Closed
Bug 976656
Opened 10 years ago
Closed 10 years ago
crash in mozilla::gfx::DrawTargetCairo::CreateSourceSurfaceFromNativeSurface(mozilla::gfx::NativeSurface const&) const
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
WORKSFORME
blocking-b2g | 1.3T+ |
People
(Reporter: nhirata, Assigned: schiu)
References
Details
(Keywords: crash, reproducible, Whiteboard: [b2g-crash] [priority], 1.3tarakorun2)
Crash Data
Attachments
(3 files, 1 obsolete file)
514.88 KB,
text/x-log
|
Details | |
1.27 MB,
application/zip
|
Details | |
4.58 KB,
patch
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-4703a685-bf73-4522-a7c9-358772140224. ============================================================= Frame Module Signature Source 0 libc.so libc.so@0xe300 1 libxul.so mozilla::gfx::DrawTargetCairo::CreateSourceSurfaceFromNativeSurface(mozilla::gfx::NativeSurface const&) const /home/geeksphone/FOS/keon/gecko/gfx/2d/DrawTargetCairo.cpp 2 @0x40178042 3 libxul.so js::jit::LIRGenerator::visitStoreSlot(js::jit::MStoreSlot*) /home/geeksphone/FOS/keon/gecko/js/src/jit/Lowering.cpp 4 @0x4342e722 More Signatures : https://crash-stats.mozilla.com/report/list?product=B2G&signature=mozilla%3A%3Agfx%3A%3ADrawTargetCairo%3A%3ACreateSourceSurfaceFromNativeSurface%28mozilla%3A%3Agfx%3A%3ANativeSurface+const%26%29+const#tab-reports Note: seems to only affect Geeksphone devices
Reporter | ||
Updated•10 years ago
|
Flags: needinfo?(gp)
Reporter | ||
Updated•10 years ago
|
status-b2g-v1.3:
--- → affected
Updated•10 years ago
|
Whiteboard: [b2g-crash]
Comment 1•10 years ago
|
||
Tarako monkey test also meet a lot of the similar crash. [FFOS minidump: mtlog-now-sp6821a_gonk-131-custom_hudson-shtemp169ubtpc-1402250610/dump_parse (the top 10 stack info)] 0 libc.so + 0xe40c 1 libxul.so!mozilla::gfx::DrawTargetCairo::CreateSourceSurfaceFromNativeSurface(mozilla::gfx::NativeSurface const&) const [DrawTargetCairo.cpp : 1110 + 0x7] 2 0x4015b042 3 libmozglue.so!__wrap_pthread_mutex_lock [Nuwa.cpp : 1075 + 0x5]
blocking-b2g: --- → 1.3T?
Flags: needinfo?(ttsai)
Updated•10 years ago
|
Flags: needinfo?(ttsai) → needinfo?(vliu)
Comment 3•10 years ago
|
||
Building up monkey test environment is in progress. Hopefully we can also reproduce these kind of problems in our side.
Flags: needinfo?(vliu)
Assignee | ||
Comment 4•10 years ago
|
||
Assignee | ||
Comment 5•10 years ago
|
||
I just upload a local patch to add log for DrawTargetCairo::CreateSourceSurfaceFromNativeSurface, and will use it to perform our monkey test.
Updated•10 years ago
|
Keywords: steps-wanted
Updated•10 years ago
|
Component: Vendcom → Graphics
Product: Firefox OS → Core
Comment 6•10 years ago
|
||
There really isn't anything to go off of here to use as hints for STR. We need more information before we try doing a STR hunt.
Keywords: steps-wanted
Comment 8•10 years ago
|
||
I saw this crash again. https://crash-stats.mozilla.com/report/index/fffb844b-2e68-4014-87b5-52fe42140331
Comment 9•10 years ago
|
||
(In reply to pcheng from comment #8) > I saw this crash again. > https://crash-stats.mozilla.com/report/index/fffb844b-2e68-4014-87b5- > 52fe42140331 Build ------------------------------------------------------------------- Gaia 14ef4fcdf9199f04f7678755c917dc77f51e13ba Gecko https://hg.mozilla.org/releases/mozilla-b2g28_v1_3t/rev/b574a7967338 BuildID 20140329004002 Version 28.1 ro.build.version.incremental=70 ro.build.date=Fri Mar 28 06:17:40 CST 2014
Comment 10•10 years ago
|
||
I saw this crash again on latest build. Gaia c418ec10d1e1d53c6757ad12b2320c204808d251 Gecko https://hg.mozilla.org/releases/mozilla-b2g28_v1_3t/rev/36b1279ef6df BuildID 20140402164000 Version 28.1 ro.build.version.incremental=eng.cltbld.20140402.202437 ro.build.date=Wed Apr 2 20:24:44 EDT 2014 Crash report: https://crash-stats.mozilla.com/report/index/044100ec-d463-46f4-9611-c6ae92140403
Comment 11•10 years ago
|
||
(In reply to pcheng from comment #10) > I saw this crash again on latest build. > Gaia c418ec10d1e1d53c6757ad12b2320c204808d251 > Gecko > https://hg.mozilla.org/releases/mozilla-b2g28_v1_3t/rev/36b1279ef6df > BuildID 20140402164000 > Version 28.1 > ro.build.version.incremental=eng.cltbld.20140402.202437 > ro.build.date=Wed Apr 2 20:24:44 EDT 2014 > > Crash report: > https://crash-stats.mozilla.com/report/index/044100ec-d463-46f4-9611- > c6ae92140403 I saw this crash following the steps bellow: 1. Launch Music 2. Switch to Song list 3. Swipe up and down and select one song to play. 4. Repeat 2~3 for several times, you will see Music crash. The reproduce rate is about 1/10.
Comment 12•10 years ago
|
||
Bug 989937 seems similar crash.
Comment 13•10 years ago
|
||
This crash has higher reproduce rate in recent build. Could any one take a look? I attached the adb logcat here.
Updated•10 years ago
|
blocking-b2g: --- → 1.3T?
status-b2g-v1.3T:
--- → affected
Comment 14•10 years ago
|
||
peipei, see spreadtrum bug, there is STR http://bugzilla.spreadtrum.com/bugzilla/show_bug.cgi?id=296491
Flags: needinfo?(pcheng)
Comment 15•10 years ago
|
||
(In reply to James Zhang from comment #14) > peipei, see spreadtrum bug, there is STR > http://bugzilla.spreadtrum.com/bugzilla/show_bug.cgi?id=296491 Yes, but it's not consistently reproduced. It could appear when browsing Music and SMS.
Flags: needinfo?(pcheng)
Comment 16•10 years ago
|
||
Here is a STR video: https://mozilla.box.com/s/rk1bwvrk8atosv3jtocc Steps: 1. Prepare a long list of messages in SMS(or a lot of music in Music Song list) 2. Launch SMS 3. Swipe up and down to browse messages --> SMS is very easy to crash. Similar behavior happens to Music
Comment 17•10 years ago
|
||
(In reply to pcheng from comment #16) > Here is a STR video: https://mozilla.box.com/s/rk1bwvrk8atosv3jtocc > > Steps: > 1. Prepare a long list of messages in SMS(or a lot of music in Music Song > list) > 2. Launch SMS > 3. Swipe up and down to browse messages > --> SMS is very easy to crash. Similar behavior happens to Music very easy -> can you comment on the reproduce rate? thanks let's not block on tarako with this but we may consider uplifts when there is a fix Solomon, can you continue to look at this? Thanks
blocking-b2g: 1.3T? → -
Assignee | ||
Comment 18•10 years ago
|
||
(In reply to Joe Cheng [:jcheng] from comment #17) > (In reply to pcheng from comment #16) > > Here is a STR video: https://mozilla.box.com/s/rk1bwvrk8atosv3jtocc > > > > Steps: > > 1. Prepare a long list of messages in SMS(or a lot of music in Music Song > > list) > > 2. Launch SMS > > 3. Swipe up and down to browse messages > > --> SMS is very easy to crash. Similar behavior happens to Music > > very easy -> can you comment on the reproduce rate? thanks > let's not block on tarako with this but we may consider uplifts when there > is a fix > Solomon, can you continue to look at this? > > Thanks James, I checked the log, the error message that I add in the patch seems didn't be printed. Can you confirm if the patch that I provided be used in recent build? Joe, I am trying to borrow a Tarako, will start to look into this issue after I get the device.
Flags: needinfo?(james.zhang)
Comment 19•10 years ago
|
||
(In reply to Solomon Chiu [:schiu] from comment #18) > (In reply to Joe Cheng [:jcheng] from comment #17) > > (In reply to pcheng from comment #16) > > > Here is a STR video: https://mozilla.box.com/s/rk1bwvrk8atosv3jtocc > > > > > > Steps: > > > 1. Prepare a long list of messages in SMS(or a lot of music in Music Song > > > list) > > > 2. Launch SMS > > > 3. Swipe up and down to browse messages > > > --> SMS is very easy to crash. Similar behavior happens to Music > > > > very easy -> can you comment on the reproduce rate? thanks > > let's not block on tarako with this but we may consider uplifts when there > > is a fix > > Solomon, can you continue to look at this? > > > > Thanks > > James, > > I checked the log, the error message that I add in the patch seems didn't be > printed. Can you confirm if the patch that I provided be used in recent > build? > > Joe, > > I am trying to borrow a Tarako, will start to look into this issue after I > get the device. Please see peipei's adb logcat.
Flags: needinfo?(james.zhang)
Updated•10 years ago
|
Whiteboard: [b2g-crash] → [b2g-crash] [MP_Blocker]
Comment 20•10 years ago
|
||
It's found many times during our partner's testing.
Comment 22•10 years ago
|
||
(In reply to Joe Cheng [:jcheng] from comment #17) > (In reply to pcheng from comment #16) > > Here is a STR video: https://mozilla.box.com/s/rk1bwvrk8atosv3jtocc > > > > Steps: > > 1. Prepare a long list of messages in SMS(or a lot of music in Music Song > > list) > > 2. Launch SMS > > 3. Swipe up and down to browse messages > > --> SMS is very easy to crash. Similar behavior happens to Music > > very easy -> can you comment on the reproduce rate? thanks > let's not block on tarako with this but we may consider uplifts when there > is a fix > Solomon, can you continue to look at this? > > Thanks When shipping phones, you are required to meet a MTBF metric in order to ship the phone (typically > 100 hours). This is established to ensure that users don't get exposed to critical bugs during basic use of the phone. Apparently this is prominent on Tarako in a far more greater fashion than 1.3, as there's been multiple comments indicating that this crash has been hit. The dupe here (bug 991406) actually provides reproducible STR to hit this crash, which now makes this 1) easily actionable to fix 2) proof that this blocks a couple of basic user flows on the phone. As such, this is an obvious blocker for Tarako, as this is a common crash on that phone in multiple places, has consistent STR to block a couple of basic user flows in the dupe, and will seriously impact us from being able to hit a releasable MTBF.
blocking-b2g: - → 1.3T?
Flags: needinfo?(gp)
Updated•10 years ago
|
Whiteboard: [b2g-crash] [MP_Blocker] → [b2g-crash] [priority]
Comment 25•10 years ago
|
||
Here ishow to reproduce this crash using Music app. Since it's uneasy to create a long list of sms. To do this: 1. Download attached music 2. Put these music to SD card 3. Launch Music 4. Switch to Song list 5. Switch to the first page of Music again --> It's very easy to reproduce this crash. I saw it every time on my device. If you could not reproduce, just repeat 4~5 for several times.
Assignee | ||
Comment 26•10 years ago
|
||
1. I tried several times of Peipei's reproducing steps, seems all crashed with the same signature of Bug#989989 - [tarako] crash in BufferUnrotate(unsigned char*, int, int, int, int, int), which different from the crash signature in this bug. 2. I got a script from QA which can make bulk SMS/MMS/contact in DUT. I will try to pack the relative files into package and provide to Peipei, to see if she can find ways to trigger the crash of this bug faster. 3. The crash point is located on 7th byte of machine code from the start address of CreateSourceSurfaceFromNativeSurface(), which is on preparing the stack for this function. In other words, the crash occurs before the actual code of this function is executed. I think there should exist problems other than the function itself.
Flags: needinfo?(schiu)
Comment 27•10 years ago
|
||
It's weird that I followed the same steps but triggered crash call stack for this bug instead of bug 989989. Here is the crash report: https://crash-stats.mozilla.com/report/index/e8897f78-c07b-468e-ba6b-6657d2140407 Is it possible that it has other crash point?
Comment 28•10 years ago
|
||
Another way to reproduce: 1. Go to Settings->Screen lock 2. Enable passcode lock and create a new passcode --> Crash may happen here 3. If no crash at step 2, then go back to Screen lock 4. Try to disable passcode lock --> Crash may happen here Here is the crash report. https://crash-stats.mozilla.com/report/index/baf9b4ac-0c07-414c-8b12-8b5bb2140408
Comment 29•10 years ago
|
||
(In reply to pcheng from comment #28) > Another way to reproduce: > > 1. Go to Settings->Screen lock > 2. Enable passcode lock and create a new passcode > --> Crash may happen here > 3. If no crash at step 2, then go back to Screen lock > 4. Try to disable passcode lock > --> Crash may happen here > > Here is the crash report. > > https://crash-stats.mozilla.com/report/index/baf9b4ac-0c07-414c-8b12- > 8b5bb2140408 Environment: ---------------------------------------------------- Gaia 9afe8145b5d309bdf2ef196b559e6dfd997faeeb Gecko https://hg.mozilla.org/releases/mozilla-b2g28_v1_3t/rev/c2a0ee7b4d58 BuildID 20140407164002 Version 28.1 ro.build.version.incremental=eng.cltbld.20140407.202457 ro.build.date=Mon Apr 7 20:25:04 EDT 2014
Updated•10 years ago
|
Keywords: reproducible
Updated•10 years ago
|
Whiteboard: [b2g-crash] [priority] → [b2g-crash] [priority], 1.3tarakorun2
Assignee | ||
Comment 31•10 years ago
|
||
I tried many times of above steps, most of the test results to the symptom of Bug#989989 - [tarako] crash in BufferUnrotate(unsigned char*, int, int, int, int, int). Since the clues relative to BufferUnrotate is more clear than this bug, I will look into Bug#989989 first.
Flags: needinfo?(schiu)
Assignee | ||
Comment 32•10 years ago
|
||
(In reply to Solomon Chiu [:schiu] from comment #31) > I tried many times of above steps, most of the test results to the symptom > of Bug#989989 - [tarako] crash in BufferUnrotate(unsigned char*, int, int, > int, int, int). Since the clues relative to BufferUnrotate is more clear > than this bug, I will look into Bug#989989 first. Bug#989989 was set to duplicated with Bug#970007.
Comment 33•10 years ago
|
||
I could very easily reproduce this crash using at least some of the STRs from Peipei and Binquing. Gaia 643f3e6676cbb89c62708a9f7cbef2edc795a552 Gecko https://hg.mozilla.org/releases/mozilla-b2g28_v1_3t/rev/e757fdd55426 BuildID 20140409004001 Version 28.1 ro.build.version.incremental=215 ro.build.date=Mon Mar 31 10:11:50 CST 2014 Not quite a smoketest blocker, but pretty annoying when trying to use any of the above functions.
Comment 34•10 years ago
|
||
Note that I've updated to the latest PAC and I'm still seeing this issue.
Assignee | ||
Comment 35•10 years ago
|
||
WIP patch from bug#970007
Attachment #8385196 -
Attachment is obsolete: true
Comment 36•10 years ago
|
||
Slog: https://www.dropbox.com/s/6lw8ex0fb6nb6d0/296491.zip
Comment 37•10 years ago
|
||
I am seeing this issue constantly in the latest build. Repro Steps: 1) Launch Music app. 2) Start playing a song. 3) Tap on 'Artists' or 'Albums' tab and tap on an item from the resulting list. Result: Music app crashes. v1.3T Environmental Variables: Device: Tarako v1.3T Spreadtrum RIL BuildID: 20140411004003 Gaia: 27a0e773e01eed74e20709bdcab6894469f42a72 Gecko: 257dd37da601 Version: 28.1 Firmware Version: SP6821a
Assignee | ||
Comment 38•10 years ago
|
||
(In reply to rkuhlman from comment #37) > I am seeing this issue constantly in the latest build. > > Repro Steps: > 1) Launch Music app. > 2) Start playing a song. > 3) Tap on 'Artists' or 'Albums' tab and tap on an item from the resulting > list. > > Result: > Music app crashes. > > > v1.3T Environmental Variables: > Device: Tarako v1.3T Spreadtrum RIL > BuildID: 20140411004003 > Gaia: 27a0e773e01eed74e20709bdcab6894469f42a72 > Gecko: 257dd37da601 > Version: 28.1 > Firmware Version: SP6821a Could you please provide the crash report? Because the same step also probably results in bug#970007. Thanks.
Flags: needinfo?(rkuhlman)
Comment 39•10 years ago
|
||
(In reply to rkuhlman from comment #37) > I am seeing this issue constantly in the latest build. > > Repro Steps: > 1) Launch Music app. > 2) Start playing a song. > 3) Tap on 'Artists' or 'Albums' tab and tap on an item from the resulting > list. > > Result: > Music app crashes. > > > v1.3T Environmental Variables: > Device: Tarako v1.3T Spreadtrum RIL > BuildID: 20140411004003 > Gaia: 27a0e773e01eed74e20709bdcab6894469f42a72 > Gecko: 257dd37da601 > Version: 28.1 > Firmware Version: SP6821a I can reproduce the issue by your steps. But from the adb log, the crash happens because mediaserver died. E/OMXNodeInstance( 89): !!! Observer died. Quickly, do something, ... anything... I/Gecko ( 84): I/Gecko ( 84): ###!!! [Parent][MessageChannel] Error: Channel error: cannot send/recv I/Gecko ( 84): I/Gecko ( 84): ############ ErrorPage.js Can you confirm that the detailed log from your crash report? We need make sure the issue is the same with the original one.
Comment 40•10 years ago
|
||
https://crash-stats.mozilla.com/report/index/ae9a88dd-e723-42bd-a6d8-5149f2140414 ^ Here is a link to the crash report that is generated by my repro steps. If this does not contain the information you seek, please let me know and I will get whatever you need.
Flags: needinfo?(rkuhlman)
Comment 41•10 years ago
|
||
Can we land this patch? I think it works well.
Updated•10 years ago
|
Flags: needinfo?(fabrice)
Comment 42•10 years ago
|
||
This crash no longer reproduces on today's build. We were unable to get it to repro on four devices following any of the STR provided in this bug, and it was really easy to reproduce earlier, even on yesterday's build.. BuildID: 20140416004007 Gaia: 718a06816327fcb6a18095f677cfff4b86adc292 Gecko: 9ef12c19ddc9 Version: 28.1 base: sp6821
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
Comment 43•10 years ago
|
||
ok then... I'm still curious to know what fixed that though.
Flags: needinfo?(fabrice)
Comment 44•10 years ago
|
||
(In reply to Fabrice Desré [:fabrice] from comment #43) > ok then... I'm still curious to know what fixed that though. Bug 970007 might fix this.
Comment 45•10 years ago
|
||
(In reply to Sotaro Ikeda [:sotaro] from comment #44) > (In reply to Fabrice Desré [:fabrice] from comment #43) > > ok then... I'm still curious to know what fixed that though. > > Bug 970007 might fix this. Yes
You need to log in
before you can comment on or make changes to this bug.
Description
•