Closed Bug 975472 Opened 7 years ago Closed 7 years ago

[B2G][Camera] crash in mozalloc_abort(char const*) | abort | nsAString_internal::Assign(nsAString_internal const&)

Categories

(Firefox OS Graveyard :: Gaia::Camera, defect)

ARM
Gonk (Firefox OS)
defect
Not set
critical

Tracking

(blocking-b2g:1.4+, b2g-v1.3 unaffected, b2g-v1.4 fixed)

RESOLVED FIXED
1.4 S2 (28feb)
blocking-b2g 1.4+
Tracking Status
b2g-v1.3 --- unaffected
b2g-v1.4 --- fixed

People

(Reporter: selkabule, Assigned: mikeh)

References

Details

(Keywords: crash, regression, reproducible, Whiteboard: [caf priority: p3]dogfood1.4 [b2g-crash] [cr 612941])

Crash Data

Attachments

(1 file, 3 obsolete files)

Attached file New crash logcat.txt (obsolete) —
This bug was filed from the Socorro interface and is 
report bp-d3f6c4e5-7cf4-49e5-b524-44e1a2140221.
=============================================================

Description:
If the device is connected to the computer with USB storage turned on and the user repeatedly opens the camera app and goes home, a crash will occur. 

Prerequisites: Device connected to computer with USB storage turned on and Camera Geolocation permission set to "always ask".

Repro Steps:
1) Updated Buri to Build ID: 20140221040202
2) Open Camera 
3) Press the Home button to exit 
4) Open the Camera again (Repeat steps 2 and 3 until encountering the crash)

Actual:
Firefox OS will crash. 

Expected:
The Firefox OS should not crash. 

Environmental Variables
Device: Buri MOZ RIL Build ID: 20140221040202
Gecko: https://hg.mozilla.org/mozilla-central/rev/7010ab83a06e
Gaia: 35365feace970bfc51276428f40a477c9c86b7bb
Platform Version: 30.0a1
Firmware Version: V1.2-device.cfg


Repro frequency: 100%
See attached: logcat
This issue does not reproduce on 1.3

Environmental Variables
Device: buri 1.3 MOZ RIL
Build ID: 20140221004002
Gecko: https://hg.mozilla.org/releases/mozilla-b2g28_v1_3/rev/e5f25becc0e7
Gaia: 8039a5cb7519adfa81677df577f494c6a4de6140
Platform Version: 28.0
Firmware Version: V1.2-device.cfg

The Firefox OS does not crash
With the following build:

Gaia      35365feace970bfc51276428f40a477c9c86b7bb
Gecko     https://hg.mozilla.org/mozilla-central/rev/7010ab83a06e
BuildID   20140221040202
Version   30.0a1
ro.build.version.incremental=eng.cltbld.20140122.035944
ro.build.date=Wed Jan 22 04:22:01 EST 2014

I don't see any crashes. I do, however, see that every second time I switch to the camera, the preview doesn't start. Returning to the Homescreen then back to the Camera starts it properly.

Diego--could this be bad state somewhere in the app?
Flags: needinfo?(dmarcos)
Update, I am able to easily reproduce this crash with:
- gecko: b2g-inbound:169896:aee74e1d4958
- gaia: fdc8e4beba5c8279f32083bc4e702348ef22f211
Program received signal SIGSEGV, Segmentation fault.
0x417b1b2a in mozalloc_abort (msg=<value optimized out>) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/memory/mozalloc/mozalloc_abort.cpp:30
30	    MOZ_CRASH();
(gdb) bt
#0  0x417b1b2a in mozalloc_abort (msg=<value optimized out>) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/memory/mozalloc/mozalloc_abort.cpp:30
#1  0x417b1b42 in abort () at /home/mikeh/dev/mozilla/m-c/b2g-inbound/memory/mozalloc/mozalloc_abort.cpp:39
#2  0x40dc9758 in mozilla::nsDOMCameraControl::OnError (this=0x443909d0, aContext=mozilla::CameraControlListener::kInUnspecified, aError=...) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/dom/camera/DOMCameraControl.cpp:1216
#3  0x40dc9e6c in RunCallback (this=0x434025c0, aDOMCameraControl=0x443909d0) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/dom/camera/DOMCameraControlListener.cpp:340
#4  0x40dc9b08 in mozilla::DOMCameraControlListener::DOMCallback::Run (this=0x434025c0) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/dom/camera/DOMCameraControlListener.cpp:53
#5  0x406e08ac in nsThread::ProcessNextEvent (this=0x403c5f60, mayWait=true, result=0xbed87f4f) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/xpcom/threads/nsThread.cpp:643
#6  0x406b0414 in NS_ProcessNextEvent (thread=0x46, mayWait=true) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/xpcom/glue/nsThreadUtils.cpp:263
#7  0x40818740 in mozilla::ipc::MessagePump::Run (this=0x40301af0, aDelegate=0xbed8885c) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/ipc/glue/MessagePump.cpp:136
#8  0x408187ba in mozilla::ipc::MessagePumpForChildProcess::Run (this=0x40301af0, aDelegate=0xbed8885c) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/ipc/glue/MessagePump.cpp:283
#9  0x4080e378 in MessageLoop::RunInternal (this=0x1000001) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/ipc/chromium/src/base/message_loop.cc:226
#10 0x4080e3f6 in MessageLoop::RunHandler (this=0xbed8885c) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/ipc/chromium/src/base/message_loop.cc:219
#11 MessageLoop::Run (this=0xbed8885c) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/ipc/chromium/src/base/message_loop.cc:193
#12 0x40c62d7c in nsBaseAppShell::Run (this=0x4336f760) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/widget/xpwidgets/nsBaseAppShell.cpp:164
#13 0x412832ba in XRE_RunAppShell () at /home/mikeh/dev/mozilla/m-c/b2g-inbound/toolkit/xre/nsEmbedFunctions.cpp:679
#14 0x40818788 in mozilla::ipc::MessagePumpForChildProcess::Run (this=0x40301af0, aDelegate=0xbed8885c) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/ipc/glue/MessagePump.cpp:253
#15 0x4080e378 in MessageLoop::RunInternal (this=0x4336f760) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/ipc/chromium/src/base/message_loop.cc:226
#16 0x4080e3f6 in MessageLoop::RunHandler (this=0xbed8885c) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/ipc/chromium/src/base/message_loop.cc:219
#17 MessageLoop::Run (this=0xbed8885c) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/ipc/chromium/src/base/message_loop.cc:193
#18 0x41283748 in XRE_InitChildProcess (aArgc=-1093105160, aArgv=0xbed8896c, aProcess=1077210112) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/toolkit/xre/nsEmbedFunctions.cpp:516
#19 0x000087a0 in main (argc=8, argv=0xbed889f4) at /home/mikeh/dev/mozilla/m-c/b2g-inbound/ipc/app/MozillaRuntimeMain.cpp:149
Attachment #8379841 - Attachment is obsolete: true
Attachment #8379991 - Flags: feedback?(mwu)
Comment on attachment 8379991 [details] [diff] [review]
Don't crash on async setter errors, v1

Fixes my crash. Thanks!
Attachment #8379991 - Flags: feedback?(mwu) → feedback+
blocking-b2g: --- → 1.4?
Keywords: reproducible
Whiteboard: dogfood1.4 → dogfood1.4 [b2g-crash]
Duplicate of this bug: 975529
try-server push: https://tbpl.mozilla.org/?tree=Try&rev=76d6a5847dca&showall=1
Assignee: nobody → mhabicher
Attachment #8379991 - Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #8380124 - Flags: review?(dhylands)
Flags: needinfo?(dmarcos)
Blocks: 974919
Whiteboard: dogfood1.4 [b2g-crash] → dogfood1.4 [b2g-crash] [cr 612941]
Comment on attachment 8380124 [details] [diff] [review]
Don't crash on async method errors, v2

Review of attachment 8380124 [details] [diff] [review]:
-----------------------------------------------------------------

Looks reasonable to me.
Attachment #8380124 - Flags: review?(dhylands) → review+
This version fixes the assertion when stuffing StartRecordingHelper into nsCOMPtr<nsIDOMEventHandler>.

try-server push: https://tbpl.mozilla.org/?tree=Try&rev=fbf549e196ce&showall=1
Attachment #8380124 - Attachment is obsolete: true
Attachment #8380352 - Flags: review?(dhylands)
Comment on attachment 8380352 [details] [diff] [review]
Don't crash on async method errors, v3

Review of attachment 8380352 [details] [diff] [review]:
-----------------------------------------------------------------

r+ - There was just the one-line change from the last review right?
Attachment #8380352 - Flags: review?(dhylands) → review+
Duplicate of this bug: 974919
(In reply to Dave Hylands [:dhylands] from comment #11)
> 
> r+ - There was just the one-line change from the last review right?

Thanks, Dave--yes. I completely missed the other r+, or I wouldn't have bothered you with this one.
https://hg.mozilla.org/mozilla-central/rev/4b6103d24d1e
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → 1.4 S2 (28feb)
blocking-b2g: 1.4? → 1.4+
Whiteboard: dogfood1.4 [b2g-crash] [cr 612941] → [caf priority: p3]dogfood1.4 [b2g-crash] [cr 612941]
You need to log in before you can comment on or make changes to this bug.