Closed Bug 836107 Opened 7 years ago Closed 7 years ago

Airplane Mode on/off caused crash

Categories

(Firefox OS Graveyard :: General, defect, critical)

ARM
Gonk (Firefox OS)
defect
Not set
critical

Tracking

(blocking-b2g:tef+, firefox19 wontfix, firefox20 wontfix, firefox21 fixed, b2g18 fixed, b2g18-v1.0.0 fixed, b2g18-v1.0.1 fixed)

VERIFIED FIXED
B2G C4 (2jan on)
blocking-b2g tef+
Tracking Status
firefox19 --- wontfix
firefox20 --- wontfix
firefox21 --- fixed
b2g18 --- fixed
b2g18-v1.0.0 --- fixed
b2g18-v1.0.1 --- fixed

People

(Reporter: ggrisco, Assigned: echou)

References

Details

(Keywords: crash, Whiteboard: [b2g-crash][BTG-1084])

Crash Data

Attachments

(2 files)

Attached file minidump
1. Make mocall
2. Send multiple Mo SMS
3. Gps ON/OFF
4. Wifi ON/Off
5. Blutooth on
6. GPS,Wifi,Blutooth On
7. Airplane mode ON/OFF
8. Device collected Minidumps.
Top of minidump:

Crash reason:  SIGSEGV
Crash address: 0x530049

Thread 0 (crashed)
 0  libxul.so!mozilla::ipc::UnixSocketImpl::StopTask [UnixSocket.cpp : 143 + 0x0]
     r4 = 0x4bd53c40    r5 = 0x48176330    r6 = 0x4bd53c40    r7 = 0x00000000
     r8 = 0x00000001    r9 = 0x00000000   r10 = 0xbe9cd110    fp = 0xfffffc43
     sp = 0xbe9ccfd0    lr = 0x41173687    pc = 0x4117303c
    Found by: given as instruction pointer in context
 1  libxul.so!mozilla::ipc::UnixSocketConsumer::CloseSocket [UnixSocket.cpp : 626 + 0x3]
     r4 = 0x48176330    r5 = 0x48176330    r6 = 0x4bd53c40    r7 = 0x00000000
     r8 = 0x00000001    r9 = 0x00000000   r10 = 0xbe9cd110    fp = 0xfffffc43
     sp = 0xbe9ccfd8    pc = 0x41173687
    Found by: call frame info
 2  libxul.so!mozilla::dom::bluetooth::BluetoothHfpManager::Connect [BluetoothHfpManager.cpp : 769 + 0x3]
     r4 = 0x48176330    r5 = 0x44975ac0    r6 = 0xbe9cd058    r7 = 0x48176330
     r8 = 0x00000001    r9 = 0x00000000   r10 = 0xbe9cd110    fp = 0xfffffc43
     sp = 0xbe9ccff0    pc = 0x40e07569
    Found by: call frame info
 3  libxul.so!mozilla::dom::bluetooth::BluetoothDBusService::Connect [BluetoothDBusService.cpp : 2439 + 0x11]
     r4 = 0x44975ac0    r5 = 0xbe9cd0b8    r6 = 0xbe9cd058    r7 = 0x48176330
     r8 = 0x00000001    r9 = 0xbe9cd0c4   r10 = 0xbe9cd110    fp = 0xfffffc43
Blocks: 808607
blocking-b2g: --- → tef?
Severity: normal → critical
Crash Signature: [@ mozilla::ipc::UnixSocketImpl::StopTask]
Keywords: crash
Whiteboard: [BTG-1084] → [b2g-crash][BTG-1084]
Assignee: nobody → echou
blocking-b2g: tef? → tef+
Marking status-b2g18 and status-b2g18-v1.0.0 as affected, please update the status to fixed once this is verified landed on v1-train/mozilla-b2g18 and v1.0.0/mozilla-b2g18_v_1_0_0
It crashed at the line mTask->Cancel() in StopTask(), which is a trivial function that only change the value of a boolean member variable. So I guess the problem may be caused by mTask itself -- not initialized. This could happen when UnixSocketImpl object has been created without any task enqueued. StopTask() will be called after calling CloseSocket(), and it will check if mTask is a nullptr (which is not because hasn't been initialized). If it isn't, mTask->Cancel() will be called.

I haven't tried reproducing yet because I'm not in the office today, but I'll make a patch asap.
Hi Kyle,

I think the problem I mentioned in comment 3 is the root cause and this patch could solve it. Could you please take a look of my patch and double-confirm if my idea is correct? Thanks in advance.

Eric
Attachment #708458 - Flags: review?(kyle)
Comment on attachment 708458 [details] [diff] [review]
patch 1: v1: initialize mTask with nullptr

Review of attachment 708458 [details] [diff] [review]:
-----------------------------------------------------------------

Yup, that looks right. Good catch.
Attachment #708458 - Flags: review?(kyle) → review+
https://hg.mozilla.org/mozilla-central/rev/c3ef3bcc7f0f
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → B2G C4 (2jan on)
Issue does not repro anymore.

Verified  on Unagi Build ID: 201302014070203
Kernel: Dec 5
Gecko:  http://hg.mozilla.org/releases/mozilla-b2g18_v1_0_1/rev/d1288313218e
Gaia:   6544fdb8dddc56f1aefe94482402488c89eeec49
Status: RESOLVED → VERIFIED
Issue does not repro anymore.

Verified  on Unagi Build ID: 201302014070203
Kernel: Dec 5
Gecko:  http://hg.mozilla.org/releases/mozilla-b2g18_v1_0_1/rev/d1288313218e
Gaia:   6544fdb8dddc56f1aefe94482402488c89eeec49
You need to log in before you can comment on or make changes to this bug.