[nested-oop] Process crashes when sending touch event to nested-oop iframe

RESOLVED DUPLICATE of bug 1020199

Status

()

RESOLVED DUPLICATE of bug 1020199
4 years ago
4 years ago

People

(Reporter: kershaw, Unassigned)

Tracking

(Blocks: 1 bug)

Trunk
ARM
Gonk (Firefox OS)
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
STR:
1. Apply gecko patch [1] to enable nested-oop
2. Apply gaia patch [2] to create a nested-oop test app (oop test) that opens uitest app in nested-oop iframe
3. Open oot test app and launch uitest app
4. Touch any part of uitest, and the oop test app crashed.

Stack trace of oop test app:
Program received signal SIGSEGV, Segmentation fault.
mozilla::BlockingResourceBase::CheckAcquire (this=0x0)
    at /home/kershaw/work/B2G_flame/gecko/xpcom/glue/BlockingResourceBase.cpp:271
271   if (mType == eCondVar) {
(gdb) bt
#0  mozilla::BlockingResourceBase::CheckAcquire (this=0x0)
    at /home/kershaw/work/B2G_flame/gecko/xpcom/glue/BlockingResourceBase.cpp:271
#1  0xb479d7f0 in mozilla::OffTheBooksMutex::Lock (this=0x0)
    at /home/kershaw/work/B2G_flame/gecko/xpcom/glue/BlockingResourceBase.cpp:381
#2  0xb4c82746 in MonitorAutoLock (aMonitor=<optimized out>, this=0xbe834374) at ../../dist/include/mozilla/Monitor.h:78
#3  mozilla::layers::CompositorParent::GetIndirectShadowTree (aId=7) at ../../../gecko/gfx/layers/ipc/CompositorParent.cpp:1571
#4  0xb4c8281a in mozilla::layers::CompositorParent::GetAPZCTreeManager (aLayersId=<optimized out>)
    at ../../../gecko/gfx/layers/ipc/CompositorParent.cpp:1348
#5  0xb5822e22 in mozilla::layout::RenderFrameParent::GetApzcTreeManager (this=0xb1bfcf80)
    at ../../../gecko/layout/ipc/RenderFrameParent.cpp:333
#6  0xb5822eee in mozilla::layout::RenderFrameParent::NotifyInputEvent (this=0xb1bfcf80, aEvent=..., aOutTargetGuid=0x0,
    aOutInputBlockId=0x0) at ../../../gecko/layout/ipc/RenderFrameParent.cpp:424
#7  0xb5488eda in MaybeForwardEventToRenderFrame (aOutInputBlockId=0x0, aOutTargetGuid=0x0, aEvent=..., this=<optimized out>)
    at ../../../gecko/dom/ipc/TabParent.cpp:2325
#8  mozilla::dom::TabParent::MaybeForwardEventToRenderFrame (this=<optimized out>, aEvent=..., aOutTargetGuid=0x0,
    aOutInputBlockId=0x0) at ../../../gecko/dom/ipc/TabParent.cpp:2297
#9  0xb548a774 in mozilla::dom::TabParent::SendRealMouseEvent (this=0xb2dca0b0, event=...)
    at ../../../gecko/dom/ipc/TabParent.cpp:1082
#10 0xb51f261e in HandleCrossProcessEvent (aStatus=0xbe834750, aEvent=0xbe834808, this=0xb239bdf0)
    at ../../../gecko/dom/events/EventStateManager.cpp:1272
#11 mozilla::EventStateManager::HandleCrossProcessEvent (this=0xb239bdf0, aEvent=0xbe834808, aStatus=0xbe834750)
    at ../../../gecko/dom/events/EventStateManager.cpp:1195
#12 0xb51f5d38 in mozilla::EventStateManager::PostHandleEvent (this=0xb239bdf0, aPresContext=0xb3959800, aEvent=0xbe834808,
    aTargetFrame=0xb1714258, aStatus=0xbe834750) at ../../../gecko/dom/events/EventStateManager.cpp:2748
#13 0xb5738728 in PresShell::HandleEventInternal (this=0xb2d85500, aEvent=0xbe834808, aStatus=0xbe834750)
    at ../../../gecko/layout/base/nsPresShell.cpp:8255
#14 0xb5738930 in PresShell::HandlePositionedEvent (this=0xb2d85500, aTargetFrame=<optimized out>, aEvent=0xbe834808,
    aEventStatus=0xbe834750) at ../../../gecko/layout/base/nsPresShell.cpp:7949
#15 0xb573952a in PresShell::HandleEvent (this=0xb2d85500, aFrame=<optimized out>, aEvent=0xbe834808,
DontRetargetEvents=<optimized out>, aEventStatus=0xbe834750) at ../../../gecko/layout/base/nsPresShell.cpp:7749
#16 0xb55a04cc in nsViewManager::DispatchEvent (this=<optimized out>, aEvent=0xbe834808, aView=<optimized out>, aStatus=0xbe834750)
    at ../../gecko/view/nsViewManager.cpp:774
#17 0xb559e108 in nsView::HandleEvent (this=<optimized out>, aEvent=0xbe834808, aUseAttachedEvents=<optimized out>)
    at ../../gecko/view/nsView.cpp:1097
#18 0xb55a6880 in mozilla::widget::PuppetWidget::DispatchEvent (this=0xb23faf00, event=0xbe834808, aStatus=@0xbe8347f4)
    at ../../gecko/widget/PuppetWidget.cpp:332
#19 0xb547558c in DispatchWidgetEvent (event=..., this=<optimized out>) at ../../../gecko/dom/ipc/TabChild.cpp:641
#20 mozilla::dom::TabChildBase::DispatchWidgetEvent (this=<optimized out>, event=...) at ../../../gecko/dom/ipc/TabChild.cpp:630
#21 0xb5479e26 in mozilla::dom::TabChildBase::DispatchSynthesizedMouseEvent (this=0xb2368400, aMsg=300, aTime=<optimized out>,
---Type <return> to continue, or q <return> to quit---
    aRefPoint=..., aWidget=0xb23faf00) at ../../../gecko/dom/ipc/TabChild.cpp:626
#22 0xb5479e66 in mozilla::dom::TabChild::FireSingleTapEvent (this=0xb2368400, aPoint=...)
    at ../../../gecko/dom/ipc/TabChild.cpp:2181
#23 0xb5481efa in RecvHandleSingleTap (aGuid=..., aPoint=..., this=0xb2368400) at ../../../gecko/dom/ipc/TabChild.cpp:2153
#24 mozilla::dom::TabChild::RecvHandleSingleTap (this=0xb2368400, aPoint=..., aGuid=...)
    at ../../../gecko/dom/ipc/TabChild.cpp:2132
#25 0xb499f4b4 in mozilla::dom::PBrowserChild::OnMessageReceived (this=0xb2368540, __msg=...) at PBrowserChild.cpp:2355
#26 0xb49e5bd6 in mozilla::dom::PContentChild::OnMessageReceived (this=0xb3955c18, __msg=...) at PContentChild.cpp:4794
#27 0xb494f2a0 in mozilla::ipc::MessageChannel::DispatchAsyncMessage (this=0xb3955c48, aMsg=...)
    at ../../../gecko/ipc/glue/MessageChannel.cpp:1231
#28 0xb495485a in mozilla::ipc::MessageChannel::DispatchMessage (this=0xb3955c48, aMsg=...)
    at ../../../gecko/ipc/glue/MessageChannel.cpp:1158
#29 0xb49592ce in mozilla::ipc::MessageChannel::OnMaybeDequeueOne (this=0xb3955c48)
    at ../../../gecko/ipc/glue/MessageChannel.cpp:1142
#30 0xb475239c in DispatchToMethod<FdWatcher, void (FdWatcher::*)()> (method=
    (void (FdWatcher::*)(FdWatcher * const)) 0xb4959239 <mozilla::ipc::MessageChannel::OnMaybeDequeueOne()>, obj=<optimized out>,
    arg=<optimized out>) at ../../../gecko/ipc/chromium/src/base/tuple.h:383
#31 RunnableMethod<FdWatcher, void (FdWatcher::*)(), Tuple0>::Run (this=<optimized out>)
    at ../../../gecko/ipc/chromium/src/base/task.h:307
#32 0xb49502c2 in Run (this=<optimized out>) at ../../dist/include/mozilla/ipc/MessageChannel.h:437
#33 mozilla::ipc::MessageChannel::DequeueTask::Run (this=<optimized out>) at ../../dist/include/mozilla/ipc/MessageChannel.h:454
(Reporter)

Updated

4 years ago
Blocks: 1020135
(Reporter)

Comment 1

4 years ago
Hi kats,

Looking into the stack trace about CompositorParent.cpp above, I think maybe this bug is related to you.
Could you please take a look or redirect to the correct one?

Thanks.
Flags: needinfo?(bugmail.mozilla)
The APZ code doesn't support nested oop frames yet. Bug 1020199 is on file for adding this support.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Flags: needinfo?(bugmail.mozilla)
Resolution: --- → DUPLICATE
Duplicate of bug: 1020199
(Reporter)

Comment 3

4 years ago
Hi kats,

Does it mean that I have to disable APZ if I want to test nested oop frame?
I've tried to set layers.async-pan-zoom.enabled to false, but the whole touch function is not working. I can't even unlock the screen. Am I doing correct to disable APZ? Is there anything I missed?
Besides disabling APZ, do we have another workaround to make touch work in nested oop frame?

Thanks.
Flags: needinfo?(bugmail.mozilla)
(Reporter)

Comment 4

4 years ago
I found the root cause is that sIndirectLayerTreesLock is not initialized before using it in CompositorParent::GetIndirectShadowTree. 
I think we have to let static functions in CompositorParent can be still used in ContentProcess. What do you think?
(In reply to Kershaw Chang [:kershaw] from comment #3)
> Hi kats,
> 
> Does it mean that I have to disable APZ if I want to test nested oop frame?
> I've tried to set layers.async-pan-zoom.enabled to false, but the whole
> touch function is not working. I can't even unlock the screen. Am I doing
> correct to disable APZ? Is there anything I missed?

I think that should be everything; this sounds like a bug that I can look into.

> Besides disabling APZ, do we have another workaround to make touch work in
> nested oop frame?

Not that I'm aware of. As far as i know nested oop frames have never worked with APZ enabled because we never did the work to finish that up.

(In reply to Kershaw Chang [:kershaw] from comment #4)
> I found the root cause is that sIndirectLayerTreesLock is not initialized
> before using it in CompositorParent::GetIndirectShadowTree. 
> I think we have to let static functions in CompositorParent can be still
> used in ContentProcess. What do you think?

I disagree that this is the root cause. If you try to use nested oop frames with APZ enabled, there is still only one APZCTreeManager, and that lives in the root process. Nobody should be calling GetIndirectShadowTree in a child or grandchild process but that is what is happening here.
Flags: needinfo?(bugmail.mozilla)
(In reply to Kartikaya Gupta (email:kats@mozilla.com) from comment #5)
> (In reply to Kershaw Chang [:kershaw] from comment #3)
> > Hi kats,
> > 
> > Does it mean that I have to disable APZ if I want to test nested oop frame?
> > I've tried to set layers.async-pan-zoom.enabled to false, but the whole
> > touch function is not working. I can't even unlock the screen. Am I doing
> > correct to disable APZ? Is there anything I missed?
> 
> I think that should be everything; this sounds like a bug that I can look
> into.

Oh, it turns out this is expected now, as of bug 920036 all inputs need to go through the APZC. If you really need to be able to disable APZC I can probably write a patch to let you do that. Please file a new bug if that is the case.
You need to log in before you can comment on or make changes to this bug.