Bug 1695119 Comment 0 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Original comment by

Shawn Huang [:shawnjohnjr][:shuang] (as a happy gecko contributor)

on 2021-02-25 20:10:12 PST

Crash has been observed on KaiOS (branch from Gecko 84).
It looks like bug 1693946, Promise is null.

The concrete reproduce steps are unknown yet.

I think adding Promise null check is reasonable.

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'qcom/Gflip5_VZW/Gflip5_VZW:10/QKQ1.200623.002/eng.next-u.20210208.061005:userdebug/test-keys'
Revision: '0'
ABI: 'arm'
Timestamp: 2021-02-15 16:47:59+0800
pid: 2838, tid: 2838, name: b2g  >>> /system/b2g/b2g <<<
uid: 0
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xc
Cause: null pointer dereference
    r0  0000000c  r1  bea34d88  r2  ae389798  r3  0eb88b2a
    r4  0000000c  r5  bea34d88  r6  00000000  r7  bea34d48
    r8  ae389798  r9  00000000  r10 bea34d88  r11 9ba8bc8c
    ip  b29eab00  sp  bea34d30  lr  b29ca9bd  pc  b356e124

backtrace:
      #00 pc 000ab124  /apex/com.android.runtime/lib/bionic/libc.so (pthread_mutex_lock+4) (BuildId: 1f4693f0a28e39adb613e92bac7a19b4)
      #01 pc 000a69b9  /system/b2g/libmozglue.so (mozilla::detail::MutexImpl::mutexLock()+4) (BuildId: daef2011a9595299ec6434f82978284a593fa718)
      #02 pc 0353a95b  /system/b2g/libxul.so (void mozilla::MozPromise<mozilla::dom::ClientOpResult, mozilla::CopyableErrorResult, false>::Private::Reject<mozilla::CopyableErrorResult&>(mozilla::CopyableErrorResult&&&, char const*)+22) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #03 pc 0354529d  /system/b2g/libxul.so (mozilla::dom::(anonymous namespace)::WebProgressListener::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult)+364) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #04 pc 040d0bef  /system/b2g/libxul.so (_ZNSt3__110__function6__funcIZN7mozilla3dom26BrowsingContextWebProgress13OnStateChangeEP14nsIWebProgressP10nsIRequestj8nsresultE4$_16NS_9allocatorISA_EEFvP22nsIWebProgressListenerEEclEOSE_+36) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #05 pc 040b6c39  /system/b2g/libxul.so (mozilla::dom::BrowsingContextWebProgress::UpdateAndNotifyListeners(unsigned int, std::__1::function<void (nsIWebProgressListener*)> const&)+144) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #06 pc 040b6d21  /system/b2g/libxul.so (mozilla::dom::BrowsingContextWebProgress::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult)+76) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #07 pc 03936f83  /system/b2g/libxul.so (mozilla::dom::BrowserParent::RecvOnStateChange(mozilla::Maybe<mozilla::dom::WebProgressData> const&, mozilla::dom::RequestData const&, unsigned int, nsresult, mozilla::Maybe<mozilla::dom::WebProgressStateChangeData> const&)+298) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #08 pc 02ac4a51  /system/b2g/libxul.so (mozilla::dom::PBrowserParent::OnMessageReceived(IPC::Message const&)+7832) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #09 pc 0298692b  /system/b2g/libxul.so (mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&)+1166) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #10 pc 02914ca1  /system/b2g/libxul.so (mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&)+296) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #11 pc 029153cd  /system/b2g/libxul.so (mozilla::ipc::MessageChannel::MessageTask::Run()+216) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #12 pc 02630625  /system/b2g/libxul.so (mozilla::RunnableTask::Run()+12) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #13 pc 0262fecf  /system/b2g/libxul.so (mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&)+1798) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #14 pc 0262f4ed  /system/b2g/libxul.so (mozilla::TaskController::ProcessPendingMTTask(bool)+64) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #15 pc 02631775  /system/b2g/libxul.so (_ZN7mozilla6detail16RunnableFunctionIZNS_14TaskController18InitializeInternalEvE3$_3E3RunEv+12) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #16 pc 02637193  /system/b2g/libxul.so (nsThread::ProcessNextEvent(bool, bool*)+710) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #17 pc 02638e33  /system/b2g/libxul.so (NS_ProcessNextEvent(nsIThread*, bool)+34) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #18 pc 02916575  /system/b2g/libxul.so (mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)+132) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #19 pc 028f72e9  /system/b2g/libxul.so (MessageLoop::Run()+56) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #20 pc 03aa5821  /system/b2g/libxul.so (nsBaseAppShell::Run()+28) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #21 pc 041c3391  /system/b2g/libxul.so (nsAppStartup::Run()+92) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #22 pc 0421cd2b  /system/b2g/libxul.so (XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&)+5142) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #23 pc 0421d863  /system/b2g/libxul.so (XRE_main(int, char**, mozilla::BootstrapConfig const&)+42) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #24 pc 00002da1  /system/b2g/b2g (main+764) (BuildId: 3a407e58cfcf6fe0088819a5a0c1b5a1a6d39d03)
      #25 pc 0005ab41  /apex/com.android.runtime/lib/bionic/libc.so (__libc_init+68) (BuildId: 1f4693f0a28e39adb613e92bac7a19b4)
      #26 pc 00002048  /system/b2g/b2g (_start_main+64) (BuildId: 3a407e58cfcf6fe0088819a5a0c1b5a1a6d39d03)

Revision 1 by

Shawn Huang [:shawnjohnjr][:shuang] (as a happy gecko contributor)

on 2021-02-25 20:10:47 PST

Crash has been observed on KaiOS (branch from Gecko 84).
It looks like bug 1693946, Promise is null.

The concrete reproduce steps are unknown yet.

I think adding Promise null check is reasonable.

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
ABI: 'arm'
Timestamp: 2021-02-15 16:47:59+0800
pid: 2838, tid: 2838, name: b2g  >>> /system/b2g/b2g <<<
uid: 0
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xc
Cause: null pointer dereference
    r0  0000000c  r1  bea34d88  r2  ae389798  r3  0eb88b2a
    r4  0000000c  r5  bea34d88  r6  00000000  r7  bea34d48
    r8  ae389798  r9  00000000  r10 bea34d88  r11 9ba8bc8c
    ip  b29eab00  sp  bea34d30  lr  b29ca9bd  pc  b356e124

backtrace:
      #00 pc 000ab124  /apex/com.android.runtime/lib/bionic/libc.so (pthread_mutex_lock+4) (BuildId: 1f4693f0a28e39adb613e92bac7a19b4)
      #01 pc 000a69b9  /system/b2g/libmozglue.so (mozilla::detail::MutexImpl::mutexLock()+4) (BuildId: daef2011a9595299ec6434f82978284a593fa718)
      #02 pc 0353a95b  /system/b2g/libxul.so (void mozilla::MozPromise<mozilla::dom::ClientOpResult, mozilla::CopyableErrorResult, false>::Private::Reject<mozilla::CopyableErrorResult&>(mozilla::CopyableErrorResult&&&, char const*)+22) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #03 pc 0354529d  /system/b2g/libxul.so (mozilla::dom::(anonymous namespace)::WebProgressListener::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult)+364) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #04 pc 040d0bef  /system/b2g/libxul.so (_ZNSt3__110__function6__funcIZN7mozilla3dom26BrowsingContextWebProgress13OnStateChangeEP14nsIWebProgressP10nsIRequestj8nsresultE4$_16NS_9allocatorISA_EEFvP22nsIWebProgressListenerEEclEOSE_+36) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #05 pc 040b6c39  /system/b2g/libxul.so (mozilla::dom::BrowsingContextWebProgress::UpdateAndNotifyListeners(unsigned int, std::__1::function<void (nsIWebProgressListener*)> const&)+144) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #06 pc 040b6d21  /system/b2g/libxul.so (mozilla::dom::BrowsingContextWebProgress::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult)+76) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #07 pc 03936f83  /system/b2g/libxul.so (mozilla::dom::BrowserParent::RecvOnStateChange(mozilla::Maybe<mozilla::dom::WebProgressData> const&, mozilla::dom::RequestData const&, unsigned int, nsresult, mozilla::Maybe<mozilla::dom::WebProgressStateChangeData> const&)+298) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #08 pc 02ac4a51  /system/b2g/libxul.so (mozilla::dom::PBrowserParent::OnMessageReceived(IPC::Message const&)+7832) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #09 pc 0298692b  /system/b2g/libxul.so (mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&)+1166) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #10 pc 02914ca1  /system/b2g/libxul.so (mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&)+296) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #11 pc 029153cd  /system/b2g/libxul.so (mozilla::ipc::MessageChannel::MessageTask::Run()+216) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #12 pc 02630625  /system/b2g/libxul.so (mozilla::RunnableTask::Run()+12) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #13 pc 0262fecf  /system/b2g/libxul.so (mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&)+1798) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #14 pc 0262f4ed  /system/b2g/libxul.so (mozilla::TaskController::ProcessPendingMTTask(bool)+64) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #15 pc 02631775  /system/b2g/libxul.so (_ZN7mozilla6detail16RunnableFunctionIZNS_14TaskController18InitializeInternalEvE3$_3E3RunEv+12) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #16 pc 02637193  /system/b2g/libxul.so (nsThread::ProcessNextEvent(bool, bool*)+710) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #17 pc 02638e33  /system/b2g/libxul.so (NS_ProcessNextEvent(nsIThread*, bool)+34) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #18 pc 02916575  /system/b2g/libxul.so (mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)+132) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #19 pc 028f72e9  /system/b2g/libxul.so (MessageLoop::Run()+56) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #20 pc 03aa5821  /system/b2g/libxul.so (nsBaseAppShell::Run()+28) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #21 pc 041c3391  /system/b2g/libxul.so (nsAppStartup::Run()+92) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #22 pc 0421cd2b  /system/b2g/libxul.so (XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&)+5142) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #23 pc 0421d863  /system/b2g/libxul.so (XRE_main(int, char**, mozilla::BootstrapConfig const&)+42) (BuildId: 6691c5cbd7331c17131ec815cabce69fb5058483)
      #24 pc 00002da1  /system/b2g/b2g (main+764) (BuildId: 3a407e58cfcf6fe0088819a5a0c1b5a1a6d39d03)
      #25 pc 0005ab41  /apex/com.android.runtime/lib/bionic/libc.so (__libc_init+68) (BuildId: 1f4693f0a28e39adb613e92bac7a19b4)
      #26 pc 00002048  /system/b2g/b2g (_start_main+64) (BuildId: 3a407e58cfcf6fe0088819a5a0c1b5a1a6d39d03)

Back to Bug 1695119 Comment 0