Closed Bug 837181 Opened 11 years ago Closed 10 years ago

crash in HASH_Update when trying to restart the phone while doing a packaged app update

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1046221
Tracking Flags:
Tracking Status
b2g18 + ---

People

(Reporter: jsmith, Unassigned)

References

Details

(Keywords: crash, Whiteboard: [b2g-crash])

Crash Data

This bug was filed from the Socorro interface and is 
report bp-4db327d5-eb0d-427d-a6af-c34292130201 .
============================================================= 

I've seen this crash happen sometimes when trying to restart the phone while doing a large packaged app update.

Frame 	Module 	Signature 	Source
0 	libnss3.so 	HASH_Update 	sechash.c:390
1 	libxul.so 	nsCryptoHash::Update 	nsNSSComponent.cpp:2762
2 	libxul.so 	NS_InvokeByIndex_P 	xptcinvoke_arm.cpp:160
3 	libxul.so 	XPCWrappedNative::CallMethod 	XPCWrappedNative.cpp:3083
4 	libxul.so 	XPC_WN_CallMethod 	XPCWrappedNativeJSOps.cpp:1469
5 	libxul.so 	js::InvokeKernel 	jscntxtinlines.h:364
6 	libxul.so 	js::Interpret 	jsinterp.cpp:2475
7 	libxul.so 	js::RunScript 	jsinterp.cpp:324
8 	libxul.so 	js::Invoke 	jsinterp.cpp:378
9 	libxul.so 	JS_CallFunctionValue 	jsapi.cpp:5889
10 	libxul.so 	mozilla::dom::workers::EventListenerManager::DispatchEvent 	EventListenerManager.cpp:420
11 	libxul.so 	mozilla::dom::EventTargetBinding_workers::dispatchEvent 	EventTarget.h:52
12 	libxul.so 	mozilla::dom::EventTargetBinding_workers::genericMethod 	EventTargetBinding.cpp:596
13 	libxul.so 	js::Invoke 	jscntxtinlines.h:364
14 	libxul.so 	JS_CallFunctionName 	jsapi.cpp:5875
15 	libxul.so 	mozilla::dom::workers::events::DispatchEventToTarget 	Events.cpp:1080
16 	libxul.so 	MessageEventRunnable::WorkerRun 	WorkerPrivate.cpp:821
17 	libxul.so 	mozilla::dom::workers::WorkerRunnable::Run 	WorkerPrivate.cpp:1801
18 	libxul.so 	nsThread::ProcessNextEvent 	nsThread.cpp:620
19 	libxul.so 	NS_ProcessNextEvent_P 	nsThreadUtils.cpp:237
20 	libxul.so 	nsThread::Shutdown 	nsThread.cpp:467
21 	libxul.so 	mozilla::LazyIdleThread::ShutdownThread 	LazyIdleThread.cpp:273
22 	libxul.so 	mozilla::LazyIdleThread::Shutdown 	LazyIdleThread.cpp:417
23 	libxul.so 	mozilla::dom::indexedDB::IndexedDatabaseManager::Observe 	IndexedDatabaseManager.cpp:1634
24 	libxul.so 	nsObserverList::NotifyObservers 	nsObserverList.cpp:99
25 	libxul.so 	nsObserverService::NotifyObservers 	nsObserverService.cpp:149
26 	libxul.so 	mozilla::dom::power::PowerManagerService::SyncProfile 	PowerManagerService.cpp:110
27 	libxul.so 	mozilla::dom::power::PowerManagerService::Reboot 	PowerManagerService.cpp:119
28 	libxul.so 	mozilla::dom::power::PowerManager::Reboot 	PowerManager.cpp:68
29 	libxul.so 	NS_InvokeByIndex_P 	xptcinvoke_arm.cpp:160
30 	libxul.so 	XPCWrappedNative::CallMethod 	XPCWrappedNative.cpp:3083
31 	libxul.so 	XPC_WN_CallMethod 	XPCWrappedNativeJSOps.cpp:1469
32 	libxul.so 	js::InvokeKernel 	jscntxtinlines.h:364
33 	libxul.so 	js::Interpret 	jsinterp.cpp:2475
34 	libxul.so 	js::RunScript 	jsinterp.cpp:324
35 	libxul.so 	js::Invoke 	jsinterp.cpp:378
36 	libxul.so 	JS_CallFunctionValue 	jsapi.cpp:5889
37 	libxul.so 	nsJSContext::CallEventHandler 	nsJSEnvironment.cpp:1939
38 	libxul.so 	nsGlobalWindow::RunTimeoutHandler 	nsGlobalWindow.cpp:9702
39 	libxul.so 	nsGlobalWindow::RunTimeout 	nsGlobalWindow.cpp:9951
40 	libxul.so 	nsGlobalWindow::TimerCallback 	nsGlobalWindow.cpp:10218
41 	libxul.so 	nsTimerImpl::Fire 	nsTimerImpl.cpp:473
42 	libxul.so 	nsTimerEvent::Run 	nsTimerImpl.cpp:556
43 	libxul.so 	nsThread::ProcessNextEvent 	nsThread.cpp:620
44 	libxul.so 	NS_ProcessNextEvent_P 	nsThreadUtils.cpp:237
45 	libxul.so 	mozilla::ipc::MessagePump::Run 	MessagePump.cpp:82
46 	libxul.so 	MessageLoop::RunInternal 	message_loop.cc:215
47 	libxul.so 	MessageLoop::Run 	message_loop.cc:208
48 	libxul.so 	nsBaseAppShell::Run 	nsBaseAppShell.cpp:163
49 	libxul.so 	nsAppStartup::Run 	nsAppStartup.cpp:290
50 	libxul.so 	XREMain::XRE_mainRun 	nsAppRunner.cpp:3794
51 	libxul.so 	XREMain::XRE_main 	nsAppRunner.cpp:3860
52 	libxul.so 	XRE_main 	nsAppRunner.cpp:3935
53 	b2g 	main 	nsBrowserApp.cpp:164
54 	libc.so 	__libc_init 	libc_init_dynamic.c:114
55 	libc.so 	__cxa_atexit 	atexit.c:99
56 		@0xbe8fcd45
Blocks: b2g-app-updates
So this crash isn't entirely easy to reproduce - looks like it has to be timed just right to hit it. I've managed to hit this once so far.
Component: DOM: Apps → Security: PSM
blocking-b2g: --- → tef?
Whiteboard: [b2g-crash]
I wouldn't even bother tracking this or blocking on it. It's too infrequent and the crash only happens after starting up the phone again rarely.
blocking-b2g: tef? → ---
This crash is almost definitely caused by the use of nsICryptoHash after PSM/NSS has been shut down. It is easy to fix PSM so that the crash doesn't occur: just check for isAlreadyShutDown() in every method after acquiring the nsNSSShutdownPreventionLock. But, this will cause whoever is calling this method from JS to have to deal with an exception.

How can I tell which JS caller is calling nsICryptoHash here?

David, Camilo: either of you interested in taking this?
Brian,

We just nsICryptoHash in two places:
- To hash packages: https://mxr.mozilla.org/mozilla-central/source/dom/apps/src/Webapps.jsm#1159
- To hash manifests: https://mxr.mozilla.org/mozilla-central/source/dom/apps/src/Webapps.jsm#1206

If we just want to prevent a shutdown crash, catching an exception on the js side looks easy enough.
Sounds like we actually know what to do here. Covering up a potential crash hole sounds like something we might want to track.
tracking-b2g18: --- → ?
Blocks: b2g-apps-v1-next
No longer blocks: b2g-app-updates
No longer blocks: b2g-apps-v1-next
Unless we're still seeing this, this was almost certainly fixed by bug 1046221.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.