Closed Bug 789399 Opened 12 years ago Closed 12 years ago

[Desktop Build]Crash on linux desktop since the homescreen app runs oop

Categories

(Firefox OS Graveyard :: General, defect)

x86_64
Linux
defect
Not set
normal

Tracking

(blocking-basecamp:+)

RESOLVED WORKSFORME
blocking-basecamp +

People

(Reporter: fabrice, Assigned: jdm)

References

Details

(Whiteboard: [qa+], b2g-desktop-builds, development-blocker)

STR:
- launch an app
- hit the [home] key to go back to the homescreen

Expected:
- the icon grid and dock are displayed.

Actual:
- no icon grid or dock displayed (just the background). When trying to pan, it crashes with backtraces similar to this one:

(gdb) bt
#0  0x00007f0e081d803d in nanosleep () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007f0e081d7edc in sleep () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007f0e02b3efb2 in ah_crap_handler (signum=11) at /home/fabrice/dev/inbound/toolkit/xre/nsSigHandlers.cpp:87
#3  0x00007f0e02b44f6c in nsProfileLock::FatalSignalHandler (signo=11, info=0x7fff25f5bf70, context=0x7fff25f5be40)
    at /home/fabrice/dev/builds/obj-b2g-desktop/toolkit/profile/nsProfileLock.cpp:190
#4  <signal handler called>
#5  0x00007f0e0472b61c in mozilla::layers::ShadowLayerParent::ActorDestroy (this=0x7f0dd87ee2b0, 
    why=mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::Deletion)
    at /home/fabrice/dev/inbound/gfx/layers/ipc/ShadowLayerParent.cpp:60
#6  0x00007f0e043d1256 in mozilla::layers::PLayerParent::DestroySubtree (this=0x7f0dd87ee2b0, 
    why=mozilla::ipc::IProtocolManager<mozilla::ipc::RPCChannel::RPCListener>::Deletion)
    at /home/fabrice/dev/builds/obj-b2g-desktop/ipc/ipdl/PLayerParent.cpp:318
#7  0x00007f0e043d0f9f in mozilla::layers::PLayerParent::OnMessageReceived (this=0x7f0dd87ee2b0, __msg=...)
    at /home/fabrice/dev/builds/obj-b2g-desktop/ipc/ipdl/PLayerParent.cpp:172
#8  0x00007f0e043a40c9 in mozilla::dom::PContentParent::OnMessageReceived (this=0x7f0dd8bf3800, __msg=...)
    at /home/fabrice/dev/builds/obj-b2g-desktop/ipc/ipdl/PContentParent.cpp:1257
#9  0x00007f0e0431f749 in mozilla::ipc::AsyncChannel::OnDispatchMessage (this=0x7f0dd8bf3810, msg=...)
    at /home/fabrice/dev/inbound/ipc/glue/AsyncChannel.cpp:473
#10 0x00007f0e0432c729 in mozilla::ipc::RPCChannel::OnMaybeDequeueOne (this=0x7f0dd8bf3810) at /home/fabrice/dev/inbound/ipc/glue/RPCChannel.cpp:402
#11 0x00007f0e04330e9d in DispatchToMethod<mozilla::ipc::RPCChannel, bool (mozilla::ipc::RPCChannel::*)()> (obj=0x7f0dd8bf3810, method=
    (bool (mozilla::ipc::RPCChannel::*)(mozilla::ipc::RPCChannel * const)) 0x7f0e0432c4c2 <mozilla::ipc::RPCChannel::OnMaybeDequeueOne()>, arg=...)
    at /home/fabrice/dev/inbound/ipc/chromium/src/base/tuple.h:383
#12 0x00007f0e04330df8 in RunnableMethod<mozilla::ipc::RPCChannel, bool (mozilla::ipc::RPCChannel::*)(), Tuple0>::Run (this=0x7f0dd8cfa3c0)
    at /home/fabrice/dev/inbound/ipc/chromium/src/base/task.h:307
#13 0x00007f0e0432af15 in mozilla::ipc::RPCChannel::RefCountedTask::Run (this=0x7f0dd87f9ae0) at ../../dist/include/mozilla/ipc/RPCChannel.h:424
#14 0x00007f0e0432b018 in mozilla::ipc::RPCChannel::DequeueTask::Run (this=0x7f0de5ab5940) at ../../dist/include/mozilla/ipc/RPCChannel.h:447
#15 0x00007f0e0460fdcb in MessageLoop::RunTask (this=0x7f0e07ebd310, task=0x7f0de5ab5940)
    at /home/fabrice/dev/inbound/ipc/chromium/src/base/message_loop.cc:326
#16 0x00007f0e0460fe3a in MessageLoop::DeferOrRunPendingTask (this=0x7f0e07ebd310, pending_task=...)
    at /home/fabrice/dev/inbound/ipc/chromium/src/base/message_loop.cc:334
#17 0x00007f0e0461020f in MessageLoop::DoWork (this=0x7f0e07ebd310) at /home/fabrice/dev/inbound/ipc/chromium/src/base/message_loop.cc:434
#18 0x00007f0e04329339 in mozilla::ipc::DoWorkRunnable::Run (this=0x7f0df8168ca0) at /home/fabrice/dev/inbound/ipc/glue/MessagePump.cpp:42
#19 0x00007f0e045bdc8e in nsThread::ProcessNextEvent (this=0x7f0e07e7c090, mayWait=false, result=0x7fff25f5d0ef)
    at /home/fabrice/dev/inbound/xpcom/threads/nsThread.cpp:624
#20 0x00007f0e0454db8b in NS_ProcessNextEvent_P (thread=0x7f0e07e7c090, mayWait=false)
    at /home/fabrice/dev/builds/obj-b2g-desktop/xpcom/build/nsThreadUtils.cpp:220
#21 0x00007f0e043295aa in mozilla::ipc::MessagePump::Run (this=0x7f0df8169840, aDelegate=0x7f0e07ebd310)
    at /home/fabrice/dev/inbound/ipc/glue/MessagePump.cpp:82
---Type <return> to continue, or q <return> to quit---
#22 0x00007f0e0460f9a7 in MessageLoop::RunInternal (this=0x7f0e07ebd310) at /home/fabrice/dev/inbound/ipc/chromium/src/base/message_loop.cc:208
#23 0x00007f0e0460f938 in MessageLoop::RunHandler (this=0x7f0e07ebd310) at /home/fabrice/dev/inbound/ipc/chromium/src/base/message_loop.cc:201
#24 0x00007f0e0460f911 in MessageLoop::Run (this=0x7f0e07ebd310) at /home/fabrice/dev/inbound/ipc/chromium/src/base/message_loop.cc:175
#25 0x00007f0e041a1d1c in nsBaseAppShell::Run (this=0x7f0defab36a0) at /home/fabrice/dev/inbound/widget/xpwidgets/nsBaseAppShell.cpp:163
#26 0x00007f0e03ef2870 in nsAppStartup::Run (this=0x7f0ded8203d0) at /home/fabrice/dev/inbound/toolkit/components/startup/nsAppStartup.cpp:273
#27 0x00007f0e02b316b3 in XREMain::XRE_mainRun (this=0x7fff25f5d560) at /home/fabrice/dev/inbound/toolkit/xre/nsAppRunner.cpp:3835
#28 0x00007f0e02b31993 in XREMain::XRE_main (this=0x7fff25f5d560, argc=3, argv=0x7fff25f5f9c8, aAppData=0x637c60)
    at /home/fabrice/dev/inbound/toolkit/xre/nsAppRunner.cpp:3912
#29 0x00007f0e02b31bae in XRE_main (argc=3, argv=0x7fff25f5f9c8, aAppData=0x637c60, aFlags=0)
    at /home/fabrice/dev/inbound/toolkit/xre/nsAppRunner.cpp:3988
#30 0x0000000000402a2f in do_main (argc=3, argv=0x7fff25f5f9c8) at /home/fabrice/dev/inbound/b2g/app/nsBrowserApp.cpp:153
#31 0x0000000000402c94 in main (argc=3, argv=0x7fff25f5f9c8) at /home/fabrice/dev/inbound/b2g/app/nsBrowserApp.cpp:229
(gdb)
Summary: Crash on linux desktop since the homescreen app runs oopu → Crash on linux desktop since the homescreen app runs oop
This is a use after free bug: look for 0x7f0bf9d184a8, the layer is destroyed before we Disconnect() it in ShadowLayerParent::ActorDestroy()

[Parent 10506] ###!!! ASSERTION: aAfter is not our child: '!aAfter || (aAfter->Manager() == aContainer->Manager() && aAfter->GetParent() == aContainer)', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 94
[Parent 10506] ###!!! ASSERTION: aChild not our child: 'aChild->GetParent() == aContainer', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 90
[Parent 10506] ###!!! ASSERTION: aChild not our child: 'aChild->GetParent() == aContainer', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 60
XxXxX Layer::~Layer this=0x7f0bf9d184a8
[Parent 10506] ###!!! ASSERTION: aChild not our child: 'aChild->GetParent() == aContainer', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 90
[Parent 10506] ###!!! ASSERTION: aChild not our child: 'aChild->GetParent() == aContainer', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 90
[Parent 10506] ###!!! ASSERTION: aChild not our child: 'aChild->GetParent() == aContainer', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 90
[Parent 10506] ###!!! ASSERTION: aAfter is not our child: '!aAfter || (aAfter->Manager() == aContainer->Manager() && aAfter->GetParent() == aContainer)', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 94
[Parent 10506] ###!!! ASSERTION: aChild not our child: 'aChild->GetParent() == aContainer', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 90
[Parent 10506] ###!!! ASSERTION: aAfter is not our child: '!aAfter || (aAfter->Manager() == aContainer->Manager() && aAfter->GetParent() == aContainer)', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 94
[Parent 10506] ###!!! ASSERTION: aChild not our child: 'aChild->GetParent() == aContainer', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 90
[Parent 10506] ###!!! ASSERTION: aAfter is not our child: '!aAfter || (aAfter->Manager() == aContainer->Manager() && aAfter->GetParent() == aContainer)', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 94
[Parent 10506] ###!!! ASSERTION: aChild not our child: 'aChild->GetParent() == aContainer', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 90
[Parent 10506] ###!!! ASSERTION: aChild not our child: 'aChild->GetParent() == aContainer', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 90
[Parent 10506] ###!!! ASSERTION: aAfter is not our child: '!aAfter || (aAfter->Manager() == aContainer->Manager() && aAfter->GetParent() == aContainer)', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 94
[Parent 10506] ###!!! ASSERTION: aChild not our child: 'aChild->GetParent() == aContainer', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 90
[Parent 10506] ###!!! ASSERTION: aChild not our child: 'aChild->GetParent() == aContainer', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 90
[Parent 10506] ###!!! ASSERTION: aAfter is not our child: '!aAfter || (aAfter->Manager() == aContainer->Manager() && aAfter->GetParent() == aContainer)', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 94
[Parent 10506] ###!!! ASSERTION: aChild not our child: 'aChild->GetParent() == aContainer', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 90
[Parent 10506] ###!!! ASSERTION: aChild not our child: 'aChild->GetParent() == aContainer', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 90
[Parent 10506] ###!!! ASSERTION: aAfter is not our child: '!aAfter || (aAfter->Manager() == aContainer->Manager() && aAfter->GetParent() == aContainer)', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 94
[Parent 10506] ###!!! ASSERTION: aChild not our child: 'aChild->GetParent() == aContainer', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 90
[Parent 10506] ###!!! ASSERTION: aAfter is not our child: '!aAfter || (aAfter->Manager() == aContainer->Manager() && aAfter->GetParent() == aContainer)', file /home/fabrice/dev/inbound/gfx/layers/opengl/ContainerLayerOGL.cpp, line 94
XxXxX Layer::~Layer this=0x7f274a5a8000
XxXxX ShadowLayerParent::ActorDestroy mLayer=0x7f0bf9d184a8

Program ./obj-b2g-desktop/dist/bin/b2g (pid = 10506) received signal 11.
Summary: Crash on linux desktop since the homescreen app runs oop → [Desktop Build]Crash on linux desktop since the homescreen app runs oop
Whiteboard: [qa+] → [qa+], b2g-desktop-builds
I'm nominating this for blocking-basecamp because although it doesn't effect the target device, it is making B2G Desktop pretty unusable for developers which makes development towards basecamp difficult!

If the decision is blocking-basecamp- then we need to find a new way to track these kinds of development blocking bugs. I've added development-blocker to the whiteboard to this effect.
blocking-basecamp: --- → ?
Whiteboard: [qa+], b2g-desktop-builds → [qa+], b2g-desktop-builds, development-blocker
Blocking because of reasons in comment #3.

BenWa/jdm, can you give us a hand with this one?
blocking-basecamp: ? → +
I had the same bug on B2G 18.0a1 (running on Ubuntu 12.04) but since 19.0a1 the home key gets me back to the homescreen without crashing and any visible error on the command line.
Still reproducible for me with Aurora (18) on Ubuntu 12.04. A valgrind trace is available in bug 795179.
I can reproduce. I'll investigate.
Just saw that this bug is targeted for 64bit platform, but I had the same on a 32bit system. And as I said: I can reproduce it on Aurora but it seems to be fixed on Nightly.
I reproduced on tip mozilla-central.
I've seen this bug in the past as well, but I can no longer reproduce it with today's Aurora nightly builds for 32-bit and 64-bit Linux <https://ftp.mozilla.org/pub/mozilla.org/b2g/nightly/2012-11-12-03-07-54-mozilla-aurora/> on Ubuntu 12-04 32-bit and Fedora 17 64-bit.  Pressing the Home button after launching an app now correctly displays the homescreen/dock again.
josh, sounds like you can repro it... can you fix?
Assignee: nobody → josh
No update for a couple of weeks. What's the status?

Ben, is this still a problem causing development difficulties? Do we still need to block the whole release on this?
It's hard for me to evaluate the status of this now, since dragging is such a gong show on my local build that I can't actually activate any apps.
Closing based on comment #10.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.