Closed Bug 862240 Opened 12 years ago Closed 12 years ago

[unagi][monkey test] crash in mozilla::layers::AsyncPanZoomController::ReceiveInputEvent

Categories

(Firefox OS Graveyard :: General, defect)

Product:
Firefox OS Graveyard
Component:
General
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(blocking-b2g:tef+, firefox21 wontfix, firefox22 wontfix, firefox23 fixed, b2g18 fixed, b2g18-v1.0.0 wontfix, b2g18-v1.0.1 fixed)

Status:
RESOLVED FIXED
Project Flags:
blocking-b2g tef+
Tracking Flags:
Tracking Status
firefox21 --- wontfix
firefox22 --- wontfix
firefox23 --- fixed
b2g18 --- fixed
b2g18-v1.0.0 --- wontfix
b2g18-v1.0.1 --- fixed

People

(Reporter: james.zhang, Assigned: bechen)

Details

(Keywords: crash, Whiteboard: [b2g-crash][tef-triage])

Crash Data

Attachments

(3 files, 3 obsolete files)

arena_malloc crash report
314.74 KB, application/octet-stream
Details
new crash, unagi weekly build 13.04.17
344.13 KB, application/octet-stream
Details
Similair to bug 833964, add null checking and reset the runnable member pointer when entering runnable method. r=drs
5.15 KB, patch
bechen
: review+
Details | Diff | Splinter Review
Operating system: Android 0.0.0 Linux 3.0.8-perf #1 PREEMPT Wed Dec 5 04:47:49 PST 2012 armv7l toro/full_unagi/unagi:4.0.4.0.4.0.4/OPENMASTER/eng.zlx.20130415.170712:eng/test-keys CPU: arm 0 CPUs Crash reason: SIGSEGV Crash address: 0x0 Thread 0 (crashed) 0 0x0 r4 = 0x47958380 r5 = 0xbe964c88 r6 = 0x0d957a9c r7 = 0x00000000 r8 = 0x00000001 r9 = 0x0000001c r10 = 0x47958388 fp = 0xbe964cc8 sp = 0xbe964ba0 lr = 0x41469d75 pc = 0x00000000 Found by: given as instruction pointer in context 1 libmozglue.so!malloc_mutex_unlock [jemalloc.c : 1657 + 0x3] sp = 0xbe964bb0 pc = 0x40093037 Found by: stack scanning 2 libmozglue.so!arena_malloc [jemalloc.c : 4159 + 0x3] r4 = 0x401fc1f0 sp = 0xbe964bb8 pc = 0x40094f17 Found by: call frame info 3 libxul.so!mozilla::layers::AsyncPanZoomController::HandleInputEvent [AsyncPanZoomController.cpp : 253 + 0x3] r4 = 0x3ff00000 r5 = 0x474c3c00 r6 = 0x474c3c00 r7 = 0xbe964c88 r8 = 0x00000001 r9 = 0xbe964c88 r10 = 0xbe964ccc fp = 0x474c3c00 sp = 0xbe964be8 pc = 0x41464dbf Found by: call frame info 4 libxul.so!mozilla::layers::AsyncPanZoomController::ReceiveInputEvent [AsyncPanZoomController.cpp : 246 + 0x7] r4 = 0x474c3c00 r5 = 0xbe964c88 r6 = 0x48940290 r7 = 0xbe964c88 r8 = 0x00000001 r9 = 0xbe964c88 r10 = 0xbe964ccc fp = 0x474c3c00 sp = 0xbe964c10 pc = 0x41464f85 Found by: call frame info 5 libxul.so!mozilla::layers::AsyncPanZoomController::ReceiveInputEvent [AsyncPanZoomController.cpp : 173 + 0x7] r4 = 0xbe9655a8 r5 = 0xbe964d18 r6 = 0x48940290 r7 = 0xbe964c88 r8 = 0x00000001 r9 = 0xbe964c88 r10 = 0xbe964ccc fp = 0x474c3c00 sp = 0xbe964c38 pc = 0x414650b7 Found by: call frame info 6 libxul.so!mozilla::layout::RenderFrameParent::NotifyInputEvent [RenderFrameParent.cpp : 783 + 0x3] r4 = 0xbe964d18 r5 = 0xbe9655a8 r6 = 0xffffffff r7 = 0xfffffffc r8 = 0xbe964d58 r9 = 0x41a04644 r10 = 0xbe9650bc fp = 0x00000000 sp = 0xbe964d00 pc = 0x40d7b0a3 Found by: call frame info 7 libxul.so!mozilla::dom::TabParent::MaybeForwardEventToRenderFrame [TabParent.cpp : 1259 + 0x7] r4 = 0xbe964d18 r5 = 0xbe9655a8 r6 = 0xffffffff r7 = 0xfffffffc r8 = 0xbe964d58 r9 = 0x41a04644 r10 = 0xbe9650bc fp = 0x00000000 sp = 0xbe964d08 pc = 0x412cf14d Found by: call frame info 8 libxul.so!mozilla::dom::TabParent::SendRealTouchEvent [TabParent.cpp : 465 + 0x9] r4 = 0x47c0fa00 r5 = 0xbe9655a8 r6 = 0xffffffff r7 = 0xfffffffc r8 = 0xbe964d58 r9 = 0x41a04644 r10 = 0xbe9650bc fp = 0x00000000 sp = 0xbe964d18 pc = 0x412cfe85 Found by: call frame info 9 libxul.so!nsEventStateManager::DispatchCrossProcessEvent [nsEventStateManager.cpp : 1549 + 0x3] r4 = 0xbe9650bc r5 = 0xbe9655a8 r6 = 0x00000000 r7 = 0x00000000 r8 = 0xbe964db0 r9 = 0x41a04644 r10 = 0xbe9650bc fp = 0x00000000 sp = 0xbe964d78 pc = 0x40e93b53 Found by: call frame info 10 libxul.so!nsEventStateManager::HandleCrossProcessEvent [nsEventStateManager.cpp : 1733 + 0xb] r4 = 0x478f57e0 r5 = 0xbe9655a8 r6 = 0x00000000 r7 = 0x00000000 r8 = 0xbe964db0 r9 = 0x41a04644 r10 = 0xbe9650bc fp = 0x00000000 sp = 0xbe964d88 pc = 0x40e96217 Found by: call frame info 11 libxul.so!nsEventStateManager::PostHandleEvent [nsEventStateManager.cpp : 3114 + 0x7] r4 = 0x478c1560 r5 = 0xbe9655a8 r6 = 0xbe9650bc r7 = 0x4b368400 r8 = 0x41c9b674 r9 = 0x479e6800 r10 = 0xbe9650bc fp = 0x478c157c sp = 0xbe964de0 pc = 0x40e962a1 Found by: call frame info 12 libxul.so!PresShell::HandleEventInternal [nsPresShell.cpp : 6652 + 0x17] r4 = 0xbe9655a8 r5 = 0x48985b00 r6 = 0x41c9b674 r7 = 0x00000000 r8 = 0x4b368400 r9 = 0x478c1560 r10 = 0xbe9650bc fp = 0xbe964f08 sp = 0xbe964ec8 pc = 0x40d2297f Found by: call frame info 13 libxul.so!PresShell::HandlePositionedEvent [nsPresShell.cpp : 6345 + 0x9] r4 = 0x48985b00 r5 = 0x479e6800 r6 = 0xbe9655a8 r7 = 0xbe964f5c r8 = 0xbe9650bc r9 = 0x40d47d69 r10 = 0x41a038b0 fp = 0xbe965008 sp = 0xbe964f58 pc = 0x40d22b01 Found by: call frame info 14 libxul.so!PresShell::HandleEvent [nsPresShell.cpp : 6144 + 0xb] r4 = 0xbe9655a8 r5 = 0xbe965040 r6 = 0x479e6800 r7 = 0x48985b00 r8 = 0x00000000 r9 = 0x00000000 r10 = 0x41a038b0 fp = 0xbe965008 sp = 0xbe964f80 pc = 0x40d236a1 Found by: call frame info 15 libxul.so!nsViewManager::DispatchEvent [nsViewManager.cpp : 779 + 0xf] r4 = 0xbe9655a8 r5 = 0xbe965098 r6 = 0x40d22b19 r7 = 0x479e6800 r8 = 0x40430000 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0xbe965090 pc = 0x40f34769 Found by: call frame info 16 libxul.so!nsView::HandleEvent [nsView.cpp : 1062 + 0xd] r4 = 0x4796c400 r5 = 0x40f3450d r6 = 0x479e81c0 r7 = 0xbe9655a8 r8 = 0x00000048 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0xbe9650b8 pc = 0x40f32f9d Found by: call frame info 17 libxul.so!nsWindow::DispatchEvent [nsWindow.cpp : 481 + 0x9] r4 = 0xbe9650ec r5 = 0x41bc8840 r6 = 0x41caab24 r7 = 0x00000001 r8 = 0x00000048 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0xbe9650d8 pc = 0x4124f529 Found by: call frame info 18 libxul.so!nsWindow::DispatchInputEvent [nsWindow.cpp : 286 + 0x11] r4 = 0xbe96560f r5 = 0xbe9655a8 r6 = 0x41caab24 r7 = 0x00000001 r8 = 0x00000048 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0xbe9650e8 pc = 0x4124fd6f Found by: call frame info 19 libxul.so!GeckoInputDispatcher::dispatchOnce [nsAppShell.cpp : 197 + 0xd] r4 = 0x00001452 r5 = 0xbe9655a8 r6 = 0xbe965648 r7 = 0x00000001 r8 = 0x00000048 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0xbe965100 pc = 0x4124eefb Found by: call frame info 20 libxul.so!nsAppShell::ProcessNextNativeEvent [nsAppShell.cpp : 725 + 0x5] r4 = 0x42d01880 r5 = 0x00000001 r6 = 0xbe965648 r7 = 0x00000001 r8 = 0x00000048 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0xbe965638 pc = 0x4124e141 Found by: call frame info 21 libxul.so!nsBaseAppShell::DoProcessNextNativeEvent [nsBaseAppShell.cpp : 139 + 0x5] r4 = 0x42d01880 r5 = 0x40409940 r6 = 0x00000000 r7 = 0x00000000 r8 = 0x00000014 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0xbe965758 pc = 0x4126ad77 Found by: call frame info 22 libxul.so!nsBaseAppShell::OnProcessNextEvent [nsBaseAppShell.cpp : 298 + 0x5] r4 = 0x42d01880 r5 = 0x40409940 r6 = 0x005d2a80 r7 = 0x00000000 r8 = 0x00000014 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0xbe965770 pc = 0x4126ae55 Found by: call frame info 23 libxul.so!nsThread::ProcessNextEvent [nsThread.cpp : 593 + 0x5] r4 = 0x40409940 r5 = 0x00000001 r6 = 0x4126ad99 r7 = 0x00000001 r8 = 0xbe9657df r9 = 0x40430000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe965798 pc = 0x413eac63 Found by: call frame info 24 libxul.so!NS_ProcessNextEvent_P [nsThreadUtils.cpp : 237 + 0xb] r4 = 0x00000001 r5 = 0x404400c0 r6 = 0x40402500 r7 = 0x00000000 r8 = 0x00000000 r9 = 0x40430000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe9657d8 pc = 0x413cb147 Found by: call frame info 25 libxul.so!mozilla::ipc::MessagePump::Run [MessagePump.cpp : 117 + 0x7] r4 = 0x404024f0 r5 = 0x404400c0 r6 = 0x40402500 r7 = 0x00000000 r8 = 0x00000000 r9 = 0x40430000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe9657e8 pc = 0x412e4687 Found by: call frame info 26 libxul.so!MessageLoop::RunInternal [message_loop.cc : 216 + 0x5] r4 = 0x404400c0 r5 = 0x42d01880 r6 = 0x40409940 r7 = 0xbe965a8d r8 = 0x00000000 r9 = 0x40430000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe965810 pc = 0x4140cbd1 Found by: call frame info 27 libxul.so!MessageLoop::Run [message_loop.cc : 209 + 0x5] r4 = 0x404400c0 r5 = 0x42d01880 r6 = 0x40409940 r7 = 0xbe965a8d r8 = 0x00000000 r9 = 0x40430000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe965818 pc = 0x4140cc87 Found by: call frame info 28 libxul.so!nsBaseAppShell::Run [nsBaseAppShell.cpp : 163 + 0x7] r4 = 0x00000000 r5 = 0x42d01880 r6 = 0x40409940 r7 = 0xbe965a8d r8 = 0x00000000 r9 = 0x40430000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe965830 pc = 0x4126a93d Found by: call frame info 29 libxul.so!nsAppStartup::Run [nsAppStartup.cpp : 290 + 0x5] r4 = 0x42e7bb80 r5 = 0x413d5a9d r6 = 0x00000000 r7 = 0xbe965a8d r8 = 0x00000000 r9 = 0x40430000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe965840 pc = 0x411ce1ad Found by: call frame info 30 libxul.so!XREMain::XRE_mainRun [nsAppRunner.cpp : 3795 + 0x5] r4 = 0xbe96599c r5 = 0x413d5a9d r6 = 0x00000000 r7 = 0xbe965a8d r8 = 0x00000000 r9 = 0x40430000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe965848 pc = 0x40bfecfb Found by: call frame info 31 libxul.so!XREMain::XRE_main [nsAppRunner.cpp : 3861 + 0x5] r4 = 0xbe96599c r5 = 0xbe965977 r6 = 0x00000000 r7 = 0xbe967b84 r8 = 0x4042b000 r9 = 0x40430000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe965970 pc = 0x40c01375 Found by: call frame info 32 libxul.so!XRE_main [nsAppRunner.cpp : 3936 + 0x3] r4 = 0x0001f170 r5 = 0xbe967b84 r6 = 0x00000001 r7 = 0x00000000 r8 = 0xbe96599c r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe965998 pc = 0x40c014c1 Found by: call frame info 33 b2g!main [nsBrowserApp.cpp : 168 + 0xf] r4 = 0x40c01475 r5 = 0x00000000 r6 = 0x00000001 r7 = 0xbe967b84 r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe965aa8 pc = 0x0000999f Found by: call frame info 34 libc.so!__libc_init [libc_init_dynamic.c : 114 + 0x7] r4 = 0x00009714 r5 = 0xbe967b84 r6 = 0x00000001 r7 = 0xbe967b8c r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe967b68 pc = 0x400bf77b Found by: call frame info 35 libc.so!__cxa_atexit [atexit.c : 99 + 0x3] r4 = 0x00000000 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000000 r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbe967b80 pc = 0x400c7d87 Found by: call frame info 36 0xbe967d45 r4 = 0x00000000 r5 = 0xbe967c95 r6 = 0xbe967ca7 r7 = 0xbe967cba r8 = 0xbe967cdd r9 = 0xbe967cf6 r10 = 0xbe967d13 fp = 0x00000000 sp = 0xbe967ba8 pc = 0xbe967d47 Found by: call frame info
Severity: major → critical
Status: UNCONFIRMED → NEW
Crash Signature: [@ malloc_mutex_unlock | arena_malloc | mozilla::layers::AsyncPanZoomController::ReceiveInputEvent]
Ever confirmed: true
Keywords: crash
Whiteboard: [b2g-crash]
blocking-b2g: --- → tef?
Summary: [unagi weekly build 13.04.10]monkey test, arena_malloc crash → [unagi][monkey test] crash in mozilla::layers::AsyncPanZoomController::ReceiveInputEvent
Roc, who is a good person to look at this stack? Blocking- due to no actionable information yet. Please renominate if there's something more to decide on.
blocking-b2g: tef? → -
I don't know who's going to take over the APZC stuff yet. What code branch is this from? b2g18? How do I get an hg revision?
new crash, use unagi 13.04.17 weekly build Operating system: Android 0.0.0 Linux 3.0.8-perf #1 PREEMPT Wed Dec 5 04:47:49 PST 2012 armv7l toro/full_unagi/unagi:4.0.4.0.4.0.4/OPENMASTER/eng.apuser.20130417.152346:eng/test-keys CPU: arm 0 CPUs Crash reason: SIGSEGV Crash address: 0xf Thread 0 (crashed) 0 libxul.so!mozilla::layers::GestureEventListener::HandleInputEvent [GestureEventListener.cpp : 159 + 0x4] r4 = 0x4437fe20 r5 = 0xbeb3ac88 r6 = 0x1a22f198 r7 = 0x00000000 r8 = 0x00000001 r9 = 0x0000001c r10 = 0x4437fe28 fp = 0xbeb3acc8 sp = 0xbeb3aba0 lr = 0x40108144 pc = 0x41419978 Found by: given as instruction pointer in context 1 libxul.so!mozilla::layers::AsyncPanZoomController::HandleInputEvent [AsyncPanZoomController.cpp : 253 + 0x3] r4 = 0x475a7000 r5 = 0x475a7000 r6 = 0xbeb3ac88 r7 = 0x00000001 r8 = 0xbeb3ac88 r9 = 0xbeb3accc r10 = 0x475a7000 fp = 0xbeb3acc8 sp = 0xbeb3abe8 pc = 0x414149c7 Found by: call frame info 2 libxul.so!mozilla::layers::AsyncPanZoomController::ReceiveInputEvent [AsyncPanZoomController.cpp : 246 + 0x7] r4 = 0x475a7000 r5 = 0xbeb3ac88 r6 = 0x42d5f830 r7 = 0x00000001 r8 = 0xbeb3ac88 r9 = 0xbeb3accc r10 = 0x475a7000 fp = 0xbeb3acc8 sp = 0xbeb3ac10 pc = 0x41414b8d Found by: call frame info 3 libxul.so!mozilla::layers::AsyncPanZoomController::ReceiveInputEvent [AsyncPanZoomController.cpp : 173 + 0x7] r4 = 0xbeb3b5a8 r5 = 0xbeb3ad18 r6 = 0x42d5f830 r7 = 0x00000001 r8 = 0xbeb3ac88 r9 = 0xbeb3accc r10 = 0x475a7000 fp = 0xbeb3acc8 sp = 0xbeb3ac38 pc = 0x41414cbf Found by: call frame info 4 libxul.so!mozilla::layout::RenderFrameParent::NotifyInputEvent [RenderFrameParent.cpp : 783 + 0x3] r4 = 0xbeb3ad18 r5 = 0xbeb3b5a8 r6 = 0xffffffff r7 = 0xfffffffc r8 = 0xbeb3ad58 r9 = 0x419b5a84 r10 = 0xbeb3b0bc fp = 0x00000000 sp = 0xbeb3ad00 pc = 0x40d2a1d3 Found by: call frame info 5 libxul.so!mozilla::dom::TabParent::MaybeForwardEventToRenderFrame [TabParent.cpp : 1259 + 0x7] r4 = 0xbeb3ad18 r5 = 0xbeb3b5a8 r6 = 0xffffffff r7 = 0xfffffffc r8 = 0xbeb3ad58 r9 = 0x419b5a84 r10 = 0xbeb3b0bc fp = 0x00000000 sp = 0xbeb3ad08 pc = 0x4127eb75 Found by: call frame info 6 libxul.so!mozilla::dom::TabParent::SendRealTouchEvent [TabParent.cpp : 465 + 0x9] r4 = 0x47c7ff80 r5 = 0xbeb3b5a8 r6 = 0xffffffff r7 = 0xfffffffc r8 = 0xbeb3ad58 r9 = 0x419b5a84 r10 = 0xbeb3b0bc fp = 0x00000000 sp = 0xbeb3ad18 pc = 0x4127f8ad Found by: call frame info 7 libxul.so!nsEventStateManager::DispatchCrossProcessEvent [nsEventStateManager.cpp : 1549 + 0x3] r4 = 0xbeb3b0bc r5 = 0xbeb3b5a8 r6 = 0x00000000 r7 = 0x00000000 r8 = 0xbeb3adb0 r9 = 0x419b5a84 r10 = 0xbeb3b0bc fp = 0x00000000 sp = 0xbeb3ad78 pc = 0x40e42cab Found by: call frame info 8 libxul.so!nsEventStateManager::HandleCrossProcessEvent [nsEventStateManager.cpp : 1733 + 0xb] r4 = 0x47839920 r5 = 0xbeb3b5a8 r6 = 0x00000000 r7 = 0x00000000 r8 = 0xbeb3adb0 r9 = 0x419b5a84 r10 = 0xbeb3b0bc fp = 0x00000000 sp = 0xbeb3ad88 pc = 0x40e4536f Found by: call frame info 9 libxul.so!nsEventStateManager::PostHandleEvent [nsEventStateManager.cpp : 3114 + 0x7] r4 = 0x49e1a920 r5 = 0xbeb3b5a8 r6 = 0xbeb3b0bc r7 = 0x48ec4800 r8 = 0x41c4c704 r9 = 0x47856800 r10 = 0xbeb3b0bc fp = 0x49e1a93c sp = 0xbeb3ade0 pc = 0x40e453f9 Found by: call frame info 10 libxul.so!PresShell::HandleEventInternal [nsPresShell.cpp : 6652 + 0x17] r4 = 0xbeb3b5a8 r5 = 0x4040df00 r6 = 0x41c4c704 r7 = 0x00000000 r8 = 0x48ec4800 r9 = 0x49e1a920 r10 = 0xbeb3b0bc fp = 0xbeb3af08 sp = 0xbeb3aec8 pc = 0x40cd1aaf Found by: call frame info 11 libxul.so!PresShell::HandlePositionedEvent [nsPresShell.cpp : 6345 + 0x9] r4 = 0x4040df00 r5 = 0x47856800 r6 = 0xbeb3b5a8 r7 = 0xbeb3af5c r8 = 0xbeb3b0bc r9 = 0x40cf6e99 r10 = 0x419b4cf0 fp = 0xbeb3b008 sp = 0xbeb3af58 pc = 0x40cd1c31 Found by: call frame info 12 libxul.so!PresShell::HandleEvent [nsPresShell.cpp : 6144 + 0xb] r4 = 0xbeb3b5a8 r5 = 0xbeb3b040 r6 = 0x47856800 r7 = 0x4040df00 r8 = 0x00000000 r9 = 0x00000000 r10 = 0x419b4cf0 fp = 0xbeb3b008 sp = 0xbeb3af80 pc = 0x40cd27d1 Found by: call frame info 13 libxul.so!nsViewManager::DispatchEvent [nsViewManager.cpp : 779 + 0xf] r4 = 0xbeb3b5a8 r5 = 0xbeb3b098 r6 = 0x40cd1c49 r7 = 0x47856800 r8 = 0x40430000 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0xbeb3b090 pc = 0x40ee38e9 Found by: call frame info 14 libxul.so!nsView::HandleEvent [nsView.cpp : 1062 + 0xd] r4 = 0x4749dc10 r5 = 0x40ee368d r6 = 0x466bfa60 r7 = 0xbeb3b5a8 r8 = 0x00000048 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0xbeb3b0b8 pc = 0x40ee211d Found by: call frame info 15 libxul.so!nsWindow::DispatchEvent [nsWindow.cpp : 481 + 0x9] r4 = 0xbeb3b0ec r5 = 0x41b79850 r6 = 0x41c5bbb4 r7 = 0x00000001 r8 = 0x00000048 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0xbeb3b0d8 pc = 0x411fef51 Found by: call frame info 16 libxul.so!nsWindow::DispatchInputEvent [nsWindow.cpp : 286 + 0x11] r4 = 0xbeb3b60f r5 = 0xbeb3b5a8 r6 = 0x41c5bbb4 r7 = 0x00000001 r8 = 0x00000048 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0xbeb3b0e8 pc = 0x411ff797 Found by: call frame info 17 libxul.so!GeckoInputDispatcher::dispatchOnce [nsAppShell.cpp : 197 + 0xd] r4 = 0x00001452 r5 = 0xbeb3b5a8 r6 = 0xbeb3b648 r7 = 0x00000001 r8 = 0x00000048 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0xbeb3b100 pc = 0x411fe923 Found by: call frame info 18 libxul.so!nsAppShell::ProcessNextNativeEvent [nsAppShell.cpp : 725 + 0x5] r4 = 0x42d018e0 r5 = 0x00000001 r6 = 0xbeb3b648 r7 = 0x00000001 r8 = 0x00000048 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0xbeb3b638 pc = 0x411fdb69 Found by: call frame info 19 libxul.so!nsBaseAppShell::DoProcessNextNativeEvent [nsBaseAppShell.cpp : 139 + 0x5] r4 = 0x42d018e0 r5 = 0x40409940 r6 = 0x00000000 r7 = 0x00000000 r8 = 0x00000014 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0xbeb3b758 pc = 0x4121a79f Found by: call frame info 20 libxul.so!nsBaseAppShell::OnProcessNextEvent [nsBaseAppShell.cpp : 298 + 0x5] r4 = 0x42d018e0 r5 = 0x40409940 r6 = 0x02f226e1 r7 = 0x00000000 r8 = 0x00000014 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0xbeb3b770 pc = 0x4121a87d Found by: call frame info 21 libxul.so!nsThread::ProcessNextEvent [nsThread.cpp : 593 + 0x5] r4 = 0x40409940 r5 = 0x00000001 r6 = 0x4121a7c1 r7 = 0x00000001 r8 = 0xbeb3b7df r9 = 0x40430000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbeb3b798 pc = 0x4139a86f Found by: call frame info 22 libxul.so!NS_ProcessNextEvent_P [nsThreadUtils.cpp : 237 + 0xb] r4 = 0x00000001 r5 = 0x404400c0 r6 = 0x40402500 r7 = 0x00000000 r8 = 0x00000000 r9 = 0x40430000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbeb3b7d8 pc = 0x4137ad4f Found by: call frame info 23 libxul.so!mozilla::ipc::MessagePump::Run [MessagePump.cpp : 117 + 0x7] r4 = 0x404024f0 r5 = 0x404400c0 r6 = 0x40402500 r7 = 0x00000000 r8 = 0x00000000 r9 = 0x40430000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbeb3b7e8 pc = 0x412940af Found by: call frame info 24 libxul.so!MessageLoop::RunInternal [message_loop.cc : 216 + 0x5] r4 = 0x404400c0 r5 = 0x42d018e0 r6 = 0x40409940 r7 = 0xbeb3ba8d r8 = 0x00000000 r9 = 0x40430000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbeb3b810 pc = 0x413bc7e1 Found by: call frame info 25 libxul.so!MessageLoop::Run [message_loop.cc : 209 + 0x5] r4 = 0x404400c0 r5 = 0x42d018e0 r6 = 0x40409940 r7 = 0xbeb3ba8d r8 = 0x00000000 r9 = 0x40430000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbeb3b818 pc = 0x413bc897 Found by: call frame info 26 libxul.so!nsBaseAppShell::Run [nsBaseAppShell.cpp : 163 + 0x7] r4 = 0x00000000 r5 = 0x42d018e0 r6 = 0x40409940 r7 = 0xbeb3ba8d r8 = 0x00000000 r9 = 0x40430000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbeb3b830 pc = 0x4121a365 Found by: call frame info 27 libxul.so!nsAppStartup::Run [nsAppStartup.cpp : 290 + 0x5] r4 = 0x42e7bbb0 r5 = 0x413856a5 r6 = 0x00000000 r7 = 0xbeb3ba8d r8 = 0x00000000 r9 = 0x40430000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbeb3b840 pc = 0x4117dbd5 Found by: call frame info 28 libxul.so!XREMain::XRE_mainRun [nsAppRunner.cpp : 3795 + 0x5] r4 = 0xbeb3b99c r5 = 0x413856a5 r6 = 0x00000000 r7 = 0xbeb3ba8d r8 = 0x00000000 r9 = 0x40430000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbeb3b848 pc = 0x40baddbb Found by: call frame info 29 libxul.so!XREMain::XRE_main [nsAppRunner.cpp : 3861 + 0x5] r4 = 0xbeb3b99c r5 = 0xbeb3b977 r6 = 0x00000000 r7 = 0xbeb3db84 r8 = 0x4042b000 r9 = 0x40430000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbeb3b970 pc = 0x40bb0435 Found by: call frame info 30 libxul.so!XRE_main [nsAppRunner.cpp : 3936 + 0x3] r4 = 0x0001f170 r5 = 0xbeb3db84 r6 = 0x00000001 r7 = 0x00000000 r8 = 0xbeb3b99c r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbeb3b998 pc = 0x40bb0581 Found by: call frame info 31 b2g!main [nsBrowserApp.cpp : 168 + 0xf] r4 = 0x40bb0535 r5 = 0x00000000 r6 = 0x00000001 r7 = 0xbeb3db84 r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbeb3baa8 pc = 0x0000999f Found by: call frame info 32 libc.so!__libc_init [libc_init_dynamic.c : 114 + 0x7] r4 = 0x00009714 r5 = 0xbeb3db84 r6 = 0x00000001 r7 = 0xbeb3db8c r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbeb3db68 pc = 0x4010c77b Found by: call frame info 33 libc.so!__cxa_atexit [atexit.c : 99 + 0x3] r4 = 0x00000000 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000000 r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0x00000000 sp = 0xbeb3db80 pc = 0x40114d87 Found by: call frame info 34 0xbeb3dd45 r4 = 0x00000000 r5 = 0xbeb3dc95 r6 = 0xbeb3dca7 r7 = 0xbeb3dcba r8 = 0xbeb3dcdd r9 = 0xbeb3dcf6 r10 = 0xbeb3dd13 fp = 0x00000000 sp = 0xbeb3dba8 pc = 0xbeb3dd47 Found by: call frame info
Comment 0 should be a duplicate of bug 833964. This patch made for comment 3, GestureEventListener::HandleInputEvent.
Attachment #739392 - Flags: review?(bugzilla)
Comment on attachment 739392 [details] [diff] [review] Similair to bug 833964, add null checking and reset the runnable member pointer when entering runnable method. Review of attachment 739392 [details] [diff] [review]: ----------------------------------------------------------------- ::: gfx/layers/ipc/GestureEventListener.cpp @@ +144,5 @@ > // task synchronously to confirm the last tap. > + if (mDoubleTapTimeoutTask) { > + mDoubleTapTimeoutTask->Cancel(); > + mDoubleTapTimeoutTask = nullptr; > + } I'd prefer to refactor this into an inline function. @@ +163,5 @@ > } else if (mState == GESTURE_WAITING_SINGLE_TAP) { > + if (mLongTapTimeoutTask) { > + mLongTapTimeoutTask->Cancel(); > + mLongTapTimeoutTask = nullptr; > + } Same here.
Attachment #739392 - Flags: review?(bugzilla)
Comment on attachment 740179 [details] [diff] [review] Similair to bug 833964, add null checking and reset the runnable member pointer when entering runnable method. Review of attachment 740179 [details] [diff] [review]: ----------------------------------------------------------------- ::: gfx/layers/ipc/GestureEventListener.h @@ +208,5 @@ > + if (mDoubleTapTimeoutTask) { > + mDoubleTapTimeoutTask->Cancel(); > + mDoubleTapTimeoutTask = nullptr; > + } > + } The definition doesn't have to be in the header. This causes every file that includes this one to have to parse this. The definition should go in the cpp file.
Attachment #740179 - Flags: review?(bugzilla)
(In reply to Doug Sherk (:drs) (:dRdR) from comment #8) > Comment on attachment 740179 [details] [diff] [review] > Similair to bug 833964, add null checking and reset the runnable member > pointer when entering runnable method. > > Review of attachment 740179 [details] [diff] [review]: > ----------------------------------------------------------------- > > ::: gfx/layers/ipc/GestureEventListener.h > @@ +208,5 @@ > > + if (mDoubleTapTimeoutTask) { > > + mDoubleTapTimeoutTask->Cancel(); > > + mDoubleTapTimeoutTask = nullptr; > > + } > > + } > > The definition doesn't have to be in the header. This causes every file that > includes this one to have to parse this. The definition should go in the cpp > file. It's a little weird that we put inline keyword in the cpp file. The |CancelDoubleTapTimeoutTask()| is a protected member function, may be called from other cpp file. Will encounter "unresolved external" if we put the inline definition in cpp file? http://www.parashift.com/c++-faq/inline-member-fns.html 1. put inline definition in header like attachment 740179 [details] [diff] [review] 2. put inline definition in .cpp, but header declare without inline keyword ("unresolved external" ?) 3. don't use inline keyword, and put definition in .cpp file, just like a normal member function (let compiler do the optimization) Which way is better?
Flags: needinfo?(bugzilla)
I did a simple test to make sure that this does actually work: test.h: http://pastebin.mozilla.org/2340686 test.cpp: http://pastebin.mozilla.org/2340687 This prints "hello, world". This is what I meant. So you add the "inline" keyword to the declaration in the header, but define the function in the cpp file.
Flags: needinfo?(bugzilla)
Comment on attachment 741183 [details] [diff] [review] Similair to bug 833964, add null checking and reset the runnable member pointer when entering runnable method. Review of attachment 741183 [details] [diff] [review]: ----------------------------------------------------------------- ::: gfx/layers/ipc/GestureEventListener.h @@ +217,4 @@ > */ > CancelableTask *mLongTapTimeoutTask; > > + inline void CancelLongTapTimeoutTask(); I'd prefer no line break between the CancelableTask and the function to cancel it.
Attachment #741183 - Flags: review?(bugzilla) → review+
blocking-b2g: - → tef?
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/dba3bdd9fe88
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Whiteboard: [b2g-crash] → [b2g-crash][tef-triage]
(In reply to Benjamin Chen [:bechen] from comment #13) > Do we need to uplift it to b2g18? Yeah, definitely. Not sure if v1.0.1 is affected but if so we may want to uplift to that branch as well, but that's not my call.
blocking-b2g: tef? → leo+
status-b2g18: --- → affected
blocking-b2g: leo+ → tef+
status-b2g18-v1.0.1: --- → affected
Can you please provide steps to verify this fix - as we will blackbox test from the UI?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: