1562349 - Intermittent GECKO(4166) | SUMMARY: AddressSanitizer: SEGV /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/ipc/ProtocolUtils.h:237:33 in CanSend

Status: RESOLVED INCOMPLETE

(Core :: DOM: Content Processes, defect, P5)

Description

[Treeherder Bug Filer]

Filed by: nbeleuzu [at] mozilla.com
Parsed log: https://treeherder.mozilla.org/logviewer.html#?job_id=254012869&repo=autoland
Full log: https://queue.taskcluster.net/v1/task/LIMgBZ9_TZSFgCzzxsb4ZQ/runs/0/artifacts/public/logs/live_backing.log

---

[task 2019-06-28T22:51:34.085Z] 22:51:34 INFO - TEST-START | toolkit/mozapps/extensions/test/browser/browser_discovery.js
[task 2019-06-28T22:51:34.150Z] 22:51:34 INFO - GECKO(4166) | 1561762294145 addons.manager DEBUG Starting provider: <unnamed-provider>
[task 2019-06-28T22:51:34.150Z] 22:51:34 INFO - GECKO(4166) | 1561762294145 addons.manager DEBUG Registering shutdown blocker for <unnamed-provider>
[task 2019-06-28T22:51:34.152Z] 22:51:34 INFO - GECKO(4166) | 1561762294146 addons.manager DEBUG Provider finished startup: <unnamed-provider>
[task 2019-06-28T22:51:36.195Z] 22:51:36 INFO - GECKO(4166) | 1561762296182 addons.repository DEBUG No addons.json found.
[task 2019-06-28T22:51:36.967Z] 22:51:36 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:51:38.564Z] 22:51:38 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:51:40.099Z] 22:51:40 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:51:41.149Z] 22:51:41 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:51:43.714Z] 22:51:43 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:51:44.966Z] 22:51:44 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:51:46.683Z] 22:51:46 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:51:47.649Z] 22:51:47 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:51:49.184Z] 22:51:49 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:51:52.000Z] 22:51:52 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:51:53.680Z] 22:51:53 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:51:55.629Z] 22:51:55 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:51:58.044Z] 22:51:58 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:52:00.707Z] 22:52:00 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:52:02.582Z] 22:52:02 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:52:04.434Z] 22:52:04 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:52:05.381Z] 22:52:05 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:52:06.489Z] 22:52:06 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:52:07.708Z] 22:52:07 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:52:08.922Z] 22:52:08 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:52:10.210Z] 22:52:10 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:52:11.521Z] 22:52:11 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:52:12.795Z] 22:52:12 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:52:14.071Z] 22:52:14 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:52:15.301Z] 22:52:15 INFO - GECKO(4166) | Manager window unload handler
[task 2019-06-28T22:52:16.513Z] 22:52:16 INFO - GECKO(4166) | AddressSanitizer:DEADLYSIGNAL
[task 2019-06-28T22:52:16.515Z] 22:52:16 INFO - GECKO(4166) | =================================================================
[task 2019-06-28T22:52:16.516Z] 22:52:16 ERROR - GECKO(4166) | ==4166==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000011 (pc 0x7faa9b2cae1f bp 0x7ffe504431f0 sp 0x7ffe504431f0 T0)
[task 2019-06-28T22:52:16.518Z] 22:52:16 INFO - GECKO(4166) | ==4166==The signal is caused by a READ memory access.
[task 2019-06-28T22:52:16.519Z] 22:52:16 INFO - GECKO(4166) | ==4166==Hint: address points to the zero page.
[task 2019-06-28T22:52:17.174Z] 22:52:17 INFO - GECKO(4166) | #0 0x7faa9b2cae1e in CanSend /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/ipc/ProtocolUtils.h:237:33
[task 2019-06-28T22:52:17.174Z] 22:52:17 INFO - GECKO(4166) | #1 0x7faa9b2cae1e in mozilla::ipc::IProtocol::ChannelSend(IPC::Message*, IPC::Message*) /builds/worker/workspace/build/src/ipc/glue/ProtocolUtils.cpp:574
[task 2019-06-28T22:52:17.251Z] 22:52:17 INFO - GECKO(4166) | #2 0x7faa9b446805 in mozilla::dom::PContentChild::SendIsSecureURI(unsigned int const&, mozilla::ipc::URIParams const&, unsigned int const&, mozilla::OriginAttributes const&, bool*) /builds/worker/workspace/build/src/obj-firefox/ipc/ipdl/PContentChild.cpp:2124:20
[task 2019-06-28T22:52:17.312Z] 22:52:17 INFO - GECKO(4166) | #3 0x7faa9d705e35 in mozilla::dom::Document::GetFailedCertSecurityInfo(mozilla::dom::FailedCertSecurityInfo&, mozilla::ErrorResult&) /builds/worker/workspace/build/src/dom/base/Document.cpp:1642:7
[task 2019-06-28T22:52:17.414Z] 22:52:17 INFO - GECKO(4166) | #4 0x7faa9f8864b8 in mozilla::dom::Document_Binding::getFailedCertSecurityInfo(JSContext*, JS::Handle<JSObject*>, mozilla::dom::Document*, JSJitMethodCallArgs const&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/DocumentBinding.cpp:5553:24
[task 2019-06-28T22:52:17.430Z] 22:52:17 INFO - GECKO(4166) | #5 0x7faaa0093570 in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:3171:13
[task 2019-06-28T22:52:17.446Z] 22:52:17 INFO - GECKO(4166) | #6 0x7faaa66bfc47 in CallJSNative /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:448:13
[task 2019-06-28T22:52:17.447Z] 22:52:17 INFO - GECKO(4166) | #7 0x7faaa66bfc47 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:540
[task 2019-06-28T22:52:17.523Z] 22:52:17 INFO - GECKO(4166) | #8 0x7faaa78d0b7c in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICCall_Fallback*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/jit/BaselineIC.cpp:3210:10
[task 2019-06-28T22:52:17.539Z] 22:52:17 INFO - GECKO(4166) | #9 0x34897736c7e7 (<unknown module>)
[task 2019-06-28T22:52:17.539Z] 22:52:17 INFO - GECKO(4166) | AddressSanitizer can not provide additional info.
[task 2019-06-28T22:52:17.540Z] 22:52:17 INFO - GECKO(4166) | SUMMARY: AddressSanitizer: SEGV /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/ipc/ProtocolUtils.h:237:33 in CanSend
[task 2019-06-28T22:52:17.540Z] 22:52:17 INFO - GECKO(4166) | ==4166==ABORTING
[task 2019-06-28T22:52:17.661Z] 22:52:17 INFO - GECKO(4166) | Exiting due to channel error.
[task 2019-06-28T22:52:17.665Z] 22:52:17 INFO - GECKO(4166) | Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Receive IPC close with reason=AbnormalShutdown (t=158.794) [GFX1-]: Receive IPC close with reason=AbnormalShutdown

Comment 1

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

So we're here, in mozilla::dom::Document::GetFailedCertSecurityInfo:

  mozilla::dom::ContentChild* cc = mozilla::dom::ContentChild::GetSingleton();
  mozilla::ipc::URIParams uri;
  SerializeURI(aURI, uri);
  cc->SendIsSecureURI(nsISiteSecurityService::HEADER_HSTS, uri, flags, attrs,
                      &aInfo.mHasHSTS);

And cc is null.

Comment 2

[Andrew McCreight [:mccr8]]

It looks like that code was added in bug 1555438.

Comment 3

[Intermittent Failures Robot]

2 failures in 4409 pushes (0.0 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• autoland: 2

Platform breakdown:

• linux64: 2

For more details, see:
https://treeherder.mozilla.org/intermittent-failures.html#/bugdetails?bug=1562349&startday=2019-06-24&endday=2019-06-30&tree=all

Comment 4

[Intermittent Failures Robot]

2 failures in 4710 pushes (0.0 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• mozilla-beta: 1
• autoland: 1

Platform breakdown:

• linux64: 2

For more details, see:
https://treeherder.mozilla.org/intermittent-failures.html#/bugdetails?bug=1562349&startday=2019-07-08&endday=2019-07-14&tree=all

Comment 5

[Intermittent Failures Robot]

4 failures in 4608 pushes (0.001 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• mozilla-inbound: 1
• autoland: 1
• try: 2

Platform breakdown:

• linux64: 4

For more details, see:
https://treeherder.mozilla.org/intermittent-failures.html#/bugdetails?bug=1562349&startday=2019-07-22&endday=2019-07-28&tree=all

Comment 6

[Rob Wu [:robwu]]

(I typed this comment for bug 1565187, but this bug was filed earlier, so I'll paste here.)

This crash is triggered in Document::GetFailedCertSecurityInfo at https://searchfox.org/mozilla-central/rev/b3fd653bc6078b3be4a8d06db39eddc5714755da/dom/base/Document.cpp#1650 (which was added in bug 1555438).

The code expects to be run from a content process (it attempts to dereference the ContentChild singleton), but that is not the case, because the remote discopane is loaded in the main process. That should eventually go away (bug 1544011).

To prevent this crash from happening, a XRE_IsContentProcess() check needs to be added.

Minimal reproduction (based on the original part of browser_discovery.js that triggered the crash in bug 1565187): replace toolkit/mozapps/extensions/test/browser/browser_discovery.js with the following:

// mach test toolkit/mozapps/extensions/test/browser/browser_discovery.js

async function test() {
  waitForExplicitFinish();
  await SpecialPowers.pushPrefEnv({
    set: [
      ["extensions.htmlaboutaddons.discover.enabled", false],
      ["extensions.webservice.discoverURL", "https://nocert.example.com/"],
      ["extensions.ui.lastCategory", "addons://discover/"],
    ],
  });
  let win = await open_manager();
  await close_manager(win);
  ok(true, "succeeded?");
  finish();
}

Comment 8

[Intermittent Failures Robot]

3 failures in 4439 pushes (0.001 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• autoland: 3

Platform breakdown:

• linux64: 3

For more details, see:
https://treeherder.mozilla.org/intermittent-failures.html#/bugdetails?bug=1562349&startday=2019-07-29&endday=2019-08-04&tree=all

Comment 9

[Intermittent Failures Robot]

2 failures in 4666 pushes (0.0 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• autoland: 2

Platform breakdown:

• linux64: 2

For more details, see:
https://treeherder.mozilla.org/intermittent-failures.html#/bugdetails?bug=1562349&startday=2019-08-05&endday=2019-08-11&tree=all

Comment 10

[Intermittent Failures Robot]

1 failures in 4839 pushes (0.0 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• try: 1

Platform breakdown:

• linux64: 1

For more details, see:
https://treeherder.mozilla.org/intermittent-failures.html#/bugdetails?bug=1562349&startday=2019-08-12&endday=2019-08-18&tree=all

Comment 11

[Intermittent Failures Robot]

2 failures in 5073 pushes (0.0 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• mozilla-beta: 2

Platform breakdown:

• linux64: 2

For more details, see:
https://treeherder.mozilla.org/intermittent-failures.html#/bugdetails?bug=1562349&startday=2019-08-19&endday=2019-08-25&tree=all

Comment 12

[Firefox Bug Husbandry Bot]

https://wiki.mozilla.org/Bug_Triage#Intermittent_Test_Failure_Cleanup