Closed Bug 1508618 Opened 6 years ago Closed 6 years ago

Intermittent GECKO(5057) | SUMMARY: AddressSanitizer: SEGV /builds/worker/workspace/build/src/js/src/gc/Cell.h:286:29 in storeBuffer

Categories

(Core :: JavaScript: GC, defect)

Product:
Core
Component:
JavaScript: GC
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla66
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox64 --- wontfix
firefox65 --- fixed
firefox66 --- fixed

People

(Reporter: intermittent-bug-filer, Assigned: jandem)

References

(Blocks 2 open bugs)

Details

(Keywords: intermittent-failure, regressionwindow-wanted, sec-high, Whiteboard: [post-critsmash-triage][adv-main65+])

Filed by: nerli [at] mozilla.com https://treeherder.mozilla.org/logviewer.html#?job_id=212861291&repo=mozilla-inbound https://queue.taskcluster.net/v1/task/DLGqSCLkT2mf_eCDRIwsvw/runs/0/artifacts/public/logs/live_backing.log [task 2018-11-20T11:51:47.730Z] 11:51:47 INFO - TEST-START | Shutdown [task 2018-11-20T11:51:47.733Z] 11:51:47 INFO - Passed: 273 [task 2018-11-20T11:51:47.735Z] 11:51:47 INFO - Failed: 0 [task 2018-11-20T11:51:47.736Z] 11:51:47 INFO - Todo: 0 [task 2018-11-20T11:51:47.738Z] 11:51:47 INFO - Mode: non-e10s [task 2018-11-20T11:51:47.744Z] 11:51:47 INFO - Slowest: 15602ms - chrome://mochitests/content/chrome/toolkit/components/url-classifier/tests/mochitest/test_fastblock_bug1477046.html [task 2018-11-20T11:51:47.746Z] 11:51:47 INFO - SimpleTest FINISHED [task 2018-11-20T11:51:47.749Z] 11:51:47 INFO - TEST-INFO | Ran 1 Loops [task 2018-11-20T11:51:47.752Z] 11:51:47 INFO - SimpleTest FINISHED [task 2018-11-20T11:51:48.725Z] 11:51:48 INFO - GECKO(5057) | 1542714708721 Marionette DEBUG Received observer notification xpcom-will-shutdown [task 2018-11-20T11:51:48.726Z] 11:51:48 INFO - GECKO(5057) | 1542714708722 Marionette INFO Stopped listening on port 2828 [task 2018-11-20T11:51:48.728Z] 11:51:48 INFO - GECKO(5057) | 1542714708722 Marionette DEBUG Remote service is inactive [task 2018-11-20T11:51:50.293Z] 11:51:50 INFO - GECKO(5057) | AddressSanitizer:DEADLYSIGNAL [task 2018-11-20T11:51:50.295Z] 11:51:50 INFO - GECKO(5057) | ================================================================= [task 2018-11-20T11:51:50.296Z] 11:51:50 ERROR - GECKO(5057) | ==5057==ERROR: AddressSanitizer: SEGV on unknown address 0x7f7c562ffff0 (pc 0x7f7c8ce50f2a bp 0x7ffe9f9859e0 sp 0x7ffe9f985900 T0) [task 2018-11-20T11:51:50.297Z] 11:51:50 INFO - GECKO(5057) | ==5057==The signal is caused by a READ memory access. [task 2018-11-20T11:51:51.041Z] 11:51:51 INFO - GECKO(5057) | #0 0x7f7c8ce50f29 in storeBuffer /builds/worker/workspace/build/src/js/src/gc/Cell.h:286:29 [task 2018-11-20T11:51:51.042Z] 11:51:51 INFO - GECKO(5057) | #1 0x7f7c8ce50f29 in writeBarrierPost /builds/worker/workspace/build/src/js/src/vm/JSObject.h:710 [task 2018-11-20T11:51:51.043Z] 11:51:51 INFO - GECKO(5057) | #2 0x7f7c8ce50f29 in js::InternalBarrierMethods<JSObject*>::postBarrier(JSObject**, JSObject*, JSObject*) /builds/worker/workspace/build/src/js/src/gc/Barrier.h:269 [task 2018-11-20T11:51:51.059Z] 11:51:51 INFO - GECKO(5057) | #3 0x7f7c823e27ab in postBarrier /builds/worker/workspace/build/src/obj-firefox/dist/include/js/RootingAPI.h:688:9 [task 2018-11-20T11:51:51.060Z] 11:51:51 INFO - GECKO(5057) | #4 0x7f7c823e27ab in post /builds/worker/workspace/build/src/obj-firefox/dist/include/js/RootingAPI.h:340 [task 2018-11-20T11:51:51.060Z] 11:51:51 INFO - GECKO(5057) | #5 0x7f7c823e27ab in ~Heap /builds/worker/workspace/build/src/obj-firefox/dist/include/js/RootingAPI.h:299 [task 2018-11-20T11:51:51.061Z] 11:51:51 INFO - GECKO(5057) | #6 0x7f7c823e27ab in nsXPCWrappedJS::~nsXPCWrappedJS() /builds/worker/workspace/build/src/js/xpconnect/src/XPCWrappedJS.cpp:462 [task 2018-11-20T11:51:51.062Z] 11:51:51 INFO - GECKO(5057) | #7 0x7f7c823e28ad in nsXPCWrappedJS::~nsXPCWrappedJS() /builds/worker/workspace/build/src/js/xpconnect/src/XPCWrappedJS.cpp:460:1 [task 2018-11-20T11:51:51.063Z] 11:51:51 INFO - GECKO(5057) | #8 0x7f7c80828fe6 in SnowWhiteKiller::~SnowWhiteKiller() /builds/worker/workspace/build/src/xpcom/base/nsCycleCollector.cpp:2740:7 [task 2018-11-20T11:51:51.064Z] 11:51:51 INFO - GECKO(5057) | #9 0x7f7c80827cee in nsCycleCollector::FreeSnowWhite(bool) /builds/worker/workspace/build/src/xpcom/base/nsCycleCollector.cpp:2966:3 [task 2018-11-20T11:51:51.065Z] 11:51:51 INFO - GECKO(5057) | #10 0x7f7c808313e0 in nsCycleCollector::BeginCollection(ccType, nsICycleCollectorListener*) /builds/worker/workspace/build/src/xpcom/base/nsCycleCollector.cpp:3999:3 [task 2018-11-20T11:51:51.065Z] 11:51:51 INFO - GECKO(5057) | #11 0x7f7c808309a0 in nsCycleCollector::Collect(ccType, js::SliceBudget&, nsICycleCollectorListener*, bool) /builds/worker/workspace/build/src/xpcom/base/nsCycleCollector.cpp:3820:9 [task 2018-11-20T11:51:51.066Z] 11:51:51 INFO - GECKO(5057) | #12 0x7f7c808305a4 in nsCycleCollector::ShutdownCollect() /builds/worker/workspace/build/src/xpcom/base/nsCycleCollector.cpp:3760:10 [task 2018-11-20T11:51:51.067Z] 11:51:51 INFO - GECKO(5057) | #13 0x7f7c80834f75 in Shutdown /builds/worker/workspace/build/src/xpcom/base/nsCycleCollector.cpp:4064:5 [task 2018-11-20T11:51:51.068Z] 11:51:51 INFO - GECKO(5057) | #14 0x7f7c80834f75 in nsCycleCollector_shutdown(bool) /builds/worker/workspace/build/src/xpcom/base/nsCycleCollector.cpp:4469 [task 2018-11-20T11:51:51.069Z] 11:51:51 INFO - GECKO(5057) | #15 0x7f7c80a1a3f1 in mozilla::ShutdownXPCOM(nsIServiceManager*) /builds/worker/workspace/build/src/xpcom/build/XPCOMInit.cpp:1008:3 [task 2018-11-20T11:51:51.077Z] 11:51:51 INFO - GECKO(5057) | #16 0x7f7c8c8ce389 in ScopedXPCOMStartup::~ScopedXPCOMStartup() /builds/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:1431:5 [task 2018-11-20T11:51:51.079Z] 11:51:51 INFO - GECKO(5057) | #17 0x7f7c8c8e6cbb in operator() /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/UniquePtr.h:528:5 [task 2018-11-20T11:51:51.080Z] 11:51:51 INFO - GECKO(5057) | #18 0x7f7c8c8e6cbb in reset /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/UniquePtr.h:343 [task 2018-11-20T11:51:51.081Z] 11:51:51 INFO - GECKO(5057) | #19 0x7f7c8c8e6cbb in operator= /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/UniquePtr.h:313 [task 2018-11-20T11:51:51.082Z] 11:51:51 INFO - GECKO(5057) | #20 0x7f7c8c8e6cbb in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4964 [task 2018-11-20T11:51:51.083Z] 11:51:51 INFO - GECKO(5057) | #21 0x7f7c8c8e83a0 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:5028:21 [task 2018-11-20T11:51:51.084Z] 11:51:51 INFO - GECKO(5057) | #22 0x55a4caf011dc in do_main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:233:22 [task 2018-11-20T11:51:51.084Z] 11:51:51 INFO - GECKO(5057) | #23 0x55a4caf011dc in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:315 [task 2018-11-20T11:51:51.167Z] 11:51:51 INFO - GECKO(5057) | #24 0x7f7ca06af82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 [task 2018-11-20T11:51:51.167Z] 11:51:51 INFO - GECKO(5057) | #25 0x55a4cae26a98 in _start (/builds/worker/workspace/build/application/firefox/firefox+0x29a98) [task 2018-11-20T11:51:51.167Z] 11:51:51 INFO - GECKO(5057) | AddressSanitizer can not provide additional info. [task 2018-11-20T11:51:51.168Z] 11:51:51 INFO - GECKO(5057) | SUMMARY: AddressSanitizer: SEGV /builds/worker/workspace/build/src/js/src/gc/Cell.h:286:29 in storeBuffer [task 2018-11-20T11:51:51.169Z] 11:51:51 INFO - GECKO(5057) | ==5057==ABORTING [task 2018-11-20T11:51:51.374Z] 11:51:51 INFO - TEST-INFO | Main app process: exit 0 [task 2018-11-20T11:51:51.376Z] 11:51:51 INFO - runtests.py | Application ran for: 0:01:08.087947 [task 2018-11-20T11:51:51.378Z] 11:51:51 INFO - zombiecheck | Reading PID log: /tmp/tmplxbeH5pidlog [task 2018-11-20T11:51:51.380Z] 11:51:51 INFO - ==> process 5057 launched child process 5076 [task 2018-11-20T11:51:51.381Z] 11:51:51 INFO - ==> process 5057 launched child process 5219 [task 2018-11-20T11:51:51.383Z] 11:51:51 INFO - ==> process 5057 launched child process 5244 [task 2018-11-20T11:51:51.385Z] 11:51:51 INFO - ==> process 5057 launched child process 5268 [task 2018-11-20T11:51:51.386Z] 11:51:51 INFO - ==> process 5057 launched child process 5292 [task 2018-11-20T11:51:51.388Z] 11:51:51 INFO - ==> process 5057 launched child process 5316 [task 2018-11-20T11:51:51.390Z] 11:51:51 INFO - zombiecheck | Checking for orphan process with PID: 5219 [task 2018-11-20T11:51:51.391Z] 11:51:51 INFO - zombiecheck | Checking for orphan process with PID: 5316 [task 2018-11-20T11:51:51.393Z] 11:51:51 INFO - zombiecheck | Checking for orphan process with PID: 5292 [task 2018-11-20T11:51:51.395Z] 11:51:51 INFO - zombiecheck | Checking for orphan process with PID: 5268 [task 2018-11-20T11:51:51.396Z] 11:51:51 INFO - zombiecheck | Checking for orphan process with PID: 5076 [task 2018-11-20T11:51:51.398Z] 11:51:51 INFO - zombiecheck | Checking for orphan process with PID: 5244 [task 2018-11-20T11:51:51.399Z] 11:51:51 INFO - Stopping web server [task 2018-11-20T11:51:51.401Z] 11:51:51 INFO - Stopping web socket server [task 2018-11-20T11:51:51.421Z] 11:51:51 INFO - Stopping ssltunnel
Setting this as a security bug until we know more.
Group: core-security
status-firefox65: --- → affected
Keywords: regressionwindow-wanted, sec-high
Priority: P5 → --
Blocks: GCCrashes
Group: core-security → javascript-core-security
Fixed by bug 1480121.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Assignee: nobody → jdemooij
status-firefox64: --- → wontfix
status-firefox65: affectedfixed
status-firefox66: --- → fixed
status-firefox-esr60: --- → unaffected
Target Milestone: --- → mozilla66
Group: javascript-core-security → core-security-release
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main65+]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.