Closed Bug 1253792 Opened 4 years ago Closed 4 years ago

Intermittent 419985.html | application crashed [@ nsDocShell::DoURILoad(nsIURI*, nsIURI*, bool, nsIURI*, bool, unsigned int, nsISupports*, char const*, nsAString_internal const&, nsIInputStream*, nsIInputStream*, bool, nsIDocShell**, nsIRequest**, bool, b

Categories

(Core :: DOM: Security, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla48
Tracking Status
firefox47 --- fixed
firefox48 --- fixed

People

(Reporter: RyanVM, Assigned: mrbkap)

References

Details

(Keywords: assertion, crash, intermittent-failure, Whiteboard: [rr-chaos])

Attachments

(1 file)

Started when bug 1113196 landed. Can you please take a look, Blake?

https://treeherder.mozilla.org/logviewer.html#?job_id=23032478&repo=mozilla-inbound

09:42:11     INFO -  REFTEST TEST-START | file:///builds/slave/test/build/tests/reftest/tests/layout/base/crashtests/419985.html
09:42:11     INFO -  REFTEST TEST-LOAD | http://localhost:42328/1457112856803/6/419985.html | 1291 / 3012 (42%)
09:42:11     INFO -  ++DOMWINDOW == 85 (0x7fe948d4a800) [pid = 1954] [serial = 3049] [outer = 0x7fe94c71e000]
09:42:11     INFO -  ++DOCSHELL 0x7fe92c086000 == 9 [pid = 1954] [id = 216]
09:42:11     INFO -  ++DOMWINDOW == 86 (0x7fe92bda5400) [pid = 1954] [serial = 3050] [outer = (nil)]
09:42:11     INFO -  ++DOMWINDOW == 87 (0x7fe92c4c2800) [pid = 1954] [serial = 3051] [outer = 0x7fe92bda5400]
09:42:11     INFO -  ++DOCSHELL 0x7fe948853000 == 10 [pid = 1954] [id = 217]
09:42:11     INFO -  ++DOMWINDOW == 88 (0x7fe92e1a5c00) [pid = 1954] [serial = 3052] [outer = (nil)]
09:42:11     INFO -  ++DOMWINDOW == 89 (0x7fe92e371400) [pid = 1954] [serial = 3053] [outer = 0x7fe92e1a5c00]
09:42:12     INFO -  ++DOMWINDOW == 90 (0x7fe92d429000) [pid = 1954] [serial = 3054] [outer = 0x7fe92bda5400]
09:42:12     INFO -  ++DOCSHELL 0x7fe948a5c000 == 11 [pid = 1954] [id = 218]
09:42:12     INFO -  ++DOMWINDOW == 91 (0x7fe937bcec00) [pid = 1954] [serial = 3055] [outer = (nil)]
09:42:12     INFO -  ++DOMWINDOW == 92 (0x7fe948deb000) [pid = 1954] [serial = 3056] [outer = 0x7fe937bcec00]
09:42:12     INFO -  --DOCSHELL 0x7fe948853000 == 10 [pid = 1954] [id = 217]
09:42:12     INFO -  ++DOMWINDOW == 93 (0x7fe937b84400) [pid = 1954] [serial = 3057] [outer = 0x7fe92bda5400]
09:42:12     INFO -  ++DOCSHELL 0x7fe92c07b800 == 11 [pid = 1954] [id = 219]
09:42:12     INFO -  ++DOMWINDOW == 94 (0x7fe937bcc400) [pid = 1954] [serial = 3058] [outer = (nil)]
09:42:12     INFO -  ++DOMWINDOW == 95 (0x7fe946d3d000) [pid = 1954] [serial = 3059] [outer = 0x7fe937bcc400]
09:42:13     INFO -  --DOCSHELL 0x7fe948a5c000 == 10 [pid = 1954] [id = 218]
09:42:13     INFO -  [Child 1954] WARNING: NS_ENSURE_TRUE(mShell) failed: file /builds/slave/m-in-l64-d-0000000000000000000/build/src/layout/base/nsPresContext.cpp, line 1317
09:42:13     INFO -  [Child 1954] WARNING: '!widget', file /builds/slave/m-in-l64-d-0000000000000000000/build/src/dom/events/IMEStateManager.cpp, line 433
09:42:13     INFO -  Assertion failure: aContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT, at /builds/slave/m-in-l64-d-0000000000000000000/build/src/docshell/base/nsDocShell.cpp:10593
09:42:13     INFO -  #01: nsDocShell::InternalLoad(nsIURI*, nsIURI*, bool, nsIURI*, unsigned int, nsISupports*, unsigned int, char16_t const*, char const*, nsAString_internal const&, nsIInputStream*, nsIInputStream*, unsigned int, nsISHEntry*, bool, nsAString_internal const&, nsIDocShell*, nsIURI*, nsIDocShell**, nsIRequest**) [xpcom/glue/nsCOMPtr.h:721]
09:42:13     INFO -  #02: nsDocShell::LoadURI(nsIURI*, nsIDocShellLoadInfo*, unsigned int, bool) [docshell/base/nsDocShell.cpp:1573]
09:42:13     INFO -  #03: nsFrameLoader::ReallyStartLoadingInternal() [dom/base/nsFrameLoader.cpp:434]
09:42:13     INFO -  #04: nsFrameLoader::ReallyStartLoading() [dom/base/nsFrameLoader.cpp:319]
09:42:13     INFO -  #05: nsDocument::MaybeInitializeFinalizeFrameLoaders() [dom/base/nsDocument.cpp:7402]
09:42:13     INFO -  #06: nsRunnableMethodImpl<void (nsDocument::*)(), true>::Run() [xpcom/glue/nsThreadUtils.h:873]
09:42:13     INFO -  #07: nsContentUtils::AddScriptRunner(nsIRunnable*) [dom/base/nsContentUtils.cpp:5210]
09:42:13     INFO -  #08: nsDocument::InitializeFrameLoader(nsFrameLoader*) [dom/base/nsDocument.cpp:7350]
09:42:13     INFO -  #09: nsFrameLoader::LoadURI(nsIURI*) [dom/base/nsFrameLoader.cpp:276]
09:42:13     INFO -  #10: nsFrameLoader::LoadFrame() [dom/base/nsFrameLoader.cpp:237]
09:42:13     INFO -  #11: nsGenericHTMLFrameElement::LoadSrc() [dom/html/nsGenericHTMLFrameElement.cpp:240]
09:42:13     INFO -  #12: nsGenericHTMLFrameElement::SetAttr(int, nsIAtom*, nsIAtom*, nsAString_internal const&, bool) [dom/html/nsGenericHTMLFrameElement.cpp:318]
09:42:13     INFO -  #13: mozilla::dom::HTMLIFrameElement::SetAttr(int, nsIAtom*, nsIAtom*, nsAString_internal const&, bool) [dom/html/HTMLIFrameElement.cpp:194]
09:42:13     INFO -  #14: nsGenericHTMLElement::SetHTMLAttr(nsIAtom*, nsAString_internal const&, mozilla::ErrorResult&) [dom/bindings/ErrorResult.h:276]
09:42:13     INFO -  #15: mozilla::dom::HTMLIFrameElementBinding::set_src [obj-firefox/dom/bindings/HTMLIFrameElementBinding.cpp:55]
09:42:13     INFO -  #16: mozilla::dom::GenericBindingSetter(JSContext*, unsigned int, JS::Value*) [dom/bindings/BindingUtils.cpp:2699]
09:42:13     INFO -  #17: js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) [js/src/jscntxtinlines.h:236]
09:42:13     INFO -  #18: js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [js/src/vm/Interpreter.cpp:478]
09:42:13     INFO -  #19: js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) [js/src/vm/Interpreter.cpp:530]
09:42:13     INFO -  #20: js::InvokeSetter(JSContext*, JS::Value const&, JS::Value, JS::Handle<JS::Value>) [js/public/RootingAPI.h:666]
09:42:13     INFO -  #21: js::NativeSetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::QualifiedBool, JS::ObjectOpResult&) [js/src/vm/NativeObject.cpp:2352]
09:42:13     INFO -  #22: js::SetProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) [js/src/vm/NativeObject.h:1493]
09:42:13     INFO -  #23: Interpret [js/src/vm/Interpreter.cpp:287]
09:42:13     INFO -  #24: js::RunScript(JSContext*, js::RunState&) [js/src/vm/Interpreter.cpp:428]
09:42:13     INFO -  #25: js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) [js/src/vm/Interpreter.cpp:496]
09:42:13     INFO -  #26: js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) [js/src/vm/Interpreter.cpp:530]
09:42:13     INFO -  #27: JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) [js/src/jsapi.cpp:2892]
09:42:13     INFO -  #28: mozilla::dom::Function::Call(JSContext*, JS::Handle<JS::Value>, nsTArray<JS::Value> const&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) [obj-firefox/dom/bindings/FunctionBinding.cpp:36]
09:42:13     INFO -  #29: nsGlobalWindow::RunTimeoutHandler(nsTimeout*, nsIScriptContext*) [obj-firefox/dist/include/mozilla/dom/FunctionBinding.h:58]
09:42:13     INFO -  #30: nsGlobalWindow::RunTimeout(nsTimeout*) [dom/base/nsGlobalWindow.cpp:12171]
09:42:13     INFO -  #31: nsGlobalWindow::TimerCallback(nsITimer*, void*) [dom/base/nsGlobalWindow.cpp:12415]
09:42:13     INFO -  #32: nsTimerImpl::Fire() [xpcom/threads/nsTimerImpl.cpp:525]
09:42:13     INFO -  #33: nsTimerEvent::Run() [xpcom/threads/TimerThread.cpp:290]
09:42:13     INFO -  #34: nsThread::ProcessNextEvent(bool, bool*) [xpcom/threads/nsThread.cpp:994]
09:42:13     INFO -  #35: NS_ProcessNextEvent(nsIThread*, bool) [xpcom/glue/nsThreadUtils.cpp:297]
09:42:13     INFO -  #36: mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) [ipc/glue/MessagePump.cpp:96]
09:42:13     INFO -  #37: MessageLoop::RunInternal() [ipc/chromium/src/base/message_loop.cc:235]
09:42:13     INFO -  #38: MessageLoop::Run() [ipc/chromium/src/base/message_loop.cc:520]
09:42:13     INFO -  #39: nsBaseAppShell::Run() [widget/nsBaseAppShell.cpp:158]
09:42:13     INFO -  #40: XRE_RunAppShell [toolkit/xre/nsEmbedFunctions.cpp:786]
09:42:13     INFO -  #41: mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) [ipc/glue/MessagePump.cpp:259]
09:42:13     INFO -  #42: MessageLoop::RunInternal() [ipc/chromium/src/base/message_loop.cc:235]
09:42:13     INFO -  #43: MessageLoop::Run() [ipc/chromium/src/base/message_loop.cc:520]
09:42:13     INFO -  #44: XRE_InitChildProcess [toolkit/xre/nsEmbedFunctions.cpp:626]
09:42:13     INFO -  #45: content_process_main(int, char**) [ipc/contentproc/plugin-container.cpp:240]
09:42:13     INFO -  #46: libc.so.6 + 0x2176d
09:42:13     INFO -  #47: _start
09:42:13     INFO -  ###!!! [Parent][MessageChannel] Error: (msgtype=0x2C0077,name=PBrowser::Msg_Destroy) Channel error: cannot send/recv
09:42:13     INFO -  JavaScript error: resource://app/modules/ContentCrashHandlers.jsm, line 75: TypeError: browser.permanentKey is not a non-null object
09:42:13     INFO -  [Parent 1898] WARNING: pipe error (59): Connection reset by peer: file /builds/slave/m-in-l64-d-0000000000000000000/build/src/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 459
09:47:43     INFO -  REFTEST ERROR | file:///builds/slave/test/build/tests/reftest/tests/layout/base/crashtests/419985.html | application timed out after 330 seconds with no output
09:47:43     INFO -  REFTEST TEST-INFO | started process screentopng
09:47:44     INFO -  REFTEST TEST-INFO | screentopng: exit 0
09:47:45  WARNING -  TEST-UNEXPECTED-FAIL | file:///builds/slave/test/build/tests/reftest/tests/layout/base/crashtests/419985.html | application terminated with exit code 6
09:47:45     INFO -  REFTEST INFO | Copy/paste: /builds/slave/test/build/linux64-minidump_stackwalk /tmp/tmp7lbix1.mozrunner/minidumps/673cdca8-209f-bc21-34fc483d-01eb5596.dmp /builds/slave/test/build/symbols
09:47:58     INFO -  REFTEST INFO | Saved minidump as /builds/slave/test/build/blobber_upload_dir/673cdca8-209f-bc21-34fc483d-01eb5596.dmp
09:47:58     INFO -  REFTEST INFO | Saved app info as /builds/slave/test/build/blobber_upload_dir/673cdca8-209f-bc21-34fc483d-01eb5596.extra
09:47:58    ERROR -  REFTEST PROCESS-CRASH | file:///builds/slave/test/build/tests/reftest/tests/layout/base/crashtests/419985.html | application crashed [@ nsDocShell::DoURILoad(nsIURI*, nsIURI*, bool, nsIURI*, bool, unsigned int, nsISupports*, char const*, nsAString_internal const&, nsIInputStream*, nsIInputStream*, bool, nsIDocShell**, nsIRequest**, bool, bool, bool, nsAString_internal const&, nsIURI*, unsigned int)]
09:47:58     INFO -  Crash dump filename: /tmp/tmp7lbix1.mozrunner/minidumps/673cdca8-209f-bc21-34fc483d-01eb5596.dmp
09:47:58     INFO -  Operating system: Linux
09:47:58     INFO -                    0.0.0 Linux 3.2.0-76-generic #111-Ubuntu SMP Tue Jan 13 22:16:09 UTC 2015 x86_64
09:47:58     INFO -  CPU: amd64
09:47:58     INFO -       family 6 model 62 stepping 4
09:47:58     INFO -       1 CPU
09:47:58     INFO -  Crash reason:  SIGSEGV
09:47:58     INFO -  Crash address: 0x0
09:47:58     INFO -  Process uptime: not available
09:47:58     INFO -  Thread 0 (crashed)
09:47:58     INFO -   0  libxul.so!nsDocShell::DoURILoad(nsIURI*, nsIURI*, bool, nsIURI*, bool, unsigned int, nsISupports*, char const*, nsAString_internal const&, nsIInputStream*, nsIInputStream*, bool, nsIDocShell**, nsIRequest**, bool, bool, bool, nsAString_internal const&, nsIURI*, unsigned int) [nsDocShell.cpp:750b61b5d681 : 10593 + 0x24]
09:47:58     INFO -      rax = 0x0000000000000000   rdx = 0x0000000000000000
09:47:58     INFO -      rcx = 0x00007fe96426dfed   rbx = 0x00007fe92c086000
09:47:58     INFO -      rsi = 0x00007fe964541a80   rdi = 0x00007fe9693492f8
09:47:58     INFO -      rbp = 0x00007fffb50b5ad0   rsp = 0x00007fffb50b5980
09:47:58     INFO -       r8 = 0x00007fe96c0b4b00    r9 = 0x000000000000004f
09:47:58     INFO -      r10 = 0x6e6f632d6e696775   r11 = 0x0000000000000000
09:47:58     INFO -      r12 = 0x00007fe932346e80   r13 = 0x0000000000000000
09:47:58     INFO -      r14 = 0x00007fe92c0862e8   r15 = 0x00007fffb50b5a30
09:47:58     INFO -      rip = 0x00007fe967bec11d
09:47:58     INFO -      Found by: given as instruction pointer in context
09:47:58     INFO -   1  libxul.so!nsDocShell::InternalLoad(nsIURI*, nsIURI*, bool, nsIURI*, unsigned int, nsISupports*, unsigned int, char16_t const*, char const*, nsAString_internal const&, nsIInputStream*, nsIInputStream*, unsigned int, nsISHEntry*, bool, nsAString_internal const&, nsIDocShell*, nsIURI*, nsIDocShell**, nsIRequest**) [nsDocShell.cpp:750b61b5d681 : 10409 + 0x87]
09:47:58     INFO -      rbx = 0x00007fe92c086000   rbp = 0x00007fffb50b5e20
09:47:58     INFO -      rsp = 0x00007fffb50b5ae0   r12 = 0x00007fe92c086200
09:47:58     INFO -      r13 = 0x00007fe932346e80   r14 = 0x00007fffb50b5c90
09:47:58     INFO -      r15 = 0x00007fe9678aaa34   rip = 0x00007fe967bf29ea
09:47:58     INFO -      Found by: call frame info
09:47:58     INFO -   2  libxul.so!nsDocShell::LoadURI(nsIURI*, nsIDocShellLoadInfo*, unsigned int, bool) [nsDocShell.cpp:750b61b5d681 : 1573 + 0x50]
09:47:58     INFO -      rbx = 0x0000000000000000   rbp = 0x00007fffb50b6080
09:47:58     INFO -      rsp = 0x00007fffb50b5e30   r12 = 0x0000000000800001
09:47:58     INFO -      r13 = 0x00007fe92c086000   r14 = 0x0000000000000000
09:47:58     INFO -      r15 = 0x00007fe932346e80   rip = 0x00007fe967bf7c1b
09:47:58     INFO -      Found by: call frame info
09:47:58     INFO -   3  libxul.so!nsFrameLoader::ReallyStartLoadingInternal() [nsFrameLoader.cpp:750b61b5d681 : 434 + 0x7]
09:47:58     INFO -      rbx = 0x00007fe92d3fb310   rbp = 0x00007fffb50b6240
09:47:58     INFO -      rsp = 0x00007fffb50b6090   r12 = 0x0000000000000000
09:47:58     INFO -      r13 = 0x0000000000000000   r14 = 0x00007fe92d3fb350
09:47:58     INFO -      r15 = 0x00007fe92d3fb358   rip = 0x00007fe9667dd17d
09:47:58     INFO -      Found by: call frame info
09:47:58     INFO -   4  libxul.so!nsFrameLoader::ReallyStartLoading() [nsFrameLoader.cpp:750b61b5d681 : 318 + 0x5]
09:47:58     INFO -      rbx = 0x00007fe92d3fb310   rbp = 0x00007fffb50b6270
09:47:58     INFO -      rsp = 0x00007fffb50b6250   r12 = 0x00007fe94a3ff5f0
09:47:58     INFO -      r13 = 0x00007fe92bd32680   r14 = 0x00007fe92d3fb358
09:47:58     INFO -      r15 = 0x0000000000000000   rip = 0x00007fe9667dd477
09:47:58     INFO -      Found by: call frame info
09:47:58     INFO -   5  libxul.so!nsDocument::MaybeInitializeFinalizeFrameLoaders() [nsDocument.cpp:750b61b5d681 : 7401 + 0x11]
09:47:58     INFO -      rbx = 0x00007fe94a3ff000   rbp = 0x00007fffb50b62b0
09:47:58     INFO -      rsp = 0x00007fffb50b6280   r12 = 0x00007fe94a3ff5f0
09:47:58     INFO -      r13 = 0x00007fe92bd32680   r14 = 0x00007fe92d3fb358
09:47:58     INFO -      r15 = 0x0000000000000000   rip = 0x00007fe9667dd5a8
09:47:58     INFO -      Found by: call frame info
09:47:58     INFO -   6  libxul.so!nsRunnableMethodImpl<void (nsDocument::*)(), true>::Run() [nsThreadUtils.h:750b61b5d681 : 870 + 0x5]
09:47:58     INFO -      rbx = 0x00007fe94a3ff000   rbp = 0x00007fffb50b62c0
09:47:58     INFO -      rsp = 0x00007fffb50b62c0   r12 = 0x0000000000000000
09:47:58     INFO -      r13 = 0x00007fe92bd32680   r14 = 0x00007fe92d3fb358
09:47:58     INFO -      r15 = 0x0000000000000000   rip = 0x00007fe9667d835c
09:47:58     INFO -      Found by: call frame info
09:47:58     INFO -   7  libxul.so!nsContentUtils::AddScriptRunner(nsIRunnable*) [nsContentUtils.cpp:750b61b5d681 : 5208 + 0x12]
09:47:58     INFO -      rbx = 0x00007fe94a3ff000   rbp = 0x00007fffb50b6300
09:47:58     INFO -      rsp = 0x00007fffb50b62d0   r12 = 0x0000000000000000
09:47:58     INFO -      r13 = 0x00007fe92bd32680   r14 = 0x00007fe92d3fb358
09:47:58     INFO -      r15 = 0x0000000000000000   rip = 0x00007fe96669863d
09:47:58     INFO -      Found by: call frame info
09:47:58     INFO -   8  libxul.so!nsDocument::InitializeFrameLoader(nsFrameLoader*) [nsDocument.cpp:750b61b5d681 : 7347 + 0x5]
09:47:58     INFO -      rbx = 0x00007fe94a3ff000   rbp = 0x00007fffb50b6340
09:47:58     INFO -      rsp = 0x00007fffb50b6310   r12 = 0x0000000000000000
09:47:58     INFO -      r13 = 0x00007fe932346e80   r14 = 0x00007fe92d3fb358
09:47:58     INFO -      r15 = 0x0000000000000000   rip = 0x00007fe9667cbb2a
09:47:58     INFO -      Found by: call frame info
09:47:58     INFO -   9  libxul.so!nsFrameLoader::LoadURI(nsIURI*) [nsFrameLoader.cpp:750b61b5d681 : 275 + 0x18]
09:47:58     INFO -      rbx = 0x0000000000000000   rbp = 0x00007fffb50b6380
09:47:58     INFO -      rsp = 0x00007fffb50b6350   r12 = 0x00007fe92d3fb310
09:47:58     INFO -      r13 = 0x00007fe932346e80   r14 = 0x00007fe92d3fb358
09:47:58     INFO -      r15 = 0x0000000000000000   rip = 0x00007fe9667dbc5e
09:47:58     INFO -      Found by: call frame info
09:47:58     INFO -  10  libxul.so!nsFrameLoader::LoadFrame() [nsFrameLoader.cpp:750b61b5d681 : 237 + 0xf]
09:47:58     INFO -      rbx = 0x0000000000000000   rbp = 0x00007fffb50b6480
09:47:58     INFO -      rsp = 0x00007fffb50b6390   r12 = 0x00007fe92d3fb310
09:47:58     INFO -      r13 = 0x00007fe968d5d997   r14 = 0x00007fffb50b63a0
09:47:58     INFO -      r15 = 0x0000000000000000   rip = 0x00007fe9667dc00d
09:47:58     INFO -      Found by: call frame info
09:47:58     INFO -  11  libxul.so!nsGenericHTMLFrameElement::LoadSrc() [nsGenericHTMLFrameElement.cpp:750b61b5d681 : 238 + 0x14]
09:47:58     INFO -      rbx = 0x00007fe94976e360   rbp = 0x00007fffb50b64b0
09:47:58     INFO -      rsp = 0x00007fffb50b6490   r12 = 0x0000000000000000
09:47:58     INFO -      r13 = 0x00007fe9518effa0   r14 = 0x00007fffb50b6580
09:47:58     INFO -      r15 = 0x0000000000000000   rip = 0x00007fe9670d0b5b
09:47:58     INFO -      Found by: call frame info
09:47:58     INFO -  12  libxul.so!nsGenericHTMLFrameElement::SetAttr(int, nsIAtom*, nsIAtom*, nsAString_internal const&, bool) [nsGenericHTMLFrameElement.cpp:750b61b5d681 : 307 + 0x8]
09:47:58     INFO -      rbx = 0x00007fe94976e360   rbp = 0x00007fffb50b64f0
09:47:58     INFO -      rsp = 0x00007fffb50b64c0   r12 = 0x0000000000000000
09:47:58     INFO -      r13 = 0x00007fe9518effa0   r14 = 0x00007fffb50b6580
09:47:58     INFO -      r15 = 0x0000000000000000   rip = 0x00007fe9670d1b99
09:47:58     INFO -      Found by: call frame info
09:47:58     INFO -  13  libxul.so!mozilla::dom::HTMLIFrameElement::SetAttr(int, nsIAtom*, nsIAtom*, nsAString_internal const&, bool) [HTMLIFrameElement.cpp:750b61b5d681 : 193 + 0x5]
09:47:58     INFO -      rbx = 0x00007fffb50b6568   rbp = 0x00007fffb50b6520
09:47:58     INFO -      rsp = 0x00007fffb50b6500   r12 = 0x00007fe94976e360
09:47:58     INFO -      r13 = 0x00007fe9518effa0   r14 = 0x0000000000000000
09:47:58     INFO -      r15 = 0x00007fe96b50f9e0   rip = 0x00007fe9670497a5
09:47:58     INFO -      Found by: call frame info
09:47:58     INFO -  14  libxul.so!nsGenericHTMLElement::SetHTMLAttr(nsIAtom*, nsAString_internal const&, mozilla::ErrorResult&) [Element.h:750b61b5d681 : 1068 + 0xd]
09:47:58     INFO -      rbx = 0x00007fffb50b6568   rbp = 0x00007fffb50b6540
09:47:58     INFO -      rsp = 0x00007fffb50b6530   r12 = 0x00007fe94976e360
09:47:58     INFO -      r13 = 0x0000000000000000   r14 = 0x00007fe966ecea63
09:47:58     INFO -      r15 = 0x00007fe96b50f9e0   rip = 0x00007fe966dfe8bc
09:47:58     INFO -      Found by: call frame info
09:47:58     INFO -  15  libxul.so!mozilla::dom::HTMLIFrameElementBinding::set_src [HTMLIFrameElement.h:750b61b5d681 : 69 + 0x5]
09:47:58     INFO -      rbx = 0x00007fe94c75fc00   rbp = 0x00007fffb50b6620
09:47:58     INFO -      rsp = 0x00007fffb50b6550   r12 = 0x00007fe94976e360
09:47:58     INFO -      r13 = 0x0000000000000000   r14 = 0x00007fe966ecea63
09:47:58     INFO -      r15 = 0x00007fe96b50f9e0   rip = 0x00007fe966e41ffa
09:47:58     INFO -      Found by: call frame info
Flags: needinfo?(mrbkap)
I'm going to work on fixing this in bug 1240246.
Depends on: 1240246
Flags: needinfo?(mrbkap)
I have this in a recording if that's useful to you.

rr@minbar ~/.local/share/rr/firefox-0
Flags: needinfo?(mrbkap)
That would be extremely useful to me. My patch from bug 1240246 doesn't fix this and I was actually trying to get this into rr myself.
Flags: needinfo?(mrbkap)
Attached patch Patch v1Splinter Review
I wasn't able to get to khuey's recording but I was able to reproduce this locally with rr and chaos mode (which totally rocks). This is very similar to bug 1240246 in that the call to Stop() in nsDocShell::InternalLoad runs event handlers; however, in this case we're removing an iframe that's in the middle of a load, so we start tearing down its frame loader and defer destroying the docshell until we return to the event loop. This means that the docshell's mScriptGlobal doesn't get nulled out before we end up in nsDocShell::DoURILoad but the script global's frame element is. The easiest way to fix this is to bail out for top-level loads with no frame element the same way we do for null script globals.
Attachment #8728578 - Flags: review?(bugs)
Assignee: nobody → mrbkap
Comment on attachment 8728578 [details] [diff] [review]
Patch v1

This is fragile code.

Please file a followup to sort out the content policy checks in case
<a target=foo> is being used for iframes.
Attachment #8728578 - Flags: review?(bugs) → review+
https://hg.mozilla.org/mozilla-central/rev/36fef4bb3dd6
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
Please request Aurora approval on this when you get a chance.
Flags: needinfo?(mrbkap)
Comment on attachment 8728578 [details] [diff] [review]
Patch v1

Approval Request Comment
[Feature/regressing bug #]: bug 1240246
[User impact if declined]: Incorrect security loading info passed around.
[Describe test coverage new/current, TreeHerder]: Lots of existing test coverage (this was caught by existing tests).
[Risks and why]: Low risk.
[String/UUID change made/needed]: n/a
Flags: needinfo?(mrbkap)
Attachment #8728578 - Flags: approval-mozilla-aurora?
Comment on attachment 8728578 [details] [diff] [review]
Patch v1

Fixes an intermittent test failure, Aurora47+
Attachment #8728578 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.