crash in mozilla::dom::bluetooth::BluetoothAdapter::IsBluetoothCertifiedApp()

RESOLVED WONTFIX

Status

Firefox OS
Gaia::Music
--
critical
RESOLVED WONTFIX
3 years ago
5 months ago

People

(Reporter: KTucker, Unassigned)

Tracking

({crash})

unspecified
ARM
Gonk (Firefox OS)
crash

Firefox Tracking Flags

(blocking-b2g:2.6+, b2g-v2.5 affected, b2g-master affected)

Details

(Whiteboard: [2.5-Daily-Testing], crash signature, URL)

Attachments

(1 attachment)

This bug was filed from the Socorro interface and is 
report bp-1b9f431a-3fcc-4bc4-83fb-b60c92151013.
=============================================================

Frame 	Module 	Signature 	Source
0 	libxul.so 	mozilla::dom::bluetooth::BluetoothAdapter::IsBluetoothCertifiedApp() 	/builds/slave/b2g_m-cen_flm-kk_ntly-00000000/build/objdir-gecko/dist/include/nsCOMPtr.h:721
1 	libxul.so 	mozilla::dom::bluetooth::BluetoothAdapter::BluetoothAdapter(nsPIDOMWindow*, mozilla::dom::bluetooth::BluetoothValue const&) 	dom/bluetooth/common/webapi/BluetoothAdapter.cpp
2 	libxul.so 	mozilla::dom::bluetooth::BluetoothAdapter::Create(nsPIDOMWindow*, mozilla::dom::bluetooth::BluetoothValue const&) 	dom/bluetooth/common/webapi/BluetoothAdapter.cpp
3 	libxul.so 	mozilla::dom::bluetooth::BluetoothManager::AppendAdapter(mozilla::dom::bluetooth::BluetoothValue const&) 	dom/bluetooth/common/webapi/BluetoothManager.cpp
4 	libxul.so 	GetAdaptersTask::ParseSuccessfulReply(JS::MutableHandle<JS::Value>) 	dom/bluetooth/common/webapi/BluetoothManager.cpp
5 	libxul.so 	mozilla::dom::bluetooth::BluetoothReplyRunnable::Run() 	dom/bluetooth/common/BluetoothReplyRunnable.cpp
6 	libxul.so 	nsThread::ProcessNextEvent(bool, bool*) 	xpcom/threads/nsThread.cpp
7 	libxul.so 	NS_ProcessNextEvent(nsIThread*, bool) 	xpcom/glue/nsThreadUtils.cpp
8 	libxul.so 	mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) 	ipc/glue/MessagePump.cpp
9 	libxul.so 	MessageLoop::RunInternal() 	ipc/chromium/src/base/message_loop.cc
10 	libxul.so 	MessageLoop::Run() 	ipc/chromium/src/base/message_loop.cc
11 	libxul.so 	nsBaseAppShell::Run() 	widget/nsBaseAppShell.cpp
12 	libxul.so 	XRE_RunAppShell 	toolkit/xre/nsEmbedFunctions.cpp
13 	libxul.so 	MessageLoop::RunInternal() 	ipc/chromium/src/base/message_loop.cc
14 	libxul.so 	MessageLoop::Run() 	ipc/chromium/src/base/message_loop.cc
15 	libxul.so 	XRE_InitChildProcess 	toolkit/xre/nsEmbedFunctions.cpp
16 	libxul.so 	content_process_main(int, char**) 	ipc/contentproc/plugin-container.cpp
17 	libxul.so 	mozilla::ipc::ProcLoaderLoadRunner::DoWork() 	ipc/glue/ProcessUtils_linux.cpp
18 	libxul.so 	XRE_ProcLoaderServiceRun 	ipc/glue/ProcessUtils_linux.cpp
19 	b2g 	main 	b2g/app/B2GLoader.cpp
20 	libc.so 	__libc_init 	/home/worker/workspace/B2G/bionic/libc/bionic/libc_init_dynamic.cpp:112
21 	b2g 	b2g@0xc1da 	
22 	linker 	set_soinfo_pool_protection 	/builds/slave/b2g_m-cen_flm-kk_ntly-00000000/build/bionic/linker/linker.cpp:291
23 		@0xbebd9d94 	

When sharing a link to messages and then attaching a music file, a crash occurred. 

Repro Steps:
1) Update a Flame to 20151013030230
2) Open the browser app and go to www.google.com
3) Tap on the "..." in the upper right corner and then tap "Share".
4) Tap "Messages".
5) Tap the paperclip to attach a file in the message and select "Music". 
6) Choose a song that is small enough to attach to the message and tap the "Share icon".
7) Select "Messages" again and observe.

Actual:
A crash will occur.


Expected:
No crash occurs and the music file is attached alongside the link that the user is sharing. 

Device: Flame 2.5
Build ID: 20151013030230
Gaia: d400cda6bf0f8b30dcf7d7d71bfa61f29a3f1588
Gecko: 607a236c229994df99766c005f9ec729532d7747
Gonk: c4779d6da0f85894b1f78f0351b43f2949e8decd
Version: 44.0a1 (2.5)
Firmware Version: v18D
User Agent: Mozilla/5.0 (Mobile; rv:44.0) Gecko/44.0 Firefox/44.0


Repro frequency: 1/10 10%
See attached: video, logcat
(Reporter)

Updated

3 years ago
status-b2g-master: --- → affected
Whiteboard: [2.5-Daily-Testing]
Due to the low reproducibility of this issue I cannot state for sure if this will occur or not on Aries 2.5.
QA Whiteboard: [QAnalyst-Triage?]
Flags: needinfo?(jmercado)
Keywords: steps-wanted
Created attachment 8673396 [details]
logcat_20151013_1616.txt
Correction to the variables in Comment 0. 

Device: Flame 2.5 (Full Flash)(KK)(319mb)
Build ID: 20151013030230
Gaia: d400cda6bf0f8b30dcf7d7d71bfa61f29a3f1588
Gecko: 607a236c229994df99766c005f9ec729532d7747
Gonk: c4779d6da0f85894b1f78f0351b43f2949e8decd
Version: 44.0a1 (2.5)
Firmware Version: v18D
User Agent: Mozilla/5.0 (Mobile; rv:44.0) Gecko/44.0 Firefox/44.0
QA Whiteboard: [QAnalyst-Triage?] → [QAnalyst-Triage+]
Flags: needinfo?(jmercado)
Comment hidden (obsolete)
Above comment was posted erroneously. Please ignore.
status-b2g-v2.5: --- → affected
REPRO: 

The crash occured 100 percent in all builds noted below except Flame 2.2, when using 
the steps from comment 0: 

Environmental Variables: (original build where bug was found)
Device: Flame 2.5
BuildID: 20151013030230
Gaia: d400cda6bf0f8b30dcf7d7d71bfa61f29a3f1588
Gecko: 607a236c229994df99766c005f9ec729532d7747
Gonk: c4779d6da0f85894b1f78f0351b43f2949e8decd
Version: 44.0a1 (2.5) 
Firmware Version: v18D
User Agent: Mozilla/5.0 (Mobile; rv:44.0) Gecko/44.0 Firefox/44.0

Environmental Variables:
Device: Flame 2.5
BuildID: 20151209170211
Gaia: 7ca639a7bb0bacf27f548841c52617bfc0e3b21f
Gecko: a35e8eb98969970d1af28b265bf99a9edd11e9c2
Gonk: 205ac4204bbbb2098a8046444acba551ba5dc75a
Version: 44.0a2 (2.5) 
Firmware Version: v18D
User Agent: Mozilla/5.0 (Mobile; rv:44.0) Gecko/44.0 Firefox/44.0

Environmental Variables:
Device: Aries 2.5
BuildID: 20151209171644
Gaia: 7ca639a7bb0bacf27f548841c52617bfc0e3b21f
Gecko: a35e8eb98969970d1af28b265bf99a9edd11e9c2
Gonk: a19052e4389c3ae2d8fc3e7a74a475401baacc56
Version: 44.0a2 (2.5) 
Firmware Version: D5803_23.1.A.1.28_NCB.ftf
User Agent: Mozilla/5.0 (Mobile; rv:44.0) Gecko/44.0 Firefox/44.0

Environmental Variables:
Device: Aries 2.6
BuildID: 20151211115227
Gaia: d886e152b42e557db612470d3417fe2947cbdeee
Gecko: 754b4805a65cab4f3aca99899227acc44ba4fb20
Gonk: a19052e4389c3ae2d8fc3e7a74a475401baacc56
Version: 45.0a1 (2.6) 
Firmware Version: D5803_23.1.A.1.28_NCB.ftf
User Agent: Mozilla/5.0 (Mobile; rv:45.0) Gecko/45.0 Firefox/45.0

NO REPRO: 

Environmental Variables:
Device: Flame 2.2
BuildID: 20151209032501
Gaia: 885647d92208fb67574ced44004ab2f29d23cb45
Gecko: 4381c4b69b9c
Gonk: bd9cb3af2a0354577a6903917bc826489050b40d
Version: 37.0 (2.2) 
Firmware Version: v18D
User Agent: Mozilla/5.0 (Mobile; rv:37.0) Gecko/37.0 Firefox/37.0

NOTE: 
Using this alternative step, negates the crashing issue in above builds: 
6) Choose a song that is small enough to attach to the message and tap the DONE above the "Share icon". The "Share icon" is non-existent in Flame 2.2.
QA Whiteboard: [QAnalyst-Triage+] → [QAnalyst-Triage?]
Flags: needinfo?(jmercado)
Keywords: steps-wanted
This issue is not a regression since the attach icon was not present in 2.2 but that leaves the question if it should be there at all.  No-Jun do you know or can you pass this on to someone who does?
QA Whiteboard: [QAnalyst-Triage?] → [QAnalyst-Triage+]
Flags: needinfo?(jmercado) → needinfo?(npark)
Hmm, I wonder whether it has anything to do with the new changes in Music app.  Jim, do you think this is related to NGA?  If not, I'll ping gwagner about it.
Flags: needinfo?(npark) → needinfo?(squibblyflabbetydoo)

Comment 10

3 years ago
It should be impossible for us to cause a crash from JS code, so at most, NGA revealed an existing bug. The signature doesn't seem like something we'd have a direct effect on anyway.
Flags: needinfo?(squibblyflabbetydoo)
Hi Alison, seems like this is more to do with the window mgmt, could you take a look?  Thanks!
Flags: needinfo?(ashiue)

Comment 12

3 years ago
This behavior of loop sharing is very similar to bug 1221745.
The share button on step 6 is NOT available in Music OGA. 

Maybe we need to investigate this different behavior between OGA/NGA first.
Jim, how do you think?
Flags: needinfo?(ashiue) → needinfo?(squibblyflabbetydoo)

Comment 13

3 years ago
Whether there's a bug in the music app or not, this is *also* a bug in Gecko. Even if you do something bad in JS, it should never cause a crash. While fixing bug 1221745 might "resolve" this, it would only be hiding the Gecko bug, not truly fixing it.
Flags: needinfo?(squibblyflabbetydoo)

Comment 14

3 years ago
Agreed.

Hi Julien, could you help to take a look at this crash issue? Thank you.
Flags: needinfo?(felash)

Comment 15

3 years ago
[Blocking Requested - why for this release]:
Crash issue
blocking-b2g: --- → 2.5?

Comment 16

3 years ago
If we can fix this in bug 1221745, this doesn't need to block 2.5, but it might be worth having it block 2.6...
There are actually 2 very weird things here:

1. Indeed, in Music, why do we have the "share" icon while we are in a "pick" activity ?
2. Why is it crashing in the Bluetooth subsystem even though we don't involve bluetooth at all ?

I'll try to reproduce today.
I can't reproduce the crash with the file in attachment 8698924 [details].

However I notice another issue where the SMS app stays blank, and I think this is a System message issue: we have twice the same activity running ("share" activity), as the System app did not kill the previous one because we're in a circular activity. And it seems like the 2nd instance can't properly get the system message because system messages are a mess.

Actually I'm quite sure we had the issue already and the easiest path was to avoid the circular activity in the first place.

So this is my proposal here: do not propose the "share" activity when we're already running in an activity.

If someone can still reproduce the crash, please attach the file you're using, or some additional setup needed (maybe configure/enable bluetooth ?). We can also file a separate bug for the issue I state here. In the mean time I'm changing the component as this should be the easiest path forward.
Component: Gaia::System::Window Mgmt → Gaia::Music
Flags: needinfo?(felash)

Updated

3 years ago
blocking-b2g: 2.5? → 2.6?

Comment 19

3 years ago
MArking this blocking to investigate crash and also the presence of share icon in the pick activity flow.
blocking-b2g: 2.6? → 2.6+
Sounds a duplicate of bug 1234974?

Updated

3 years ago
See Also: → bug 1234974
Should be fixed by bug mentioned in comment 20.
Keywords: qawanted, verifyme
There is no crash in this issue but other problems(It turns to a blank page/turns to google page) on the latest build of Flame KK v2.5 & master & Aries kk v2.5 &master by the STR in comment 0.

I have filed a separate bug for the issue,see bug: 1240694

Device: Flame KK v2.5 build 512mb
Build ID               20160118154920
Gaia Revision          1b813eac96781a5de8e400ed3727c7b20b83fcb8
Gaia Date              2016-01-18 10:50:32
Gecko Revision         https://hg.mozilla.org/releases/mozilla-b2g44_v2_5/rev/bb39ae22dea231b2457e995fa5ad5e6762b8bd54
Gecko Version          44.0
Device Name            flame
Firmware(Release)      4.4.2
Firmware(Incremental)  eng.worker.20160118.150111
Firmware Date          Mon Jan 18 15:01:21 UTC 2016
Firmware Version       v18D v5
Bootloader             L1TC000118D0

Device: Flame KK master build 512mb
Build ID               20160118150203
Gaia Revision          6164cd7af92ec2a3422d48f17f9577fc9b3f7ff4
Gaia Date              2016-01-18 07:19:35
Gecko Revision         https://hg.mozilla.org/mozilla-central/rev/a77b73c7723e1060993045fb31eb2f0a30473486
Gecko Version          46.0a1
Device Name            flame
Firmware(Release)      4.4.2
Firmware(Incremental)  eng.cltbld.20160118.184425
Firmware Date          Mon Jan 18 18:44:37 EST 2016
Firmware Version       v18D v5
Bootloader             L1TC000118D0

Device: Aries KK v2.5 build 
Build ID               20160115173852
Gaia Revision          5988edd0ec51f539466fb61ba3b05e9add4413e1
Gaia Date              2016-01-15 08:17:27
Gecko Revision         https://hg.mozilla.org/releases/mozilla-b2g44_v2_5/rev/0a6818a4f2e20242dbd1575e5f6d7cd508a2bd09
Gecko Version          44.0
Device Name            aries
Firmware(Release)      4.4.2
Firmware(Incremental)  eng.worker.20160115.164628
Firmware Date          Fri Jan 15 16:46:36 UTC 2016
Bootloader             s1

Device: Aries KK master build 
Build ID               20160118132303
Gaia Revision          6164cd7af92ec2a3422d48f17f9577fc9b3f7ff4
Gaia Date              2016-01-18 07:19:35
Gecko Revision         https://hg.mozilla.org/mozilla-central/rev/a77b73c7723e1060993045fb31eb2f0a30473486
Gecko Version          46.0a1
Device Name            aries
Firmware(Release)      4.4.2
Firmware(Incremental)  eng.worker.20160118.133917
Firmware Date          Mon Jan 18 13:39:25 UTC 2016
Bootloader             s1
QA Whiteboard: [QAnalyst-Triage+] → [QAnalyst-Triage+][MGSEI-Triage+]
Keywords: qawanted, verifyme

Comment 23

5 months ago
Firefox OS is not being worked on
Status: NEW → RESOLVED
Last Resolved: 5 months ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.