Closed Bug 1155385 Opened 9 years ago Closed 9 years ago

Intermittent test_response.html | application terminated with exit code 1 after AddressSanitizer: heap-use-after-free

Categories

(Core :: IPC, defect)

x86_64
Linux
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 1158155
Tracking Status
e10s - ---

People

(Reporter: RyanVM, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, intermittent-failure, sec-high)

11:35:10 INFO - 5768 INFO TEST-START | dom/tests/mochitest/fetch/test_response.html
11:35:10 INFO - MEMORY STAT vsize after test: 21991724552192
11:35:10 INFO - MEMORY STAT residentFast after test: 1146667008
11:35:10 INFO - 5769 INFO TEST-OK | dom/tests/mochitest/fetch/test_response.html | took 500ms
11:35:11 INFO - ###!!! [Parent][OnMaybeDequeueOne] Error: Channel closing: too late to send/recv, messages will be lost
11:35:12 INFO - ###!!! [Parent][OnMaybeDequeueOne] Error: Channel closing: too late to send/recv, messages will be lost
11:35:12 INFO - ###!!! [Parent][OnMaybeDequeueOne] Error: Channel closing: too late to send/recv, messages will be lost
11:35:12 INFO - ###!!! [Parent][OnMaybeDequeueOne] Error: Channel closing: too late to send/recv, messages will be lost
11:35:12 INFO - ###!!! [Parent][OnMaybeDequeueOne] Error: Channel closing: too late to send/recv, messages will be lost
11:35:12 INFO - =================================================================
11:35:12 INFO - ==24674==ERROR: AddressSanitizer: heap-use-after-free on address 0x61400009ff78 at pc 0x7f8fce33cb77 bp 0x7f8fc4ca9410 sp 0x7f8fc4ca9408
11:35:12 INFO - READ of size 8 at 0x61400009ff78 thread T4 (Gecko_IOThread)
11:35:14 INFO - #0 0x7f8fce33cb76 in push_back /tools/gcc-4.7.3-0moz1/lib/gcc/x86_64-unknown-linux-gnu/4.7.3/../../../../include/c++/4.7.3/bits/stl_deque.h:1373
11:35:14 INFO - #1 0x7f8fce33cb76 in push /tools/gcc-4.7.3-0moz1/lib/gcc/x86_64-unknown-linux-gnu/4.7.3/../../../../include/c++/4.7.3/bits/stl_queue.h:212
11:35:14 INFO - #2 0x7f8fce33cb76 in MessageLoop::PostTask_Helper(tracked_objects::Location const&, Task*, int, bool) /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/base/message_loop.cc:324
11:35:14 INFO - #3 0x7f8fce3a92f3 in PostErrorNotifyTask /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/glue/MessageChannel.cpp:1689
11:35:14 INFO - #4 0x7f8fce3a92f3 in mozilla::ipc::MessageChannel::OnChannelErrorFromLink() /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/glue/MessageChannel.cpp:1627
11:35:14 INFO - #5 0x7f8fce3adbf0 in OnChannelError /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/glue/MessageLink.cpp:405
11:35:14 INFO - #6 0x7f8fce3adbf0 in non-virtual thunk to mozilla::ipc::ProcessLink::OnChannelError() /builds/slave/m-in-l64-asan-0000000000000000/build/src/obj-firefox/ipc/glue/Unified_cpp_ipc_glue0.cpp:406
11:35:14 INFO - #7 0x7f8fce31a812 in event_process_active_single_queue /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/third_party/libevent/event.c:1350
11:35:14 INFO - #8 0x7f8fce31a812 in event_process_active /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/third_party/libevent/event.c:1420
11:35:14 INFO - #9 0x7f8fce31a812 in event_base_loop /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/third_party/libevent/event.c:1621
11:35:14 INFO - #10 0x7f8fce341741 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/base/message_pump_libevent.cc:357
11:35:14 INFO - #11 0x7f8fce33c1dc in RunInternal /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/base/message_loop.cc:233
11:35:14 INFO - #12 0x7f8fce33c1dc in RunHandler /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/base/message_loop.cc:226
11:35:14 INFO - #13 0x7f8fce33c1dc in MessageLoop::Run() /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/base/message_loop.cc:200
11:35:14 INFO - #14 0x7f8fce354723 in base::Thread::ThreadMain() /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/base/thread.cc:170
11:35:14 INFO - #15 0x7f8fce355c3c in ThreadFunc(void*) /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/base/platform_thread_posix.cc:39
11:35:14 INFO - #16 0x7f8fe8383e99 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7e99)
11:35:14 INFO - #17 0x7f8fe74932ec (/lib/x86_64-linux-gnu/libc.so.6+0xf42ec)
11:35:14 INFO - ASAN:SIGSEGV
11:35:14 INFO - ==24674==AddressSanitizer: while reporting a bug found another one.Ignoring.
11:35:14 INFO - TEST-INFO | Main app process: killed by SIGHUP
11:35:14 INFO - 5770 INFO TEST-START | Shutdown
11:35:14 INFO - 5771 INFO Passed: 71856
11:35:14 INFO - 5772 INFO Failed: 0
11:35:14 INFO - 5773 INFO Todo: 1019
11:35:14 INFO - 5774 INFO Slowest: 99651ms - /tests/dom/media/test/test_played.html
11:35:14 INFO - 5775 INFO SimpleTest FINISHED
11:35:14 INFO - 5776 INFO TEST-INFO | Ran 1 Loops
11:35:14 INFO - 5777 INFO SimpleTest FINISHED
11:35:14 WARNING - TEST-UNEXPECTED-FAIL | dom/tests/mochitest/fetch/test_response.html | application terminated with exit code 1
If I'm not mistaken, this looks like the same type of crash we got from OMTC being enabled on Linux last time.
Link to log?

OMTA enabling relanded *after* you filed this.
OMTA reenabling was bug 980770; OMTC enabling was bug 994541 but I don't
think (without looking) that it should have effected central; only other
channels.
And I suspect the similar bug you were thinking of was bug 1150619.
https://treeherder.mozilla.org/logviewer.html#?job_id=8968838&repo=mozilla-inbound

builder 	Ubuntu ASAN VM 12.04 x64 mozilla-inbound opt test mochitest-e10s-2
buildid 	20150416203330
builduid 	0284c049343b4cd78c7b64af5f48e32e
results 	failure (2)
revision 	66eee8b402fd5dbc78479a55c32bb2aad131c847
slave 	tst-linux64-spot-1110
starttime 	Thu Apr 16 2015 21:26:09 GMT-0700 (PDT)

22:04:54 INFO - ==1918==ERROR: AddressSanitizer: heap-use-after-free on address 0x61400009ff78 at pc 0x7f606933bd17 bp 0x7f606016f410 sp 0x7f606016f408
22:04:54 INFO - READ of size 8 at 0x61400009ff78 thread T4 (Gecko_IOThread)
22:04:57 INFO - #0 0x7f606933bd16 in push_back /tools/gcc-4.7.3-0moz1/lib/gcc/x86_64-unknown-linux-gnu/4.7.3/../../../../include/c++/4.7.3/bits/stl_deque.h:1373
22:04:57 INFO - #1 0x7f606933bd16 in push /tools/gcc-4.7.3-0moz1/lib/gcc/x86_64-unknown-linux-gnu/4.7.3/../../../../include/c++/4.7.3/bits/stl_queue.h:212
22:04:57 INFO - #2 0x7f606933bd16 in MessageLoop::PostTask_Helper(tracked_objects::Location const&, Task*, int, bool) /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/base/message_loop.cc:324
22:04:57 INFO - #3 0x7f60693a8493 in PostErrorNotifyTask /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/glue/MessageChannel.cpp:1689
22:04:57 INFO - #4 0x7f60693a8493 in mozilla::ipc::MessageChannel::OnChannelErrorFromLink() /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/glue/MessageChannel.cpp:1627
22:04:57 INFO - #5 0x7f60693acd90 in OnChannelError /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/glue/MessageLink.cpp:405
22:04:57 INFO - #6 0x7f60693acd90 in non-virtual thunk to mozilla::ipc::ProcessLink::OnChannelError() /builds/slave/m-in-l64-asan-0000000000000000/build/src/obj-firefox/ipc/glue/Unified_cpp_ipc_glue0.cpp:406
22:04:57 INFO - #7 0x7f60693199b2 in event_process_active_single_queue /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/third_party/libevent/event.c:1350
22:04:57 INFO - #8 0x7f60693199b2 in event_process_active /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/third_party/libevent/event.c:1420
22:04:57 INFO - #9 0x7f60693199b2 in event_base_loop /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/third_party/libevent/event.c:1621
22:04:57 INFO - #10 0x7f60693408e1 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/base/message_pump_libevent.cc:357
22:04:57 INFO - #11 0x7f606933b37c in RunInternal /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/base/message_loop.cc:233
22:04:57 INFO - #12 0x7f606933b37c in RunHandler /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/base/message_loop.cc:226
22:04:57 INFO - #13 0x7f606933b37c in MessageLoop::Run() /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/base/message_loop.cc:200
22:04:57 INFO - #14 0x7f60693538c3 in base::Thread::ThreadMain() /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/base/thread.cc:170
22:04:57 INFO - #15 0x7f6069354ddc in ThreadFunc(void*) /builds/slave/m-in-l64-asan-0000000000000000/build/src/ipc/chromium/src/base/platform_thread_posix.cc:39
22:04:57 INFO - #16 0x7f608395ae99 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7e99)
22:04:57 INFO - #17 0x7f6082a6a2ec (/lib/x86_64-linux-gnu/libc.so.6+0xf42ec)

22:04:57 WARNING - TEST-UNEXPECTED-FAIL | dom/media/webaudio/test/test_waveShaperZeroLengthCurve.html | application terminated with exit code 1
(In reply to David Baron [:dbaron] ⏰UTC-7 from comment #2)
> Link to log?

Dammit, sorry, I'm used to TH adding the log when I star.
Keywords: sec-high
Blocks: e10s-tests
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.