Closed Bug 845990 Opened 12 years ago Closed 12 years ago

Crash while manually turning BT on/off

Categories

(Firefox OS Graveyard :: General, defect)

Product:
Firefox OS Graveyard
Component:
General
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(blocking-b2g:-)

Status:
RESOLVED DUPLICATE of bug 845148
Project Flags:
blocking-b2g -

People

(Reporter: ggrisco, Unassigned)

References

Details

(Keywords: crash, Whiteboard: [BTG-1213][b2g-crash])

Crash Data

Attachments

(1 file)

decoded minidump of crash
91.66 KB, text/plain
Details
Issue seen once: 1. Manually turn bluetooth setting on then off repeatedly minidump attached
Top of stack trace from attached minidump for convenience: Crash reason: SIGSEGV Crash address: 0x666a5240 Thread 38 (crashed) 0 libxul.so!SearchTable [pldhash.cpp : 394 + 0x0] r4 = 0x43448b48 r5 = 0x8a816330 r6 = 0x666a5240 r7 = 0x00000000 r8 = 0x8a816330 r9 = 0x00000000 r10 = 0x487ffde0 fp = 0x487ffd8c sp = 0x487ffcf8 lr = 0x4117acfd pc = 0x4117ac06 Found by: given as instruction pointer in context 1 libxul.so!PL_DHashTableOperate [pldhash.cpp : 587 + 0xb] r4 = 0x43448b48 r5 = 0x8a816330 r6 = 0x487ffd8c r7 = 0x00000000 r8 = 0x00000000 r9 = 0x00000001 r10 = 0x487ffde0 fp = 0x457b633c sp = 0x487ffd28 pc = 0x4117acfd Found by: call frame info 2 libxul.so!nsBaseHashtable<nsCStringHashKey, mozilla::storage::Connection::FunctionInfo, mozilla::storage::Connection::FunctionInfo>::Get [nsTHashtable.h : 148 + 0x5] r4 = 0x43448b20 r5 = 0x487ffd8c r6 = 0x43448b48 r7 = 0x00000001 r8 = 0x00000000 r9 = 0x00000001 r10 = 0x487ffde0 fp = 0x457b633c sp = 0x487ffd40 pc = 0x40d6e965 Found by: call frame info 3 libxul.so!mozilla::storage::Connection::RemoveFunction [mozStorageConnection.cpp : 1345 + 0x7] r4 = 0x43448b20 r5 = 0x487ffd8c r6 = 0x43448b48 r7 = 0x00000001 r8 = 0x00000000 r9 = 0x00000001 r10 = 0x487ffde0 fp = 0x457b633c sp = 0x487ffd48 pc = 0x40fbece1 Found by: call frame info 4 libxul.so!mozilla::dom::indexedDB::CommitHelper::Run [IDBTransaction.cpp : 948 + 0x1] r4 = 0x4472b230 r5 = 0x487ffd8c r6 = 0x404cf058 r7 = 0x00000001 r8 = 0x00000000 r9 = 0x00000001 r10 = 0x487ffde0 fp = 0x457b633c sp = 0x487ffd88 pc = 0x40d80cf5 Found by: call frame info 5 libxul.so!mozilla::dom::indexedDB::TransactionThreadPool::TransactionQueue::Run [TransactionThreadPool.cpp : 639 + 0x5] r4 = 0x404cf040 r5 = 0x487ffdd4 r6 = 0x404cf058 r7 = 0x00000001 r8 = 0x00000000 r9 = 0x00000001 r10 = 0x487ffde0 fp = 0x457b633c sp = 0x487ffdd0 pc = 0x40d8995d Found by: call frame info 6 libxul.so!nsThreadPool::Run [nsThreadPool.cpp : 187 + 0x5] r4 = 0x457b6330 r5 = 0x00000000 r6 = 0x00000000 r7 = 0x00000000 r8 = 0x487ffe3c r9 = 0x00169db5 r10 = 0x457b6340 fp = 0x457b633c sp = 0x487ffe30 pc = 0x4119af83 Found by: call frame info 7 libxul.so!nsThread::ProcessNextEvent [nsThread.cpp : 620 + 0x5] r4 = 0x44496880 r5 = 0x00000000 r6 = 0x00000001 r7 = 0x00000000 r8 = 0x487ffeb7 r9 = 0x444968ac r10 = 0x00100000 fp = 0x00000001 sp = 0x487ffe70 pc = 0x41199d9b Found by: call frame info 8 libxul.so!NS_ProcessNextEvent_P [nsThreadUtils.cpp : 237 + 0xb] r4 = 0x00000001 r5 = 0x487ffec4 r6 = 0x00000000 r7 = 0x444968ac r8 = 0x4035e951 r9 = 0x4508beb0 r10 = 0x00100000 fp = 0x00000001 sp = 0x487ffeb0 pc = 0x4117a1bf Found by: call frame info 9 libxul.so!nsThread::ThreadFunc [nsThread.cpp : 258 + 0x7] r4 = 0x44496880 r5 = 0x487ffec4 r6 = 0x00000000 r7 = 0x444968ac r8 = 0x4035e951 r9 = 0x4508beb0 r10 = 0x00100000 fp = 0x00000001 sp = 0x487ffec0 pc = 0x4119a1e5 Found by: call frame info 10 libnspr4.so!_pt_root [ptthread.c : 156 + 0x5] r4 = 0x4508beb0 r5 = 0x40366bf4 r6 = 0x00000000 r7 = 0x00000078 r8 = 0x4035e951 r9 = 0x4508beb0 r10 = 0x00100000 fp = 0x00000001 sp = 0x487ffee0 pc = 0x4035e9b1 Found by: call frame info 11 libc.so!__thread_entry [pthread.c : 217 + 0x6] r4 = 0x487fff00 r5 = 0x4035e951 r6 = 0x4508beb0 r7 = 0x00000078 r8 = 0x4035e951 r9 = 0x4508beb0 r10 = 0x00100000 fp = 0x00000001 sp = 0x487ffef0 pc = 0x4007e114 Found by: call frame info 12 libc.so!pthread_create [pthread.c : 357 + 0xe] r4 = 0x487fff00 r5 = 0x007a4d40 r6 = 0xbeea6ebc r7 = 0x00000078 r8 = 0x4035e951 r9 = 0x4508beb0 r10 = 0x00100000 fp = 0x00000001 sp = 0x487fff00 pc = 0x4007dc68 Found by: call frame info Thread 0 0 libc.so + 0xe430 r4 = 0xbeea76a8 r5 = 0x404ecbe0 r6 = 0xbeea76a8 r7 = 0x000000fc r8 = 0x00000014 r9 = 0x00000000 r10 = 0x00000001 fp = 0x00000000 sp = 0xbeea7680 lr = 0x411b5e93 pc = 0x40079430 Found by: given as instruction pointer in context 1 libxul.so!nsAppShell::ProcessNextNativeEvent [nsAppShell.cpp : 717 + 0x5] sp = 0xbeea76a8 pc = 0x40ffda61 Found by: stack scanning 2 libxul.so!nsBaseAppShell::DoProcessNextNativeEvent [nsBaseAppShell.cpp : 139 + 0x5] r4 = 0x404ecbe0 r5 = 0x40407be0 r6 = 0x00000000 r7 = 0x00000000 r8 = 0x00000014 sp = 0xbeea77c8 pc = 0x4101a72b Found by: call frame info 3 libxul.so!nsBaseAppShell::OnProcessNextEvent [nsBaseAppShell.cpp : 298 + 0x5] r4 = 0x404ecbe0 r5 = 0x40407be0 r6 = 0x0016a735 r7 = 0x00000000 r8 = 0x00000014 sp = 0xbeea77e0 pc = 0x4101a809 Found by: call frame info 4 libxul.so!nsThread::ProcessNextEvent [nsThread.cpp : 593 + 0x5] r4 = 0x40407be0 r5 = 0x00000001 r6 = 0x4101a74d r7 = 0x00000001 r8 = 0xbeea784f r9 = 0x40429000 r10 = 0x00000000 sp = 0xbeea7808 pc = 0x41199ce3 Found by: call frame info 5 libxul.so!NS_ProcessNextEvent_P [nsThreadUtils.cpp : 237 + 0xb] r4 = 0x00000001 r5 = 0x404ee0c0 r6 = 0x404024d0 r7 = 0x00000000 r8 = 0x00000000 r9 = 0x40429000 r10 = 0x00000000 sp = 0xbeea7848 pc = 0x4117a1bf Found by: call frame info 6 libxul.so!mozilla::ipc::MessagePump::Run [MessagePump.cpp : 117 + 0x7] r4 = 0x404024c0 r5 = 0x404ee0c0 r6 = 0x404024d0 r7 = 0x00000000 r8 = 0x00000000 r9 = 0x40429000 r10 = 0x00000000 sp = 0xbeea7858 pc = 0x41093d2f Found by: call frame info
blocking-b2g: --- → tef?
Whiteboard: [BTG-1213][b2g-crash]
Severity: normal → critical
Crash Signature: [@ SearchTable ]
Keywords: crash
Gregor and I debugged a crash exactly like this. PLDHashTable::hashShift is within 1 word of offset 48 in Connection. I'm pretty convinced the patch in bug 845148 will fix this.
Depends on: 845148
Status: NEW → RESOLVED
blocking-b2g: tef? → -
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: