I spent whole day debugging this problem ... It might causes emulator crash in some cases. Think about: 1. Have 1 incoming call 2. Have 1 outgoing call. Then, in emulator - modem->calls[0]: incoming call - modem->calls[1]: outgoing call, call->timer is set 3. disconnect incoming call. In amodem_free_call, we perform the memmove() that lead to the following changes - modem->calls[0]: outgoing call, call->timer is set - modem->calls[1]: outgoing call, call->timer is set - modem->call_count = 1 4. have another incoming call - modem->calls[0]: outgoing call, call->timer is set - modem->calls[1]: incoming call, call->timer is set because it contains the previous value!! Note that modem->calls[0]->timer == modem->calls[1]->timer 5. disconnect calls[1] and calls[0] sys_timer_destroy() will be called for same timer address twice!! Timer resource is implemented by a linked list of free timer. When we free the timer, it is prepend to the list. timer->next = _s_free_timers; So, if timer and _s_free_timers is point to the same position, it introduces a self loop. Next time, when we allocate the timer. sys_timer_alloc( void ) { SysTimer timer = _s_free_timers; if (timer != NULL) { _s_free_timers = timer->next; timer->next = NULL; timer->timer = NULL; } return timer; } timer->next will set the remaining list to empty. In the end, we lack enough timer resource next time and it cause the crash.

Comment on attachment 8530206 [details] [platform_external_qemu] PR 121 Thank you for spending time on debugging this. :)

try with emulator update https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=60f69a8cde9c

check-in needed for kk branch => (kk) [platform_external_qemu] PR 125

b2g-kitkat: https://github.com/mozilla-b2g/platform_external_qemu/commit/a510f2d2d579e76421b0c84cd225c249b2da6f8a