Closed
Bug 992606
Opened 10 years ago
Closed 10 years ago
[tarako] monkey test crash at libc.so + 0xdd84 | BufferUnrotate
Categories
(Firefox OS Graveyard :: General, defect)
Tracking
(blocking-b2g:-, b2g-v1.3T affected)
RESOLVED
DUPLICATE
of bug 970007
| blocking-b2g | - |
| Tracking | Status | |
|---|---|---|
| b2g-v1.3T | --- | affected |
People
(Reporter: yaoyao.wu, Unassigned)
References
Details
(Keywords: crash, Whiteboard: [b2g-crash])
Attachments
(1 file)
|
7.83 MB,
application/x-bzip
|
Details |
Operating system: Android
0.0.0 Linux 3.0.8+ #1 PREEMPT Thu Apr 3 15:44:58 CST 2014 armv7l Spreadtrum/sp6821a_gonk/sp6821a_gonk:4.0.4.0.4.0.4/OPENMASTER/228:userdebug/test-keys
CPU: arm
0 CPUs
Crash reason: SIGSEGV
Crash address: 0x439d6048
Thread 0 (crashed)
0 libc.so + 0xdd84
r4 = 0x00000288 r5 = 0x00000004 r6 = 0x439d62d0 r7 = 0x43994d78
r8 = 0x00000000 r9 = 0x00040dd0 r10 = 0x0000019a fp = 0x00000500
sp = 0xbecc9fd0 lr = 0x409be65f pc = 0x40029d84
Found by: given as instruction pointer in context
1 libxul.so!BufferUnrotate(unsigned char*, int, int, int, int, int) [BufferUnrotate.cpp : 44 + 0xd]
sp = 0xbecc9fd8 pc = 0x409be65f
Found by: stack scanning
2 libxul.so!mozilla::layers::RotatedContentBuffer::BeginPaint(mozilla::layers::ThebesLayer*, gfxContentType, unsigned int) [RotatedBuffer.cpp : 555 + 0x7]
r4 = 0x403cfb00 r5 = 0xbecca268 r6 = 0x403cfb0c r7 = 0x413c5a1d
r8 = 0x00000140 r9 = 0x000003c0 r10 = 0x00000141 fp = 0x00001000
sp = 0xbecca028 pc = 0x409c6be3
Found by: call frame info
3 libxul.so!mozilla::layers::ContentClientBasic::BeginPaintBuffer(mozilla::layers::ThebesLayer*, gfxContentType, unsigned int) + 0xf
r4 = 0xbecca268 r5 = 0x409cf4c1 r6 = 0x00001000 r7 = 0xbecca268
r8 = 0xbecca29c r9 = 0x4314e400 r10 = 0x4362b800 fp = 0x41dc8d44
sp = 0xbecca248 pc = 0x409cf4d1
Found by: call frame info
4 libxul.so!mozilla::layers::ClientThebesLayer::PaintThebes() [ClientThebesLayer.cpp : 61 + 0x9]
r4 = 0x42d336c0 r5 = 0x409cf4c1 r6 = 0x00001000 r7 = 0xbecca268
r8 = 0xbecca29c r9 = 0x4314e400 r10 = 0x4362b800 fp = 0x41dc8d44
sp = 0xbecca258 pc = 0x409cd643
Found by: call frame info
5 libxul.so!mozilla::layers::ClientThebesLayer::RenderLayer() [ClientThebesLayer.cpp : 107 + 0x5]
r4 = 0x42d336c0 r5 = 0x403cfab0 r6 = 0x00000000 r7 = 0xbecca46c
r8 = 0x4314e628 r9 = 0x4314e400 r10 = 0x4362b800 fp = 0x41dc8d44
sp = 0xbecca320 pc = 0x409cd793
Found by: call frame info
6 libxul.so!mozilla::layers::ClientContainerLayer::RenderLayer() [ClientContainerLayer.h : 81 + 0x5]
r4 = 0xbecca340 r5 = 0x41dc8d44 r6 = 0x00000000 r7 = 0xbecca46c
r8 = 0x4314e628 r9 = 0x4314e400 r10 = 0x4362b800 fp = 0x41dc8d44
sp = 0xbecca338 pc = 0x409cc61d
Found by: call frame info
7 libxul.so!mozilla::layers::ClientContainerLayer::RenderLayer() [ClientContainerLayer.h : 81 + 0x5]
r4 = 0xbecca3dc r5 = 0x41dc8d44 r6 = 0x00000001 r7 = 0xbecca46c
r8 = 0x4314e628 r9 = 0x4314e400 r10 = 0x4362b800 fp = 0x41dc8d44
sp = 0xbecca3d0 pc = 0x409cc61d
Found by: call frame info
8 libxul.so!mozilla::layers::ClientLayerManager::EndTransactionInternal(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) [ClientLayerManager.cpp : 188 + 0x9]
r4 = 0x403243e0 r5 = 0x00000000 r6 = 0x409cc349 r7 = 0xbecca46c
r8 = 0x4314e628 r9 = 0x4314e400 r10 = 0x4362b800 fp = 0x41dc8d44
sp = 0xbecca468 pc = 0x409ccff9
Found by: call frame info
9 libxul.so!mozilla::layers::ClientLayerManager::EndTransaction(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) [ClientLayerManager.cpp : 211 + 0xb]
r4 = 0x403243e0 r5 = 0x00000002 r6 = 0xbecca6a4 r7 = 0x4101b3c1
r8 = 0x4314e400 r9 = 0x00000000 r10 = 0x4362b800 fp = 0x41dc8d44
sp = 0xbecca4d0 pc = 0x409cd339
Found by: call frame info
10 libxul.so!nsDisplayList::PaintForFrame(nsDisplayListBuilder*, nsRenderingContext*, nsIFrame*, unsigned int) const [nsDisplayList.cpp : 1301 + 0x7]
r4 = 0x403243e0 r5 = 0x44de8440 r6 = 0xbecca6a4 r7 = 0x42d54de0
r8 = 0x4314e400 r9 = 0x00000000 r10 = 0x4362b800 fp = 0x41dc8d44
sp = 0xbecca4e8 pc = 0x4103e8cf
Found by: call frame info
11 libxul.so!nsDisplayList::PaintRoot(nsDisplayListBuilder*, nsRenderingContext*, unsigned int) const [nsDisplayList.cpp : 1155 + 0xd]
r4 = 0x00000000 r5 = 0xbecca6a4 r6 = 0xbeccaa28 r7 = 0x0000001d
r8 = 0xbecca9f8 r9 = 0x00000000 r10 = 0xbecca998 fp = 0x00000004
sp = 0xbecca648 pc = 0x4103ea5d
Found by: call frame info
12 libxul.so!nsLayoutUtils::PaintFrame(nsRenderingContext*, nsIFrame*, nsRegion const&, unsigned int, unsigned int) [nsLayoutUtils.cpp : 2348 + 0x5]
r4 = 0x4311e298 r5 = 0x00000704 r6 = 0x00000000 r7 = 0xbecca6a4
r8 = 0xbecca9f8 r9 = 0x00000000 r10 = 0xbecca998 fp = 0x00000004
sp = 0xbecca670 pc = 0x41047537
Found by: call frame info
13 libxul.so!PresShell::Paint(nsView*, nsRegion const&, unsigned int) [nsPresShell.cpp : 5898 + 0xd]
r4 = 0x403243e0 r5 = 0x42e40d60 r6 = 0x00000001 r7 = 0x00000001
r8 = 0x4311e298 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00020630
sp = 0xbeccaad8 pc = 0x410114bf
Found by: call frame info
14 libxul.so!nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) [nsViewManager.cpp : 455 + 0x19]
r4 = 0x00000000 r5 = 0x403cd140 r6 = 0x42edfce0 r7 = 0xbeccac40
r8 = 0x431b0430 r9 = 0x410111c1 r10 = 0x42e40d60 fp = 0x00000003
sp = 0xbeccac40 pc = 0x40d9fdc9
Found by: call frame info
15 libxul.so!nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) [nsViewManager.cpp : 396 + 0x7]
r4 = 0x00000000 r5 = 0x403cd140 r6 = 0x00000001 r7 = 0x431b0430
r8 = 0xbeccad70 r9 = 0xbeccae74 r10 = 0x00000000 fp = 0x00000003
sp = 0xbeccac90 pc = 0x40d9fe65
Found by: call frame info
16 libxul.so!nsViewManager::ProcessPendingUpdates() [nsViewManager.cpp : 1087 + 0x9]
r4 = 0x431b0430 r5 = 0x431b0430 r6 = 0xbeccae50 r7 = 0x403d1238
r8 = 0xbeccad70 r9 = 0xbeccae74 r10 = 0x00000000 fp = 0x00000003
sp = 0xbeccacb0 pc = 0x40d9fed9
Found by: call frame info
17 libxul.so!nsRefreshDriver::Tick(long long, mozilla::TimeStamp) [nsRefreshDriver.cpp : 1208 + 0x5]
r4 = 0x403d11e0 r5 = 0x431b0430 r6 = 0xbeccae50 r7 = 0x403d1238
r8 = 0xbeccad70 r9 = 0xbeccae74 r10 = 0x00000000 fp = 0x00000003
sp = 0xbeccacb8 pc = 0x4101429b
Found by: call frame info
18 libxul.so!mozilla::RefreshDriverTimer::TimerTick(nsITimer*, void*) [nsRefreshDriver.cpp : 168 + 0xb]
r4 = 0x00000000 r5 = 0x00002b51 r6 = 0x50d4af0e r7 = 0x00000001
r8 = 0xbeccaf6f r9 = 0x403168ac r10 = 0x00000000 fp = 0x00000000
sp = 0xbeccaec8 pc = 0x41014533
Found by: call frame info
19 libxul.so!nsTimerImpl::Fire() [nsTimerImpl.cpp : 551 + 0x5]
r4 = 0x4361dc70 r5 = 0x410144dd r6 = 0x00000002 r7 = 0x00000001
r8 = 0xbeccaf6f r9 = 0x403168ac r10 = 0x00000000 fp = 0x00000000
sp = 0xbeccaef8 pc = 0x40762797
Found by: call frame info
20 libxul.so!nsTimerEvent::Run() [nsTimerImpl.cpp : 635 + 0x5]
r4 = 0x40316880 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000001
r8 = 0xbeccaf6f r9 = 0x403168ac r10 = 0x00000000 fp = 0x00000000
sp = 0xbeccaf20 pc = 0x40762847
Found by: call frame info
21 libxul.so!nsThread::ProcessNextEvent(bool, bool*) [nsThread.cpp : 612 + 0x5]
r4 = 0x40316880 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000001
r8 = 0xbeccaf6f r9 = 0x403168ac r10 = 0x00000000 fp = 0x00000000
sp = 0xbeccaf28 pc = 0x40760eb5
Found by: call frame info
22 libxul.so!NS_ProcessNextEvent(nsIThread*, bool) [nsThreadUtils.cpp : 263 + 0xb]
r4 = 0x00000000 r5 = 0xbeccb87c r6 = 0x40302ad0 r7 = 0x00000001
r8 = 0xbeccba18 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbeccaf68 pc = 0x40733c41
Found by: call frame info
23 libxul.so!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) [MessagePump.cpp : 85 + 0x7]
r4 = 0x40302ac0 r5 = 0xbeccb87c r6 = 0x40302ad0 r7 = 0x00000001
r8 = 0xbeccba18 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbeccaf78 pc = 0x4088c711
Found by: call frame info
24 libxul.so!mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) [MessagePump.cpp : 250 + 0x7]
r4 = 0xbeccb87c r5 = 0x40302ac0 r6 = 0xbeccb87c r7 = 0x00000001
r8 = 0xbeccba18 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbeccafa0 pc = 0x4088c7df
Found by: call frame info
25 libxul.so!MessageLoop::RunInternal() [message_loop.cc : 222 + 0x5]
r4 = 0xbeccb87c r5 = 0x42ec32e0 r6 = 0x40316880 r7 = 0x00000003
r8 = 0xbeccba18 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbeccafb8 pc = 0x408826b9
Found by: call frame info
26 libxul.so!MessageLoop::Run() [message_loop.cc : 215 + 0x5]
r4 = 0xbeccb87c r5 = 0x42ec32e0 r6 = 0x40316880 r7 = 0x00000003
r8 = 0xbeccba18 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbeccafc0 pc = 0x40882737
Found by: call frame info
27 libxul.so!nsBaseAppShell::Run() [nsBaseAppShell.cpp : 161 + 0x7]
r4 = 0x00000000 r5 = 0x42ec32e0 r6 = 0x40316880 r7 = 0x00000003
r8 = 0xbeccba18 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbeccafd8 pc = 0x40c46505
Found by: call frame info
28 libxul.so!XRE_RunAppShell [nsEmbedFunctions.cpp : 679 + 0x5]
r4 = 0x80004005 r5 = 0x40302ac0 r6 = 0x4033e800 r7 = 0x00000003
r8 = 0xbeccba18 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbeccafe8 pc = 0x41254f3b
Found by: call frame info
29 libxul.so!mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) [MessagePump.cpp : 217 + 0x3]
r4 = 0xbeccb87c r5 = 0x40302ac0 r6 = 0x4033e800 r7 = 0x00000003
r8 = 0xbeccba18 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbeccaff8 pc = 0x4088c7ad
Found by: call frame info
30 libxul.so!MessageLoop::RunInternal() [message_loop.cc : 222 + 0x5]
r4 = 0xbeccb87c r5 = 0xbeccb98c r6 = 0x4033e800 r7 = 0x00000003
r8 = 0xbeccba18 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbeccb010 pc = 0x408826b9
Found by: call frame info
31 libxul.so!MessageLoop::Run() [message_loop.cc : 215 + 0x5]
r4 = 0xbeccb87c r5 = 0xbeccb98c r6 = 0x4033e800 r7 = 0x00000003
r8 = 0xbeccba18 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbeccb018 pc = 0x40882737
Found by: call frame info
32 libxul.so!XRE_InitChildProcess [nsEmbedFunctions.cpp : 516 + 0x9]
r4 = 0xbeccb998 r5 = 0xbeccb98c r6 = 0x4033e800 r7 = 0x00000003
r8 = 0xbeccba18 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbeccb030 pc = 0x412553a9
Found by: call frame info
33 plugin-container!main [MozillaRuntimeMain.cpp : 137 + 0x5]
r4 = 0x00000001 r5 = 0xbeccba14 r6 = 0x00000008 r7 = 0x000087f3
r8 = 0x00000009 r9 = 0xbeccba34 r10 = 0x00000000 fp = 0x00000000
sp = 0xbeccb9d8 pc = 0x00008751
Found by: call frame info
34 libc.so!__libc_init [libc_init_dynamic.c : 114 + 0x7]
r4 = 0x00008674 r5 = 0xbeccba14 r6 = 0x00000009 r7 = 0xbeccba3c
r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbeccb9f8 pc = 0x40032a57
Found by: call frame info
35 0xb0001dc5
r4 = 0x00000000 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000000
r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000
sp = 0xbeccba10 pc = 0xb0001dc7
Found by: call frame info
blocking-b2g: --- → 1.3T?
Flags: needinfo?(ttsai)
Flags: needinfo?(styang)
|
||
Comment 2•10 years ago
|
||
lets not block on this before we have clear path of actions
blocking-b2g: 1.3T? → -
|
||
Comment 3•10 years ago
|
||
Hi Alan, please help on this. thanks!
Flags: needinfo?(styang) → needinfo?(ahuang)
|
||
Comment 4•10 years ago
|
||
We still meet this crash today.
Isn't this a dup of bug 970007?
|
||
Comment 6•10 years ago
|
||
Again we saw out of memory in this case. This crash happens when new an uint8_t array. I will set this blocked by 992760.
Depends on: 992760
Flags: needinfo?(ahuang)
|
||
Updated•10 years ago
|
Flags: needinfo?(ttsai)
|
||
Updated•10 years ago
|
Summary: [tarako] mokey test crash at libc.so + 0xdd84 → [tarako] monkey test crash at libc.so + 0xdd84 | BufferUnrotate
|
||
Comment 7•10 years ago
|
||
This should have been fixed
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•