Closed
Bug 1148641
Opened 9 years ago
Closed 9 years ago
shutdown crash in APZCCallbackHelper::SendSetTargetAPZCNotification(nsIWidget*, nsIDocument*, mozilla::WidgetGUIEvent const&, mozilla::layers::ScrollableLayerGuid const&, unsigned long long, nsRefPtr<mozilla::layers::SetTargetAPZCCallback> const&)
Categories
(Core :: Panning and Zooming, defect)
Tracking
()
People
(Reporter: nhirata, Assigned: kats)
References
Details
(Keywords: crash, Whiteboard: [caf-crash 610][caf priority: p1][CR 820822][b2g-crash][gfx-noted])
Crash Data
Attachments
(3 files)
|
1.39 KB,
patch
|
botond
:
review+
bajaj
:
approval-mozilla-b2g37+
|
Details | Diff | Splinter Review |
|
143.83 KB,
text/plain
|
Details | |
|
388.60 KB,
text/plain
|
Details |
This bug was filed from the Socorro interface and is report bp-5a1dbead-0c57-4be4-978a-98f0a2150327. ============================================================= Frame Module Signature Source 0 libxul.so mozilla::layers::APZCCallbackHelper::SendSetTargetAPZCNotification(nsIWidget*, nsIDocument*, mozilla::WidgetGUIEvent const&, mozilla::layers::ScrollableLayerGuid const&, unsigned long long, nsRefPtr<mozilla::layers::SetTargetAPZCCallback> const&) /builds/slave/b2g_m-b37_22_flm-kk_ntly-00000/build/objdir-gecko/dist/include/nsIDocument.h:631 1 libxul.so nsBaseWidget::DispatchEventForAPZ(mozilla::WidgetGUIEvent*, mozilla::layers::ScrollableLayerGuid const&, unsigned long long) widget/nsBaseWidget.cpp 2 libxul.so nsWindow::DispatchTouchEventForAPZ(mozilla::MultiTouchInput const&, mozilla::layers::ScrollableLayerGuid const&, unsigned long long) widget/gonk/nsWindow.cpp 3 libxul.so DispatchTouchInputOnMainThread::Run() widget/gonk/nsWindow.cpp 4 libxul.so nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp 5 libxul.so NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp 6 libxul.so mozilla::dom::indexedDB::::QuotaClient::ShutdownTransactionService dom/indexedDB/ActorsParent.cpp 7 libxul.so mozilla::dom::quota::QuotaManager::Observe(nsISupports*, char const*, char16_t const*) dom/quota/QuotaManager.cpp 8 libxul.so nsObserverList::NotifyObservers(nsISupports*, char const*, char16_t const*) xpcom/ds/nsObserverList.cpp 9 libxul.so nsObserverService::NotifyObservers(nsISupports*, char const*, char16_t const*) xpcom/ds/nsObserverService.cpp 10 libxul.so mozilla::dom::power::PowerManagerService::SyncProfile() dom/power/PowerManagerService.cpp 11 libxul.so mozilla::dom::power::PowerManagerService::Reboot() dom/power/PowerManagerService.cpp 12 libxul.so mozilla::dom::PowerManager::Reboot(mozilla::ErrorResult&) dom/power/PowerManager.cpp 13 libxul.so mozilla::dom::MozPowerManagerBinding::reboot /builds/slave/b2g_m-b37_22_flm-kk_ntly-00000/build/objdir-gecko/dom/bindings/MozPowerManagerBinding.cpp:62 14 libxul.so mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*) dom/bindings/BindingUtils.cpp 15 libxul.so js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/jscntxtinlines.h 16 libxul.so Interpret js/src/vm/Interpreter.cpp 17 libxul.so js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp 18 libxul.so js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) js/src/vm/Interpreter.cpp 19 libxul.so js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp 20 libxul.so JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) js/src/jsapi.cpp 21 libxul.so mozilla::dom::EventListener::HandleEvent(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, mozilla::ErrorResult&) /builds/slave/b2g_m-b37_22_flm-kk_ntly-00000/build/objdir-gecko/dom/bindings/EventListenerBinding.cpp:47 22 libxul.so void mozilla::dom::EventListener::HandleEvent<mozilla::dom::EventTarget*>(mozilla::dom::EventTarget* const&, mozilla::dom::Event&, mozilla::ErrorResult&, mozilla::dom::CallbackObject::ExceptionHandling) /builds/slave/b2g_m-b37_22_flm-kk_ntly-00000/build/objdir-gecko/dist/include/mozilla/dom/EventListenerBinding.h:54 23 libxul.so mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, nsIDOMEvent*, mozilla::dom::EventTarget*) dom/events/EventListenerManager.cpp 24 libxul.so mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent**, mozilla::dom::EventTarget*, nsEventStatus*) dom/events/EventListenerManager.cpp 25 libxul.so mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) /builds/slave/b2g_m-b37_22_flm-kk_ntly-00000/build/objdir-gecko/dist/include/mozilla/EventListenerManager.h:330 26 libxul.so mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) dom/events/EventDispatcher.cpp 27 libxul.so mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) dom/events/EventDispatcher.cpp 28 libxul.so nsAnimationManager::DoDispatchEvents() layout/style/nsAnimationManager.cpp 29 libxul.so nsRefreshDriver::Tick(long long, mozilla::TimeStamp) layout/base/nsRefreshDriver.cpp 30 libxul.so mozilla::RefreshDriverTimer::Tick(long long, mozilla::TimeStamp) layout/base/nsRefreshDriver.cpp 31 libxul.so mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::TimeStamp) layout/base/nsRefreshDriver.cpp 32 libxul.so nsRunnableMethodImpl<bool (mozilla::MediaCodecReader::*)(long long), long long, true>::Run() /builds/slave/b2g_m-b37_22_flm-kk_ntly-00000/build/objdir-gecko/dist/include/nsThreadUtils.h:361 33 libxul.so nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp 34 libxul.so NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp 35 libxul.so mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 36 libxul.so MessageLoop::RunInternal() ipc/chromium/src/base/message_loop.cc 37 libxul.so MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 38 libxul.so nsBaseAppShell::Run() widget/nsBaseAppShell.cpp 39 libxul.so nsAppStartup::Run() toolkit/components/startup/nsAppStartup.cpp 40 libxul.so XREMain::XRE_mainRun() toolkit/xre/nsAppRunner.cpp 41 libxul.so XREMain::XRE_main(int, char**, nsXREAppData const*) toolkit/xre/nsAppRunner.cpp 42 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp 43 b2g do_main b2g/app/nsBrowserApp.cpp 44 b2g b2g_main(int, char const**) b2g/app/nsBrowserApp.cpp 45 b2g main b2g/app/B2GLoader.cpp 46 libc.so __libc_init /builds/slave/b2g_m-cen_flm-kk_ntly-00000000/build/bionic/libc/bionic/libc_init_dynamic.cpp:112 47 b2g b2g@0x941a 48 linker set_soinfo_pool_protection /builds/slave/b2g_m-cen_flm-kk_ntly-00000000/build/bionic/linker/linker.cpp:291 49 @0xbead1d94 More Reports: https://crash-stats.mozilla.com/report/list?product=B2G&signature=mozilla%3A%3Alayers%3A%3AAPZCCallbackHelper%3A%3ASendSetTargetAPZCNotification%28nsIWidget*%2C+nsIDocument*%2C+mozilla%3A%3AWidgetGUIEvent+const%26%2C+mozilla%3A%3Alayers%3A%3AScrollableLayerGuid+const%26%2C+unsigned+long+long%2C+nsRefPtr%3Cmozilla%3A%3Alayers%3A%3ASetTargetAPZCCallback%3E+const%26%29#tab-reports Occurs in 37, 39.0a1; last crash 20150325002503
|
Reporter | |
Updated•9 years ago
|
Whiteboard: [b2g-crash]
|
|
Reporter | |
Updated•9 years ago
|
status-b2g-v2.2:
--- → affected
status-b2g-master:
--- → affected
|
||
Updated•9 years ago
|
Component: Graphics: Layers → Panning and Zooming
|
|
||
Comment 1•9 years ago
|
||
This looks like a shutdown crash
Depends on: 524410
Summary: crash in mozilla::layers::APZCCallbackHelper::SendSetTargetAPZCNotification(nsIWidget*, nsIDocument*, mozilla::WidgetGUIEvent const&, mozilla::layers::ScrollableLayerGuid const&, unsigned long long, nsRefPtr<mozilla::layers::SetTargetAPZCCallback> const&) → shutdown crash in APZCCallbackHelper::SendSetTargetAPZCNotification(nsIWidget*, nsIDocument*, mozilla::WidgetGUIEvent const&, mozilla::layers::ScrollableLayerGuid const&, unsigned long long, nsRefPtr<mozilla::layers::SetTargetAPZCCallback> const&)
Whiteboard: [b2g-crash] → [b2g-crash][gfx-noted]
|
||
Comment 2•9 years ago
|
||
It looks like APZCCallbackHelper::SendSetTargetAPZCNotification assumes its aDocument parameter is not null, but nsBaseWidget can pass in a null document. Perhaps this can happen during shutdown.
|
Assignee | |
Comment 3•9 years ago
|
||
Assignee: nobody → bugmail.mozilla
Attachment #8586814 -
Flags: review?(botond)
|
|
||
Updated•9 years ago
|
Attachment #8586814 -
Flags: review?(botond) → review+
|
|
Assignee | |
Comment 4•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/600015044b60
|
||
Comment 5•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/600015044b60
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox40:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla40
|
||
Comment 8•9 years ago
|
||
Comment on attachment 8586814 [details] [diff] [review] Null check Seen on v2.2 stability testing
Attachment #8586814 -
Flags: approval-mozilla-b2g37?
|
||
Updated•9 years ago
|
Whiteboard: [b2g-crash][gfx-noted] → [CR 820822][b2g-crash][gfx-noted]
|
|
||
Updated•9 years ago
|
Whiteboard: [CR 820822][b2g-crash][gfx-noted] → [caf priority: p1][CR 820822][b2g-crash][gfx-noted]
|
|
||
Updated•9 years ago
|
Whiteboard: [caf priority: p1][CR 820822][b2g-crash][gfx-noted] → [caf-crash 610][caf priority: p1][CR 820822][b2g-crash][gfx-noted]
|
|
||
Comment 9•9 years ago
|
||
Observed on: Device: msm8909 Gonk Version: AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.127 Moz BuildID: 20150409002503 Manifest: https://www.codeaurora.org/cgit/quic/lf/b2g/manifest/tree/caf_AU_LINUX_GECKO_LF.BR.1.2.3.00.00.00.000.127.xml?h=release Gecko Version: 37.0 Gaia: http://git.mozilla.org/?p=releases/gaia.git;a=commit;h=ea735c21bfb0d78333213ff0376fce1eac89ead6 Gecko: http://git.mozilla.org/?p=releases/gecko.git;a=commit;h=ac12d858a58574b2db482b5eed61750a3e210040 Patches: bug 1150923, bug 1152095, bug 1150924, bug 1133147, bug 1150271, bug 1150916, bug 1152361
|
|
||
Comment 10•9 years ago
|
||
|
|
||
Comment 11•9 years ago
|
||
|
||
Updated•9 years ago
|
blocking-b2g: 2.2? → 2.2+
|
|
||
Updated•9 years ago
|
Attachment #8586814 -
Flags: approval-mozilla-b2g37? → approval-mozilla-b2g37+
|
|
||
Comment 12•9 years ago
|
||
https://hg.mozilla.org/releases/mozilla-b2g37_v2_2/rev/98e34ab531a2
status-firefox38:
--- → wontfix
status-firefox39:
--- → wontfix
You need to log in
before you can comment on or make changes to this bug.
Description
•