Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AddressSanitizer: heap-use-after-free brave_shields::AdBlockRegionalServiceManager #21228

Closed
tmancey opened this issue Feb 22, 2022 · 1 comment
Closed

AddressSanitizer: heap-use-after-free brave_shields::AdBlockRegionalServiceManager #21228

tmancey opened this issue Feb 22, 2022 · 1 comment
Labels
asan ci-concern closed/duplicate Issue has already been reported crash OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. security

Comments

@tmancey
Copy link
Contributor

tmancey commented Feb 22, 2022
edited
Loading 

==11682==ERROR: AddressSanitizer: heap-use-after-free on address 0x61500006c638 at pc 0x00013c9b8afd bp 0x7ff7b10ba850 sp 0x7ff7b10ba848
READ of size 8 at 0x61500006c638 thread T0
==11682==WARNING: Can't read from symbolizer at fd 14
==11682==WARNING: Can't read from symbolizer at fd 15
==11682==WARNING: Can't read from symbolizer at fd 16
==11682==WARNING: Can't read from symbolizer at fd 18
==11682==WARNING: Failed to use and restart external symbolizer!
    #0 0x13c9b8afc in base::ObserverList<brave_shields::AdBlockRegionalCatalogProvider::Observer, false, true, base::internal::CheckedObserverAdapter>::RemoveObserver(brave_shields::AdBlockRegionalCatalogProvider::Observer const*)+0x58c (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0xbfadafc) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #1 0x13c9c16a6 in brave_shields::AdBlockRegionalServiceManager::~AdBlockRegionalServiceManager()+0x66 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0xbfb66a6) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #2 0x13c9c197d in brave_shields::AdBlockRegionalServiceManager::~AdBlockRegionalServiceManager()+0xd (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0xbfb697d) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #3 0x13c9dd7f5 in brave_shields::AdBlockService::~AdBlockService()+0x235 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0xbfd27f5) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #4 0x135b27bd3 in BraveBrowserProcessImpl::~BraveBrowserProcessImpl()+0x523 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x511cbd3) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #5 0x135b27eb4 in non-virtual thunk to BraveBrowserProcessImpl::~BraveBrowserProcessImpl()+0x14 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x511ceb4) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #6 0x1353ed489 in browser_shutdown::ShutdownPostThreadsStop(browser_shutdown::RestartMode)+0x149 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x49e2489) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #7 0x13524abc7 in ChromeBrowserMainParts::PostDestroyThreads()+0x227 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x483fbc7) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #8 0x14a098a16 in content::BrowserMainLoop::ShutdownThreadsAndCleanUp()+0xee6 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12c5a16) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #9 0x14a09d017 in content::BrowserMainRunnerImpl::Shutdown()+0x247 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12ca017) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #10 0x14a0905b0 in content::BrowserMain(content::MainFunctionParams)+0x3d0 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12bd5b0) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #11 0x14cc09a81 in content::RunBrowserProcessMain(content::MainFunctionParams, content::ContentMainDelegate*)+0x2b1 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e36a81) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #12 0x14cc0d3de in content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams, bool)+0xc6e (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e3a3de) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #13 0x14cc0c4e6 in content::ContentMainRunnerImpl::Run()+0x496 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e394e6) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #14 0x14cc06628 in content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*)+0x538 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e33628) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #15 0x14cc08761 in content::ContentMain(content::ContentMainParams)+0xf1 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e35761) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #16 0x130a14168 in ChromeMain+0x248 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x9168) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #17 0x10ee42b95 in main+0x205 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/Brave Browser Development.app/Contents/MacOS/Brave Browser Development:x86_64+0x100000b95) (BuildId: 4c4c44c155553144a11a8117654cb1fc2400000010000000000b0a0000030b00)
    #18 0x1186084fd  (/usr/lib/dyld:x86_64+0x54fd) (BuildId: 7de33963bbc53996ba6ef1d562c17c9532000000200000000100000000020c00)

0x61500006c638 is located 312 bytes inside of 488-byte region [0x61500006c500,0x61500006c6e8)
freed by thread T0 here:
    #0 0x10f666b0d in __sanitizer_finish_switch_fiber+0x59d (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/Brave Browser Development.app/Contents/MacOS/libclang_rt.asan_osx_dynamic.dylib:x86_64+0x56b0d) (BuildId: f396a7b221393301b8029d68c040e0e0240000001000000000070a0000010b00)
    #1 0x13c9dd6ed in brave_shields::AdBlockService::~AdBlockService()+0x12d (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0xbfd26ed) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #2 0x135b27bd3 in BraveBrowserProcessImpl::~BraveBrowserProcessImpl()+0x523 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x511cbd3) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #3 0x135b27eb4 in non-virtual thunk to BraveBrowserProcessImpl::~BraveBrowserProcessImpl()+0x14 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x511ceb4) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #4 0x1353ed489 in browser_shutdown::ShutdownPostThreadsStop(browser_shutdown::RestartMode)+0x149 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x49e2489) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #5 0x13524abc7 in ChromeBrowserMainParts::PostDestroyThreads()+0x227 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x483fbc7) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #6 0x14a098a16 in content::BrowserMainLoop::ShutdownThreadsAndCleanUp()+0xee6 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12c5a16) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #7 0x14a09d017 in content::BrowserMainRunnerImpl::Shutdown()+0x247 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12ca017) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #8 0x14a0905b0 in content::BrowserMain(content::MainFunctionParams)+0x3d0 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12bd5b0) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #9 0x14cc09a81 in content::RunBrowserProcessMain(content::MainFunctionParams, content::ContentMainDelegate*)+0x2b1 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e36a81) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #10 0x14cc0d3de in content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams, bool)+0xc6e (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e3a3de) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #11 0x14cc0c4e6 in content::ContentMainRunnerImpl::Run()+0x496 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e394e6) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #12 0x14cc06628 in content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*)+0x538 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e33628) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #13 0x14cc08761 in content::ContentMain(content::ContentMainParams)+0xf1 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e35761) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #14 0x130a14168 in ChromeMain+0x248 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x9168) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #15 0x10ee42b95 in main+0x205 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/Brave Browser Development.app/Contents/MacOS/Brave Browser Development:x86_64+0x100000b95) (BuildId: 4c4c44c155553144a11a8117654cb1fc2400000010000000000b0a0000030b00)
    #16 0x1186084fd  (/usr/lib/dyld:x86_64+0x54fd) (BuildId: 7de33963bbc53996ba6ef1d562c17c9532000000200000000100000000020c00)

previously allocated by thread T0 here:
    #0 0x10f6666ed in __sanitizer_finish_switch_fiber+0x17d (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/Brave Browser Development.app/Contents/MacOS/libclang_rt.asan_osx_dynamic.dylib:x86_64+0x566ed) (BuildId: f396a7b221393301b8029d68c040e0e0240000001000000000070a0000010b00)
    #1 0x13c9dd2b8 in brave_shields::AdBlockService::AdBlockService(PrefService*, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> >, component_updater::ComponentUpdateService*, scoped_refptr<base::SequencedTaskRunner>, std::__Cr::unique_ptr<brave_shields::AdBlockSubscriptionServiceManager, std::__Cr::default_delete<brave_shields::AdBlockSubscriptionServiceManager> >)+0x538 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0xbfd22b8) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #2 0x135b2a938 in std::__Cr::__unique_if<brave_shields::AdBlockService>::__unique_single std::__Cr::make_unique<brave_shields::AdBlockService, PrefService*, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> > const&, component_updater::ComponentUpdateService*, scoped_refptr<base::SequencedTaskRunner>&, std::__Cr::unique_ptr<brave_shields::AdBlockSubscriptionServiceManager, std::__Cr::default_delete<brave_shields::AdBlockSubscriptionServiceManager> > >(PrefService*&&, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> > const&, component_updater::ComponentUpdateService*&&, scoped_refptr<base::SequencedTaskRunner>&, std::__Cr::unique_ptr<brave_shields::AdBlockSubscriptionServiceManager, std::__Cr::default_delete<brave_shields::AdBlockSubscriptionServiceManager> >&&)+0x3b8 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x511f938) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #3 0x135b2a341 in BraveBrowserProcessImpl::ad_block_service()+0x451 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x511f341) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #4 0x135bc8e14 in brave_shields::AdBlockPrefServiceFactory::BuildServiceInstanceFor(content::BrowserContext*) const+0x64 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x51bde14) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #5 0x114fd84b8 in KeyedServiceFactory::GetServiceForContext(void*, bool)+0x2d8 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libkeyed_service_core.dylib:x86_64+0x164b8) (BuildId: 4c4c443f55553144a1f6c2b0883e0e0f2400000010000000000b0a0000030b00)
    #6 0x114fd4b9d in DependencyManager::CreateContextServices(void*, bool)+0x33d (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libkeyed_service_core.dylib:x86_64+0x12b9d) (BuildId: 4c4c443f55553144a1f6c2b0883e0e0f2400000010000000000b0a0000030b00)
    #7 0x11793b540 in BrowserContextDependencyManager::CreateBrowserContextServices(content::BrowserContext*)+0x130 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libkeyed_service_content.dylib:x86_64+0x3540) (BuildId: 4c4c445755553144a1a6858435feed392400000010000000000b0a0000030b00)
    #8 0x1359193c2 in ProfileImpl::OnLocaleReady(Profile::CreateMode)+0x112 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x4f0e3c2) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #9 0x13590fb8b in ProfileImpl::OnPrefsLoaded(Profile::CreateMode, bool)+0x11b (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x4f04b8b) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #10 0x13590e57b in ProfileImpl::ProfileImpl(base::FilePath const&, Profile::Delegate*, Profile::CreateMode, base::Time, scoped_refptr<base::SequencedTaskRunner>)+0x66b (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x4f0357b) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #11 0x13362d098 in BraveProfileImpl::BraveProfileImpl(base::FilePath const&, Profile::Delegate*, Profile::CreateMode, base::Time, scoped_refptr<base::SequencedTaskRunner>)+0x158 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x2c22098) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #12 0x135908a50 in Profile::CreateProfile(base::FilePath const&, Profile::Delegate*, Profile::CreateMode)+0x2b0 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x4efda50) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #13 0x1359282d6 in ProfileManager::CreateAndInitializeProfile(base::FilePath const&)+0x1f6 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x4f1d2d6) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #14 0x135923c32 in ProfileManager::GetProfile(base::FilePath const&)+0x72 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x4f18c32) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #15 0x13b321b93 in GetStartupProfile(base::FilePath const&, base::CommandLine const&)+0x1e3 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0xa916b93) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #16 0x1352493d1 in (anonymous namespace)::CreateInitialProfile(content::MainFunctionParams const&, base::FilePath const&, base::CommandLine const&)+0x2a1 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x483e3d1) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #17 0x13524604c in ChromeBrowserMainParts::PreMainMessageLoopRunImpl()+0x82c (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x483b04c) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #18 0x13524561d in ChromeBrowserMainParts::PreMainMessageLoopRun()+0x5d (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x483a61d) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)
    #19 0x14a09582d in content::BrowserMainLoop::PreMainMessageLoopRun()+0x13d (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12c282d) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #20 0x14b8e8660 in content::StartupTaskRunner::RunAllTasksNow()+0x1c0 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x2b15660) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #21 0x14a094d45 in content::BrowserMainLoop::CreateStartupTasks()+0x695 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12c1d45) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #22 0x14a09bf4d in content::BrowserMainRunnerImpl::Initialize(content::MainFunctionParams)+0x19d (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12c8f4d) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #23 0x14a09052d in content::BrowserMain(content::MainFunctionParams)+0x34d (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x12bd52d) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #24 0x14cc09a81 in content::RunBrowserProcessMain(content::MainFunctionParams, content::ContentMainDelegate*)+0x2b1 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e36a81) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #25 0x14cc0d3de in content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams, bool)+0xc6e (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e3a3de) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #26 0x14cc0c4e6 in content::ContentMainRunnerImpl::Run()+0x496 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e394e6) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #27 0x14cc06628 in content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*)+0x538 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e33628) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #28 0x14cc08761 in content::ContentMain(content::ContentMainParams)+0xf1 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libcontent.dylib:x86_64+0x3e35761) (BuildId: 4c4c446655553144a18e43ee4c8ce8942400000010000000000b0a0000030b00)
    #29 0x130a14168 in ChromeMain+0x248 (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0x9168) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00)

SUMMARY: AddressSanitizer: heap-use-after-free (/Users/terrym/Projects/Brave/brave-browser/src/out/Component/libchrome_dll.dylib:x86_64+0xbfadafc) (BuildId: 4c4c445755553144a12c9f4cf05986452400000010000000000b0a0000030b00) in base::ObserverList<brave_shields::AdBlockRegionalCatalogProvider::Observer, false, true, base::internal::CheckedObserverAdapter>::RemoveObserver(brave_shields::AdBlockRegionalCatalogProvider::Observer const*)+0x58c
Shadow bytes around the buggy address:
  0x1c2a0000d870: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2a0000d880: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa
  0x1c2a0000d890: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c2a0000d8a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2a0000d8b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x1c2a0000d8c0: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd
  0x1c2a0000d8d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
  0x1c2a0000d8e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x1c2a0000d8f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2a0000d900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c2a0000d910: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==11682==ABORTING
Received signal 6
0   libbase.dylib                       0x00000001112120a9 base::debug::CollectStackTrace(void**, unsigned long) + 9
1   libbase.dylib                       0x0000000110df7363 base::debug::StackTrace::StackTrace() + 19
2   libbase.dylib                       0x0000000111211a7b base::debug::(anonymous namespace)::StackDumpSignalHandler(int, __siginfo*, void*) + 2891
3   libsystem_platform.dylib            0x00007ff81312fe2d _sigtramp + 29
4   ???                                 0x00007ff7b10b9230 0x0 + 140701803975216
5   libsystem_c.dylib                   0x00007ff813066d10 abort + 123
6   libclang_rt.asan_osx_dynamic.dylib  0x000000010f67c586 __sanitizer_sandbox_on_notify + 998
7   libclang_rt.asan_osx_dynamic.dylib  0x000000010f67bcf4 __sanitizer_on_print + 24084
8   libclang_rt.asan_osx_dynamic.dylib  0x000000010f65fc47 __asan_on_error + 1559
9   libclang_rt.asan_osx_dynamic.dylib  0x000000010f65eedf __asan_unpoison_intra_object_redzone + 15087
10  libclang_rt.asan_osx_dynamic.dylib  0x000000010f6601f8 __asan_report_load8 + 40
11  libchrome_dll.dylib                 0x000000013c9b8afd base::ObserverList<brave_shields::AdBlockRegionalCatalogProvider::Observer, false, true, base::internal::CheckedObserverAdapter>::RemoveObserver(brave_shields::AdBlockRegionalCatalogProvider::Observer const*) + 1421
12  libchrome_dll.dylib                 0x000000013c9c16a7 brave_shields::AdBlockRegionalServiceManager::~AdBlockRegionalServiceManager() + 103
13  libchrome_dll.dylib                 0x000000013c9c197e brave_shields::AdBlockRegionalServiceManager::~AdBlockRegionalServiceManager() + 14
14  libchrome_dll.dylib                 0x000000013c9dd7f6 brave_shields::AdBlockService::~AdBlockService() + 566
15  libchrome_dll.dylib                 0x0000000135b27bd4 BraveBrowserProcessImpl::~BraveBrowserProcessImpl() + 1316
16  libchrome_dll.dylib                 0x0000000135b27eb5 non-virtual thunk to BraveBrowserProcessImpl::~BraveBrowserProcessImpl() + 21
17  libchrome_dll.dylib                 0x00000001353ed48a browser_shutdown::ShutdownPostThreadsStop(browser_shutdown::RestartMode) + 330
18  libchrome_dll.dylib                 0x000000013524abc8 ChromeBrowserMainParts::PostDestroyThreads() + 552
19  libcontent.dylib                    0x000000014a098a17 content::BrowserMainLoop::ShutdownThreadsAndCleanUp() + 3815
20  libcontent.dylib                    0x000000014a09d018 content::BrowserMainRunnerImpl::Shutdown() + 584
21  libcontent.dylib                    0x000000014a0905b1 content::BrowserMain(content::MainFunctionParams) + 977
22  libcontent.dylib                    0x000000014cc09a82 content::RunBrowserProcessMain(content::MainFunctionParams, content::ContentMainDelegate*) + 690
23  libcontent.dylib                    0x000000014cc0d3df content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams, bool) + 3183
24  libcontent.dylib                    0x000000014cc0c4e7 content::ContentMainRunnerImpl::Run() + 1175
25  libcontent.dylib                    0x000000014cc06629 content::RunContentProcess(content::ContentMainParams, content::ContentMainRunner*) + 1337
26  libcontent.dylib                    0x000000014cc08762 content::ContentMain(content::ContentMainParams) + 242
27  libchrome_dll.dylib                 0x0000000130a14169 ChromeMain + 585
28  Brave Browser Development           0x000000010ee42b96 main + 518
29  dyld                                0x00000001186084fe start + 462
[end of stack trace]
[0222/123518.526643:WARNING:crash_report_exception_handler.cc(235)] UniversalExceptionRaise: (os/kern) failure (5)

Crash occurred after quitting browser
@rebron rebron added the priority/P2 A bad problem. We might uplift this to the next planned release. label Mar 4, 2022
@iefremov
Copy link
Contributor

This is fixed in https://github.com/brave/internal/issues/854

@iefremov iefremov added the closed/duplicate Issue has already been reported label May 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
asan ci-concern closed/duplicate Issue has already been reported crash OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@diracdeltas @wknapik @tmancey @iefremov @rebron