Closed Bug 840544 Opened 12 years ago Closed 12 years ago

[Bluetooth] SIGSEGV when turning off Bluetooth

Categories

(Firefox OS Graveyard :: General, defect)

Product:
Firefox OS Graveyard
Component:
General
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(blocking-b2g:-)

Status:
RESOLVED FIXED
Project Flags:
blocking-b2g -

People

(Reporter: tzimmermann, Assigned: tzimmermann)

References

Details

Attachments

(1 file)

On disconnect, close Bluetooth socket from within main thread
2.98 KB, patch
qdot
: review+
Details | Diff | Splinter Review
I tried to reproduce bug 838212 in b2g-18 by repeatedly connection and disconnecting from a headset. The Bluetooth UI got confused about the connection state, so I turned of Bluetooth altogether. This triggered a SIGSEGV from within in UnixSocket.cpp. I've seen this bug before several times. The gdb session is show below. Some of the line numbers might differ from upstream, because I had to apply the patches from bug 836523. I have a patch for this problem. ----- tdz@linux-6f0r:~/Projects/mozilla/src/B2G-unagi> ./run-gdb.sh attach 109 Attached; pid = 109 Listening on port 11109 prebuilt/linux-x86/toolchain/arm-linux-androideabi-4.4.x/bin/arm-linux-androideabi-gdb -x /tmp/b2g.gdbinit.tdz /home/tdz/Projects/mozilla/src/B2G-unagi/objdir-gecko/dist/bin/b2g GNU gdb (GDB) 7.1-android-gg2 Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "--host=i686-linux-gnu --target=arm-elf-linux". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Really redefine built-in command "frame"? (y or n) [answered Y; input not from terminal] Really redefine built-in command "thread"? (y or n) [answered Y; input not from terminal] Really redefine built-in command "start"? (y or n) [answered Y; input not from terminal] Reading symbols from /home/tdz/Projects/mozilla/src/B2G-unagi/objdir-gecko/dist/bin/b2g...done. Remote debugging from host 127.0.0.1 _______________________________________________________________________________ Error while running hook_stop: Value can't be converted to integer. syscall () at bionic/libc/arch-arm/bionic/syscall.S:50 50 ldmfd sp!, {r4, r5, r6, r7} gdb> c Program received signal SIGSEGV, Segmentation fault. _______________________________________________________________________________ Error while running hook_stop: Value can't be converted to integer. mozilla::RefCounted<mozilla::gfx::DrawTarget>::Release (this=0x132) at ../../../dist/include/mozilla/RefPtr.h:60 60 if (0 == --refCnt) { gdb> bt #0 mozilla::RefCounted<mozilla::gfx::DrawTarget>::Release (this=0x132) at ../../../dist/include/mozilla/RefPtr.h:60 #1 0x41239584 in mozilla::RefPtr<mozilla::ipc::UnixSocketConsumer>::unref (this=0x488e9fb0) at ../../dist/include/mozilla/RefPtr.h:159 #2 ~TemporaryRef (this=0x488e9fb0) at ../../dist/include/mozilla/RefPtr.h:184 #3 mozilla::ipc::UnixSocketConsumer::CloseSocket (this=0x488e9fb0) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/unixsocket/UnixSocket.cpp:627 #4 0x40e7ea7e in ShutdownProfileManagersRunnable::Run (this=<value optimized out>) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/dom/bluetooth/linux/BluetoothDBusService.cpp:822 #5 0x41260b78 in nsThread::ProcessNextEvent (this=0x404098e0, mayWait=<value optimized out>, result=0xbe8b27af) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/xpcom/threads/nsThread.cpp:620 #6 0x4123dfc0 in NS_ProcessNextEvent_P (thread=0x132, mayWait=0x0) at /home/tdz/Projects/mozilla/src/B2G-unagi/objdir-gecko/xpcom/build/nsThreadUtils.cpp:237 #7 0x41143474 in mozilla::ipc::MessagePump::Run (this=0x40402400, aDelegate=0x4042b0c0) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/glue/MessagePump.cpp:82 #8 0x41285b5e in MessageLoop::RunInternal (this=0xbe8b2738) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/chromium/src/base/message_loop.cc:215 #9 0x41285c3e in MessageLoop::RunHandler (this=0x4042b0c0) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/chromium/src/base/message_loop.cc:208 #10 MessageLoop::Run (this=0x4042b0c0) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/chromium/src/base/message_loop.cc:182 #11 0x410bf150 in nsBaseAppShell::Run (this=0x404fd820) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/widget/xpwidgets/nsBaseAppShell.cpp:163 #12 0x4101386e in nsAppStartup::Run (this=0x42c9a850) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/toolkit/components/startup/nsAppStartup.cpp:290 #13 0x409c17b2 in XREMain::XRE_mainRun (this=0xbe8b2994) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/toolkit/xre/nsAppRunner.cpp:3794 #14 0x409c421e in XREMain::XRE_main (this=0xbe8b2994, argc=<value optimized out>, argv=0xbe8b4b84, aAppData=<value optimized out>) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/toolkit/xre/nsAppRunner.cpp:3860 #15 0x409c4382 in XRE_main (argc=0x1, argv=0xbe8b4b84, aAppData=0x218d0, aFlags=<value optimized out>) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/toolkit/xre/nsAppRunner.cpp:3935 #16 0x000098f6 in do_main (argc=0x1, argv=0xbe8b4b84) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/b2g/app/nsBrowserApp.cpp:164 #17 main (argc=0x1, argv=0xbe8b4b84) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/b2g/app/nsBrowserApp.cpp:249 gdb> up 3 #3 mozilla::ipc::UnixSocketConsumer::CloseSocket (this=0x488e9fb0) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/unixsocket/UnixSocket.cpp:627 627 impl->mConsumer.forget(); gdb> print *impl Cannot access memory at address 0x0 gdb> print mImpl $1 = (class mozilla::ipc::UnixSocketImpl *) 0x0 gdb> info threads [New Thread 109.239] [New Thread 109.241] [New Thread 109.242] [New Thread 109.243] [New Thread 109.244] [New Thread 109.245] [New Thread 109.246] [New Thread 109.247] [New Thread 109.248] [New Thread 109.249] [New Thread 109.250] [New Thread 109.251] [New Thread 109.252] [New Thread 109.253] [New Thread 109.254] [New Thread 109.255] [New Thread 109.256] [New Thread 109.257] [New Thread 109.258] [New Thread 109.259] [New Thread 109.260] [New Thread 109.261] [New Thread 109.262] [New Thread 109.263] [New Thread 109.264] [New Thread 109.265] [New Thread 109.266] [New Thread 109.309] [New Thread 109.328] [New Thread 109.329] [New Thread 109.333] [New Thread 109.343] [New Thread 109.382] [New Thread 109.460] [New Thread 109.488] [New Thread 109.515] [New Thread 109.524] [New Thread 109.554] 39 Thread 109.554 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 38 Thread 109.524 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 37 Thread 109.515 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:183 36 Thread 109.488 poll () at bionic/libc/arch-arm/syscalls/poll.S:10 35 Thread 109.460 poll () at bionic/libc/arch-arm/syscalls/poll.S:10 34 Thread 109.382 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 33 Thread 109.343 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 32 Thread 109.333 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 31 Thread 109.329 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 30 Thread 109.328 __ioctl () at bionic/libc/arch-arm/syscalls/__ioctl.S:9 29 Thread 109.309 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 28 Thread 109.266 poll () at bionic/libc/arch-arm/syscalls/poll.S:10 27 Thread 109.265 syscall () at bionic/libc/arch-arm/bionic/syscall.S:50 26 Thread 109.264 read () at bionic/libc/arch-arm/syscalls/read.S:9 25 Thread 109.263 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 24 Thread 109.262 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 23 Thread 109.261 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 22 Thread 109.260 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 21 Thread 109.259 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 20 Thread 109.258 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 19 Thread 109.257 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 18 Thread 109.256 poll () at bionic/libc/arch-arm/syscalls/poll.S:10 17 Thread 109.255 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 16 Thread 109.254 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 15 Thread 109.253 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 14 Thread 109.252 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 13 Thread 109.251 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:183 12 Thread 109.250 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 11 Thread 109.249 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 10 Thread 109.248 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 9 Thread 109.247 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 8 Thread 109.246 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:183 7 Thread 109.245 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 6 Thread 109.244 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 5 Thread 109.243 0xffff0520 in ?? () 4 Thread 109.242 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 3 Thread 109.241 syscall () at bionic/libc/arch-arm/bionic/syscall.S:50 2 Thread 109.239 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 * 1 Thread 109.109 mozilla::RefCounted<mozilla::gfx::DrawTarget>::Release (this=0x132) at ../../../dist/include/mozilla/RefPtr.h:60 gdb> bt #0 mozilla::RefCounted<mozilla::gfx::DrawTarget>::Release (this=0x132) at ../../../dist/include/mozilla/RefPtr.h:60 #1 0x41239584 in mozilla::RefPtr<mozilla::ipc::UnixSocketConsumer>::unref (this=0x488e9fb0) at ../../dist/include/mozilla/RefPtr.h:159 #2 ~TemporaryRef (this=0x488e9fb0) at ../../dist/include/mozilla/RefPtr.h:184 #3 mozilla::ipc::UnixSocketConsumer::CloseSocket (this=0x488e9fb0) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/unixsocket/UnixSocket.cpp:627 #4 0x40e7ea7e in ShutdownProfileManagersRunnable::Run (this=<value optimized out>) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/dom/bluetooth/linux/BluetoothDBusService.cpp:822 #5 0x41260b78 in nsThread::ProcessNextEvent (this=0x404098e0, mayWait=<value optimized out>, result=0xbe8b27af) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/xpcom/threads/nsThread.cpp:620 #6 0x4123dfc0 in NS_ProcessNextEvent_P (thread=0x132, mayWait=0x0) at /home/tdz/Projects/mozilla/src/B2G-unagi/objdir-gecko/xpcom/build/nsThreadUtils.cpp:237 #7 0x41143474 in mozilla::ipc::MessagePump::Run (this=0x40402400, aDelegate=0x4042b0c0) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/glue/MessagePump.cpp:82 #8 0x41285b5e in MessageLoop::RunInternal (this=0xbe8b2738) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/chromium/src/base/message_loop.cc:215 #9 0x41285c3e in MessageLoop::RunHandler (this=0x4042b0c0) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/chromium/src/base/message_loop.cc:208 #10 MessageLoop::Run (this=0x4042b0c0) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/chromium/src/base/message_loop.cc:182 #11 0x410bf150 in nsBaseAppShell::Run (this=0x404fd820) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/widget/xpwidgets/nsBaseAppShell.cpp:163 #12 0x4101386e in nsAppStartup::Run (this=0x42c9a850) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/toolkit/components/startup/nsAppStartup.cpp:290 #13 0x409c17b2 in XREMain::XRE_mainRun (this=0xbe8b2994) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/toolkit/xre/nsAppRunner.cpp:3794 #14 0x409c421e in XREMain::XRE_main (this=0xbe8b2994, argc=<value optimized out>, argv=0xbe8b4b84, aAppData=<value optimized out>) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/toolkit/xre/nsAppRunner.cpp:3860 #15 0x409c4382 in XRE_main (argc=0x1, argv=0xbe8b4b84, aAppData=0x218d0, aFlags=<value optimized out>) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/toolkit/xre/nsAppRunner.cpp:3935 #16 0x000098f6 in do_main (argc=0x1, argv=0xbe8b4b84) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/b2g/app/nsBrowserApp.cpp:164 #17 main (argc=0x1, argv=0xbe8b4b84) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/b2g/app/nsBrowserApp.cpp:249 gdb> down #2 ~TemporaryRef (this=0x488e9fb0) at ../../dist/include/mozilla/RefPtr.h:184 184 ~TemporaryRef() { RefPtr<T>::unref(ptr); } gdb> down #1 0x41239584 in mozilla::RefPtr<mozilla::ipc::UnixSocketConsumer>::unref (this=0x488e9fb0) at ../../dist/include/mozilla/RefPtr.h:159 159 t->Release(); gdb> #0 mozilla::RefCounted<mozilla::gfx::DrawTarget>::Release (this=0x132) at ../../../dist/include/mozilla/RefPtr.h:60 60 if (0 == --refCnt) { gdb>
In the function UnixSocketConsumer::CloseSocket, in stack frame #3, the value of impl is null. This can only happen if the socket is concurrently closed from within another thread. The only place where this happens is CloseSocketTask in BluetoothOppManager.cpp. Converting the task into a runnable and running it within the main thread fixes the problem for me. The CloseSocketTask was delayed by 1000 ms. What was the purpose of this? Do I need to add this again?
Attachment #712961 - Flags: review?(kyle)
Hmm, that patch definitely doesn't fix the problem. I triggered bug 840943, unpaired the phone, and turned off Bluetooth. Then I hit exactly the same problem with the same stack trace, even though I had the patch applied. Maybe the problem here is created by the Bluetooth system's confusion about the connection status. See bug 840943 about this.
See Also: → 840943
Here is another instance of the problem. Again, I turned off Bluetooth and it crashed somewhere below ShutdownProfileManagersRunnable::Run. Just at a different step. ----- tdz@linux-6f0r:~/Projects/mozilla/src/B2G-unagi> ./run-gdb.sh attach 109 Attached; pid = 109 Listening on port 11109 prebuilt/linux-x86/toolchain/arm-linux-androideabi-4.4.x/bin/arm-linux-androideabi-gdb -x /tmp/b2g.gdbinit.tdz /home/tdz/Projects/mozilla/src/B2G-unagi/objdir-gecko/dist/bin/b2g GNU gdb (GDB) 7.1-android-gg2 Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "--host=i686-linux-gnu --target=arm-elf-linux". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Really redefine built-in command "frame"? (y or n) [answered Y; input not from terminal] Really redefine built-in command "thread"? (y or n) [answered Y; input not from terminal] Really redefine built-in command "start"? (y or n) [answered Y; input not from terminal] Reading symbols from /home/tdz/Projects/mozilla/src/B2G-unagi/objdir-gecko/dist/bin/b2g...done. Remote debugging from host 127.0.0.1 _______________________________________________________________________________ Error while running hook_stop: Value can't be converted to integer. syscall () at bionic/libc/arch-arm/bionic/syscall.S:50 50 ldmfd sp!, {r4, r5, r6, r7} gdb> c [New Thread 109.465] Program received signal SIGSEGV, Segmentation fault. _______________________________________________________________________________ Error while running hook_stop: Value can't be converted to integer. 0x403762ce in PR_Lock (lock=0x0) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/nsprpub/pr/src/pthreads/ptsynch.c:184 184 lock->locked = PR_TRUE; gdb> bt #0 0x403762ce in PR_Lock (lock=0x0) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/nsprpub/pr/src/pthreads/ptsynch.c:184 #1 0x412395d2 in mozilla::Mutex::Lock (this=0x47b3fb50) at ../../dist/include/mozilla/Mutex.h:74 #2 BaseAutoLock (this=0x47b3fb50) at ../../dist/include/mozilla/Mutex.h:153 #3 mozilla::ipc::UnixSocketImpl::CancelTask (this=0x47b3fb50) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/unixsocket/UnixSocket.cpp:79 #4 mozilla::ipc::UnixSocketConsumer::CloseSocket (this=0x47b3fb50) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/unixsocket/UnixSocket.cpp:629 #5 0x40e7eac6 in ShutdownProfileManagersRunnable::Run (this=<value optimized out>) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/dom/bluetooth/linux/BluetoothDBusService.cpp:822 #6 0x41260bc0 in nsThread::ProcessNextEvent (this=0x404098e0, mayWait=<value optimized out>, result=0xbecf27af) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/xpcom/threads/nsThread.cpp:620 #7 0x4123e008 in NS_ProcessNextEvent_P (thread=0x401224f8, mayWait=0x0) at /home/tdz/Projects/mozilla/src/B2G-unagi/objdir-gecko/xpcom/build/nsThreadUtils.cpp:237 #8 0x411434bc in mozilla::ipc::MessagePump::Run (this=0x40402400, aDelegate=0x4042b0c0) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/glue/MessagePump.cpp:82 #9 0x41285ba6 in MessageLoop::RunInternal (this=0x40188044) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/chromium/src/base/message_loop.cc:215 #10 0x41285c86 in MessageLoop::RunHandler (this=0x4042b0c0) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/chromium/src/base/message_loop.cc:208 #11 MessageLoop::Run (this=0x4042b0c0) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/chromium/src/base/message_loop.cc:182 #12 0x410bf198 in nsBaseAppShell::Run (this=0x404fd820) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/widget/xpwidgets/nsBaseAppShell.cpp:163 #13 0x410138b6 in nsAppStartup::Run (this=0x42c9a850) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/toolkit/components/startup/nsAppStartup.cpp:290 #14 0x409c17b2 in XREMain::XRE_mainRun (this=0xbecf2994) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/toolkit/xre/nsAppRunner.cpp:3794 #15 0x409c421e in XREMain::XRE_main (this=0xbecf2994, argc=<value optimized out>, argv=0xbecf4b84, aAppData=<value optimized out>) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/toolkit/xre/nsAppRunner.cpp:3860 #16 0x409c4382 in XRE_main (argc=0x1, argv=0xbecf4b84, aAppData=0x218d0, aFlags=<value optimized out>) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/toolkit/xre/nsAppRunner.cpp:3935 #17 0x000098f6 in do_main (argc=0x1, argv=0xbecf4b84) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/b2g/app/nsBrowserApp.cpp:164 #18 main (argc=0x1, argv=0xbecf4b84) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/b2g/app/nsBrowserApp.cpp:249 gdb> info threads [New Thread 109.231] [New Thread 109.233] [New Thread 109.234] [New Thread 109.235] [New Thread 109.236] [New Thread 109.237] [New Thread 109.238] [New Thread 109.239] [New Thread 109.240] [New Thread 109.241] [New Thread 109.242] [New Thread 109.243] [New Thread 109.244] [New Thread 109.245] [New Thread 109.246] [New Thread 109.249] [New Thread 109.251] [New Thread 109.252] [New Thread 109.253] [New Thread 109.254] [New Thread 109.255] [New Thread 109.256] [New Thread 109.257] [New Thread 109.258] [New Thread 109.262] [New Thread 109.263] [New Thread 109.264] [New Thread 109.304] [New Thread 109.310] [New Thread 109.311] [New Thread 109.331] [New Thread 109.340] [New Thread 109.377] [New Thread 109.380] [New Thread 109.417] [New Thread 109.422] [New Thread 109.423] [New Thread 109.425] [New Thread 109.504] [New Thread 109.506] 42 Thread 109.506 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:183 41 Thread 109.504 poll () at bionic/libc/arch-arm/syscalls/poll.S:10 40 Thread 109.425 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:183 39 Thread 109.423 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:183 38 Thread 109.422 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:183 37 Thread 109.417 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:183 36 Thread 109.380 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 35 Thread 109.377 0xffff0520 in ?? () 34 Thread 109.340 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 33 Thread 109.331 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 32 Thread 109.311 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 31 Thread 109.310 __ioctl () at bionic/libc/arch-arm/syscalls/__ioctl.S:9 30 Thread 109.304 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 29 Thread 109.264 poll () at bionic/libc/arch-arm/syscalls/poll.S:10 28 Thread 109.263 syscall () at bionic/libc/arch-arm/bionic/syscall.S:50 27 Thread 109.262 read () at bionic/libc/arch-arm/syscalls/read.S:9 26 Thread 109.258 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 25 Thread 109.257 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 24 Thread 109.256 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 23 Thread 109.255 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 22 Thread 109.254 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 21 Thread 109.253 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 20 Thread 109.252 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 19 Thread 109.251 0xffff0520 in ?? () 18 Thread 109.249 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 17 Thread 109.246 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 16 Thread 109.245 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 15 Thread 109.244 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 14 Thread 109.243 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:183 13 Thread 109.242 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 12 Thread 109.241 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 11 Thread 109.240 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 10 Thread 109.239 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 9 Thread 109.238 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:183 8 Thread 109.237 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 7 Thread 109.236 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 6 Thread 109.235 0xffff0520 in ?? () 5 Thread 109.234 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 4 Thread 109.233 syscall () at bionic/libc/arch-arm/bionic/syscall.S:50 3 Thread 109.231 __futex_syscall3 () at bionic/libc/arch-arm/bionic/atomics_arm.S:182 2 Thread 109.465 poll () at bionic/libc/arch-arm/syscalls/poll.S:10 * 1 Thread 109.109 0x403762ce in PR_Lock (lock=0x0) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/nsprpub/pr/src/pthreads/ptsynch.c:184 gdb> info registers r0 0x401224f8 0x401224f8 r1 0x40188044 0x40188044 r2 0x0 0x0 r3 0x1 0x1 r4 0x0 0x0 r5 0x0 0x0 r6 0x477c91c0 0x477c91c0 r7 0xbecf2738 0xbecf2738 r8 0x1 0x1 r9 0xbecf27af 0xbecf27af r10 0x4040990c 0x4040990c r11 0x0 0x0 r12 0x403804b0 0x403804b0 sp 0xbecf2730 0xbecf2730 lr 0x403762cd 0x403762cd pc 0x403762ce 0x403762ce <PR_Lock+14> cpsr 0x20000030 0x20000030 gdb> up 4 #4 mozilla::ipc::UnixSocketConsumer::CloseSocket (this=0x47b3fb50) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/unixsocket/UnixSocket.cpp:629 629 impl->CancelTask(); gdb> print mImpl $1 = (class mozilla::ipc::UnixSocketImpl *) 0x0 gdb> print impl $2 = <value optimized out> gdb> print *this $3 = {<mozilla::RefCounted<mozilla::ipc::UnixSocketConsumer>> = {refCnt = 0x0}, _vptr.UnixSocketConsumer = 0x41b5bcc0, mImpl = 0x0, mConnectionStatus = mozilla::ipc::SOCKET_CONNECTED} gdb> down #3 mozilla::ipc::UnixSocketImpl::CancelTask (this=0x47b3fb50) at /home/tdz/Projects/mozilla/src/B2G-unagi/gecko/ipc/unixsocket/UnixSocket.cpp:79 79 MutexAutoLock lock(mLock);
Attachment #712961 - Flags: review?(kyle) → review+
I can reproduce the original error almost every time with the latest m-c when I tried to send a file to my HTC phone.
backtrace: #0 mozilla::RefCounted<mozilla::gfx::DrawTarget>::Release (this=0x3a0074) at ../../../dist/include/mozilla/RefPtr.h:67 #1 0x41200cc0 in mozilla::RefPtr<mozilla::ipc::UnixSocketConsumer>::unref (this=0x478f7b70) at ../../dist/include/mozilla/RefPtr.h:166 #2 ~TemporaryRef (this=0x478f7b70) at ../../dist/include/mozilla/RefPtr.h:191 #3 mozilla::ipc::UnixSocketConsumer::CloseSocket (this=0x478f7b70) at /home/eric30/Mozilla/github/releases-mozilla-central/ipc/unixsocket/UnixSocket.cpp:627 #4 0x40dfcd64 in CloseSocketTask::Run (this=<value optimized out>) at /home/eric30/Mozilla/github/releases-mozilla-central/dom/bluetooth/BluetoothOppManager.cpp:176 #5 0x4124716c in MessageLoop::RunTask (this=0x4032d0c0, task=0x4965e1f0) at /home/eric30/Mozilla/github/releases-mozilla-central/ipc/chromium/src/base/message_loop.cc:333 #6 0x41247f9e in MessageLoop::DeferOrRunPendingTask (this=0x3a0074, pending_task=<value optimized out>) at /home/eric30/Mozilla/github/releases-mozilla-central/ipc/chromium/src/base/message_loop.cc:341 #7 0x4124800e in MessageLoop::DoDelayedWork (this=0x4032d0c0, next_delayed_work_time=0x40302410) at /home/eric30/Mozilla/github/releases-mozilla-central/ipc/chromium/src/base/message_loop.cc:468 #8 0x41072eea in mozilla::ipc::MessagePump::DoDelayedWork (this=0x40302400, aDelegate=<value optimized out>) at /home/eric30/Mozilla/github/releases-mozilla-central/ipc/glue/MessagePump.cpp:177 #9 0x41072fb6 in mozilla::ipc::DoWorkRunnable::Notify (this=0x403032d0, aTimer=<value optimized out>) at /home/eric30/Mozilla/github/releases-mozilla-central/ipc/glue/MessagePump.cpp:54
I think this bug might be a side effect of bug 840925. Once we landed this patch, we should probably review all the recently reported Bluetooth crashes.
blocking-b2g: --- → tef?
blocking-b2g: tef? → leo?
The patch for bug 842434 can also fix this bug. Please check bug 842434 comment 7 for more detail.
As I mentioned in comment 7, this should be fixed after the patch of Bug 842434 landed. Please reopen if it's still reproducible. Thanks.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
blocking-b2g: leo? → leo+
This problem should be fixed on both branches: (b2g18) after bug 845148 landed (m-c) after bug 842434 landed Re-nominate this as leo? since we don't really upload any patch for this bug.
blocking-b2g: leo+ → leo?
blocking-b2g: leo? → -
triage: blocking- per comment #9.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: