Closed Bug 795458 Opened 7 years ago Closed 7 years ago

Bluetooth pairing is still crashing and rebooting the phone

Categories

(Core :: DOM: Device Interfaces, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla18
blocking-basecamp +

People

(Reporter: tchung, Assigned: echou)

References

Details

Attachments

(1 file, 1 obsolete file)

Attached file logcat (obsolete) —
On the otoro, trying to pair the phone with a laptop will still crash and reboot the phone.    It does recover and not get stuck into an infinite loop like before, but it never successfully pairs on the laptop side.

Logcat attached, but not sure anything significant is captured that's helpful.

Repro:
1) install 9/28 daily build on otoro
2) settings > Bluetooth 
3) enable a laptop to search for and pair
4) both laptop and phone will show the common pairing code.  click Pair on the phone
5) Verify the phone will crash, and reboot immediately.  
6) hop over to the laptop, and notice it never paired.

Expected:
- no crash and rebooting on BT pairing

Actual:
- crash and reboot
resetting blocking-basecamp? flag for triage team.  Cc overholt
blocking-basecamp: + → ?
BT is a v1 P1.
Assignee: nobody → kyle
blocking-basecamp: ? → +
This has nothing to do with e10sing, it's just a bluetooth bug. Remove dep.
Comment on attachment 666038 [details]
logcat

Log contains no useful information, obsoleting.
Attachment #666038 - Attachment is obsolete: true
I tested it and found that pairing seemed to be done successfully, but it crashed. Because I found nothing specifically wrong during pairing process, so I guessed this may happen after pairing. There is a function called "showDevicePaired()" in Gaia bluetooth.js, which will be called after pairing, and it called getPairedDevice() in the function. If I commented this, pairing would be success, then no crashing, but pairing dialog won't disappear. 

Hope this provide some hints, I'll take a look this as well.
This issue occurs on child process, stack backtrace:

#0  ?? (warning: (Internal error: pc 0x0 in read in psymtab, but not in symtab.)

) at bionic/linker/linker.c:2072
warning: (Internal error: pc 0x0 in read in psymtab, but not in symtab.)

#1  0x4080f776 in mozilla::ObserverList<mozilla::dom::bluetooth::BluetoothSignal>::Broadcast (this=0x437671a0, 
    aSignal=...) at ../../dist/include/mozilla/Observer.h:67
#2  mozilla::dom::bluetooth::BluetoothService::DistributeSignal (this=0x437671a0, aSignal=...)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/dom/bluetooth/BluetoothService.cpp:353
#3  0x40813288 in mozilla::dom::bluetooth::BluetoothChild::RecvNotify (this=<value optimized out>, aSignal=...)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/dom/bluetooth/ipc/BluetoothChild.cpp:78
#4  0x40af86d6 in mozilla::dom::bluetooth::PBluetoothChild::OnMessageReceived (this=0x43c52640, __msg=...)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/objdir-gonk/ipc/ipdl/PBluetoothChild.cpp:387
#5  0x40b0f04a in mozilla::dom::PContentChild::OnMessageReceived (this=0x419311a8, __msg=...)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/objdir-gonk/ipc/ipdl/PContentChild.cpp:2009
#6  0x40aad9a8 in mozilla::ipc::AsyncChannel::OnDispatchMessage (this=0x419311b0, msg=...)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/ipc/glue/AsyncChannel.cpp:473
#7  0x40ab27d2 in mozilla::ipc::RPCChannel::OnMaybeDequeueOne (this=0x419311b0)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/ipc/glue/RPCChannel.cpp:402
#8  0x40a973a6 in DispatchToMethod<mozilla::dom::ContentParent, void (mozilla::dom::ContentParent::*)()> (
    this=<value optimized out>)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/ipc/chromium/src/base/tuple.h:383
#9  RunnableMethod<mozilla::dom::ContentParent, void (mozilla::dom::ContentParent::*)(), Tuple0>::Run (
    this=<value optimized out>)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/ipc/chromium/src/base/task.h:307
#10 0x40ab1188 in mozilla::ipc::RPCChannel::RefCountedTask::Run (this=<value optimized out>)
    at ../../dist/include/mozilla/ipc/RPCChannel.h:425
#11 mozilla::ipc::RPCChannel::DequeueTask::Run (this=<value optimized out>)
    at ../../dist/include/mozilla/ipc/RPCChannel.h:448
#12 0x40bb3130 in MessageLoop::RunTask (this=0xbe9aa8ec, task=0xbe9a9efc)
---Type <return> to continue, or q <return> to quit---
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/ipc/chromium/src/base/message_loop.cc:326
#13 0x40bb3f5a in MessageLoop::DeferOrRunPendingTask (this=0x419311b0, pending_task=<value optimized out>)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/ipc/chromium/src/base/message_loop.cc:334
#14 0x40bb4b38 in MessageLoop::DoWork (this=0xbe9aa8ec)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/ipc/chromium/src/base/message_loop.cc:434
#15 0x40ab0b44 in mozilla::ipc::DoWorkRunnable::Run (this=<value optimized out>)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/ipc/glue/MessagePump.cpp:42
#16 0x40b92baa in nsThread::ProcessNextEvent (this=0x41909880, mayWait=<value optimized out>, result=0xbe9a9fd7)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/xpcom/threads/nsThread.cpp:612
#17 0x40b73566 in NS_ProcessNextEvent_P (thread=0x419311b0, mayWait=true)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/objdir-gonk/xpcom/build/nsThreadUtils.cpp:220
#18 0x40ab0c9a in mozilla::ipc::MessagePump::Run (this=0x419022e0, aDelegate=0xbe9aa8ec)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/ipc/glue/MessagePump.cpp:117
#19 0x40ab0d06 in mozilla::ipc::MessagePumpForChildProcess::Run (this=0x419022e0, aDelegate=0xbe9aa8ec)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/ipc/glue/MessagePump.cpp:231
#20 0x40bb30e0 in MessageLoop::RunInternal (this=0x1000001)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/ipc/chromium/src/base/message_loop.cc:208
#21 0x40bb3196 in MessageLoop::RunHandler (this=0xbe9aa8ec)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/ipc/chromium/src/base/message_loop.cc:201
#22 MessageLoop::Run (this=0xbe9aa8ec)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/ipc/chromium/src/base/message_loop.cc:175
#23 0x40a3d184 in nsBaseAppShell::Run (this=0x43362c40)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/widget/xpwidgets/nsBaseAppShell.cpp:163
#24 0x403d7788 in XRE_RunAppShell ()
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/toolkit/xre/nsEmbedFunctions.cpp:646
#25 0x40ab0cd4 in mozilla::ipc::MessagePumpForChildProcess::Run (this=0x419022e0, aDelegate=0xbe9aa8ec)
---Type <return> to continue, or q <return> to quit---
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/ipc/glue/MessagePump.cpp:198
#26 0x40bb30e0 in MessageLoop::RunInternal (this=0x43362c40)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/ipc/chromium/src/base/message_loop.cc:208
#27 0x40bb3196 in MessageLoop::RunHandler (this=0xbe9aa8ec)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/ipc/chromium/src/base/message_loop.cc:201
#28 MessageLoop::Run (this=0xbe9aa8ec)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/ipc/chromium/src/base/message_loop.cc:175
#29 0x403d7b2e in XRE_InitChildProcess (aArgc=<value optimized out>, aArgv=<value optimized out>, 
    aProcess=GeckoProcessType_Content)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/toolkit/xre/nsEmbedFunctions.cpp:485
#30 0x00008450 in main (argc=5, argv=0xbe9aaa44)
    at /home/eric30/Mozilla/github/m-c/releases-mozilla-central/ipc/app/MozillaRuntimeMain.cpp:48

=================================

The main problem is, when we get PropertyChanged event for a BluetoothDevice, in BluetoothService::DistributeSignal(), we check if there's a corresponding device registered in the table mBluetoothSignalObserverTable by the value of "signal path", which is the object path of device. It any object path matches, devicePtr->Notify() will be called. However, if the device object has been recycled, it crashes.

This is a workaround, also revise a typo for the name of a system message which would be sent after device's "paired" property changed.
Assignee: kyle → echou
Attachment #666207 - Flags: review?(kyle)
Duplicate of this bug: 795218
Comment on attachment 666207 [details] [diff] [review]
v1: fixed pairing crash issue and revise the name of a system message

Review of attachment 666207 [details] [diff] [review]:
-----------------------------------------------------------------

Huh. Kinda wondering why we haven't removed the Device if it's been gc'd? I mean, there's a unregister call in the destructor. I guess file a followup to actually fix this, but the workaround should do for now.
Attachment #666207 - Flags: review?(kyle) → review+
> 
> Huh. Kinda wondering why we haven't removed the Device if it's been gc'd? I
> mean, there's a unregister call in the destructor. I guess file a followup
> to actually fix this, but the workaround should do for now.

Yes, it needs more check. Followup: Bug 795659
https://hg.mozilla.org/mozilla-central/rev/e6fb0f8197f7
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
Applying the mentioned patch, we still see the reboot, not pairing to a pc but to another non B2G phone. Does this issue still exist?
You need to log in before you can comment on or make changes to this bug.