Closed Bug 1097021 Opened 10 years ago Closed 10 years ago

[Bluetooth] Segmentation fault when pairing device

Categories

(Firefox OS Graveyard :: Bluetooth, defect)

Product:
Firefox OS Graveyard
Component:
Bluetooth
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1093079

People

(Reporter: tzimmermann, Unassigned)

Details

Gecko rev: 214903:cbe6afcae26c STR on Nexus 4: - open Bluetooth pane in Settings App - search devices - pair with Debian 7 computer - confirm on both devices Expected result: - pairing finishes Actual result - pairing still seems to complete, but - segmentation fault is logged I/Gecko ( 1889): [Child 1889] WARNING: '!mMainThread', file ../../../../mozilla-central/xpcom/threads/nsThreadManager.cpp, line 308 I/Gecko ( 1889): [Child 1889] WARNING: '!mMainThread', file ../../../../mozilla-central/xpcom/threads/nsThreadManager.cpp, line 308 I/Gecko ( 1889): [Child 1889] WARNING: NS_ENSURE_TRUE(inBrowser) failed: file ../../../../mozilla-central/embedding/browser/nsDocShellTreeOwner.cpp, line 82 I/Gecko ( 1889): [Child 1889] WARNING: NS_ENSURE_TRUE(inBrowser) failed: file ../../../../mozilla-central/embedding/browser/nsDocShellTreeOwner.cpp, line 82 F/MOZ_Assert( 1889): Assertion failure: !sHasShutDown, at ../../dist/include/mozilla/ClearOnShutdown.h:82 F/libc ( 1889): Fatal signal 11 (SIGSEGV) at 0x00000000 (code=1), thread 1889 (Bluetooth Manag) I/DEBUG ( 172): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** I/DEBUG ( 172): Build fingerprint: 'Android/full_mako/mako:4.3/JSS15J/eng.mozilla.20141111.113821:eng/test-keys' I/DEBUG ( 172): Revision: '11' I/DEBUG ( 172): pid: 1889, tid: 1889, name: Bluetooth Manag >>> /system/b2g/plugin-container <<< I/DEBUG ( 172): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 00000000
I tried to use Debian Jessie Beta 2 and it did not crash. That version uses bluez-5.23. But i'm not sure they are related.
Wheezy (Debian 7) uses BlueZ 4.99-2
Here is the backtrace. Happened on a current flame-kk. It's in the content process: u0_a4242 4242 205 98972 54172 ffffffff b5465bb4 t /system/b2g/plugin-container Program received signal SIGSEGV, Segmentation fault. 0xb5465bb4 in mozilla::ClearOnShutdown<mozilla::StaticRefPtr<mozilla::dom::bluetooth::BluetoothServiceChildProcess> > ( aPtr=aPtr@entry=0xb6b42408 <_ZN12_GLOBAL__N_117sBluetoothServiceE>) at ../../dist/include/mozilla/ClearOnShutdown.h:82 82 MOZ_ASSERT(!sHasShutDown); (gdb) bt #0 0xb5465bb4 in mozilla::ClearOnShutdown<mozilla::StaticRefPtr<mozilla::dom::bluetooth::BluetoothServiceChildProcess> > ( aPtr=aPtr@entry=0xb6b42408 <_ZN12_GLOBAL__N_117sBluetoothServiceE>) at ../../dist/include/mozilla/ClearOnShutdown.h:82 #1 0xb5465ce2 in mozilla::dom::bluetooth::BluetoothChild::BluetoothChild (this=0xb091f040, aBluetoothService=0xb09552c0) at ../../../../mozilla-central/dom/bluetooth/ipc/BluetoothChild.cpp:43 #2 0xb5467fa4 in mozilla::dom::bluetooth::BluetoothServiceChildProcess::Create () at ../../../../mozilla-central/dom/bluetooth/ipc/BluetoothServiceChildProcess.cpp:55 #3 0xb5463974 in mozilla::dom::bluetooth::BluetoothService::Create () at ../../../../mozilla-central/dom/bluetooth/BluetoothService.cpp:252 #4 0xb5464b28 in mozilla::dom::bluetooth::BluetoothService::Get () at ../../../../mozilla-central/dom/bluetooth/BluetoothService.cpp:700 #5 0xb545f234 in mozilla::dom::bluetooth::BluetoothAdapter::~BluetoothAdapter (this=0xb0fd2180, __in_chrg=<optimized out>) at ../../../../mozilla-central/dom/bluetooth/BluetoothAdapter.cpp:188 #6 0xb545f334 in mozilla::dom::bluetooth::BluetoothAdapter::~BluetoothAdapter (this=0xb0fd2180, __in_chrg=<optimized out>) at ../../../../mozilla-central/dom/bluetooth/BluetoothAdapter.cpp:192 #7 0xb5112c04 in mozilla::DOMEventTargetHelper::DeleteCycleCollectable (this=<optimized out>) at ../../../../mozilla-central/dom/events/DOMEventTargetHelper.cpp:75 #8 0xb4c4c632 in mozilla::DOMEventTargetHelper::cycleCollection::DeleteCycleCollectable (this=<optimized out>, p=0xb0fd2180) at ../../dist/include/mozilla/DOMEventTargetHelper.h:55 #9 0xb4698ad2 in SnowWhiteKiller::~SnowWhiteKiller (this=0xbe9c2eb4, __in_chrg=<optimized out>) at ../../../../mozilla-central/xpcom/base/nsCycleCollector.cpp:2643 #10 0xb4698b6c in nsCycleCollector::FreeSnowWhite (this=this@entry=0xb38a7000, aUntilNoSWInPurpleBuffer=aUntilNoSWInPurpleBuffer@entry=true) at ../../../../mozilla-central/xpcom/base/nsCycleCollector.cpp:2817 #11 0xb4698d12 in nsCycleCollector::BeginCollection (this=this@entry=0xb38a7000, aCCType=aCCType@entry=ShutdownCC, aManualListener=aManualListener@entry=0x0) at ../../../../mozilla-central/xpcom/base/nsCycleCollector.cpp:3779 #12 0xb4698f68 in Collect (aManualListener=0x0, aBudget=..., aCCType=ShutdownCC, this=0xb38a7000) at ../../../../mozilla-central/xpcom/base/nsCycleCollector.cpp:3615 #13 nsCycleCollector::Collect (this=0xb38a7000, aCCType=ShutdownCC, aBudget=..., aManualListener=0x0) at ../../../../mozilla-central/xpcom/base/nsCycleCollector.cpp:3585 #14 0xb469934e in nsCycleCollector::ShutdownCollect (this=0xb38a7000, this@entry=0xb38321c0) at ../../../../mozilla-central/xpcom/base/nsCycleCollector.cpp:3568 #15 0xb469939e in nsCycleCollector::Shutdown (this=0xb38321c0) at ../../../../mozilla-central/xpcom/base/nsCycleCollector.cpp:3832 #16 0xb46993e6 in nsCycleCollector_shutdown () at ../../../../mozilla-central/xpcom/base/nsCycleCollector.cpp:4264 #17 0xb46dd7ac in mozilla::ShutdownXPCOM (aServMgr=<optimized out>) at ../../../../mozilla-central/xpcom/build/XPCOMInit.cpp:933 #18 0xb58c9570 in XRE_TermEmbedding () at ../../../../mozilla-central/toolkit/xre/nsEmbedFunctions.cpp:201 #19 0xb488d756 in mozilla::ipc::ScopedXREEmbed::Stop (this=0xb3853ac0) at ../../../../mozilla-central/ipc/glue/ScopedXREEmbed.cpp:115 #20 0xb58c9c96 in XRE_InitChildProcess (aArgc=<optimized out>, aArgv=<optimized out>) at ../../../../mozilla-central/toolkit/xre/nsEmbedFunctions.cpp:554 #21 0x000092a2 in content_process_main (argc=6, argv=0xbe9c3b54) at ../../../../mozilla-central/ipc/app/../contentproc/plugin-container.cpp:158 #22 0xb6e654a4 in __libc_init (raw_args=0xbe9c3b50, onexit=<optimized out>, slingshot=0x9301 <main(int, char**)>, structors=<optimized out>) at bionic/libc/bionic/libc_init_dynamic.cpp:112 #23 0x00009188 in _start () (gdb)
Thomas, thanks a lot. It looks like similar bug 1093079.
Resolve duplicate per comment 4. Please reopen for any further concern.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.