Closed Bug 1053107 Opened 10 years ago Closed 10 years ago

[Bluetooth] Can't open Bluetooth pane in Settings app via local build

Categories

(Core :: Security, defect)

ARM
Gonk (Firefox OS)
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 1061437

People

(Reporter: tzimmermann, Unassigned)

References

Details

(Keywords: regression)

Attachments

(1 file)

Since August ~5 (rev 198303 or earlier), I see the following crash in the Settings app on B2G:

warning: Breakpoint address adjusted from 0xb6f1ab79 to 0xb6f1ab78.
epoll_wait () at bionic/libc/arch-arm/syscalls/epoll_wait.S:10
10	    mov     r7, ip
(gdb) c
Continuing.

Program received signal SIGTERM, Terminated.
load (aPtr=@0xb23ad0e4) at ../../../../dist/include/mozilla/Atomics.h:416
416	    Barrier<Order>::afterLoad();
(gdb) bt
#0  load (aPtr=@0xb23ad0e4) at ../../../../dist/include/mozilla/Atomics.h:416
#1  operator int (this=0xb23ad0e4) at ../../../../dist/include/mozilla/Atomics.h:977
#2  nsSecureBrowserUIImpl::OnStateChange (this=0xb23ad080, aWebProgress=0xb0e0d014, aRequest=0xb098ad40, aProgressStateFlags=Cannot access memory at address 0xbed11d78
)
    at ../../../../../../mozilla-central/security/manager/boot/src/nsSecureBrowserUIImpl.cpp:553
Cannot access memory at address 0xbed11e1c

STR:

  - build B2G with debugging enabled for Nexus 4
  - open Settings app
  - tap 'Bluetooth'

Expected:

  - Bluetooth pane opens

Actual result:

  - Settings app crashes
David,

Do you have an idea what this bug is?
Flags: needinfo?(dkeeler)
rev 198109 is also affected
This is a Gaia problem. The first broken revision is

commit 28ac6188280cc04441ce041c3dd0cc9aa6bacf54
Author: ian-liu <iliu@mozilla.com>
Date:   Mon Jul 21 18:12:23 2014 +0800

    Bug 1032071 - [Settings] Remove BT panel and embed it from BT app

:040000 040000 70c2f046723fde8db3f81d513d6da607427325c1 488e341d2603ac7d12ad8c36d0cde88ef4809494 M	apps
:040000 040000 19830afad707cd212d3571d3def47005b9a765a6 2fdfabcd5136732ef9762ddf97aaf51ecd7e5a16 M	shared
:040000 040000 9929b0d62c01f499314e9c8985cb914a611f996f 6cf114d31993844a3069c0485e0deb89c67bde43 M	tests

Ian, could you take a look?
Flags: needinfo?(iliu)
I don't have any ideas off the top of my head. If this turns out to not be a gaia problem, let me know.
Flags: needinfo?(dkeeler)
Hi Thomas, I'm not able to reproduce the issue in following build version. Nexus 4 is working fine in Settings::Bluetooth panel. And the log is not relative with Gaia directly.

Gaia      a2219a55145e730e56e09527b40152d68a43b0d9
Gecko     https://hg.mozilla.org/mozilla-central/rev/d7e78f0c1465
BuildID   20140813160202
Version   34.0a1
ro.build.version.incremental=eng.cltbld.20140812.191016
ro.build.date=Tue Aug 12 19:10:25 EDT 2014
Flags: needinfo?(iliu)
Hi

(In reply to Ian Liu [:ianliu] from comment #5)
> Hi Thomas, I'm not able to reproduce the issue in following build version.
> Nexus 4 is working fine in Settings::Bluetooth panel. And the log is not
> relative with Gaia directly.

Did you build Gecko with B2G_DEBUG=1? The failing assertion is only performed with debugging enabled.

I bisected Gaia with different versions of Gecko. The Gecko revision is not important, any recent version shows the problem. Gaia bisecting pointed to bug 1032071. This only happens for BT, other dialogs (Wifi, etc) work.

> 
> Gaia      a2219a55145e730e56e09527b40152d68a43b0d9
> Gecko     https://hg.mozilla.org/mozilla-central/rev/d7e78f0c1465
> BuildID   20140813160202
> Version   34.0a1
> ro.build.version.incremental=eng.cltbld.20140812.191016
> ro.build.date=Tue Aug 12 19:10:25 EDT 2014
The build version is flashed from PVT server via ``ITEM 2) Engineer of B2G-flash-tool``. Is the build same with B2G_DEBUG=1 ?
Hi,

I did some more debugging and found that at a certain point, the stack becomes corrupt. When tapping 'Bluetooth' in the Settings app. I see several correct calls to |nsSecureBrowserUIImpl::OnStateChange| like this one:

(gdb) c
Continuing.

Breakpoint 2, nsSecureBrowserUIImpl::OnStateChange (this=0xb23811a0, aWebProgress=0xb2865c14, aRequest=0xb28ff9b0, aProgressStateFlags=65552, aStatus=NS_OK)
    at ../../../../../../mozilla-central/security/manager/boot/src/nsSecureBrowserUIImpl.cpp:587
587	  NS_ASSERTION(mOnStateLocationChangeReentranceDetection == 1,
(gdb) bt
#0  nsSecureBrowserUIImpl::OnStateChange (this=0xb23811a0, aWebProgress=0xb2865c14, aRequest=0xb28ff9b0, aProgressStateFlags=65552, aStatus=NS_OK)
    at ../../../../../../mozilla-central/security/manager/boot/src/nsSecureBrowserUIImpl.cpp:587
#1  0xb4ceadd8 in nsDocLoader::DoFireOnStateChange (this=0xb2865c00, aProgress=0xb2865c14, aRequest=0xb28ff9b0, aStateFlags=@0xbe8c8a5c, aStatus=NS_OK)
    at ../../../../mozilla-central/uriloader/base/nsDocLoader.cpp:1269
#2  0xb4ceae4c in nsDocLoader::FireOnStateChange (this=<optimized out>, aProgress=0xb2865c14, aRequest=0xb28ff9b0, aStateFlags=65552, aStatus=NS_OK)
    at ../../../../mozilla-central/uriloader/base/nsDocLoader.cpp:1232
#3  0xb4ceaf64 in nsDocLoader::doStopURLLoad (this=0xb2865c00, request=0xb28ff9b0, aStatus=NS_OK) at ../../../../mozilla-central/uriloader/base/nsDocLoader.cpp:811
#4  0xb4cebba8 in nsDocLoader::OnStopRequest (this=0xb2865c00, aRequest=0xb28ff9b0, aCtxt=<optimized out>, aStatus=NS_OK)
    at ../../../../mozilla-central/uriloader/base/nsDocLoader.cpp:613
#5  0xb4918508 in nsLoadGroup::RemoveRequest (this=0xb3b2a420, request=0xb28ff9b0, ctxt=0x0, aStatus=NS_OK)
    at ../../../../../mozilla-central/netwerk/base/src/nsLoadGroup.cpp:689
#6  0xb53dfff2 in DoUnblockOnload (this=0xb28a5800) at ../../../../../mozilla-central/content/base/src/nsDocument.cpp:8705
#7  nsDocument::DoUnblockOnload (this=0xb28a5800) at ../../../../../mozilla-central/content/base/src/nsDocument.cpp:8679
#8  0xb53e0020 in nsUnblockOnloadEvent::Run (this=<optimized out>) at ../../../../../mozilla-central/content/base/src/nsDocument.cpp:8658
#9  0xb48bb72a in nsThread::ProcessNextEvent (this=0xb3b48880, aMayWait=<optimized out>, aResult=0xbe8c8cbf) at ../../../../mozilla-central/xpcom/threads/nsThread.cpp:770
#10 0xb48cf794 in NS_ProcessNextEvent (aThread=0xb3b48880, aMayWait=<optimized out>) at /home/mozilla/Projects/mozilla/src/mozilla-central/xpcom/glue/nsThreadUtils.cpp:265
#11 0xb4a7fa68 in mozilla::ipc::MessagePump::Run (this=0xb3b01c40, aDelegate=0xbe8c8e18) at ../../../../mozilla-central/ipc/glue/MessagePump.cpp:99
#12 0xb4a6d916 in MessageLoop::RunInternal (this=0xbe8c8e18) at ../../../../mozilla-central/ipc/chromium/src/base/message_loop.cc:229
#13 0xb4a6d92e in RunHandler (this=0xbe8c8e18) at ../../../../mozilla-central/ipc/chromium/src/base/message_loop.cc:222
#14 MessageLoop::Run (this=0xbe8c8e18) at ../../../../mozilla-central/ipc/chromium/src/base/message_loop.cc:196
#15 0xb53a6532 in nsBaseAppShell::Run (this=0xb2fc2700) at ../../../../mozilla-central/widget/xpwidgets/nsBaseAppShell.cpp:164
#16 0xb59dbaaa in XRE_RunAppShell () at ../../../../mozilla-central/toolkit/xre/nsEmbedFunctions.cpp:702
#17 0xb4a7fb96 in mozilla::ipc::MessagePumpForChildProcess::Run (this=0xb3b01c40, aDelegate=0xbe8c8e18) at ../../../../mozilla-central/ipc/glue/MessagePump.cpp:272
#18 0xb4a6d916 in MessageLoop::RunInternal (this=0xbe8c8e18) at ../../../../mozilla-central/ipc/chromium/src/base/message_loop.cc:229
#19 0xb4a6d92e in RunHandler (this=0xbe8c8e18) at ../../../../mozilla-central/ipc/chromium/src/base/message_loop.cc:222
#20 MessageLoop::Run (this=0xbe8c8e18) at ../../../../mozilla-central/ipc/chromium/src/base/message_loop.cc:196
#21 0xb59db974 in XRE_InitChildProcess (aArgc=<optimized out>, aArgv=<optimized out>) at ../../../../mozilla-central/toolkit/xre/nsEmbedFunctions.cpp:539
#22 0x000092a2 in content_process_main (argc=7, argv=0xbe8c9904) at ../../../../mozilla-central/ipc/app/../contentproc/plugin-container.cpp:148
#23 0xb6e66b50 in __libc_init (raw_args=0xbe8c9900, onexit=<optimized out>, slingshot=0x9301 <main(int, char**)>, structors=<optimized out>)
    at bionic/libc/bionic/libc_init_dynamic.cpp:112
#24 0x00009188 in _start ()


And after 5 to 10 of them, I see a stack corruption.


(gdb) c
Continuing.

Breakpoint 2, nsSecureBrowserUIImpl::OnStateChange (this=0xb0ed4f20, aWebProgress=0xb0b11414, aRequest=0xb0e84c50, aProgressStateFlags=983041, aStatus=NS_OK)
    at ../../../../../../mozilla-central/security/manager/boot/src/nsSecureBrowserUIImpl.cpp:587
587	  NS_ASSERTION(mOnStateLocationChangeReentranceDetection == 1,
(gdb) bt
#0  nsSecureBrowserUIImpl::OnStateChange (this=0xb0ed4f20, aWebProgress=0xb0b11414, aRequest=0xb0e84c50, aProgressStateFlags=983041, aStatus=NS_OK)
    at ../../../../../../mozilla-central/security/manager/boot/src/nsSecureBrowserUIImpl.cpp:587
#1  0xb4ceadd8 in nsDocLoader::DoFireOnStateChange (this=0xb0b11400, aProgress=0xb0b11414, aRequest=0xb0e84c50, aStateFlags=@0xbe8c6ec4, aStatus=NS_OK)
    at ../../../../mozilla-central/uriloader/base/nsDocLoader.cpp:1269
#2  0xb4ceae4c in nsDocLoader::FireOnStateChange (this=<optimized out>, aProgress=0xb0b11414, aRequest=0xb0e84c50, aStateFlags=983041, aStatus=NS_OK)
    at ../../../../mozilla-central/uriloader/base/nsDocLoader.cpp:1232
#3  0xb4ceb032 in nsDocLoader::doStartDocumentLoad (this=0xb0b11400) at ../../../../mozilla-central/uriloader/base/nsDocLoader.cpp:773
#4  0xb4ceb138 in nsDocLoader::OnStartRequest (this=0xb0b11400, request=0xb0e84c50, aCtxt=<optimized out>) at ../../../../mozilla-central/uriloader/base/nsDocLoader.cpp:470
#5  0xb49176c4 in nsLoadGroup::AddRequest (this=0xb0ea0ca0, request=0xb0e84c50, ctxt=0x0) at ../../../../../mozilla-central/netwerk/base/src/nsLoadGroup.cpp:566
#6  0xb4c0acbe in nsJARChannel::AsyncOpen (this=0xb0e84c50, listener=<optimized out>, ctx=0x0) at ../../../../mozilla-central/modules/libjar/nsJARChannel.cpp:858
#7  0xb4cecc68 in nsURILoader::OpenURI (this=0xb28ff550, channel=0xb0e84c50, aFlags=0, aWindowContext=<optimized out>)
    at ../../../../mozilla-central/uriloader/base/nsURILoader.cpp:833
#8  0xb58cb018 in nsDocShell::DoChannelLoad (this=0xb0b11400, aChannel=0xb0e84c50, aURILoader=0xb28ff550, aBypassClassifier=<optimized out>)
    at ../../../../mozilla-central/docshell/base/nsDocShell.cpp:10341
#9  0xb58dd96a in nsDocShell::DoURILoad (this=0xb0b11400, aURI=<optimized out>, aReferrerURI=0xb23a46c0, aSendReferrer=<optimized out>, aOwner=0xb23a1b00, aTypeHint=0x0, 
    aFileName=..., aPostData=0x0, aHeadersData=0x0, aFirstParty=false, aDocShell=0x0, aRequest=0xbe8c7344, aIsNewWindowTarget=false, aBypassClassifier=false, 
    aForceAllowCookies=false, aSrcdoc=..., aBaseURI=0x0) at ../../../../mozilla-central/docshell/base/nsDocShell.cpp:10170
#10 0xb58dca84 in nsDocShell::InternalLoad (this=0xb0b11400, aURI=0xb0ba26c0, aReferrer=0xb23a46c0, aOwner=0xb23a1b00, aFlags=0, aWindowTarget=0xb3b37338 u"", aTypeHint=0x0, 
    aFileName=..., aPostData=0x0, aHeadersData=0x0, aLoadType=<optimized out>, aSHEntry=0x0, aFirstParty=false, aSrcdoc=..., aSourceDocShell=0x0, aBaseURI=0x0, 
    aDocShell=0x0, aRequest=0x0) at ../../../../mozilla-central/docshell/base/nsDocShell.cpp:9773
#11 0xb58d1074 in nsDocShell::LoadURI (this=0xb0b11400, aURI=0xb0ba26c0, aLoadInfo=<optimized out>, aLoadFlags=<optimized out>, aFirstParty=false)
    at ../../../../mozilla-central/docshell/base/nsDocShell.cpp:1606
#12 0xb544e026 in nsFrameLoader::ReallyStartLoadingInternal (this=0xb050ad00) at ../../../../../mozilla-central/content/base/src/nsFrameLoader.cpp:568
#13 0xb544e270 in nsFrameLoader::ReallyStartLoading (this=0xb050ad00) at ../../../../../mozilla-central/content/base/src/nsFrameLoader.cpp:413
#14 0xb53e2ac2 in MaybeInitializeFinalizeFrameLoaders (this=0xb28a5800) at ../../../../../mozilla-central/content/base/src/nsDocument.cpp:6957
#15 nsDocument::MaybeInitializeFinalizeFrameLoaders (this=0xb28a5800) at ../../../../../mozilla-central/content/base/src/nsDocument.cpp:6927
#16 0xb53e2bbe in nsDocument::EndUpdate (this=0xb28a5800, aUpdateType=1) at ../../../../../mozilla-central/content/base/src/nsDocument.cpp:4643
#17 0xb54d4ef2 in nsHTMLDocument::EndUpdate (this=0xb28a5800, aUpdateType=<optimized out>)
    at ../../../../../../mozilla-central/content/html/document/src/nsHTMLDocument.cpp:2493
#18 0xb53d1d5c in mozAutoDocUpdate::~mozAutoDocUpdate (this=0xbe8c7860, __in_chrg=<optimized out>) at ../../../../../mozilla-central/content/base/src/mozAutoDocUpdate.h:38
#19 0xb5460c62 in nsINode::ReplaceOrInsertBefore (this=0xb180d790, aReplace=<optimized out>, aNewChild=<optimized out>, aRefChild=<optimized out>, aError=...)
    at ../../../../../mozilla-central/content/base/src/nsINode.cpp:2227
#20 0xb5039314 in InsertBefore (aError=..., aChild=0x0, aNode=<optimized out>, this=0xb180d790) at ../../dist/include/nsINode.h:1605
#21 AppendChild (aError=..., aNode=<optimized out>, this=0xb180d790) at ../../dist/include/nsINode.h:1609
#22 appendChild (args=..., self=0xb180d790, cx=0xb3b830c0, obj=<optimized out>) at NodeBinding.cpp:611
#23 mozilla::dom::NodeBinding::appendChild (cx=0xb3b830c0, obj=..., self=0xb180d790, args=...) at NodeBinding.cpp:591
#24 0xb5162a44 in mozilla::dom::GenericBindingMethod (cx=0xb3b830c0, argc=<optimized out>, vp=<optimized out>)
    at ../../../../mozilla-central/dom/bindings/BindingUtils.cpp:2452
#25 0xb5f6e86c in js::CallJSNative (cx=0xb3b830c0, native=0xb5162985 <mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*)>, args=...)
    at ../../../../mozilla-central/js/src/jscntxtinlines.h:231
#26 0xb5f9a7a8 in js::Invoke (cx=0xb3b830c0, args=..., construct=js::NO_CONSTRUCT) at ../../../../mozilla-central/js/src/vm/Interpreter.cpp:464
#27 0xb5f97060 in Interpret (cx=0xb3b830c0, state=...) at ../../../../mozilla-central/js/src/vm/Interpreter.cpp:2545
---Type <return> to continue, or q <return> to quit---
#28 0xb5f994be in js::RunScript (cx=Cannot access memory at address 0xbe8c82ec
) at ../../../../mozilla-central/js/src/vm/Interpreter.cpp:411
#29 0xb5f9a768 in js::Invoke (cx=0xb3b830c0, args=Cannot access memory at address 0xbe8c8344
) at ../../../../mozilla-central/js/src/vm/Interpreter.cpp:483
#30 0xb5f9a768 in js::Invoke (cx=0xb3b830c0, args=Cannot access memory at address 0xbe8c8344
) at ../../../../mozilla-central/js/src/vm/Interpreter.cpp:483
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) c
Continuing.
Flags: needinfo?(dkeeler)
See Also: → 1047322
I also clean build my nexus 5. I saw the same problem.
I seems js error can be observed.

08-14 08:23:19.730 I/Gecko   (  183): Performance warning: Async animation disabled because frame size (360, 76) is bigger than the viewport (405, 34) [div with id 'statusbar']
08-14 08:23:20.940 E/GeckoConsole(  183): Content JS LOG at app://system.gaiamobile.org/js/shrinking_ui.js:162 in su_handleEvent: app is created app://settings.gaiamobile.org
08-14 08:23:24.090 E/GeckoConsole(  962): [JavaScript Error: "NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIXULAppInfo.ID]" {file: "resource://gre/modules/Webapps.jsm" line: 97}]
(In reply to Shawn Huang [:shuang] [:shawnjohnjr] from comment #9)
> I also clean build my nexus 5. I saw the same problem.
> I seems js error can be observed.
> 08-14 08:23:24.090 E/GeckoConsole(  962): [JavaScript Error:
> "NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111
> (NS_ERROR_NOT_AVAILABLE) [nsIXULAppInfo.ID]" {file:
> "resource://gre/modules/Webapps.jsm" line: 97}]
Hmm, after I did "make reset-gaia", I can enter bluetooth menu again. Not sure i hit the same problem as Thomas had.
I clean up my nexus5 build and run flash.sh to full flash images, then I hit this similar bug, whenever I enter Bluetooth Settings, it immediately crash. I went into gaia folder and "make reset-gaia" it works again.
This worked for me as well.
But when I flash the phone, the problem returns.
Thomas and Shawn,

Have you ever seen the issue via flash PVT build? Or the issue only happened with build B2G_DEBUG=1 locally?
I usually don't use pvt builds, but I'll check.
Flags: needinfo?(tzimmermann)
Even I build non-debug build, i can hit the problem.
(In reply to Ian Liu [:ianliu] from comment #14)
> Thomas and Shawn,
> 
> Have you ever seen the issue via flash PVT build? Or the issue only happened
> with build B2G_DEBUG=1 locally?

I flashed today's PVT build and was able to enter the Bluetooth dialog. However, I had to step though the FTU App; and the bug goes away when I do this.

Could you build a local debug build without FTU and test again?
Flags: needinfo?(tzimmermann) → needinfo?(iliu)
Attached file .userconfig
Building with the .userconfig makes the dialog fail.
I'm not sure how I can help here, short of going through the debugging process myself. I don't have time to do that this week, though.
Flags: needinfo?(dkeeler)
(In reply to Thomas Zimmermann [:tzimmermann] [:tdz] from comment #17)
> (In reply to Ian Liu [:ianliu] from comment #14)
> > Thomas and Shawn,
> > 
> > Have you ever seen the issue via flash PVT build? Or the issue only happened
> > with build B2G_DEBUG=1 locally?
> 
> I flashed today's PVT build and was able to enter the Bluetooth dialog.
> However, I had to step though the FTU App; and the bug goes away when I do
> this.
> 
I have tried to do 'make reset-gaia NOFTU=1', after I just flash build via PVT. It's still working for me.

> Could you build a local debug build without FTU and test again?
Rebuild my local debug build cost much time for me. Because Gaia devs will use PVT build for development as daily build. After traced the crash log in comment 8, I still have no idea to give solution. Even if I could reproduce it via my local debug build, I might meet the log as you mentioned. Looks like something crash in Gecko. Bug 1032071, the major change is embedded iframe for launching bluetooth app inside settings app. And settings app is one iframe management via system app. In other words, we call Bluetooth API in the third iframe inside. Not sure the reason is relative with the issue here.
Flags: needinfo?(iliu)
Change bug summary to make issue more precise.
Summary: [Bluetooth] Can't open Bluetooth pane in Settings app → [Bluetooth] Can't open Bluetooth pane in Settings app via local debug build
Keywords: crash
This problem can be fixed via "make reset-gaia".
If we really don't have idea to attach this problem, we can check the differences.

-----------
# Remove everything and install a clean profile
reset-gaia: purge install-gaia install-default-data
-----------

My stupid idea is to check the difference between "system.img", "userdata.img" and the file system after doing "make reset-gaia".
Possible differnces (see gaia/Makefile, purge)
/data/b2g/*
/data/local/webapps
/system/b2g/webapps
/persist/svoperapps

install-gaia:
/system/b2g/defaults/settings.json
/system/b2g/defaults/contacts.json
(In reply to Ian Liu [:ianliu][PTO 8/22 ~ 8/27] from comment #20)
> (In reply to Thomas Zimmermann [:tzimmermann] [:tdz] from comment #17)
> > (In reply to Ian Liu [:ianliu] from comment #14)
> > > Thomas and Shawn,
> > > 
> > > Have you ever seen the issue via flash PVT build? Or the issue only happened
> > > with build B2G_DEBUG=1 locally?
> > 
> > I flashed today's PVT build and was able to enter the Bluetooth dialog.
> > However, I had to step though the FTU App; and the bug goes away when I do
> > this.
> > 
> I have tried to do 'make reset-gaia NOFTU=1', after I just flash build via
> PVT. It's still working for me.
> 
> > Could you build a local debug build without FTU and test again?
> Rebuild my local debug build cost much time for me.

So you are telling me that you won't fix this bug because it'll take too much time for you? That's quite a statement. You wrote the patch that introduced the problem, so you are responsible for fixing it.

> Because Gaia devs will
> use PVT build for development as daily build. After traced the crash log in
> comment 8, I still have no idea to give solution. Even if I could reproduce
> it via my local debug build, I might meet the log as you mentioned.

Maybe, or maybe you'll find a fix for it.

> Looks
> like something crash in Gecko.

Yes, because of two concurrent calls to the same method. A first step could be to find out which change in bug 1032071 causes this.
The logcat from a successful run after "make reset-gaia NOFTU=1"

I/Gecko   ( 1129): [Child 1129] WARNING: Transparent content with displayports can be expensive.: file ../../../../mozilla-central/layout/base/nsDisplayList.cpp, line 1309
I/Gecko   ( 1129): ++DOCSHELL 0xb0ba3800 == 2 [pid = 1129] [id = 2]
I/Gecko   ( 1129): ++DOMWINDOW == 3 (0xb2faa6e0) [pid = 1129] [serial = 4] [outer = 0x0]
I/Gecko   ( 1129): [Child 1129] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005: file ../../../../mozilla-central/toolkit/xre/nsXREDirProvider.cpp, line 1333
I/Gecko   ( 1129): [Child 1129] WARNING: No inner window available!: file ../../../../mozilla-central/dom/base/nsGlobalWindow.cpp, line 9614
E/GeckoConsole( 1129): [JavaScript Error: "NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIXULAppInfo.ID]" {file: "resource://gre/modules/Webapps.jsm" line: 97}]
E/GeckoConsole( 1129): [JavaScript Warning: "variable data redeclares argument" {file: "chrome://global/content/BrowserElementPanning.js" line: 515 column: 8 source: "    let data = data.json;
E/GeckoConsole( 1129): "}]
I/Gecko   ( 1129): ############################### browserElementPanning.js loaded
I/Gecko   ( 1129): [Child 1129] WARNING: No inner window available!: file ../../../../mozilla-central/dom/base/nsGlobalWindow.cpp, line 9614
I/Gecko   ( 1129): ######################## BrowserElementChildPreload.js loaded
I/Gecko   ( 1129): [Child 1129] WARNING: Subdocument container has no frame: file ../../../../mozilla-central/layout/base/nsDocumentViewer.cpp, line 2515
I/Gecko   ( 1129): ++DOMWINDOW == 4 (0xb2faac80) [pid = 1129] [serial = 5] [outer = 0xb2faa6e0]

The buggy version fails after this point.

I/Gecko   ( 1129): [Child 1129] WARNING: Transparent content with displayports can be expensive.: file ../../../../mozilla-central/layout/base/nsDisplayList.cpp, line 1309
I/Gecko   ( 1129): [Child 1129] WARNING: Channel provided to SetRequestContext is not an nsIHttpChannel so referrer is not available for reporting.: file ../../../../../mozilla-central/content/base/src/nsCSPContext.cpp, line 568
I/Gecko   ( 1129): ++DOMWINDOW == 5 (0xb2fab5e0) [pid = 1129] [serial = 6] [outer = 0xb2faa6e0]
I/Gecko   ( 1129): [Child 1129] WARNING: Transparent content with displayports can be expensive.: file ../../../../mozilla-central/layout/base/nsDisplayList.cpp, line 1309
I/Gecko   ( 1129): [Child 1129] WARNING: Transparent content with displayports can be expensive.: file ../../../../mozilla-central/layout/base/nsDisplayList.cpp, line 1309
E/GeckoConsole( 1129): [JavaScript Error: "L10nError: Context not ready"]
I/Gecko   ( 1129): [Child 1129] WARNING: Transparent content with displayports can be expensive.: file ../../../../mozilla-central/layout/base/nsDisplayList.cpp, line 1309
I/Gecko   ( 1129): [Child 1129] WARNING: Transparent content with displayports can be expensive.: file ../../../../mozilla-central/layout/base/nsDisplayList.cpp, line 1309
I/Gecko   ( 1129): [Child 1129] WARNING: Transparent content with displayports can be expensive.: file ../../../../mozilla-central/layout/base/nsDisplayList.cpp, line 1309
I/Gecko   ( 1129): [Child 1129] WARNING: Transparent content with displayports can be expensive.: file ../../../../mozilla-central/layout/base/nsDisplayList.cpp, line 1309
I/Gecko   ( 1129): [Child 1129] WARNING: Transparent content with displayports can be expensive.: file ../../../../mozilla-central/layout/base/nsDisplayList.cpp, line 1309
I/Gecko   ( 1129): [Child 1129] WARNING: Transparent content with displayports can be expensive.: file ../../../../mozilla-central/layout/base/nsDisplayList.cpp, line 1309
I/Gecko   ( 1129): --DOMWINDOW == 4 (0xb2faac80) [pid = 1129] [serial = 5] [outer = 0xb2faa6e0] [url = about:blank]
ni gonk team Viral for further help.
Flags: needinfo?(vwang)
I can't help on this bug :(
I also met this issue when porting flame-kk, just want to track the status of this bug
Flags: needinfo?(vwang)
I'm taking a look. The code actually crashed at the line in Webapps.jsm

  const WEBAPP_RUNTIME = Services.appinfo.ID == "webapprt@mozilla.org";

I digged into it a little bit and found that |Services.appinfo.ID| was invalid while Bluetooth page was about to be loaded (note that |Services.appinfo| seems valid at the moment).

First, I need to find out where Webapps.jsm got loaded when I tried to get into Bluetooth page. I'll do further investigation tomorrow.
Assignee: nobody → echou
(In reply to Eric Chou [:ericchou] [:echou] from comment #27)
> I'm taking a look. The code actually crashed at the line in Webapps.jsm
> 
>   const WEBAPP_RUNTIME = Services.appinfo.ID == "webapprt@mozilla.org";
> 
> I digged into it a little bit and found that |Services.appinfo.ID| was
> invalid while Bluetooth page was about to be loaded (note that
> |Services.appinfo| seems valid at the moment).
> 
> First, I need to find out where Webapps.jsm got loaded when I tried to get
> into Bluetooth page. I'll do further investigation tomorrow.

Webapps.jsm was loaded from BrowserElementParent.js[1]. According to my observation, this js should only be read on chrome process. In our case it's loaded on another process (the one that Bluetooth app runs on).

After it's been loaded, the first error which would be hit is trying to get Services.appinfo.ID -- because nsXULAppInfo::GetID() would return NS_ERROR_NOT_AVAILABLE if it's not on chrome process. I tried to return NS_OK here, however a seccomp error occurred:

E/Sandbox ( 1407): seccomp sandbox violation: pid 1407, syscall 39, args 2979867336 493 0 493 3007309013 3199058440.  Killing process.
E/Sandbox ( 1407): JS frame 0: FileUtils_getDir resource://gre/modules/FileUtils.jsm line 70
E/Sandbox ( 1407): JS frame 1: FileUtils_getFile resource://gre/modules/FileUtils.jsm line 42
E/Sandbox ( 1407): JS frame 2: this.DOMApplicationRegistry.init resource://gre/modules/Webapps.jsm line 185
E/Sandbox ( 1407): JS frame 3: (anonymous) resource://gre/modules/Webapps.jsm line 4345
E/Sandbox ( 1407): JS frame 4: (anonymous) resource://gre/modules/BrowserElementParent.jsm line 25
E/Sandbox ( 1407): JS frame 5: XPCU_defineLazyGetter/<.get resource://gre/modules/XPCOMUtils.jsm line 193
E/Sandbox ( 1407): JS frame 6: BrowserElementParent.prototype._registerAppManifest resource://gre/modules/BrowserElementParent.jsm line 221
E/Sandbox ( 1407): JS frame 7: BrowserElementParent resource://gre/modules/BrowserElementParent.jsm line 186
E/Sandbox ( 1407): JS frame 8: create resource://gre/modules/BrowserElementParent.jsm line 65
E/Sandbox ( 1407): JS frame 9: BrowserElementParentFactory.prototype._createBrowserElementParent jar:file:///system/b2g/omni.ja!/components/BrowserElementParent.js line 105
E/Sandbox ( 1407): JS frame 10: BrowserElementParentFactory.prototype._observeInProcessBrowserFrameShown jar:file:///system/b2g/omni.ja!/components/BrowserElementParent.js line 87
E/Sandbox ( 1407): JS frame 11: BrowserElementParentFactory.prototype.observe jar:file:///system/b2g/omni.ja!/components/BrowserElementParent.js line 123
E/Sandbox ( 1407): JS frame 12: ctor_frame_panel/<.onBeforeShow app://settings.gaiamobile.org/js/panels/frame/panel.js line 51
E/Sandbox ( 1407): JS frame 13: ctor_SettingsPanel/<.onBeforeShow app://settings.gaiamobile.org/js/main.js line 1588
E/Sandbox ( 1407): JS frame 14: ctor_panel/<.beforeShow/< app://settings.gaiamobile.org/js/main.js line 841

From the stack backtrace, flame 0 pointed to

  dir.create(Ci.nsIFile.DIRECTORY_TYPE, this.PERMS_DIRECTORY);

in FileUtils.jsm.

Although I've found these clues, I'm still not very sure what the root cause is. :(

Any comments would be very welcomed.

[1] http://dxr.mozilla.org/mozilla-central/source/dom/browser-element/BrowserElementParent.js#16
When I clicked into Settings app and tapped 'Bluetooth' to get into Bluetooth page, Settings app crashes in Webapps.jsm like I mentioned in comment 29. Where was Webapps.jsm loaded? I traced the code and found that, BrowserElementParent.js got the notification of topic "inprocess-browser-shown" which is sent from nsFrameLoader::MaybeCreateDocShell(), then everything happens accordingly.

I don't know this part of code very well. It's just "inprocess-browser-shown" sounds to me more like a chrome process only event according to its name 'inprocess'. In our case, Bluetooth app was loaded inside Settings app process, which is a content process.

I'll see if I can figure it out on Monday, otherwise I may call for experts' help. :(
(In reply to Eric Chou [:ericchou] [:echou] from comment #29)
> E/Sandbox ( 1407): JS frame 2: this.DOMApplicationRegistry.init
> resource://gre/modules/Webapps.jsm line 185

Probably this (dom/apps/src/Webapps.jsm, line numbers from current m-c):

    195     this.appsFile = FileUtils.getFile(DIRECTORY_NAME,
    196                                       ["webapps", "webapps.json"], true).path;

Even in the absence of syscall sandboxing, content processes don't have permission to open that file:

-rw-r----- root     root        51025 2014-08-28 17:44 webapps.json
Note this happens for me in release too.
(In reply to Kyle Machulis [:kmachulis] [:qdot] from comment #32)
> Note this happens for me in release too.

Confirmed. I flashed PVT this morning and it crashed when I tried to get into Bluetooth page.
Summary: [Bluetooth] Can't open Bluetooth pane in Settings app via local debug build → [Bluetooth] Can't open Bluetooth pane in Settings app via local build
Note that this started being seen by everyone after I landed bug 900551, but I was seeing it even when I'd pulled that patch out. So if you start seeing any errors due to settings, let me know. :)
Not sure if this is related to bug 1044333.
See Also: → 1044333
I got the same JavaScript error as comment 9 when trying to access mozSettings API:

[JavaScript Error: "NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIXULAppInfo.ID]" {file: "resource://gre/modules/Webapps.jsm" line: 97}]

But it seems the error only occurred in local debug builds but now also in private builds.
There is another problem here. The Settings app is trying to embed the bluetooth app. However the embed apps in an OOP app is not supported currently so that will lead to Settings app crash. See 1059662.
Depends on: 1059662
(In reply to Kan-Ru Chen [:kanru] from comment #38)
> There is another problem here. The Settings app is trying to embed the
> bluetooth app. However the embed apps in an OOP app is not supported
> currently so that will lead to Settings app crash. See 1059662.

So I think this is a regerssion of bug 1033951
Thanks for your clarification, Kan-Ru.

Unassign myself per comment 38.
Assignee: echou → nobody
This is a candidate PR[1] for reverting this patch and other related patches. As gecko does not support OOP apps embedding other apps yet, if there is no feasible solution from the gecko side (see bug 1059662) for now, we will apply the PR by the end of today.

[1]: https://github.com/mozilla-b2g/gaia/pull/23563
The patch I meant the one of bug 1032071.
QA Whiteboard: [COM=Bluetooth]
Close the bug as the patches for embedding BT app in settings app have been backed out in bug 1061437. The BT panel should be able to be opened without problems.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
[Blocking Requested - why for this release]:
Smoketest blocker and a regression of a core feature.

Also should be Resolved Fixed by backout.  Will verify this when it lands.
blocking-b2g: --- → 2.1?
QA Whiteboard: [COM=Bluetooth] → [COM=Bluetooth], [QAnalyst-Triage?]
Flags: needinfo?(jmitchell)
Resolution: WONTFIX → FIXED
Flags: needinfo?(jmitchell)
Let's actually dupe this to the bug that fixed the problem.
blocking-b2g: 2.1? → ---
Resolution: FIXED → DUPLICATE
Keywords: crash, smoketest
QA Whiteboard: [COM=Bluetooth], [QAnalyst-Triage?] → [QAnalyst-Triage?]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: