Closed Bug 733896 Opened 12 years ago Closed 12 years ago

Dalvik abort at startup on maple

Categories

(Firefox for Android Graveyard :: General, defect)

Product:
Firefox for Android Graveyard
Component:
General
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: ehsan.akhgari, Assigned: kats)

References

Details

(Whiteboard: MAPLE)

Attachments

(1 file)

Back out the unused event callback stuff
7.87 KB, patch
ehsan.akhgari
: review+
Details | Diff | Splinter Review 
Here's my story.  I built ICS from source for my Galaxy Nexus device.  And now maple builds crash for me at startup:

#0  dvmAbort () at dalvik/vm/Init.cpp:1855
#1  0x4083b4fa in abortMaybe () at dalvik/vm/CheckJni.cpp:38
#2  0x4083be3c in checkObject (jobj=<optimized out>, this=<optimized out>) at dalvik/vm/CheckJni.cpp:806
#3  ScopedCheck::check (this=0x5b77f48c, entry=<optimized out>, fmt0=0x4088b0cc "EL") at dalvik/vm/CheckJni.cpp:675
#4  0x4083e3d0 in Check_DeleteGlobalRef (env=0x178b890, globalRef=0x416dbab0) at dalvik/vm/CheckJni.cpp:1427
#5  0x7297f990 in DeleteGlobalRef (globalRef=<optimized out>, this=<optimized out>)
    at /home/ehsan/android-ndk-r5c/platforms/android-5/arch-arm/usr/include/jni.h:551
#6  mozilla::AndroidGeckoEvent::~AndroidGeckoEvent (this=0x649338a0, __in_chrg=<optimized out>)
    at /home/ehsan/moz/maple/widget/android/AndroidJavaWrappers.cpp:494
#7  0x7297e0b4 in nsAutoPtr<mozilla::AndroidGeckoEvent>::~nsAutoPtr (this=0x5b77f5a0, __in_chrg=<optimized out>)
    at ../../dist/include/nsAutoPtr.h:105
#8  0x7297dcf8 in nsAppShell::ProcessNextNativeEvent (this=0x72a98461, mayWait=160)
    at /home/ehsan/moz/maple/widget/android/nsAppShell.cpp:537
#9  0x7298acf4 in nsBaseAppShell::DoProcessNextNativeEvent (this=0x0, mayWait=72)
    at /home/ehsan/moz/maple/widget/xpwidgets/nsBaseAppShell.cpp:171
#10 0x7298aeda in nsBaseAppShell::OnProcessNextEvent (this=0x5c928350, thr=0x5c9250f0, mayWait=false, recursionDepth=<optimized out>)
    at /home/ehsan/moz/maple/widget/xpwidgets/nsBaseAppShell.cpp:312
#11 0x72ab0902 in nsThread::ProcessNextEvent (this=0x5c9250f0, mayWait=false, result=0x5b77f65f)
    at /home/ehsan/moz/maple/xpcom/threads/nsThread.cpp:619
#12 0x72a8bf94 in NS_ProcessNextEvent_P (thread=0x0, mayWait=false)
    at /home/ehsan/moz/maple/objdir-android/xpcom/build/nsThreadUtils.cpp:245
#13 0x72a0ce20 in mozilla::ipc::MessagePump::Run (this=0x5c9271c0, aDelegate=0x5c94c0e0)
    at /home/ehsan/moz/maple/ipc/glue/MessagePump.cpp:110
#14 0x72ad74de in MessageLoop::RunInternal (this=0x1636348) at /home/ehsan/moz/maple/ipc/chromium/src/base/message_loop.cc:208
#15 0x72ad75e2 in RunHandler (this=<optimized out>) at /home/ehsan/moz/maple/ipc/chromium/src/base/message_loop.cc:201
#16 MessageLoop::Run (this=0x5c94c0e0) at /home/ehsan/moz/maple/ipc/chromium/src/base/message_loop.cc:175
#17 0x7298afec in nsBaseAppShell::Run (this=0x5c928350) at /home/ehsan/moz/maple/widget/xpwidgets/nsBaseAppShell.cpp:189
#18 0x728afa8a in nsAppStartup::Run (this=0x5bf6d6d0) at /home/ehsan/moz/maple/toolkit/components/startup/nsAppStartup.cpp:295
#19 0x7226c906 in XRE_main (argc=1930180684, argv=<optimized out>, aAppData=<optimized out>)
    at /home/ehsan/moz/maple/toolkit/xre/nsAppRunner.cpp:3564
#20 0x7226fe1c in GeckoStart (data=0x17eb548, appData=0x5b037620) at /home/ehsan/moz/maple/toolkit/xre/nsAndroidStartup.cpp:109
#21 0x5b02e830 in Java_org_mozilla_gecko_GeckoAppShell_nativeRun (jenv=0x178b890, jc=<optimized out>, jargs=0x41887a20)
    at /home/ehsan/moz/maple/mozglue/android/APKOpen.cpp:840
#22 0x40815bf4 in dvmPlatformInvoke () at dalvik/vm/arch/arm/CallEABI.S:258
#23 0x4084feae in dvmCallJNIMethod (args=0x59533f84, pResult=0x1724258, method=0x56d42058, self=0x1724248) at dalvik/vm/Jni.cpp:1155
#24 0x40843834 in dvmCheckCallJNIMethod (args=<optimized out>, pResult=0x1636348, method=0x4088b0cc, self=0x178b890)
    at dalvik/vm/CheckJni.cpp:145
#25 0x40851bde in dvmResolveNativeMethod (args=0x59533f84, pResult=0x1724258, method=0x56d42058, self=0x1724248)
    at dalvik/vm/Native.cpp:115
#26 0x40827a50 in dalvik_mterp () at dalvik/vm/mterp/out/InterpAsm-armv7-a-neon.S:26853
#27 0x4082b234 in dvmInterpret (self=0x1724248, method=0x56d46510, pResult=0x5b77feb8) at dalvik/vm/interp/Interp.cpp:1965
#28 0x408638c0 in dvmCallMethodV (self=0x1724248, method=0x56d46510, obj=0x41687b98, fromJni=false, pResult=0x5b77feb8, args=...)
    at dalvik/vm/interp/Stack.cpp:522
#29 0x408638e4 in dvmCallMethod (self=0x1724248, method=0x56d46510, obj=0x41687b98, pResult=0x0) at dalvik/vm/interp/Stack.cpp:425
#30 0x408569f8 in interpThreadStart (arg=0x1724248) at dalvik/vm/Thread.cpp:1534
#31 0x4009ec10 in __thread_entry (func=0x40856949 <interpThreadStart(void*)>, arg=0x1724248, tls=<optimized out>)
---Type <return> to continue, or q <return> to quit---
    at bionic/libc/bionic/pthread.c:217
#32 0x4009e764 in pthread_create (thread_out=<optimized out>, attr=0xbef0c7d4, start_routine=0x40856949 <interpThreadStart(void*)>, 
    arg=0x1724248) at bionic/libc/bionic/pthread.c:357
#33 0x00000000 in ?? ()

This is caused by us trying to delete wrapped_obj in ~nsAndroidGeckoEvent, but JNI for some reason thinks that the object passed to it does not exist.  I think the most likely reason for this is that the object is allocated on the Java thread but deleted on the Gecko thread.

Now the weird thing is that reading dalvik code, I realized that the JNI checks are fatal if dalvik is not launched with -Xjniopts:warnonly on the command line, but when I repo grep for "warnonly" in the entire Android source code, I can't find any place where that would be passed to dalvik.  I'm not quite sure what runs dalvik for each new app, but for some reason dalvik seems to be launched with -Xjniopts:warnonly in the stock ICS on Galaxy Nexus, which is why this has been a non-fatal error so far.
It occurred to me last night that even if dalvik isn't aborting, it might be leaking those events if the call to DeleteGlobalRef isn't doing anything. Run fennec for long enough and the memory will fill up with leaked event objects.
Assignee: nobody → bugmail.mozilla
Attachment #604829 - Flags: review?(ehsan) → review+
I believe that Kats landed this: https://hg.mozilla.org/projects/maple/rev/299ddb63317e
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: