1701187 - Intermittent SUMMARY: AddressSanitizer: access-violation /builds/worker/checkouts/gecko/dom/promise/Promise.cpp:385 in mozilla::dom::`anonymous namespace'::PromiseNativeHandlerShim::ResolvedCallback

Status: NEW

(Core :: DOM: Core & HTML, defect)

Description

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

Log: https://treeherder.mozilla.org/logviewer?job_id=334514603&repo=mozilla-central

[task 2021-03-26T05:05:49.799Z] 05:05:49     INFO - TEST-START | dom/base/test/browser_bug1303838.js
[task 2021-03-26T05:05:56.470Z] 05:05:56     INFO - GECKO(10864) | =================================================================
[task 2021-03-26T05:05:56.470Z] 05:05:56    ERROR - GECKO(10864) | ==716==ERROR: AddressSanitizer: access-violation on unknown address 0x000000000000 (pc 0x7ffddebfb586 bp 0x00aa6a9fca50 sp 0x00aa6a9fc900 T0)
[task 2021-03-26T05:05:56.470Z] 05:05:56     INFO - GECKO(10864) | ==716==The signal is caused by a READ memory access.
[task 2021-03-26T05:05:56.470Z] 05:05:56     INFO - GECKO(10864) | ==716==Hint: address points to the zero page.
[task 2021-03-26T05:05:56.819Z] 05:05:56     INFO - GECKO(10864) | ==716==WARNING: Failed to use and restart external symbolizer!
[task 2021-03-26T05:05:57.046Z] 05:05:57     INFO - GECKO(10864) |     #0 0x7ffddebfb585 in mozilla::dom::`anonymous namespace'::PromiseNativeHandlerShim::ResolvedCallback /builds/worker/checkouts/gecko/dom/promise/Promise.cpp:385
[task 2021-03-26T05:05:57.046Z] 05:05:57     INFO - GECKO(10864) |     #1 0x7ffddebfbf99 in mozilla::dom::NativeHandlerCallback /builds/worker/checkouts/gecko/dom/promise/Promise.cpp:338
[task 2021-03-26T05:05:57.050Z] 05:05:57     INFO - GECKO(10864) |     #2 0x7ffde37a3a68 in js::InternalCallOrConstruct /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:520
[task 2021-03-26T05:05:57.050Z] 05:05:57     INFO - GECKO(10864) |     #3 0x7ffde37a6b0b in js::Call /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:597
[task 2021-03-26T05:05:57.060Z] 05:05:57     INFO - GECKO(10864) |     #4 0x7ffde3b75190 in PromiseReactionJob /builds/worker/checkouts/gecko/js/src/builtin/Promise.cpp:1905
[task 2021-03-26T05:05:57.060Z] 05:05:57     INFO - GECKO(10864) |     #5 0x7ffde37a3a68 in js::InternalCallOrConstruct /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:520
[task 2021-03-26T05:05:57.060Z] 05:05:57     INFO - GECKO(10864) |     #6 0x7ffde37a6b0b in js::Call /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:597
[task 2021-03-26T05:05:57.070Z] 05:05:57     INFO - GECKO(10864) |     #7 0x7ffde41e8b31 in JS::Call /builds/worker/checkouts/gecko/js/src/jsapi.cpp:2856
[task 2021-03-26T05:05:57.089Z] 05:05:57     INFO - GECKO(10864) |     #8 0x7ffdda83f080 in mozilla::dom::PromiseJobCallback::Call /builds/worker/workspace/obj-build/dom/bindings/PromiseBinding.cpp:31
[task 2021-03-26T05:05:57.093Z] 05:05:57     INFO - GECKO(10864) |     #9 0x7ffdd5ccb5be in mozilla::PromiseJobRunnable::Run /builds/worker/checkouts/gecko/xpcom/base/CycleCollectedJSContext.cpp:212
[task 2021-03-26T05:05:57.093Z] 05:05:57     INFO - GECKO(10864) |     #10 0x7ffdd5c9e376 in mozilla::CycleCollectedJSContext::PerformMicroTaskCheckPoint /builds/worker/checkouts/gecko/xpcom/base/CycleCollectedJSContext.cpp:647
[task 2021-03-26T05:05:57.093Z] 05:05:57     INFO - GECKO(10864) |     #11 0x7ffdd5c9f4fe in mozilla::CycleCollectedJSContext::AfterProcessTask /builds/worker/checkouts/gecko/xpcom/base/CycleCollectedJSContext.cpp:462
[task 2021-03-26T05:05:57.112Z] 05:05:57     INFO - GECKO(10864) |     #12 0x7ffdd7fb326c in XPCJSContext::AfterProcessTask /builds/worker/checkouts/gecko/js/xpconnect/src/XPCJSContext.cpp:1462
[task 2021-03-26T05:05:57.122Z] 05:05:57     INFO - GECKO(10864) |     #13 0x7ffdd5f4190a in nsThread::ProcessNextEvent /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1192
[task 2021-03-26T05:05:57.122Z] 05:05:57     INFO - GECKO(10864) |     #14 0x7ffdd5f5024c in NS_ProcessNextEvent /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:548
[task 2021-03-26T05:05:57.127Z] 05:05:57     INFO - GECKO(10864) |     #15 0x7ffdd72d49ce in mozilla::ipc::MessagePump::Run /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:87
[task 2021-03-26T05:05:57.131Z] 05:05:57     INFO - GECKO(10864) |     #16 0x7ffdd720d4e5 in MessageLoop::RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:328
[task 2021-03-26T05:05:57.131Z] 05:05:57     INFO - GECKO(10864) |     #17 0x7ffdd720d2b5 in MessageLoop::Run /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:310
[task 2021-03-26T05:05:57.136Z] 05:05:57     INFO - GECKO(10864) |     #18 0x7ffddf4324da in nsBaseAppShell::Run /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137
[task 2021-03-26T05:05:57.146Z] 05:05:57     INFO - GECKO(10864) |     #19 0x7ffddf617fab in nsAppShell::Run /builds/worker/checkouts/gecko/widget/windows/nsAppShell.cpp:602
[task 2021-03-26T05:05:57.146Z] 05:05:57     INFO - GECKO(10864) |     #20 0x7ffde34df004 in XRE_RunAppShell /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:902
[task 2021-03-26T05:05:57.146Z] 05:05:57     INFO - GECKO(10864) |     #21 0x7ffdd720d4e5 in MessageLoop::RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:328
[task 2021-03-26T05:05:57.146Z] 05:05:57     INFO - GECKO(10864) |     #22 0x7ffdd720d2b5 in MessageLoop::Run /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:310
[task 2021-03-26T05:05:57.146Z] 05:05:57     INFO - GECKO(10864) |     #23 0x7ffde34de3f4 in XRE_InitChildProcess /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:734
[task 2021-03-26T05:05:57.148Z] 05:05:57     INFO - GECKO(10864) |     #24 0x7ff764d81edd in NS_internal_main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:309
[task 2021-03-26T05:05:57.150Z] 05:05:57     INFO - GECKO(10864) |     #25 0x7ff764d8148e in wmain /builds/worker/checkouts/gecko/toolkit/xre/nsWindowsWMain.cpp:131
[task 2021-03-26T05:05:57.151Z] 05:05:57     INFO - GECKO(10864) |     #26 0x7ff764e7c3d7 in __scrt_common_main_seh f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl:288
[task 2021-03-26T05:05:57.151Z] 05:05:57     INFO - GECKO(10864) |     #27 0x7ffe22b73033 in BaseThreadInitThunk+0x13 (C:\Windows\System32\KERNEL32.DLL+0x180013033)
[task 2021-03-26T05:05:57.151Z] 05:05:57     INFO - GECKO(10864) |     #28 0x7ffe24791460 in RtlUserThreadStart+0x20 (C:\Windows\SYSTEM32\ntdll.dll+0x180071460)
[task 2021-03-26T05:05:57.151Z] 05:05:57     INFO - GECKO(10864) | AddressSanitizer can not provide additional info.
[task 2021-03-26T05:05:57.151Z] 05:05:57     INFO - GECKO(10864) | SUMMARY: AddressSanitizer: access-violation /builds/worker/checkouts/gecko/dom/promise/Promise.cpp:385 in mozilla::dom::`anonymous namespace'::PromiseNativeHandlerShim::ResolvedCallback

Comment 1

[Olli Pettay [:smaug][bugs@pettay.fi]]

That doesn't really give hint which native promise handler we're dealing with.
mInner is strong. unknown address 0x000000000000
Someone is passing null to Promise::AppendNativeHandler ?

Comment 2

[Andrew McCreight [:mccr8]]

I appreciate the caution in filing this as a security bug, but a null deref doesn't need to be hidden.

Comment 3

[Intermittent Failures Robot]

1 failures in 3967 pushes (0.0 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• mozilla-central: 1

Platform and build breakdown:

• windows10-64: 1
  • asan: 1

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1701187&startday=2021-03-22&endday=2021-03-28&tree=all

Comment 4

[Intermittent Failures Robot]

1 failures in 3125 pushes (0.0 failures/push) were associated with this bug in the last 7 days.

Repository breakdown:

• try: 1

Platform and build breakdown:

• windows10-64: 1
  • asan: 1

For more details, see:
https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1701187&startday=2021-03-29&endday=2021-04-04&tree=all