Closed
Bug 1798667
Opened 2 years ago
Closed 2 years ago
Intermittent SUMMARY: AddressSanitizer: access-violation /builds/worker/checkouts/gecko/netwerk/base/nsNetUtil.cpp:1831 in NS_NewURI
Categories
(Core :: DOM: Workers, defect)
Core
DOM: Workers
Tracking
()
RESOLVED
FIXED
108 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr102 | --- | unaffected |
| firefox106 | --- | unaffected |
| firefox107 | --- | unaffected |
| firefox108 | --- | fixed |
People
(Reporter: intermittent-bug-filer, Assigned: yulia)
References
(Regression)
Details
(Keywords: intermittent-failure, regression)
Crash Data
Attachments
(1 file)
Filed by: ncsoregi [at] mozilla.com
Parsed log: https://treeherder.mozilla.org/logviewer?job_id=395217525&repo=autoland
Full log: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/BIawkhmdRdyFb_193gpGdA/runs/0/artifacts/public/logs/live_backing.log
[task 2022-11-02T11:00:39.713Z] 11:00:39 INFO - GECKO(580) | _onWorkerClose@resource://devtools/server/actors/descriptors/worker.js:150:12
[task 2022-11-02T11:00:40.413Z] 11:00:40 INFO - GECKO(580) | =================================================================
[task 2022-11-02T11:00:40.415Z] 11:00:40 ERROR - GECKO(580) | ==8584==ERROR: AddressSanitizer: access-violation on unknown address 0x0000000000f8 (pc 0x7ffe34be1e84 bp 0x00913b5fbc10 sp 0x00913b5fb640 T0)
[task 2022-11-02T11:00:40.415Z] 11:00:40 INFO - GECKO(580) | ==8584==The signal is caused by a READ memory access.
[task 2022-11-02T11:00:40.415Z] 11:00:40 INFO - GECKO(580) | ==8584==Hint: address points to the zero page.
[task 2022-11-02T11:00:41.014Z] 11:00:41 INFO - GECKO(580) | MEMORY STAT | vsize 19406356MB | vsizeMaxContiguous 65483852MB | residentFast 1705MB
[task 2022-11-02T11:00:41.016Z] 11:00:41 INFO - TEST-OK | devtools/client/aboutdebugging/test/browser/browser_aboutdebugging_serviceworker_start.js | took 6418ms
[task 2022-11-02T11:00:41.042Z] 11:00:41 INFO - GECKO(580) | ==8584==WARNING: Failed to use and restart external symbolizer!
[task 2022-11-02T11:00:41.058Z] 11:00:41 INFO - checking window state
[task 2022-11-02T11:00:41.100Z] 11:00:41 INFO - TEST-START | devtools/client/aboutdebugging/test/browser/browser_aboutdebugging_serviceworker_status.js
[task 2022-11-02T11:00:41.453Z] 11:00:41 INFO - GECKO(580) | #0 0x7ffe34be1e83 in NS_NewURI /builds/worker/checkouts/gecko/netwerk/base/nsNetUtil.cpp:1831
[task 2022-11-02T11:00:41.466Z] 11:00:41 INFO - GECKO(580) | #1 0x7ffe3d55801c in mozilla::dom::workerinternals::loader::CacheLoadHandler::Load /builds/worker/checkouts/gecko/dom/workers/loader/CacheLoadHandler.cpp:288
[task 2022-11-02T11:00:41.467Z] 11:00:41 INFO - GECKO(580) | #2 0x7ffe3d557b92 in mozilla::dom::workerinternals::loader::CacheCreator::ResolvedCallback /builds/worker/checkouts/gecko/dom/workers/loader/CacheLoadHandler.cpp:208
[task 2022-11-02T11:00:41.468Z] 11:00:41 INFO - GECKO(580) | #3 0x7ffe3d5a0eee in mozilla::dom::`anonymous namespace'::PromiseNativeHandlerShim::ResolvedCallback /builds/worker/checkouts/gecko/dom/promise/Promise.cpp:433
[task 2022-11-02T11:00:41.469Z] 11:00:41 INFO - GECKO(580) | #4 0x7ffe3d5a1b76 in mozilla::dom::NativeHandlerCallback /builds/worker/checkouts/gecko/dom/promise/Promise.cpp:374
[task 2022-11-02T11:00:41.469Z] 11:00:41 INFO - GECKO(580) | #5 0x7ffe44a12686 in js::InternalCallOrConstruct /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:547
[task 2022-11-02T11:00:41.470Z] 11:00:41 INFO - GECKO(580) | #6 0x7ffe44a14a32 in js::Call /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:646
[task 2022-11-02T11:00:41.470Z] 11:00:41 INFO - GECKO(580) | #7 0x7ffe431d0314 in PromiseReactionJob /builds/worker/checkouts/gecko/js/src/builtin/Promise.cpp:2240
[task 2022-11-02T11:00:41.471Z] 11:00:41 INFO - GECKO(580) | #8 0x7ffe44a12686 in js::InternalCallOrConstruct /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:547
[task 2022-11-02T11:00:41.471Z] 11:00:41 INFO - GECKO(580) | #9 0x7ffe44a14a32 in js::Call /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:646
[task 2022-11-02T11:00:41.472Z] 11:00:41 INFO - GECKO(580) | #10 0x7ffe42ecc1f0 in JS::Call /builds/worker/checkouts/gecko/js/src/vm/CallAndConstruct.cpp:117
[task 2022-11-02T11:00:41.472Z] 11:00:41 INFO - GECKO(580) | #11 0x7ffe38996878 in mozilla::dom::PromiseJobCallback::Call /builds/worker/workspace/obj-build/dom/bindings/PromiseBinding.cpp:83
[task 2022-11-02T11:00:41.474Z] 11:00:41 INFO - GECKO(580) | #12 0x7ffe345b59f2 in mozilla::PromiseJobRunnable::Run /builds/worker/checkouts/gecko/xpcom/base/CycleCollectedJSContext.cpp:213
[task 2022-11-02T11:00:41.474Z] 11:00:41 INFO - GECKO(580) | #13 0x7ffe34590fc3 in mozilla::CycleCollectedJSContext::PerformMicroTaskCheckPoint /builds/worker/checkouts/gecko/xpcom/base/CycleCollectedJSContext.cpp:676
[task 2022-11-02T11:00:41.475Z] 11:00:41 INFO - GECKO(580) | #14 0x7ffe34592796 in mozilla::CycleCollectedJSContext::AfterProcessTask /builds/worker/checkouts/gecko/xpcom/base/CycleCollectedJSContext.cpp:463
[task 2022-11-02T11:00:41.475Z] 11:00:41 INFO - GECKO(580) | #15 0x7ffe360a1581 in XPCJSContext::AfterProcessTask /builds/worker/checkouts/gecko/js/xpconnect/src/XPCJSContext.cpp:1480
[task 2022-11-02T11:00:41.476Z] 11:00:41 INFO - GECKO(580) | #16 0x7ffe3481d752 in nsThread::ProcessNextEvent /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1241
[task 2022-11-02T11:00:41.476Z] 11:00:41 INFO - GECKO(580) | #17 0x7ffe3482cc8d in NS_ProcessNextEvent /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:465
[task 2022-11-02T11:00:41.477Z] 11:00:41 INFO - GECKO(580) | #18 0x7ffe35e0c437 in mozilla::ipc::MessagePump::Run /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:85
[task 2022-11-02T11:00:41.477Z] 11:00:41 INFO - GECKO(580) | #19 0x7ffe35d25032 in MessageLoop::RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374
[task 2022-11-02T11:00:41.478Z] 11:00:41 INFO - GECKO(580) | #20 0x7ffe35d24e07 in MessageLoop::Run /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356
[task 2022-11-02T11:00:41.478Z] 11:00:41 INFO - GECKO(580) | #21 0x7ffe3df0ba9c in nsBaseAppShell::Run /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:150
[task 2022-11-02T11:00:41.479Z] 11:00:41 INFO - GECKO(580) | #22 0x7ffe3e10123e in nsAppShell::Run /builds/worker/checkouts/gecko/widget/windows/nsAppShell.cpp:614
[task 2022-11-02T11:00:41.480Z] 11:00:41 INFO - GECKO(580) | #23 0x7ffe42a6ff57 in XRE_RunAppShell /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:884
[task 2022-11-02T11:00:41.480Z] 11:00:41 INFO - GECKO(580) | #24 0x7ffe35d25032 in MessageLoop::RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374
[task 2022-11-02T11:00:41.481Z] 11:00:41 INFO - GECKO(580) | #25 0x7ffe35d24e07 in MessageLoop::Run /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356
[task 2022-11-02T11:00:41.481Z] 11:00:41 INFO - GECKO(580) | #26 0x7ffe42a6f3a0 in XRE_InitChildProcess /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:743
[task 2022-11-02T11:00:41.482Z] 11:00:41 INFO - GECKO(580) | #27 0x7ff70ba92ca5 in NS_internal_main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:357
[task 2022-11-02T11:00:41.482Z] 11:00:41 INFO - GECKO(580) | #28 0x7ff70ba9166e in wmain /builds/worker/checkouts/gecko/toolkit/xre/nsWindowsWMain.cpp:167
[task 2022-11-02T11:00:41.483Z] 11:00:41 INFO - GECKO(580) | #29 0x7ff70bb81fd7 in __scrt_common_main_seh d:\agent\_work\2\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
[task 2022-11-02T11:00:41.483Z] 11:00:41 INFO - GECKO(580) | #30 0x7ffe7c457033 in BaseThreadInitThunk+0x13 (C:\Windows\System32\KERNEL32.DLL+0x180017033)
[task 2022-11-02T11:00:41.484Z] 11:00:41 INFO - GECKO(580) | #31 0x7ffe7cae2650 in RtlUserThreadStart+0x20 (C:\Windows\SYSTEM32\ntdll.dll+0x180052650)
[task 2022-11-02T11:00:41.485Z] 11:00:41 INFO - GECKO(580) | AddressSanitizer can not provide additional info.
[task 2022-11-02T11:00:41.485Z] 11:00:41 INFO - GECKO(580) | SUMMARY: AddressSanitizer: access-violation /builds/worker/checkouts/gecko/netwerk/base/nsNetUtil.cpp:1831 in NS_NewURI
[task 2022-11-02T11:00:41.486Z] 11:00:41 INFO - GECKO(580) | ==8584==ABORTING
|
||
Comment 1•2 years ago
|
||
This is just a null deref, so it doesn't need to be hidden.
Also this looks like a missing null check in CacheCreator::ResolvedCallback, so this might be of interest to Yulia.
Group: core-security
Component: Networking → DOM: Workers
Flags: needinfo?(ystartsev)
|
Assignee | |
Updated•2 years ago
|
Assignee: nobody → ystartsev
Flags: needinfo?(ystartsev)
|
||
Updated•2 years ago
|
status-firefox106:
--- → unaffected
status-firefox107:
--- → unaffected
status-firefox108:
--- → affected
status-firefox-esr102:
--- → unaffected
Keywords: regression
Regressed by: 1797327
|
|
||
Comment 2•2 years ago
|
||
I came across a similar looking crash on Nightly: bp-d4f3640e-23a8-4886-b44b-0a5440221103
Crash Signature: [@ NS_NewURI ]
|
|
Assignee | |
Comment 3•2 years ago
|
||
I was over eager in introducing the strong pointers to WorkerLoadContext. It turns out that
previously when we were cycle collecting our ScriptLoadRequests, we were also cleaning up everything
related to WorkerLoadContext. Also, in an attempt to fix the cancellation for workers, We
accidentally stopped cleaning up the reference to the cache creator. This patch does the following:
- cleans up the cache creator reference whenever we finish with a cache load handler. This is done
by calling Fail appropriately. This solves both bug 1798667 (we no longer reach NEW_URI if we fail)
and 1781295 (we no longer leak memory because things were not cleaned up properly). - Does no remove the back reference to WorkerLoadContext from the LoadRequest. It turns out that
this is sometimes necessary. There is a chance that we will accidently try to access the
WorkerLoadContext after cancellation. This actually causes problems later on in the module code.
Try run: https://treeherder.mozilla.org/jobs?repo=try&revision=7eb92331f40517b5d4a8b658e0eea7fea6410745
Pushed by ystartsev@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/00e555156df1
clear cache when finished with service worker scripts; r=asuth
|
||
Comment 5•2 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 108 Branch
| Comment hidden (Intermittent Failures Robot) |
|
||
Comment 8•2 years ago
|
||
Copying crash signatures from duplicate bugs.
Crash Signature: [@ NS_NewURI ] → [@ NS_NewURI ]
[@ mozilla::detail::nsTStringRepr<T>::Length | NS_NewURI]
You need to log in
before you can comment on or make changes to this bug.
Description
•