Closed
Bug 989937
Opened 11 years ago
Closed 11 years ago
[tarako] monkey test crash at libc.so + 0xe444
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 976656
blocking-b2g | - |
Tracking | Status | |
---|---|---|
b2g-v1.3T | --- | affected |
People
(Reporter: yaoyao.wu, Unassigned)
Details
(Keywords: crash, Whiteboard: [b2g-crash])
Attachments
(1 file)
8.57 MB,
application/x-bzip
|
Details |
Operating system: Android
0.0.0 Linux 3.0.8+ #1 PREEMPT Sun Mar 30 03:27:35 CST 2014 armv7l Spreadtrum/sp6821a_gonk/sp6821a_gonk:4.0.4.0.4.0.4/OPENMASTER/213:userdebug/test-keys
CPU: arm
0 CPUs
Crash reason: SIGSEGV
Crash address: 0x43ca7000
Thread 0 (crashed)
0 libc.so + 0xe444
r4 = 0x00000288 r5 = 0x000000c0 r6 = 0x43ca6dd0 r7 = 0x43c661bc
r8 = 0x00000000 r9 = 0x00040dd0 r10 = 0x0000019a fp = 0x00000444
sp = 0xbeb7afd4 lr = 0x40abe4f1 pc = 0x4010a444
Found by: given as instruction pointer in context
1 libxul.so!nsRegion::RgnRect::operator new(unsigned int) [nsRegion.cpp : 229 + 0x5]
sp = 0xbeb7afe8 pc = 0x40a8812b
Found by: stack scanning
2 0x43c65ffe
r4 = 0xbeb7b26c sp = 0xbeb7aff0 pc = 0x43c66000
Found by: call frame info
3 libxul.so!mozilla::gfx::DrawTargetCairo::CreateSourceSurfaceFromNativeSurface(mozilla::gfx::NativeSurface const&) const [DrawTargetCairo.cpp : 1110 + 0x7]
sp = 0xbeb7b014 pc = 0x414c579d
Found by: stack scanning
4 0x401a4042
r4 = 0x000000c0 r5 = 0x00000000 r6 = 0x401a4a60 r7 = 0x401a4040
r8 = 0x00000400 r9 = 0xbeb7b268 sp = 0xbeb7b044 pc = 0x401a4044
Found by: call frame info
5 libmozglue.so!__wrap_pthread_mutex_lock [Nuwa.cpp : 1075 + 0x5]
sp = 0xbeb7b0a0 pc = 0x40084d73
Found by: stack scanning
Updated•11 years ago
|
Component: JavaScript Engine → General
Product: Core → Firefox OS
Version: 28 Branch → unspecified
Updated•11 years ago
|
Component: General → Graphics
Product: Firefox OS → Core
Comment 1•11 years ago
|
||
changed to correct component.
Comment 2•11 years ago
|
||
can we always provide reproducible rate when reporting stability issues? such as how many times seen in one run (one run = how many hours?)
Thanks
Flags: needinfo?(yaoyao.wu)
the problem occurs four times ,three times with hudson-212 ,one time with hudson-213.
Flags: needinfo?(yaoyao.wu)
Comment 4•11 years ago
|
||
Sotaro, mentioned this could be an OOM issue and this may be difficult to fix, so NI him here to get his expert comments.
status-b2g-v1.3T:
--- → affected
Flags: needinfo?(sotaro.ikeda.g)
Comment 5•11 years ago
|
||
(In reply to yaoyao.wu from comment #3)
> the problem occurs four times ,three times with hudson-212 ,one time with
> hudson-213.
yaoyao, can we have another crash data?
Flags: needinfo?(sotaro.ikeda.g) → needinfo?(yaoyao.wu)
Updated•11 years ago
|
Flags: needinfo?(sotaro.ikeda.g)
I don't think the call stack was correct.
especially this function call
5 libmozglue.so!__wrap_pthread_mutex_lock [Nuwa.cpp : 1075 + 0x5]
sp = 0xbeb7b0a0 pc = 0x40084d73
Found by: stack scanning
(In reply to Sotaro Ikeda [:sotaro] from comment #5)
> (In reply to yaoyao.wu from comment #3)
> > the problem occurs four times ,three times with hudson-212 ,one time with
> > hudson-213.
>
> yaoyao, can we have another crash data?
Operating system: Android
0.0.0 Linux 3.0.8+ #1 PREEMPT Sat Mar 29 18:48:51 CST 2014 armv7l Spreadtrum/sp6821a_gonk/sp6821a_gonk:4.0.4.0.4.0.4/OPENMASTER/212:userdebug/test-keys
CPU: arm
0 CPUs
Crash reason: SIGSEGV
Crash address: 0x43be4000
Thread 0 (crashed)
0 libc.so + 0xe464
r4 = 0x00000288 r5 = 0x00000028 r6 = 0x43be3dd0 r7 = 0x43ba3254
r8 = 0x00000000 r9 = 0x00040dd0 r10 = 0x0000019a fp = 0x000004dc
sp = 0xbeaaaff4 lr = 0x40abe4f1 pc = 0x400f3464
Found by: given as instruction pointer in context
1 libxul.so!nsRegion::RgnRect::operator new(unsigned int) [nsRegion.cpp : 229 + 0x5]
sp = 0xbeaab008 pc = 0x40a8812b
Found by: stack scanning
2 0x43ba2ffe
r4 = 0xbeaab28c sp = 0xbeaab010 pc = 0x43ba3000
Found by: call frame info
3 libxul.so!mozilla::gfx::DrawTargetCairo::CreateSourceSurfaceFromNativeSurface(mozilla::gfx::NativeSurface const&) const [DrawTargetCairo.cpp : 1110 + 0x7]
sp = 0xbeaab034 pc = 0x414c562d
Found by: stack scanning
4 0x401ec042
r4 = 0x00000028 r5 = 0x00000000 r6 = 0x401eca60 r7 = 0x401ec040
r8 = 0x00000400 r9 = 0xbeaab288 sp = 0xbeaab064 pc = 0x401ec044
Found by: call frame info
5 libmozglue.so!__wrap_pthread_mutex_lock [Nuwa.cpp : 1075 + 0x5]
sp = 0xbeaab0c0 pc = 0x4001cd73
Found by: stack scanning
Flags: needinfo?(yaoyao.wu)
(In reply to yaoyao.wu from comment #7)
> (In reply to Sotaro Ikeda [:sotaro] from comment #5)
> > (In reply to yaoyao.wu from comment #3)
> > > the problem occurs four times ,three times with hudson-212 ,one time with
> > > hudson-213.
> >
> > yaoyao, can we have another crash data?
OK ,here is another two crash data:
>
> Operating system: Android
> 0.0.0 Linux 3.0.8+ #1 PREEMPT Sat Mar 29 18:48:51 CST 2014
> armv7l
> Spreadtrum/sp6821a_gonk/sp6821a_gonk:4.0.4.0.4.0.4/OPENMASTER/212:userdebug/
> test-keys
> CPU: arm
> 0 CPUs
>
> Crash reason: SIGSEGV
> Crash address: 0x43be4000
>
> Thread 0 (crashed)
> 0 libc.so + 0xe464
> r4 = 0x00000288 r5 = 0x00000028 r6 = 0x43be3dd0 r7 = 0x43ba3254
> r8 = 0x00000000 r9 = 0x00040dd0 r10 = 0x0000019a fp = 0x000004dc
> sp = 0xbeaaaff4 lr = 0x40abe4f1 pc = 0x400f3464
> Found by: given as instruction pointer in context
> 1 libxul.so!nsRegion::RgnRect::operator new(unsigned int) [nsRegion.cpp :
> 229 + 0x5]
> sp = 0xbeaab008 pc = 0x40a8812b
> Found by: stack scanning
> 2 0x43ba2ffe
> r4 = 0xbeaab28c sp = 0xbeaab010 pc = 0x43ba3000
> Found by: call frame info
> 3
> libxul.so!mozilla::gfx::DrawTargetCairo::
> CreateSourceSurfaceFromNativeSurface(mozilla::gfx::NativeSurface const&)
> const [DrawTargetCairo.cpp : 1110 + 0x7]
> sp = 0xbeaab034 pc = 0x414c562d
> Found by: stack scanning
> 4 0x401ec042
> r4 = 0x00000028 r5 = 0x00000000 r6 = 0x401eca60 r7 = 0x401ec040
> r8 = 0x00000400 r9 = 0xbeaab288 sp = 0xbeaab064 pc = 0x401ec044
> Found by: call frame info
> 5 libmozglue.so!__wrap_pthread_mutex_lock [Nuwa.cpp : 1075 + 0x5]
> sp = 0xbeaab0c0 pc = 0x4001cd73
> Found by: stack scanning
Operating system: Android
0.0.0 Linux 3.0.8+ #1 PREEMPT Sat Mar 29 18:48:51 CST 2014 armv7l Spreadtrum/sp6821a_gonk/sp6821a_gonk:4.0.4.0.4.0.4/OPENMASTER/212:userdebug/test-keys
CPU: arm
0 CPUs
Crash reason: SIGSEGV
Crash address: 0x43dd5000
Thread 0 (crashed)
0 libc.so + 0xe444
r4 = 0x00000288 r5 = 0x000000c8 r6 = 0x43dd4dd0 r7 = 0x43d941b4
r8 = 0x00000000 r9 = 0x00040dd0 r10 = 0x0000019a fp = 0x0000043c
sp = 0xbe9f6ff4 lr = 0x409be4f1 pc = 0x400a2444
Found by: given as instruction pointer in context
1 libxul.so!nsRegion::RgnRect::operator new(unsigned int) [nsRegion.cpp : 229 + 0x5]
sp = 0xbe9f7008 pc = 0x4098812b
Found by: stack scanning
2 0x43d93ffe
r4 = 0xbe9f728c sp = 0xbe9f7010 pc = 0x43d94000
Found by: call frame info
3 libxul.so!mozilla::gfx::DrawTargetCairo::CreateSourceSurfaceFromNativeSurface(mozilla::gfx::NativeSurface const&) const [DrawTargetCairo.cpp : 1110 + 0x7]
sp = 0xbe9f7034 pc = 0x413c562d
Found by: stack scanning
4 0x400fc042
r4 = 0x000000c8 r5 = 0x00000000 r6 = 0x400fca60 r7 = 0x400fc040
r8 = 0x00000400 r9 = 0xbe9f7288 sp = 0xbe9f7064 pc = 0x400fc044
Found by: call frame info
5 libmozglue.so!__wrap_pthread_mutex_lock [Nuwa.cpp : 1075 + 0x5]
sp = 0xbe9f70c0 pc = 0x40052d73
Found by: stack scanning
Comment 9•11 years ago
|
||
(In reply to ying.xu from comment #6)
> I don't think the call stack was correct.
>
> especially this function call
>
> 5 libmozglue.so!__wrap_pthread_mutex_lock [Nuwa.cpp : 1075 + 0x5]
> sp = 0xbeb7b0a0 pc = 0x40084d73
> Found by: stack scanning
Yeah, I also think so. And " 2 0x43ba2ffe", "4 0x401ec042" does not have a function name.
Flags: needinfo?(sotaro.ikeda.g)
Comment 10•11 years ago
|
||
At first, I thought the crash because of OOM from the following. But from stacks info's state, the stack might be corrupted.
> 1 libxul.so!nsRegion::RgnRect::operator new(unsigned int) [nsRegion.cpp : 229 + 0x5]
Comment 11•11 years ago
|
||
yaoyao, can you provide, libc.so's symbol info by the following command? I want to confirm "0 libc.so + 0xe464" function name.
> readelf -s libc.so | tr -s ' ' | cut -d ' ' -f 3-9 | sort
Flags: needinfo?(yaoyao.wu)
Comment 12•11 years ago
|
||
0000e34c 0 FUNC GLOBAL DEFAULT 7 memmove
0000e34c 0 FUNC GLOBAL DEFAULT 7 memmove
0000e680 0 FUNC GLOBAL DEFAULT 7 __aeabi_uidiv
0000e680 0 FUNC GLOBAL DEFAULT 7 __aeabi_uidiv
Comment 13•11 years ago
|
||
Bug 976656 seems very similar crash.
Updated•11 years ago
|
Flags: needinfo?(yaoyao.wu)
Comment 14•11 years ago
|
||
(In reply to Sotaro Ikeda [:sotaro] from comment #10)
> At first, I thought the crash because of OOM from the following. But from
> stacks info's state, the stack might be corrupted.
>
> > 1 libxul.so!nsRegion::RgnRect::operator new(unsigned int) [nsRegion.cpp : 229 + 0x5]
Memory corruption might be happened.
Comment 16•11 years ago
|
||
This should have been fixed.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•