Closed
Bug 1206786
Opened 9 years ago
Closed 9 years ago
Crash on menu item long touch
Categories
(B2GDroid Graveyard :: General, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: sgiles, Assigned: sgiles)
Details
Attachments
(1 file, 1 obsolete file)
To reproduce: 1. Launch B2G Droid 2. Open the settings app 3. Touch down the 'Wi-Fi' menu item and hold - after about a second, the app crashes. Output from GDB at crash: ` Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 20426] 0x8236634e in mozilla::layers::APZThreadUtils::AssertOnControllerThread () at ~/code/mozilla/mozilla-central/gfx/layers/apz/util/APZThreadUtils.cpp:44 44 MOZ_ASSERT(sControllerThread == MessageLoop::current()); `
Note: this is with a build using `ac_add_options --enable-android-apz`
0x82a88eb8 in mozilla::layers::APZThreadUtils::AssertOnControllerThread () at /Users/sam/code/mozilla/mozilla-central/gfx/layers/apz/util/APZThreadUtils.cpp:47
47 MOZ_ASSERT(sControllerThread == MessageLoop::current());
(gdb) bt
#0 0x82a88eb8 in mozilla::layers::APZThreadUtils::AssertOnControllerThread () at /Users/sam/code/mozilla/mozilla-central/gfx/layers/apz/util/APZThreadUtils.cpp:47
#1 0x82a8446a in mozilla::layers::AsyncPanZoomController::HandleGestureEvent (this=0x9b491900, aEvent=...)
at /Users/sam/code/mozilla/mozilla-central/gfx/layers/apz/src/AsyncPanZoomController.cpp:1039
#2 0x82a84792 in mozilla::layers::GestureEventListener::HandleInputTimeoutLongTap (this=0x966c2540)
at /Users/sam/code/mozilla/mozilla-central/gfx/layers/apz/src/GestureEventListener.cpp:421
#3 0x826c78b0 in MessageLoop::RunTask (this=0x76683000, task=0x95abb580) at /Users/sam/code/mozilla/mozilla-central/ipc/chromium/src/base/message_loop.cc:364
#4 0x826caafe in MessageLoop::DeferOrRunPendingTask (this=this@entry=0x76683000, pending_task=...)
at /Users/sam/code/mozilla/mozilla-central/ipc/chromium/src/base/message_loop.cc:372
#5 0x826caeb2 in MessageLoop::DoDelayedWork (this=0x76683000, next_delayed_work_time=0x7660c588)
at /Users/sam/code/mozilla/mozilla-central/ipc/chromium/src/base/message_loop.cc:486
#6 0x826e11f2 in mozilla::ipc::MessagePump::Run (this=0x7660c578, aDelegate=0x76683000) at /Users/sam/code/mozilla/mozilla-central/ipc/glue/MessagePump.cpp:104
#7 0x826c84e8 in MessageLoop::RunInternal (this=this@entry=0x76683000) at /Users/sam/code/mozilla/mozilla-central/ipc/chromium/src/base/message_loop.cc:234
#8 0x826c8502 in RunHandler (this=0x76683000) at /Users/sam/code/mozilla/mozilla-central/ipc/chromium/src/base/message_loop.cc:227
#9 MessageLoop::Run (this=0x76683000) at /Users/sam/code/mozilla/mozilla-central/ipc/chromium/src/base/message_loop.cc:201
#10 0x834cc33a in nsBaseAppShell::Run (this=0x766f0700) at /Users/sam/code/mozilla/mozilla-central/widget/nsBaseAppShell.cpp:156
#11 0x8399c868 in nsAppStartup::Run (this=0x8b6784e0) at /Users/sam/code/mozilla/mozilla-central/toolkit/components/startup/nsAppStartup.cpp:281
#12 0x839cfc54 in XREMain::XRE_mainRun (this=this@entry=0x763cd980) at /Users/sam/code/mozilla/mozilla-central/toolkit/xre/nsAppRunner.cpp:4296
#13 0x839d0094 in XREMain::XRE_main (this=this@entry=0x763cd980, argc=argc@entry=5, argv=argv@entry=0x7663d308, aAppData=aAppData@entry=0x7182fdd8 <sAppData>)
at /Users/sam/code/mozilla/mozilla-central/toolkit/xre/nsAppRunner.cpp:4389
#14 0x839d02a2 in XRE_main (argc=5, argv=0x7663d308, aAppData=0x7182fdd8 <sAppData>, aFlags=<optimized out>)
at /Users/sam/code/mozilla/mozilla-central/toolkit/xre/nsAppRunner.cpp:4491
#15 0x839d4fbe in GeckoStart (env=<optimized out>, data=<optimized out>, appData=0x7182fdd8 <sAppData>)
at /Users/sam/code/mozilla/mozilla-central/toolkit/xre/nsAndroidStartup.cpp:51
#16 0x718038f4 in Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun (jenv=0x7171f5a8, jc=<optimized out>, jargs=0x21300005)
at /Users/sam/code/mozilla/mozilla-central/mozglue/android/APKOpen.cpp:390
#17 0x415113d0 in dvmPlatformInvoke () from /Users/sam/code/c/jimdb-arm/lib/YT9112BGXD/system/lib/libdvm.so
#18 0x41542052 in dvmCallJNIMethod(unsigned int const*, JValue*, Method const*, Thread*) () from /Users/sam/code/c/jimdb-arm/lib/YT9112BGXD/system/lib/libdvm.so
#19 0x41543a3a in dvmResolveNativeMethod(unsigned int const*, JValue*, Method const*, Thread*) () from /Users/sam/code/c/jimdb-arm/lib/YT9112BGXD/system/lib/libdvm.so
#20 0x4151a864 in dvmJitToInterpNoChain () from /Users/sam/code/c/jimdb-arm/lib/YT9112BGXD/system/lib/libdvm.so
#21 0x4151a864 in dvmJitToInterpNoChain () from /Users/sam/code/c/jimdb-arm/lib/YT9112BGXD/system/lib/libdvm.so
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
NOTE: Even if we change the assertion to assert `AndroidBridge::IsJavaUiThread()` this fails in exactly the same way.
I think this has something to do with the GestureHandler and where it posts the timeout tasks too?
|
||
Comment 4•9 years ago
|
||
sgiles asked me about this on IRC. It looks like the PostDelayedTask call at http://mxr.mozilla.org/mozilla-central/source/gfx/layers/apz/src/GestureEventListener.cpp?rev=91d6e262b662#478 is getting scheduled on the wrong thread. On B2GDroid with --enable-android-apz I would expect that it ends up invoking http://mxr.mozilla.org/mozilla-central/source/widget/android/AndroidContentController.cpp#50 but according to sgiles it's not hitting that.
Flags: needinfo?(bugmail.mozilla)
Attachment #8665600 -
Flags: review?(bugmail.mozilla)
|
|
||
Updated•9 years ago
|
Attachment #8665600 -
Flags: review?(bugmail.mozilla) → review+
Adds r= to comment. (Previous patch r+'d)
Attachment #8665600 -
Attachment is obsolete: true
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/6c56d2155392
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•