Closed Bug 1097021 Opened 10 years ago Closed 9 years ago

[Bluetooth] Segmentation fault when pairing device

Categories

(Firefox OS Graveyard :: Bluetooth, defect)

Product:
Firefox OS Graveyard
Component:
Bluetooth
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1093079

People

(Reporter: tzimmermann, Unassigned)

Details

Gecko rev: 214903:cbe6afcae26c

STR on Nexus 4:

  - open Bluetooth pane in Settings App
  - search devices
  - pair with Debian 7 computer
  - confirm on both devices

Expected result:

  - pairing finishes

Actual result

  - pairing still seems to complete, but
  - segmentation fault is logged

I/Gecko   ( 1889): [Child 1889] WARNING: '!mMainThread', file ../../../../mozilla-central/xpcom/threads/nsThreadManager.cpp, line 308
I/Gecko   ( 1889): [Child 1889] WARNING: '!mMainThread', file ../../../../mozilla-central/xpcom/threads/nsThreadManager.cpp, line 308
I/Gecko   ( 1889): [Child 1889] WARNING: NS_ENSURE_TRUE(inBrowser) failed: file ../../../../mozilla-central/embedding/browser/nsDocShellTreeOwner.cpp, line 82
I/Gecko   ( 1889): [Child 1889] WARNING: NS_ENSURE_TRUE(inBrowser) failed: file ../../../../mozilla-central/embedding/browser/nsDocShellTreeOwner.cpp, line 82
F/MOZ_Assert( 1889): Assertion failure: !sHasShutDown, at ../../dist/include/mozilla/ClearOnShutdown.h:82
F/libc    ( 1889): Fatal signal 11 (SIGSEGV) at 0x00000000 (code=1), thread 1889 (Bluetooth Manag)
I/DEBUG   (  172): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG   (  172): Build fingerprint: 'Android/full_mako/mako:4.3/JSS15J/eng.mozilla.20141111.113821:eng/test-keys'
I/DEBUG   (  172): Revision: '11'
I/DEBUG   (  172): pid: 1889, tid: 1889, name: Bluetooth Manag  >>> /system/b2g/plugin-container <<<
I/DEBUG   (  172): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 00000000
I tried to use Debian Jessie Beta 2 and it did not crash. That version uses bluez-5.23. But i'm not sure they are related.
Wheezy (Debian 7) uses BlueZ 4.99-2
Here is the backtrace. Happened on a current flame-kk. It's in the content process:

u0_a4242  4242  205   98972  54172 ffffffff b5465bb4 t /system/b2g/plugin-container

Program received signal SIGSEGV, Segmentation fault.
0xb5465bb4 in mozilla::ClearOnShutdown<mozilla::StaticRefPtr<mozilla::dom::bluetooth::BluetoothServiceChildProcess> > (
    aPtr=aPtr@entry=0xb6b42408 <_ZN12_GLOBAL__N_117sBluetoothServiceE>) at ../../dist/include/mozilla/ClearOnShutdown.h:82
82        MOZ_ASSERT(!sHasShutDown);
(gdb) bt
#0  0xb5465bb4 in mozilla::ClearOnShutdown<mozilla::StaticRefPtr<mozilla::dom::bluetooth::BluetoothServiceChildProcess> > (
    aPtr=aPtr@entry=0xb6b42408 <_ZN12_GLOBAL__N_117sBluetoothServiceE>) at ../../dist/include/mozilla/ClearOnShutdown.h:82
#1  0xb5465ce2 in mozilla::dom::bluetooth::BluetoothChild::BluetoothChild (this=0xb091f040, aBluetoothService=0xb09552c0)
    at ../../../../mozilla-central/dom/bluetooth/ipc/BluetoothChild.cpp:43
#2  0xb5467fa4 in mozilla::dom::bluetooth::BluetoothServiceChildProcess::Create ()
    at ../../../../mozilla-central/dom/bluetooth/ipc/BluetoothServiceChildProcess.cpp:55
#3  0xb5463974 in mozilla::dom::bluetooth::BluetoothService::Create () at ../../../../mozilla-central/dom/bluetooth/BluetoothService.cpp:252
#4  0xb5464b28 in mozilla::dom::bluetooth::BluetoothService::Get () at ../../../../mozilla-central/dom/bluetooth/BluetoothService.cpp:700
#5  0xb545f234 in mozilla::dom::bluetooth::BluetoothAdapter::~BluetoothAdapter (this=0xb0fd2180, __in_chrg=<optimized out>)
    at ../../../../mozilla-central/dom/bluetooth/BluetoothAdapter.cpp:188
#6  0xb545f334 in mozilla::dom::bluetooth::BluetoothAdapter::~BluetoothAdapter (this=0xb0fd2180, __in_chrg=<optimized out>)
    at ../../../../mozilla-central/dom/bluetooth/BluetoothAdapter.cpp:192
#7  0xb5112c04 in mozilla::DOMEventTargetHelper::DeleteCycleCollectable (this=<optimized out>)
    at ../../../../mozilla-central/dom/events/DOMEventTargetHelper.cpp:75
#8  0xb4c4c632 in mozilla::DOMEventTargetHelper::cycleCollection::DeleteCycleCollectable (this=<optimized out>, p=0xb0fd2180)
    at ../../dist/include/mozilla/DOMEventTargetHelper.h:55
#9  0xb4698ad2 in SnowWhiteKiller::~SnowWhiteKiller (this=0xbe9c2eb4, __in_chrg=<optimized out>)
    at ../../../../mozilla-central/xpcom/base/nsCycleCollector.cpp:2643
#10 0xb4698b6c in nsCycleCollector::FreeSnowWhite (this=this@entry=0xb38a7000, aUntilNoSWInPurpleBuffer=aUntilNoSWInPurpleBuffer@entry=true)
    at ../../../../mozilla-central/xpcom/base/nsCycleCollector.cpp:2817
#11 0xb4698d12 in nsCycleCollector::BeginCollection (this=this@entry=0xb38a7000, aCCType=aCCType@entry=ShutdownCC, aManualListener=aManualListener@entry=0x0)
    at ../../../../mozilla-central/xpcom/base/nsCycleCollector.cpp:3779
#12 0xb4698f68 in Collect (aManualListener=0x0, aBudget=..., aCCType=ShutdownCC, this=0xb38a7000)
    at ../../../../mozilla-central/xpcom/base/nsCycleCollector.cpp:3615
#13 nsCycleCollector::Collect (this=0xb38a7000, aCCType=ShutdownCC, aBudget=..., aManualListener=0x0)
    at ../../../../mozilla-central/xpcom/base/nsCycleCollector.cpp:3585
#14 0xb469934e in nsCycleCollector::ShutdownCollect (this=0xb38a7000, this@entry=0xb38321c0)
    at ../../../../mozilla-central/xpcom/base/nsCycleCollector.cpp:3568
#15 0xb469939e in nsCycleCollector::Shutdown (this=0xb38321c0) at ../../../../mozilla-central/xpcom/base/nsCycleCollector.cpp:3832
#16 0xb46993e6 in nsCycleCollector_shutdown () at ../../../../mozilla-central/xpcom/base/nsCycleCollector.cpp:4264
#17 0xb46dd7ac in mozilla::ShutdownXPCOM (aServMgr=<optimized out>) at ../../../../mozilla-central/xpcom/build/XPCOMInit.cpp:933
#18 0xb58c9570 in XRE_TermEmbedding () at ../../../../mozilla-central/toolkit/xre/nsEmbedFunctions.cpp:201
#19 0xb488d756 in mozilla::ipc::ScopedXREEmbed::Stop (this=0xb3853ac0) at ../../../../mozilla-central/ipc/glue/ScopedXREEmbed.cpp:115
#20 0xb58c9c96 in XRE_InitChildProcess (aArgc=<optimized out>, aArgv=<optimized out>) at ../../../../mozilla-central/toolkit/xre/nsEmbedFunctions.cpp:554
#21 0x000092a2 in content_process_main (argc=6, argv=0xbe9c3b54) at ../../../../mozilla-central/ipc/app/../contentproc/plugin-container.cpp:158
#22 0xb6e654a4 in __libc_init (raw_args=0xbe9c3b50, onexit=<optimized out>, slingshot=0x9301 <main(int, char**)>, structors=<optimized out>)
    at bionic/libc/bionic/libc_init_dynamic.cpp:112
#23 0x00009188 in _start ()
(gdb)
Thomas, thanks a lot. It looks like similar bug 1093079.
Resolve duplicate per comment 4. Please reopen for any further concern.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.