Closed Bug 1058366 Opened 10 years ago Closed 10 years ago

Bluetooth closes invalid fd

Categories

(Firefox OS Graveyard :: Bluetooth, defect, P1)

Product:
Firefox OS Graveyard
Component:
Bluetooth
Platform:
ARM
Gonk (Firefox OS)
Type:
defect

Tracking

(blocking-b2g:2.0+, b2g-v2.0 fixed, b2g-v2.1 fixed)

Status:
RESOLVED FIXED
Milestone:
2.1 S3 (29aug)
Project Flags:
blocking-b2g 2.0+
Tracking Flags:
Tracking Status
b2g-v2.0 --- fixed
b2g-v2.1 --- fixed

People

(Reporter: khuey, Unassigned)

References

Details

(Keywords: crash, Whiteboard: [b2g-crash][caf priority: p1] [POVB])

Attachments

(1 file)

btc_log.patch
757 bytes, patch
Details | Diff | Splinter Review
+++ This bug was initially created as a clone of Bug #1057220 +++ With Sotaro's patch in bug 1057220 to catch invalid fd closes: Operating system: Android 0.0.0 Linux 3.4.0-g8263518 #27 SMP PREEMPT Sun Aug 24 22:28:38 PDT 2014 armv7l qcom/msm8610/msm8610:4.4.2/KVT49L/eng.tkundu.20140823.094323:userdebug/test-keys CPU: arm ARMv0 4 CPUs Crash reason: SIGABRT Crash address: 0xe6 Thread 0 (crashed) 0 libc.so + 0x22208 r0 = 0x00000000 r1 = 0x000000e6 r2 = 0x00000006 r3 = 0x00000000 r4 = 0x00000006 r5 = 0x00000009 r6 = 0x000000e6 r7 = 0x0000010c r8 = 0xac1e0780 r9 = 0xac789690 r10 = 0xb6485bf8 r12 = 0xb18daf70 fp = 0xbebaa7f8 sp = 0xbebaa530 lr = 0xb6f60249 pc = 0xb6f6f208 Found by: given as instruction pointer in context 1 libc.so!pthread_kill [pthread_kill.cpp : 49 + 0xb] r4 = 0x00000006 r5 = 0x00000009 r6 = 0x000000e6 r7 = 0xb18daf70 r8 = 0xac1e0780 r9 = 0xac789690 r10 = 0xb6485bf8 r12 = 0xb18daf70 fp = 0xbebaa7f8 sp = 0xbebaa548 lr = 0xb6f60249 pc = 0xb6f60249 Found by: call frame info 2 libc.so!raise [raise.cpp : 32 + 0x9] r4 = 0x00000006 r5 = 0x00000000 r6 = 0x00000001 r7 = 0xb18daf70 r8 = 0xac1e0780 r9 = 0xac789690 r10 = 0xb6485bf8 fp = 0xbebaa7f8 sp = 0xbebaa558 pc = 0xb6f6045d Found by: call frame info 3 libc.so!__libc_android_abort [abort.cpp : 55 + 0x3] r4 = 0xbebaa564 r5 = 0x00000000 r6 = 0x00000001 r7 = 0xb18daf70 r8 = 0xac1e0780 r9 = 0xac789690 r10 = 0xb6485bf8 fp = 0xbebaa7f8 sp = 0xbebaa560 pc = 0xb6f5f14f Found by: call frame info 4 libc.so + 0x21abe r4 = 0x0000006b r5 = 0xffffffff r6 = 0x00000001 r7 = 0xb18daf70 r8 = 0xac1e0780 r9 = 0xac789690 r10 = 0xb6485bf8 fp = 0xbebaa7f8 sp = 0xbebaa588 pc = 0xb6f6eac0 Found by: call frame info 5 libc.so!close [close.c : 50 + 0x3] r3 = 0xb6f8d0bd r4 = 0x0000006b r5 = 0xffffffff r6 = 0x00000001 r7 = 0xb18daf70 r8 = 0xac1e0780 r9 = 0xac789690 r10 = 0xb6485bf8 fp = 0xbebaa7f8 sp = 0xbebaa590 lr = 0xb6f5c299 pc = 0xb6f5c299 Found by: call frame info 6 bluetooth.default.so!btc_close_serv_socket [btc_common.c : 445 + 0x5] r0 = 0xfffffff7 r1 = 0x0000006b r2 = 0x5386f66c r4 = 0x0000006b r5 = 0xb1120c3d r6 = 0x00000001 r7 = 0xb18daf70 r8 = 0xac1e0780 r9 = 0xac789690 r10 = 0xb6485bf8 fp = 0xbebaa7f8 sp = 0xbebaa5a8 pc = 0xb10eda5b Found by: call frame info 7 bluetooth.default.so!btc_deinit [btc_common.c : 69 + 0x7] r0 = 0xb1120c3d r1 = 0xb1138048 r2 = 0xffffffff r4 = 0xb11299c8 r5 = 0x00000000 r6 = 0x00000001 r7 = 0xb18daf70 r8 = 0xac1e0780 r9 = 0xac789690 r10 = 0xb6485bf8 fp = 0xbebaa7f8 sp = 0xbebaa5c0 pc = 0xb10edab1 Found by: call frame info 8 bluetooth.default.so!btif_disable_bluetooth [btif_core.c : 696 + 0x3] r4 = 0xb11299c8 r5 = 0x00000000 r6 = 0x00000001 r7 = 0xb18daf70 r8 = 0xac1e0780 r9 = 0xac789690 r10 = 0xb6485bf8 fp = 0xbebaa7f8 sp = 0xbebaa5c8 pc = 0xb106a273 Found by: call frame info 9 libxul.so!StartStopGonkBluetooth [BluetoothServiceBluedroid.cpp : 848 + 0x3] r3 = 0xb1067e89 r4 = 0xb640e214 r5 = 0x00000000 r6 = 0x00000001 r7 = 0xb18daf70 r8 = 0xac1e0780 r9 = 0xac789690 r10 = 0xb6485bf8 fp = 0xbebaa7f8 sp = 0xbebaa5d8 pc = 0xb52f3b45 Found by: call frame info 10 libxul.so!mozilla::dom::bluetooth::BluetoothServiceBluedroid::StopInternal() [BluetoothServiceBluedroid.cpp : 921 + 0x5] r0 = 0x00000000 r1 = 0xac1e07a0 r4 = 0x00000000 r5 = 0xac1e07a0 r6 = 0xac2b9ce4 r7 = 0xb18daf70 r8 = 0xac1e0780 r9 = 0xac789690 r10 = 0xb6485bf8 fp = 0xbebaa7f8 sp = 0xbebaa5f0 pc = 0xb52f3b6d Found by: call frame info 11 libxul.so!mozilla::dom::bluetooth::BluetoothService::StopBluetooth(bool) [BluetoothService.cpp : 472 + 0x7] r0 = 0xb18daf70 r1 = 0xac1e07a0 r2 = 0x00000000 r4 = 0x00000000 r5 = 0xac1e07a0 r6 = 0xac2b9ce4 r7 = 0xb18daf70 r8 = 0xac1e0780 r9 = 0xac789690 r10 = 0xb6485bf8 fp = 0xbebaa7f8 sp = 0xbebaa608 pc = 0xb52edd67 Found by: call frame info 12 libxul.so!mozilla::dom::bluetooth::BluetoothService::HandleSettingsChanged(nsAString_internal const&) [BluetoothService.cpp : 645 + 0x5] r0 = 0xb18daf70 r1 = 0x00000000 r2 = 0x00000000 r4 = 0xbebaa634 r5 = 0xb18daf70 r6 = 0xbebaa658 r7 = 0xad5e7f30 r8 = 0xac1e0780 r9 = 0xac789690 r10 = 0xb6485bf8 fp = 0xbebaa7f8 sp = 0xbebaa628 pc = 0xb52ee221 Found by: call frame info 13 libxul.so!mozilla::dom::bluetooth::BluetoothService::Observe(nsISupports*, char const*, char16_t const*) [BluetoothService.cpp : 758 + 0x3] r4 = 0xb18daf70 r5 = 0xac1e0780 r6 = 0xac789690 r7 = 0xad5e7f30 r8 = 0xac1e0780 r9 = 0xac789690 r10 = 0xb6485bf8 fp = 0xbebaa7f8 sp = 0xbebaa6b8 pc = 0xb52ee2a1 Found by: call frame info 14 libxul.so!nsObserverList::NotifyObservers(nsISupports*, char const*, char16_t const*) [nsObserverList.cpp : 96 + 0x7] r0 = 0xb18daf70 r1 = 0xac789690 r2 = 0x00000050 r3 = 0x00000001 r4 = 0xbebaa6dc r5 = 0x0000000d r6 = 0xb52ee25d r7 = 0xad5e7f30 r8 = 0xac1e0780 r9 = 0xac789690 r10 = 0xb6485bf8 fp = 0xbebaa7f8 sp = 0xbebaa6d8 pc = 0xb4b415c3 Found by: call frame info 15 libxul.so!nsObserverService::NotifyObservers(nsISupports*, char const*, char16_t const*) [nsObserverService.cpp : 302 + 0x9] r0 = 0xaf4c1774 r1 = 0xac051d40 r2 = 0xac1e0780 r4 = 0xac1e0780 r5 = 0xac789690 r6 = 0xad5e7f30 r7 = 0xb68a68f0 r8 = 0x00000003 r9 = 0xbebaa880 r10 = 0xb6485bf8 fp = 0xbebaa7f8 sp = 0xbebaa700 pc = 0xb4b41939 Found by: call frame info 16 libxul.so!NS_InvokeByIndex [xptcinvoke_arm.cpp : 164 + 0x11] r3 = 0xac789690 r4 = 0xb4b41905 r5 = 0xbebaa730 r6 = 0xbebaa718 r7 = 0xbebaa738 r8 = 0x00000003 r9 = 0xbebaa880 r10 = 0xb6485bf8 fp = 0xbebaa7f8 sp = 0xbebaa718 pc = 0xb4b5a19b Found by: call frame info 17 libxul.so!XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) [XPCWrappedNative.cpp : 2395 + 0xd] r3 = 0xbebaa840 r4 = 0x00000003 r5 = 0xbebaa788 r6 = 0x00000003 r7 = 0xbebaa860 r8 = 0x00000000 r9 = 0x00000003 r10 = 0xb6485bf8 fp = 0xbebaa7f8 sp = 0xbebaa760 pc = 0xb517fe7b Found by: call frame info 18 libxul.so!XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) [XPCWrappedNativeJSOps.cpp : 1272 + 0x7] r4 = 0xb6b7d520 r5 = 0xbebaa930 r6 = 0x00000001 r7 = 0xb62851bc r8 = 0xb636c708 r9 = 0xb1b27560 r10 = 0xbebaa9f0 fp = 0x00000003 sp = 0xbebaa8f8 pc = 0xb5181d27 Found by: call frame info 19 0xb390cf76 r4 = 0xaf3a45b0 r5 = 0xffffff87 r6 = 0xb3713c54 r7 = 0xffffff87 r8 = 0x00000203 r9 = 0xad77b990 r10 = 0x00000001 fp = 0xbebaaa08 sp = 0xbebaa9c0 pc = 0xb390cf78 Found by: call frame info 20 libxul.so!EnterBaseline [BaselineJIT.cpp : 124 + 0x15] sp = 0xbebaab10 pc = 0xb59c500b Found by: stack scanning 21 libxul.so!js::jit::EnterBaselineMethod(JSContext*, js::RunState&) [BaselineJIT.cpp : 155 + 0x7] r4 = 0xbebaabc8 r5 = 0x00000001 r6 = 0xb6b7d520 r7 = 0xbebaac70 r8 = 0x00000000 sp = 0xbebaab68 pc = 0xb59c53a1 Found by: call frame info 22 libxul.so!js::RunScript [Interpreter.cpp : 391 + 0x7] r4 = 0xbebaac70 r5 = 0xb6b7d520 r6 = 0xacd52340 r7 = 0xacd50e00 r8 = 0x00000000 sp = 0xbebaac20 pc = 0xb5b1b8a3 Found by: call frame info 23 libxul.so!js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct) [Interpreter.cpp : 369 + 0xd] r4 = 0xbebaac50 r5 = 0x00000001 r6 = 0xb6b7d520 r7 = 0xbebaafa8 r8 = 0x00000000 sp = 0xbebaac40 pc = 0xb5b1b9f7 Found by: call frame info 24 libxul.so!js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) [Interpreter.cpp : 511 + 0xb] r4 = 0x00000000 r5 = 0xffffff87 r6 = 0xbebab178 r7 = 0xbebaafa8 r8 = 0xbebab178 r9 = 0xb6b7d520 r10 = 0xbebaaf98 fp = 0xbebab150 sp = 0xbebaaf60 pc = 0xb5b1c009 Found by: call frame info 25 libxul.so!JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) [jsapi.cpp : 5209 + 0x13] r4 = 0xbebab170 r5 = 0xbebab160 r6 = 0xb6b7d520 r7 = 0x00000001 r8 = 0xb636c708 r9 = 0xb6141458 r10 = 0xbebab160 fp = 0xa8b8b400 sp = 0xbebab000 pc = 0xb5a5b739 Found by: call frame info 26 libxul.so!nsFrameMessageManager::ReceiveMessage(nsISupports*, nsAString_internal const&, bool, mozilla::dom::StructuredCloneData const*, CpowHolder*, nsIPrincipal*, nsTArray<nsString>*) [nsFrameMessageManager.cpp : 1072 + 0x3] r4 = 0xbebab0ec r5 = 0x00000001 r6 = 0x00000000 r7 = 0xac0dcf00 r8 = 0xb636c708 r9 = 0xb6141458 r10 = 0xbebab160 fp = 0xa8b8b400 sp = 0xbebab028 pc = 0xb534c377 Found by: call frame info 27 libxul.so!nsFrameMessageManager::ReceiveMessage(nsISupports*, nsAString_internal const&, bool, mozilla::dom::StructuredCloneData const*, CpowHolder*, nsIPrincipal*, nsTArray<nsString>*) [nsFrameMessageManager.cpp : 1092 + 0x17] r4 = 0x00000000 r5 = 0xbebab3e0 r6 = 0x00000000 r7 = 0x00000000 r8 = 0xb636c708 r9 = 0xbebab538 r10 = 0x00000000 fp = 0xa8b8b400 sp = 0xbebab1f8 pc = 0xb534c523 Found by: call frame info 28 libxul.so!mozilla::dom::ContentParent::RecvAsyncMessage(nsString const&, mozilla::dom::ClonedMessageData const&, nsTArray<mozilla::jsipc::CpowEntry> const&, IPC::Principal const&) [ContentParent.cpp : 3259 + 0x9] r4 = 0xa8b8b400 r5 = 0xbebab3e0 r6 = 0xbebab48c r7 = 0xbebab4a4 r8 = 0xbebab480 r9 = 0xbebab538 r10 = 0x00000000 fp = 0xa8b8b400 sp = 0xbebab3c8 pc = 0xb5117d9f Found by: call frame info 29 libxul.so!mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&) [PContentParent.cpp : 3832 + 0x13] r4 = 0xb5117d25 r5 = 0x00000000 r6 = 0xbebab62c r7 = 0x001a008f r8 = 0xb6bc6770 r9 = 0x00000001 r10 = 0x00000000 fp = 0xa8b8b400 sp = 0xbebab418 pc = 0xb4ccf2cd Found by: call frame info 30 libxul.so!mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) [MessageChannel.cpp : 1152 + 0x5] r4 = 0xa8b8b430 r5 = 0xbebab62c r6 = 0xad6817f0 r7 = 0xb6b7d1ac r8 = 0xb6bc6770 r9 = 0x00000001 r10 = 0x00000000 fp = 0x0000000f sp = 0xbebab5f8 pc = 0xb4c942d3 Found by: call frame info 31 libxul.so!mozilla::ipc::MessageChannel::OnMaybeDequeueOne() [MessageChannel.cpp : 1049 + 0x3] r0 = 0xa8b8b430 r1 = 0xbebab62c r2 = 0x00000002 r4 = 0x00000001 r5 = 0xb6b7d1a0 r6 = 0xad6817f0 r7 = 0xb6b7d1ac r8 = 0xb6bc6770 r9 = 0x00000001 r10 = 0x00000000 fp = 0x0000000f sp = 0xbebab610 pc = 0xb4c962eb Found by: call frame info 32 libxul.so!RunnableMethod<FdWatcher, void (FdWatcher::*)(), Tuple0>::Run() [tuple.h : 383 + 0x13] r4 = 0xac01f0d8 r5 = 0xb6b7d1a0 r6 = 0xad6817f0 r7 = 0xb6b7d1ac r8 = 0xb6bc6770 r9 = 0x00000001 r10 = 0x00000000 fp = 0x0000000f sp = 0xbebab650 pc = 0xb4b37cb5 Found by: call frame info 33 libxul.so!mozilla::ipc::MessageChannel::DequeueTask::Run() [MessageChannel.h : 385 + 0x9] r0 = 0xb4c96273 r1 = 0x00000000 r2 = 0x00000000 r4 = 0xac01f0d8 r5 = 0xb6b7d1a0 r6 = 0xad6817f0 r7 = 0xb6b7d1ac r8 = 0xb6bc6770 r9 = 0x00000001 r10 = 0x00000000 fp = 0x0000000f sp = 0xbebab660 pc = 0xb4c93cdb Found by: call frame info 34 libxul.so!MessageLoop::RunTask(Task*) [message_loop.cc : 357 + 0x5] r3 = 0xb4c93ccf r4 = 0xac01f0d8 r5 = 0xb6b7d1a0 r6 = 0xad6817f0 r7 = 0xb6b7d1ac r8 = 0xb6bc6770 r9 = 0x00000001 r10 = 0x00000000 fp = 0x0000000f sp = 0xbebab668 pc = 0xb4c8b621 Found by: call frame info 35 libxul.so!MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) [message_loop.cc : 365 + 0x5] r3 = 0xbebab688 r4 = 0x00000001 r5 = 0xbebab698 r6 = 0xad6817f0 r7 = 0xb6b7d1ac r8 = 0xb6bc6770 r9 = 0x00000001 r10 = 0x00000000 fp = 0x0000000f sp = 0xbebab678 pc = 0xb4c8bcdb Found by: call frame info 36 libxul.so!MessageLoop::DoWork() [message_loop.cc : 443 + 0x3] r3 = 0x00000000 r4 = 0xb6b7d1a0 r5 = 0xbebab698 r6 = 0xad6817f0 r7 = 0xb6b7d1ac r8 = 0xb6bc6770 r9 = 0x00000001 r10 = 0x00000000 fp = 0x0000000f sp = 0xbebab688 pc = 0xb4c8cd0d Found by: call frame info 37 libxul.so!mozilla::ipc::DoWorkRunnable::Run() [MessagePump.cpp : 228 + 0x7] r4 = 0xb6b7d1a0 r5 = 0x00000001 r6 = 0xbebab6dc r7 = 0xbebab70f r8 = 0xb6bc6770 r9 = 0x00000001 r10 = 0x00000000 fp = 0x0000000f sp = 0xbebab6b8 pc = 0xb4c96dfd Found by: call frame info 38 libxul.so!nsThread::ProcessNextEvent(bool, bool*) [nsThread.cpp : 766 + 0x5] r3 = 0xb4c96ddf r4 = 0xb6bc6740 r5 = 0x00000001 r6 = 0xbebab6dc r7 = 0xbebab70f r8 = 0xb6bc6770 r9 = 0x00000001 r10 = 0x00000000 fp = 0x0000000f sp = 0xbebab6c8 pc = 0xb4b55f5b Found by: call frame info 39 libxul.so!NS_ProcessNextEvent(nsIThread*, bool) [nsThreadUtils.cpp : 263 + 0xb] r4 = 0x00000001 r5 = 0xb6b7d1a0 r6 = 0xb6b01ec0 r7 = 0x00000000 r8 = 0xbebab7a0 r9 = 0xbebab790 r10 = 0x00000000 fp = 0x0000000f sp = 0xbebab708 pc = 0xb4b27d2f Found by: call frame info 40 libxul.so!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) [MessagePump.cpp : 136 + 0x7] r0 = 0xb6bc6740 r1 = 0x01000001 r4 = 0xb6b01eb0 r5 = 0xb6b7d1a0 r6 = 0xb6b01ec0 r7 = 0x00000000 r8 = 0xbebab7a0 r9 = 0xbebab790 r10 = 0x00000000 fp = 0x0000000f sp = 0xbebab718 pc = 0xb4c970ab Found by: call frame info 41 libxul.so!MessageLoop::RunInternal() [message_loop.cc : 229 + 0x5] r4 = 0xb6b7d1a0 r5 = 0xb197d700 r6 = 0xb6bc6740 r7 = 0xbebab965 r8 = 0xbebab7a0 r9 = 0xbebab790 r10 = 0x00000000 fp = 0x0000000f sp = 0xbebab740 pc = 0xb4c8b5af Found by: call frame info 42 libxul.so!MessageLoop::Run() [message_loop.cc : 222 + 0x5] r3 = 0x00000000 r4 = 0xb6b7d1a0 r5 = 0xb197d700 r6 = 0xb6bc6740 r7 = 0xbebab965 r8 = 0xbebab7a0 r9 = 0xbebab790 r10 = 0x00000000 fp = 0x0000000f sp = 0xbebab748 pc = 0xb4c8b661 Found by: call frame info 43 libxul.so!nsBaseAppShell::Run() [nsBaseAppShell.cpp : 164 + 0x7] r0 = 0x00000001 r1 = 0xb6fccf00 r2 = 0xb6b7d1a0 r3 = 0x00000000 r4 = 0x00000000 r5 = 0xb197d700 r6 = 0xb6bc6740 r7 = 0xbebab965 r8 = 0xbebab7a0 r9 = 0xbebab790 r10 = 0x00000000 fp = 0x0000000f sp = 0xbebab760 pc = 0xb5141183 Found by: call frame info 44 libxul.so!nsAppStartup::Run() [nsAppStartup.cpp : 278 + 0x5] r4 = 0xb2ecb670 r5 = 0xbebab874 r6 = 0xb4b41905 r7 = 0xbebab965 r8 = 0xbebab7a0 r9 = 0xbebab790 r10 = 0x00000000 fp = 0x0000000f sp = 0xbebab770 pc = 0xb5756db7 Found by: call frame info 45 libxul.so!XREMain::XRE_mainRun() [nsAppRunner.cpp : 4012 + 0x5] r4 = 0xbebab7a8 r5 = 0xbebab874 r6 = 0xb4b41905 r7 = 0xbebab965 r8 = 0xbebab7a0 r9 = 0xbebab790 r10 = 0x00000000 fp = 0x0000000f sp = 0xbebab778 pc = 0xb573fdd3 Found by: call frame info 46 libxul.so!XREMain::XRE_main(int, char**, nsXREAppData const*) [nsAppRunner.cpp : 4083 + 0x5] r4 = 0xbebab874 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000000 r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0xbebada1c sp = 0xbebab848 pc = 0xb574112d Found by: call frame info 47 libxul.so!XRE_main [nsAppRunner.cpp : 4297 + 0x3] r4 = 0x00000000 r5 = 0x00024948 r6 = 0xbebada24 r7 = 0x00000001 r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0xbebada1c sp = 0xbebab870 pc = 0xb5741289 Found by: call frame info 48 b2g!main [nsBrowserApp.cpp : 163 + 0xf] r4 = 0xbebada24 r5 = 0x00000001 r6 = 0xb5741249 r7 = 0xbebac9d8 r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0xbebada1c sp = 0xbebab980 pc = 0x0000ad7d Found by: call frame info 49 libc.so!__libc_init [libc_init_dynamic.cpp : 112 + 0x7] r4 = 0xbebada24 r5 = 0xbebada2c r6 = 0x00000001 r7 = 0xb6f96fd8 r8 = 0x0000ab7d r9 = 0x00000000 r10 = 0x00000000 fp = 0xbebada1c sp = 0xbebad9f0 pc = 0xb6f5b4ed Found by: call frame info 50 b2g + 0x2aea r4 = 0x00000000 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000000 r8 = 0x00000000 r9 = 0x00000000 r10 = 0x00000000 fp = 0xbebada1c sp = 0xbebada08 pc = 0x0000aaec Found by: call frame info 51 linker!set_soinfo_pool_protection [linker.cpp : 291 + 0xb] sp = 0xbebada20 pc = 0xb6fbd881 Found by: stack scanning 52 0xbebadb2f r3 = 0x00000001 r4 = 0xbebadb21 r5 = 0x00000000 sp = 0xbebada30 pc = 0xbebadb31 Found by: call frame info Maybe we're disabling Bluetooth before it has fully initialized?
Blocks: 1057220
No longer blocks: 1031527, 1035281, 1036419
blocking-b2g: --- → 2.0+
No longer depends on: 1057220, 1034294, 1036561, 1038461, 1039883, 1041751, 1053204
Whiteboard: [b2g-crash][caf-crash 217][caf priority: p1][CR 686674] → [b2g-crash][caf priority: p1]
Flags: needinfo?(btian)
https://www.codeaurora.org/cgit/quic/la/platform/external/bluetooth/bluedroid/tree/btc/src/btc_common.c?h=LNX.LA.2.7.3&id=AU_LINUX_GECKO_B2G_KK_2.0.01.04.00.114.058#n448 int s = socket(AF_LOCAL, SOCK_STREAM, 0); temp_sock=socket_local_client_connect(s, name, ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_STREAM); ...... close(s); I wonder how |s| becomes invalid fd.
Assignee: shuang → nobody
Clear ni? me since Shawn is checking this bug.
Flags: needinfo?(btian)
(In reply to Shawn Huang [:shuang] [:shawnjohnjr] from comment #1) > https://www.codeaurora.org/cgit/quic/la/platform/external/bluetooth/ > bluedroid/tree/btc/src/btc_common.c?h=LNX.LA.2.7. > 3&id=AU_LINUX_GECKO_B2G_KK_2.0.01.04.00.114.058#n448 > int s = socket(AF_LOCAL, SOCK_STREAM, 0); > temp_sock=socket_local_client_connect(s, name, > ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_STREAM); > ...... > close(s); > > I wonder how |s| becomes invalid fd. Sorry wrong link, this is correct one: https://www.codeaurora.org/cgit/quic/la/platform/external/bluetooth/bluedroid/tree/btc/src/btc_common.c?h=b2g_kk_3.5#n445
Can we add extra logs for BTC module since the AOSP bluedroid doesn't have this code?
(In reply to Shawn Huang [:shuang] [:shawnjohnjr] from comment #5) > Can we add extra logs for BTC module since the AOSP bluedroid doesn't have > this code? Shawn if I understand correctly the patch in comment 4 has extra logging enabled, you want a run with that patch right?
Flags: needinfo?(tkundu) → needinfo?(shuang)
Hi Shawn, we have seen this issue 10 times with bionic patch from bug 1057220 comment 38 . I asked our test team to reproduce again with your patch in Comment 4 . If you want to add more logs then please go ahead, add more logs for [1] and share with us again ! [1] https://www.codeaurora.org/cgit/quic/la/platform/external/bluetooth/bluedroid/log/?h=b2g_kk_3.5
(In reply to Shawn Huang [:shuang] [:shawnjohnjr] from comment #1) > https://www.codeaurora.org/cgit/quic/la/platform/external/bluetooth/ > bluedroid/tree/btc/src/btc_common.c?h=LNX.LA.2.7. > 3&id=AU_LINUX_GECKO_B2G_KK_2.0.01.04.00.114.058#n448 > int s = socket(AF_LOCAL, SOCK_STREAM, 0); > temp_sock=socket_local_client_connect(s, name, > ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_STREAM); > ...... > close(s); > > I wonder how |s| becomes invalid fd. Shawn, see that in the function socket_local_client_connect we return the same fd as the input param. So |temp_sock| is same as |s| which is freed at close(temp_sock) at line#444 [1], [1] https://www.codeaurora.org/cgit/quic/la/platform/external/bluetooth/bluedroid/tree/btc/src/btc_common.c?h=b2g_kk_3.5#n444
(In reply to bhargavg1 from comment #8) > (In reply to Shawn Huang [:shuang] [:shawnjohnjr] from comment #1) > > https://www.codeaurora.org/cgit/quic/la/platform/external/bluetooth/ > > bluedroid/tree/btc/src/btc_common.c?h=LNX.LA.2.7. > > 3&id=AU_LINUX_GECKO_B2G_KK_2.0.01.04.00.114.058#n448 > > int s = socket(AF_LOCAL, SOCK_STREAM, 0); > > temp_sock=socket_local_client_connect(s, name, > > ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_STREAM); > > ...... > > close(s); > > > > I wonder how |s| becomes invalid fd. > > Shawn, see that in the function socket_local_client_connect we return the > same fd as the input param. > > So |temp_sock| is same as |s| which is freed at close(temp_sock) at line#444 > [1], > > [1] > https://www.codeaurora.org/cgit/quic/la/platform/external/bluetooth/ > bluedroid/tree/btc/src/btc_common.c?h=b2g_kk_3.5#n444 Yes, then it will become double close.
Flags: needinfo?(shuang)
|close(temp_sock)| shall be removed, I think this cannot be fixed from gecko side, but BTC module inside bluedroid. Please let me know if there is anything we need to do.
Flags: needinfo?(bhargavg1)
(In reply to Shawn Huang [:shuang] [:shawnjohnjr] from comment #10) > |close(temp_sock)| shall be removed, I think this cannot be fixed from gecko > side, but BTC module inside bluedroid. Please let me know if there is > anything we need to do. Yes, I am asking the test team for a stab at the patch with only one close call
Flags: needinfo?(bhargavg1)
Blocks: 1058780
Whiteboard: [b2g-crash][caf priority: p1] → [b2g-crash][caf priority: p1] [POVB]
Blocks: 1060091
Change uploaded in CAF builds
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
status-b2g-v2.0: --- → fixed
status-b2g-v2.1: --- → fixed
Target Milestone: --- → 2.1 S3 (29aug)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: