Closed Bug 989937 Opened 11 years ago Closed 11 years ago

[tarako] monkey test crash at libc.so + 0xe444

Categories

(Core :: Graphics, defect)

ARM
Gonk (Firefox OS)
defect
Not set
major

Tracking

()

RESOLVED DUPLICATE of bug 976656
blocking-b2g -
Tracking Status
b2g-v1.3T --- affected

People

(Reporter: yaoyao.wu, Unassigned)

Details

(Keywords: crash, Whiteboard: [b2g-crash])

Attachments

(1 file)

Operating system: Android 0.0.0 Linux 3.0.8+ #1 PREEMPT Sun Mar 30 03:27:35 CST 2014 armv7l Spreadtrum/sp6821a_gonk/sp6821a_gonk:4.0.4.0.4.0.4/OPENMASTER/213:userdebug/test-keys CPU: arm 0 CPUs Crash reason: SIGSEGV Crash address: 0x43ca7000 Thread 0 (crashed) 0 libc.so + 0xe444 r4 = 0x00000288 r5 = 0x000000c0 r6 = 0x43ca6dd0 r7 = 0x43c661bc r8 = 0x00000000 r9 = 0x00040dd0 r10 = 0x0000019a fp = 0x00000444 sp = 0xbeb7afd4 lr = 0x40abe4f1 pc = 0x4010a444 Found by: given as instruction pointer in context 1 libxul.so!nsRegion::RgnRect::operator new(unsigned int) [nsRegion.cpp : 229 + 0x5] sp = 0xbeb7afe8 pc = 0x40a8812b Found by: stack scanning 2 0x43c65ffe r4 = 0xbeb7b26c sp = 0xbeb7aff0 pc = 0x43c66000 Found by: call frame info 3 libxul.so!mozilla::gfx::DrawTargetCairo::CreateSourceSurfaceFromNativeSurface(mozilla::gfx::NativeSurface const&) const [DrawTargetCairo.cpp : 1110 + 0x7] sp = 0xbeb7b014 pc = 0x414c579d Found by: stack scanning 4 0x401a4042 r4 = 0x000000c0 r5 = 0x00000000 r6 = 0x401a4a60 r7 = 0x401a4040 r8 = 0x00000400 r9 = 0xbeb7b268 sp = 0xbeb7b044 pc = 0x401a4044 Found by: call frame info 5 libmozglue.so!__wrap_pthread_mutex_lock [Nuwa.cpp : 1075 + 0x5] sp = 0xbeb7b0a0 pc = 0x40084d73 Found by: stack scanning
Component: JavaScript Engine → General
Product: Core → Firefox OS
Version: 28 Branch → unspecified
Component: General → Graphics
Product: Firefox OS → Core
changed to correct component.
can we always provide reproducible rate when reporting stability issues? such as how many times seen in one run (one run = how many hours?) Thanks
Flags: needinfo?(yaoyao.wu)
the problem occurs four times ,three times with hudson-212 ,one time with hudson-213.
Flags: needinfo?(yaoyao.wu)
Sotaro, mentioned this could be an OOM issue and this may be difficult to fix, so NI him here to get his expert comments.
Flags: needinfo?(sotaro.ikeda.g)
(In reply to yaoyao.wu from comment #3) > the problem occurs four times ,three times with hudson-212 ,one time with > hudson-213. yaoyao, can we have another crash data?
Flags: needinfo?(sotaro.ikeda.g) → needinfo?(yaoyao.wu)
Flags: needinfo?(sotaro.ikeda.g)
I don't think the call stack was correct. especially this function call 5 libmozglue.so!__wrap_pthread_mutex_lock [Nuwa.cpp : 1075 + 0x5] sp = 0xbeb7b0a0 pc = 0x40084d73 Found by: stack scanning
(In reply to Sotaro Ikeda [:sotaro] from comment #5) > (In reply to yaoyao.wu from comment #3) > > the problem occurs four times ,three times with hudson-212 ,one time with > > hudson-213. > > yaoyao, can we have another crash data? Operating system: Android 0.0.0 Linux 3.0.8+ #1 PREEMPT Sat Mar 29 18:48:51 CST 2014 armv7l Spreadtrum/sp6821a_gonk/sp6821a_gonk:4.0.4.0.4.0.4/OPENMASTER/212:userdebug/test-keys CPU: arm 0 CPUs Crash reason: SIGSEGV Crash address: 0x43be4000 Thread 0 (crashed) 0 libc.so + 0xe464 r4 = 0x00000288 r5 = 0x00000028 r6 = 0x43be3dd0 r7 = 0x43ba3254 r8 = 0x00000000 r9 = 0x00040dd0 r10 = 0x0000019a fp = 0x000004dc sp = 0xbeaaaff4 lr = 0x40abe4f1 pc = 0x400f3464 Found by: given as instruction pointer in context 1 libxul.so!nsRegion::RgnRect::operator new(unsigned int) [nsRegion.cpp : 229 + 0x5] sp = 0xbeaab008 pc = 0x40a8812b Found by: stack scanning 2 0x43ba2ffe r4 = 0xbeaab28c sp = 0xbeaab010 pc = 0x43ba3000 Found by: call frame info 3 libxul.so!mozilla::gfx::DrawTargetCairo::CreateSourceSurfaceFromNativeSurface(mozilla::gfx::NativeSurface const&) const [DrawTargetCairo.cpp : 1110 + 0x7] sp = 0xbeaab034 pc = 0x414c562d Found by: stack scanning 4 0x401ec042 r4 = 0x00000028 r5 = 0x00000000 r6 = 0x401eca60 r7 = 0x401ec040 r8 = 0x00000400 r9 = 0xbeaab288 sp = 0xbeaab064 pc = 0x401ec044 Found by: call frame info 5 libmozglue.so!__wrap_pthread_mutex_lock [Nuwa.cpp : 1075 + 0x5] sp = 0xbeaab0c0 pc = 0x4001cd73 Found by: stack scanning
Flags: needinfo?(yaoyao.wu)
(In reply to yaoyao.wu from comment #7) > (In reply to Sotaro Ikeda [:sotaro] from comment #5) > > (In reply to yaoyao.wu from comment #3) > > > the problem occurs four times ,three times with hudson-212 ,one time with > > > hudson-213. > > > > yaoyao, can we have another crash data? OK ,here is another two crash data: > > Operating system: Android > 0.0.0 Linux 3.0.8+ #1 PREEMPT Sat Mar 29 18:48:51 CST 2014 > armv7l > Spreadtrum/sp6821a_gonk/sp6821a_gonk:4.0.4.0.4.0.4/OPENMASTER/212:userdebug/ > test-keys > CPU: arm > 0 CPUs > > Crash reason: SIGSEGV > Crash address: 0x43be4000 > > Thread 0 (crashed) > 0 libc.so + 0xe464 > r4 = 0x00000288 r5 = 0x00000028 r6 = 0x43be3dd0 r7 = 0x43ba3254 > r8 = 0x00000000 r9 = 0x00040dd0 r10 = 0x0000019a fp = 0x000004dc > sp = 0xbeaaaff4 lr = 0x40abe4f1 pc = 0x400f3464 > Found by: given as instruction pointer in context > 1 libxul.so!nsRegion::RgnRect::operator new(unsigned int) [nsRegion.cpp : > 229 + 0x5] > sp = 0xbeaab008 pc = 0x40a8812b > Found by: stack scanning > 2 0x43ba2ffe > r4 = 0xbeaab28c sp = 0xbeaab010 pc = 0x43ba3000 > Found by: call frame info > 3 > libxul.so!mozilla::gfx::DrawTargetCairo:: > CreateSourceSurfaceFromNativeSurface(mozilla::gfx::NativeSurface const&) > const [DrawTargetCairo.cpp : 1110 + 0x7] > sp = 0xbeaab034 pc = 0x414c562d > Found by: stack scanning > 4 0x401ec042 > r4 = 0x00000028 r5 = 0x00000000 r6 = 0x401eca60 r7 = 0x401ec040 > r8 = 0x00000400 r9 = 0xbeaab288 sp = 0xbeaab064 pc = 0x401ec044 > Found by: call frame info > 5 libmozglue.so!__wrap_pthread_mutex_lock [Nuwa.cpp : 1075 + 0x5] > sp = 0xbeaab0c0 pc = 0x4001cd73 > Found by: stack scanning Operating system: Android 0.0.0 Linux 3.0.8+ #1 PREEMPT Sat Mar 29 18:48:51 CST 2014 armv7l Spreadtrum/sp6821a_gonk/sp6821a_gonk:4.0.4.0.4.0.4/OPENMASTER/212:userdebug/test-keys CPU: arm 0 CPUs Crash reason: SIGSEGV Crash address: 0x43dd5000 Thread 0 (crashed) 0 libc.so + 0xe444 r4 = 0x00000288 r5 = 0x000000c8 r6 = 0x43dd4dd0 r7 = 0x43d941b4 r8 = 0x00000000 r9 = 0x00040dd0 r10 = 0x0000019a fp = 0x0000043c sp = 0xbe9f6ff4 lr = 0x409be4f1 pc = 0x400a2444 Found by: given as instruction pointer in context 1 libxul.so!nsRegion::RgnRect::operator new(unsigned int) [nsRegion.cpp : 229 + 0x5] sp = 0xbe9f7008 pc = 0x4098812b Found by: stack scanning 2 0x43d93ffe r4 = 0xbe9f728c sp = 0xbe9f7010 pc = 0x43d94000 Found by: call frame info 3 libxul.so!mozilla::gfx::DrawTargetCairo::CreateSourceSurfaceFromNativeSurface(mozilla::gfx::NativeSurface const&) const [DrawTargetCairo.cpp : 1110 + 0x7] sp = 0xbe9f7034 pc = 0x413c562d Found by: stack scanning 4 0x400fc042 r4 = 0x000000c8 r5 = 0x00000000 r6 = 0x400fca60 r7 = 0x400fc040 r8 = 0x00000400 r9 = 0xbe9f7288 sp = 0xbe9f7064 pc = 0x400fc044 Found by: call frame info 5 libmozglue.so!__wrap_pthread_mutex_lock [Nuwa.cpp : 1075 + 0x5] sp = 0xbe9f70c0 pc = 0x40052d73 Found by: stack scanning
(In reply to ying.xu from comment #6) > I don't think the call stack was correct. > > especially this function call > > 5 libmozglue.so!__wrap_pthread_mutex_lock [Nuwa.cpp : 1075 + 0x5] > sp = 0xbeb7b0a0 pc = 0x40084d73 > Found by: stack scanning Yeah, I also think so. And " 2 0x43ba2ffe", "4 0x401ec042" does not have a function name.
Flags: needinfo?(sotaro.ikeda.g)
At first, I thought the crash because of OOM from the following. But from stacks info's state, the stack might be corrupted. > 1 libxul.so!nsRegion::RgnRect::operator new(unsigned int) [nsRegion.cpp : 229 + 0x5]
yaoyao, can you provide, libc.so's symbol info by the following command? I want to confirm "0 libc.so + 0xe464" function name. > readelf -s libc.so | tr -s ' ' | cut -d ' ' -f 3-9 | sort
Flags: needinfo?(yaoyao.wu)
0000e34c 0 FUNC GLOBAL DEFAULT 7 memmove 0000e34c 0 FUNC GLOBAL DEFAULT 7 memmove 0000e680 0 FUNC GLOBAL DEFAULT 7 __aeabi_uidiv 0000e680 0 FUNC GLOBAL DEFAULT 7 __aeabi_uidiv
Bug 976656 seems very similar crash.
Flags: needinfo?(yaoyao.wu)
(In reply to Sotaro Ikeda [:sotaro] from comment #10) > At first, I thought the crash because of OOM from the following. But from > stacks info's state, the stack might be corrupted. > > > 1 libxul.so!nsRegion::RgnRect::operator new(unsigned int) [nsRegion.cpp : 229 + 0x5] Memory corruption might be happened.
Keywords: crash
Whiteboard: [b2g-crash]
triage: let's track Bug 976656
blocking-b2g: 1.3T? → -
This should have been fixed.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: