Perma (tier2) PID 21718 | SUMMARY: AddressSanitizer: SEGV /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h in get
Categories
(Core :: DOM: Web Authentication, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr60 | --- | unaffected |
firefox66 | --- | unaffected |
firefox67 | --- | unaffected |
firefox68 | --- | fixed |
People
(Reporter: intermittent-bug-filer, Assigned: jcj)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: intermittent-failure, regression)
Attachments
(1 file)
#[markdown(off)]
Filed by: aciure [at] mozilla.com
https://treeherder.mozilla.org/logviewer.html#?job_id=237083071&repo=autoland
[task 2019-03-30T04:59:38.108Z] 04:59:38 INFO - TEST-START | /webauthn/createcredential-badargs-challenge.https.html
[task 2019-03-30T04:59:38.115Z] 04:59:38 INFO - Closing window 8589934593
[task 2019-03-30T04:59:38.233Z] 04:59:38 INFO - PID 21718 | JavaScript warning: resource://gre/modules/PopupNotifications.jsm, line 1439: Array.forEach is deprecated; use Array.prototype.forEach instead
[task 2019-03-30T04:59:38.276Z] 04:59:38 INFO - PID 21718 | ###!!! [Parent][MessageChannel] Error: (msgtype=0xA10009,name=PWebAuthnTransaction::Msg_Abort) Closed channel: cannot send/recv
[task 2019-03-30T04:59:38.354Z] 04:59:38 INFO - PID 21718 | AddressSanitizer:DEADLYSIGNAL
[task 2019-03-30T04:59:38.354Z] 04:59:38 INFO - PID 21718 | =================================================================
[task 2019-03-30T04:59:38.354Z] 04:59:38 ERROR - PID 21718 | ==21887==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc 0x7efce0b009ec bp 0x7ffe593d66f0 sp 0x7ffe593d6500 T0)
[task 2019-03-30T04:59:38.355Z] 04:59:38 INFO - PID 21718 | ==21887==The signal is caused by a READ memory access.
[task 2019-03-30T04:59:38.355Z] 04:59:38 INFO - PID 21718 | ==21887==Hint: address points to the zero page.
[task 2019-03-30T04:59:39.256Z] 04:59:39 INFO - PID 21718 | #0 0x7efce0b009eb in get /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h
[task 2019-03-30T04:59:39.256Z] 04:59:39 INFO - PID 21718 | #1 0x7efce0b009eb in operator nsIGlobalObject * /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:280
[task 2019-03-30T04:59:39.257Z] 04:59:39 INFO - PID 21718 | #2 0x7efce0b009eb in MaybeSomething<nsresult &> /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/Promise.h:245
[task 2019-03-30T04:59:39.258Z] 04:59:39 INFO - PID 21718 | #3 0x7efce0b009eb in MaybeReject /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/Promise.h:94
[task 2019-03-30T04:59:39.259Z] 04:59:39 INFO - PID 21718 | #4 0x7efce0b009eb in mozilla::dom::WebAuthnManager::RejectTransaction(nsresult const&) /builds/worker/workspace/build/src/dom/webauthn/WebAuthnManager.cpp:169
[task 2019-03-30T04:59:39.260Z] 04:59:39 INFO - PID 21718 | #5 0x7efce0b00d3d in mozilla::dom::WebAuthnManager::~WebAuthnManager() /builds/worker/workspace/build/src/dom/webauthn/WebAuthnManager.cpp:193:5
[task 2019-03-30T04:59:39.261Z] 04:59:39 INFO - PID 21718 | #6 0x7efce0b0138d in mozilla::dom::WebAuthnManager::~WebAuthnManager() /builds/worker/workspace/build/src/dom/webauthn/WebAuthnManager.cpp:189:37
[task 2019-03-30T04:59:39.269Z] 04:59:39 INFO - PID 21718 | #7 0x7efcd8d6dcf6 in SnowWhiteKiller::~SnowWhiteKiller() /builds/worker/workspace/build/src/xpcom/base/nsCycleCollector.cpp:2416:7
[task 2019-03-30T04:59:39.269Z] 04:59:39 INFO - PID 21718 | #8 0x7efcd8d6c9fe in nsCycleCollector::FreeSnowWhite(bool) /builds/worker/workspace/build/src/xpcom/base/nsCycleCollector.cpp:2607:3
[task 2019-03-30T04:59:39.270Z] 04:59:39 INFO - PID 21718 | #9 0x7efcd8d760d0 in nsCycleCollector::BeginCollection(ccType, nsICycleCollectorListener*) /builds/worker/workspace/build/src/xpcom/base/nsCycleCollector.cpp:3578:3
[task 2019-03-30T04:59:39.270Z] 04:59:39 INFO - PID 21718 | #10 0x7efcd8d75690 in nsCycleCollector::Collect(ccType, js::SliceBudget&, nsICycleCollectorListener*, bool) /builds/worker/workspace/build/src/xpcom/base/nsCycleCollector.cpp:3407:9
[task 2019-03-30T04:59:39.270Z] 04:59:39 INFO - PID 21718 | #11 0x7efcd8d75294 in nsCycleCollector::ShutdownCollect() /builds/worker/workspace/build/src/xpcom/base/nsCycleCollector.cpp:3351:10
[task 2019-03-30T04:59:39.271Z] 04:59:39 INFO - PID 21718 | #12 0x7efcd8d79c65 in Shutdown /builds/worker/workspace/build/src/xpcom/base/nsCycleCollector.cpp:3639:5
[task 2019-03-30T04:59:39.271Z] 04:59:39 INFO - PID 21718 | #13 0x7efcd8d79c65 in nsCycleCollector_shutdown(bool) /builds/worker/workspace/build/src/xpcom/base/nsCycleCollector.cpp:3993
[task 2019-03-30T04:59:39.274Z] 04:59:39 INFO - PID 21718 | #14 0x7efcd8f86ed8 in mozilla::ShutdownXPCOM(nsIServiceManager*) /builds/worker/workspace/build/src/xpcom/build/XPCOMInit.cpp:728:3
[task 2019-03-30T04:59:39.275Z] 04:59:39 INFO - PID 21718 | #15 0x7efce4e8be1c in XRE_TermEmbedding() /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:222:3
[task 2019-03-30T04:59:39.292Z] 04:59:39 INFO - PID 21718 | #16 0x7efcd9f0fee2 in mozilla::ipc::ScopedXREEmbed::Stop() /builds/worker/workspace/build/src/ipc/glue/ScopedXREEmbed.cpp:90:5
[task 2019-03-30T04:59:39.293Z] 04:59:39 INFO - PID 21718 | #17 0x7efce4e8c8bd in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:766:16
[task 2019-03-30T04:59:39.293Z] 04:59:39 INFO - PID 21718 | #18 0x556a6839e404 in content_process_main /builds/worker/workspace/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
[task 2019-03-30T04:59:39.294Z] 04:59:39 INFO - PID 21718 | #19 0x556a6839e404 in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:263
[task 2019-03-30T04:59:39.331Z] 04:59:39 INFO - PID 21718 | JavaScript warning: resource:///actors/PageStyleChild.jsm, line 30: Array.slice is deprecated; use Array.prototype.slice instead
[task 2019-03-30T04:59:39.331Z] 04:59:39 INFO - PID 21718 | JavaScript warning: resource:///actors/PageStyleChild.jsm, line 31: Array.map is deprecated; use Array.prototype.map instead
[task 2019-03-30T04:59:39.361Z] 04:59:39 INFO - PID 21718 | #20 0x7efcf926d82f in __libc_start_main /build/glibc-LK5gWL/glibc-2.23/csu/../csu/libc-start.c:291
[task 2019-03-30T04:59:39.361Z] 04:59:39 INFO - PID 21718 | #21 0x556a682c3ad8 in _start (/builds/worker/workspace/build/application/firefox/firefox+0x2aad8)
[task 2019-03-30T04:59:39.361Z] 04:59:39 INFO - PID 21718 | AddressSanitizer can not provide additional info.
[task 2019-03-30T04:59:39.361Z] 04:59:39 INFO - PID 21718 | SUMMARY: AddressSanitizer: SEGV /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h in get
[task 2019-03-30T04:59:39.361Z] 04:59:39 INFO - PID 21718 | ==21887==ABORTING
[task 2019-03-30T04:59:39.383Z] 04:59:39 INFO - .....
[task 2019-03-30T04:59:39.383Z] 04:59:39 INFO - TEST-OK | /webauthn/createcredential-badargs-challenge.https.html | took 1276ms
Updated•6 years ago
|
Updated•6 years ago
|
Comment hidden (Intermittent Failures Robot) |
Comment 2•6 years ago
|
||
Comment hidden (Intermittent Failures Robot) |
Assignee | ||
Comment 4•6 years ago
|
||
On it.
Assignee | ||
Comment 5•6 years ago
|
||
Pretty sure this is the same as Bug 1540346, but I won't dupe that one until I know for sure.
Assignee | ||
Comment 6•6 years ago
|
||
Pretty sure this is a cycle collection bug that has been disguised for a long time due to how we handled visibility events and their interactions with tab closures.
Bug 1448408 ("Don't listen to visibility events") changed that, which I believe has brought these to the surface. I have a potential patch being tested on ASAN try builds right now: https://treeherder.mozilla.org/#/jobs?repo=try&revision=2cccd36b67d1ddbac53a2faa62795371799bc357
Assignee | ||
Comment 7•6 years ago
|
||
I think all of these are the same issue. Try run with a potential fix is running and looks promising on Linux: https://treeherder.mozilla.org/#/jobs?repo=try&revision=2cccd36b67d1ddbac53a2faa62795371799bc357
Assignee | ||
Comment 8•6 years ago
|
||
In Bug 1448408 ("Don't listen to visibility events"), it became possible to
close a tab without a visibility event to cause transactions to cancel. This
is a longstanding bug that was covered up by the visibility events. This patch
updates the cycle collection code to ensure that transactions get cleared out
safely, and we don't proceed to RejectTransaction (and subsequent code) on
already-cycle-collected objects.
Comment 10•6 years ago
|
||
bugherder |
Updated•6 years ago
|
Updated•6 years ago
|
Updated•5 years ago
|
Updated•3 years ago
|
Description
•