm confused, we still die because of a SIGFPE, but I can't find a path in which we would get a sample rate of zero without bailing out with something != CUBEB_OK, hence not reaching the division.

Greg, which Gecko revision are you using?
Flags: needinfo?(ggrisco)
Please open a new bug for the crash seen here - this is already landed bug, so followups should be filed at this point.
Status: REOPENED → RESOLVED
Last Resolved: 5 years ago4 years ago
Resolution: --- → FIXED
(Reporter)

Updated

4 years ago
Flags: needinfo?(ggrisco)
Whiteboard: [CR 626053] [CR 585492] → [CR 585492]
status-b2g-v1.3T: --- → fixed
status-b2g-v1.4: --- → fixed

Updated

4 years ago
Flags: in-moztrap?

Updated

4 years ago
Flags: in-moztrap? → in-moztrap-

Updated

4 years ago
Whiteboard: [CR 585492] → [caf priority: p2][CR 585492]
You need to log in before you can comment on or make changes to this bug.