Closed Bug 1320041 Opened 8 years ago Closed 8 years ago

assertion failure triggers null pointer deref and segfault in nsDocShell::CopyFavicon (nsDocShell.cpp:9560)

Categories

(Core :: DOM: Navigation, defect)

Product:
Core
Component:
DOM: Navigation
Version:
53 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Tracking Flags:
Tracking Status
firefox50 --- unaffected
firefox51 --- unaffected
firefox52 --- unaffected
firefox53 + fixed

People

(Reporter: geeknik, Unassigned)

References

(Blocks 1 open bug)

Details

(4 keywords, Whiteboard: [userContextId][domsecurity-backlog])

Crash Data

Attachments

(1 file)

stack from crash under macOS
17.34 KB, text/plain
Details
Found while fuzzing Nightly ASAN build ID 20161123153929. STR: 1) Load about:debugging 2) Check Enable add-on debugging 3) Click Load Temporary Addon and choose ANY file (doesn't need to be a valid addon) 4) Try to click on Tabs or Workers in the about:debugging window and Firefox crashes. Assertion failure: (BasePrincipal::Cast(aLoadingPrincipal)->OriginAttributesRef().mPrivateBrowsingId > 0) == aInPrivateBrowsing, at /home/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9561 #01: ???[/home/geeknik/firefox/libxul.so +0x98f8eb5] #02: ???[/home/geeknik/firefox/libxul.so +0x4a064b6] #03: ???[/home/geeknik/firefox/libxul.so +0x4a0789c] #04: ???[/home/geeknik/firefox/libxul.so +0x65c588d] #05: ???[/home/geeknik/firefox/libxul.so +0x65e0374] #06: ???[/home/geeknik/firefox/libxul.so +0xc960e1d] #07: ???[/home/geeknik/firefox/libxul.so +0xc963139] #08: ???[/home/geeknik/firefox/libxul.so +0xc6739c0] #09: ???[/home/geeknik/firefox/libxul.so +0x65ea506] #10: ???[/home/geeknik/firefox/libxul.so +0xc69ff72] #11: ???[/home/geeknik/firefox/libxul.so +0xc58ab3b] #12: ???[/home/geeknik/firefox/libxul.so +0xc6c34e6] #13: ???[/home/geeknik/firefox/libxul.so +0xc679e76] #14: ???[/home/geeknik/firefox/libxul.so +0xc69ff72] #15: ???[/home/geeknik/firefox/libxul.so +0xc58ab3b] #16: ???[/home/geeknik/firefox/libxul.so +0xc939c00] #17: ???[/home/geeknik/firefox/libxul.so +0xc925ff7] #18: ???[/home/geeknik/firefox/libxul.so +0xc961635] #19: ???[/home/geeknik/firefox/libxul.so +0xd19a0ff] #20: ??? (???:???) ASAN:DEADLYSIGNAL ================================================================= ==103076==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fad648dd978 bp 0x7fff0da51370 sp 0x7fff0da51060 T0) #0 0x7fad648dd977 in nsDocShell::CopyFavicon(nsIURI*, nsIURI*, nsIPrincipal*, bool) /home/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9560:3 #1 0x7fad6487a31c in nsDocShell::InternalLoad(nsIURI*, nsIURI*, bool, nsIURI*, unsigned int, nsIPrincipal*, nsIPrincipal*, unsigned int, nsAString_internal const&, char const*, nsAString_internal const&, nsIInputStream*, nsIInputStream*, unsigned int, nsISHEntry*, bool, nsAString_internal const&, nsIDocShell*, nsIURI*, nsIDocShell**, nsIRequest**) /home/worker/workspace/build/src/docshell/base/nsDocShell.cpp:10438:7 #2 0x7fad64872eb4 in nsDocShell::LoadURI(nsIURI*, nsIDocShellLoadInfo*, unsigned int, bool) /home/worker/workspace/build/src/docshell/base/nsDocShell.cpp:1558:10 #3 0x7fad5f9804b5 in mozilla::dom::Location::SetURI(nsIURI*, bool) /home/worker/workspace/build/src/dom/base/Location.cpp:288:12 #4 0x7fad5f98189b in mozilla::dom::Location::SetHash(nsAString_internal const&) /home/worker/workspace/build/src/dom/base/Location.cpp:367:10 #5 0x7fad6153f88c in SetHash /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/Location.h:209:14 #6 0x7fad6153f88c in mozilla::dom::LocationBinding::set_hash(JSContext*, JS::Handle<JSObject*>, mozilla::dom::Location*, JSJitSetterCallArgs) /home/worker/workspace/build/src/obj-firefox/dom/bindings/LocationBinding.cpp:703 #7 0x7fad6155a373 in mozilla::dom::GenericBindingSetter(JSContext*, unsigned int, JS::Value*) /home/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:2847:8 #8 0x7fad678dae1c in CallJSNative /home/worker/workspace/build/src/js/src/jscntxtinlines.h:239:15 #9 0x7fad678dae1c in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:447 #10 0x7fad678dd138 in Call /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:523:10 #11 0x7fad678dd138 in js::CallSetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<JS::Value>) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:650 #12 0x7fad675ed9bf in js::SetPropertyIgnoringNamedGetter(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<JS::PropertyDescriptor>, JS::ObjectOpResult&) /home/worker/workspace/build/src/js/src/proxy/BaseProxyHandler.cpp:245:10 #13 0x7fad61564505 in mozilla::dom::DOMProxyHandler::set(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) const /home/worker/workspace/build/src/dom/bindings/DOMJSProxyHandler.cpp:258:10 #14 0x7fad67619f71 in js::Proxy::set(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) /home/worker/workspace/build/src/js/src/proxy/Proxy.cpp:333:12 #15 0x7fad67504b3a in JSObject::nonNativeSetProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) /home/worker/workspace/build/src/js/src/jsobj.cpp:1022:12 #16 0x7fad6763d4e5 in SetProperty /home/worker/workspace/build/src/js/src/vm/NativeObject.h:1539:16 #17 0x7fad6763d4e5 in js::Wrapper::set(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) const /home/worker/workspace/build/src/js/src/proxy/Wrapper.cpp:152 #18 0x7fad675f3e75 in js::CrossCompartmentWrapper::set(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) const /home/worker/workspace/build/src/js/src/proxy/CrossCompartmentWrapper.cpp:221:5 #19 0x7fad67619f71 in js::Proxy::set(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) /home/worker/workspace/build/src/js/src/proxy/Proxy.cpp:333:12 #20 0x7fad67504b3a in JSObject::nonNativeSetProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) /home/worker/workspace/build/src/js/src/jsobj.cpp:1022:12 #21 0x7fad678b3bff in SetProperty /home/worker/workspace/build/src/js/src/vm/NativeObject.h:1539:16 #22 0x7fad678b3bff in SetPropertyOperation /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:259 #23 0x7fad678b3bff in Interpret(JSContext*, js::RunState&) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:2715 #24 0x7fad6789fff6 in js::RunScript(JSContext*, js::RunState&) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:405:12 #25 0x7fad678db634 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:477:15 #26 0x7fad681140fe in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICCall_Fallback*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /home/worker/workspace/build/src/js/src/jit/BaselineIC.cpp:6012:14 #27 0x7fad4e6faa95 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9560:3 in nsDocShell::CopyFavicon(nsIURI*, nsIURI*, nsIPrincipal*, bool) ==103076==ABORTING [Child 103117] ###!!! ABORT: Aborting on channel error.: file /home/worker/workspace/build/src/ipc/glue/MessageChannel.cpp, line 2155 [Child 103117] ###!!! ABORT: Aborting on channel error.: file /home/worker/workspace/build/src/ipc/glue/MessageChannel.cpp, line 2155 ASAN:DEADLYSIGNAL ================================================================= ==103117==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004e114b bp 0x7f0918968090 sp 0x7f0918968080 T2) Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Receive IPC close with reason=AbnormalShutdown (t=408.729) #0 0x4e114a in mozalloc_abort(char const*) /home/worker/workspace/build/src/memory/mozalloc/mozalloc_abort.cpp:33:5 #1 0x7f091b521105 in Abort(char const*) /home/worker/workspace/build/src/xpcom/base/nsDebugImpl.cpp:449:3 #2 0x7f091b520eac in NS_DebugBreak /home/worker/workspace/build/src/xpcom/base/nsDebugImpl.cpp:405:7 #3 0x7f091c484f9f in mozilla::ipc::MessageChannel::OnChannelErrorFromLink() /home/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:2155:13 #4 0x7f091c48a243 in OnChannelError /home/worker/workspace/build/src/ipc/glue/MessageLink.cpp:367:5 #5 0x7f091c48a243 in non-virtual thunk to mozilla::ipc::ProcessLink::OnChannelError() /home/worker/workspace/build/src/ipc/glue/MessageLink.cpp:359 #6 0x7f091c44032b in event_process_active_single_queue /home/worker/workspace/build/src/ipc/chromium/src/third_party/libevent/event.c:1350:4 #7 0x7f091c44032b in event_process_active /home/worker/workspace/build/src/ipc/chromium/src/third_party/libevent/event.c:1420 #8 0x7f091c44032b in event_base_loop /home/worker/workspace/build/src/ipc/chromium/src/third_party/libevent/event.c:1621 #9 0x7f091c3ff7c1 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) /home/worker/workspace/build/src/ipc/chromium/src/base/message_pump_libevent.cc:372:7 #10 0x7f091c3f9c28 in RunInternal /home/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:232:3 #11 0x7f091c3f9c28 in RunHandler /home/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:225 #12 0x7f091c3f9c28 in MessageLoop::Run() /home/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:205 #13 0x7f091c419dd1 in base::Thread::ThreadMain() /home/worker/workspace/build/src/ipc/chromium/src/base/thread.cc:180:3 #14 0x7f091c41a92c in ThreadFunc(void*) /home/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:38:3 #15 0x7f0935ea70a3 in start_thread /build/glibc-daoqzt/glibc-2.19/nptl/pthread_create.c:309 #16 0x7f0934fae62c in clone /build/glibc-daoqzt/glibc-2.19/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:111 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/worker/workspace/build/src/memory/mozalloc/mozalloc_abort.cpp:33:5 in mozalloc_abort(char const*) Thread T2 (Chrome_ChildThr) created by T0 (Web Content) here: #0 0x49a869 in __interceptor_pthread_create /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:238:3 #1 0x7f091c4199eb in CreateThread /home/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:137:14 #2 0x7f091c4199eb in Create /home/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:148 #3 0x7f091c4199eb in base::Thread::StartWithOptions(base::Thread::Options const&) /home/worker/workspace/build/src/ipc/chromium/src/base/thread.cc:98 #4 0x7f091c48c427 in mozilla::ipc::ProcessChild::ProcessChild(int) /home/worker/workspace/build/src/ipc/glue/ProcessChild.cpp:24:5 #5 0x7f0923c0b5fb in ContentProcess /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/ContentProcess.h:31:7 #6 0x7f0923c0b5fb in XRE_InitChildProcess /home/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:660 #7 0x4dfb5b in content_process_main /home/worker/workspace/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:115:19 #8 0x4dfb5b in main /home/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:438 #9 0x7f0934ee7b44 in __libc_start_main /build/glibc-daoqzt/glibc-2.19/csu/libc-start.c:287 ==103117==ABORTING real 0m22.949s user 0m15.440s sys 0m6.096s
Another STR: 1) Load clean profile 2) Set Preferences->Privacy->Never Save History 3) Restart Nightly 4) Click Preferences->Privacy 5) Crash Assertion failure: (BasePrincipal::Cast(aLoadingPrincipal)->OriginAttributesRef().mPrivateBrowsingId > 0) == aInPrivateBrowsing, at /home/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9561 #01: ???[/home/geeknik/firefox/libxul.so +0x99010b5] #02: ???[/home/geeknik/firefox/libxul.so +0x4a15ab6] #03: ???[/home/geeknik/firefox/libxul.so +0x4a16e9c] #04: ???[/home/geeknik/firefox/libxul.so +0x65b70dd] #05: ???[/home/geeknik/firefox/libxul.so +0x65d1bc4] #06: ???[/home/geeknik/firefox/libxul.so +0xc971bed] #07: ???[/home/geeknik/firefox/libxul.so +0xc973f09] #08: ???[/home/geeknik/firefox/libxul.so +0xc6834c0] #09: ???[/home/geeknik/firefox/libxul.so +0x65dbd56] #10: ???[/home/geeknik/firefox/libxul.so +0xc6afae2] #11: ???[/home/geeknik/firefox/libxul.so +0xc598dbb] #12: ???[/home/geeknik/firefox/libxul.so +0xc94a9d0] #13: ???[/home/geeknik/firefox/libxul.so +0xc936dc7] #14: ???[/home/geeknik/firefox/libxul.so +0xc972405] #15: ???[/home/geeknik/firefox/libxul.so +0xc972e73] #16: ???[/home/geeknik/firefox/libxul.so +0xc44c35e] #17: ???[/home/geeknik/firefox/libxul.so +0x5fe7c8d] #18: ???[/home/geeknik/firefox/libxul.so +0x69f8183] #19: ???[/home/geeknik/firefox/libxul.so +0x69f9bed] #20: ???[/home/geeknik/firefox/libxul.so +0x69e4264] #21: ???[/home/geeknik/firefox/libxul.so +0x69e7bc5] #22: ???[/home/geeknik/firefox/libxul.so +0x69e9ef8] #23: ???[/home/geeknik/firefox/libxul.so +0x4c97df2] #24: ???[/home/geeknik/firefox/libxul.so +0x6a0528f] #25: ???[/home/geeknik/firefox/libxul.so +0x60c9003] #26: ???[/home/geeknik/firefox/libxul.so +0x60c643d] #27: ???[/home/geeknik/firefox/libxul.so +0xc971bed] #28: ???[/home/geeknik/firefox/libxul.so +0xc951cee] #29: ???[/home/geeknik/firefox/libxul.so +0xc936dc7] #30: ???[/home/geeknik/firefox/libxul.so +0xc972405] #31: ???[/home/geeknik/firefox/libxul.so +0xc972e73] #32: ???[/home/geeknik/firefox/libxul.so +0xc44c35e] #33: ???[/home/geeknik/firefox/libxul.so +0x5fe4650] #34: ???[/home/geeknik/firefox/libxul.so +0x6a2e5e2] #35: ???[/home/geeknik/firefox/libxul.so +0x7e6e12d] #36: ???[/home/geeknik/firefox/libxul.so +0x7e6cad2] #37: ???[/home/geeknik/firefox/libxul.so +0x69f81ce] #38: ???[/home/geeknik/firefox/libxul.so +0x69f9bed] #39: ???[/home/geeknik/firefox/libxul.so +0x69e457e] #40: ???[/home/geeknik/firefox/libxul.so +0x69e7bc5] #41: ???[/home/geeknik/firefox/libxul.so +0x8b59d01] #42: ???[/home/geeknik/firefox/libxul.so +0x8b56571] #43: ???[/home/geeknik/firefox/libxul.so +0x8b57957] #44: ???[/home/geeknik/firefox/libxul.so +0x8b5331e] #45: ???[/home/geeknik/firefox/libxul.so +0x823c320] #46: ???[/home/geeknik/firefox/libxul.so +0x8234089] #47: ???[/home/geeknik/firefox/libxul.so +0x82f4129] #48: ???[/home/geeknik/firefox/libxul.so +0x824fe91] #49: ???[/home/geeknik/firefox/libxul.so +0x8250bc1] #50: ???[/home/geeknik/firefox/libxul.so +0x8309de5] #51: ???[/home/geeknik/firefox/libxul.so +0x831977d] #52: ???[/usr/lib/x86_64-linux-gnu/libgtk-3.so.0 +0x1ed34d] #53: g_closure_invoke[/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 +0x10245] #54: ???[/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 +0x21f6c] #55: g_signal_emit_valist[/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 +0x2a285] #56: g_signal_emit[/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 +0x2a9df] #57: ???[/usr/lib/x86_64-linux-gnu/libgtk-3.so.0 +0x31de34] #58: ???[/usr/lib/x86_64-linux-gnu/libgtk-3.so.0 +0x33c8db] #59: gtk_main_do_event[/usr/lib/x86_64-linux-gnu/libgtk-3.so.0 +0x1ec518] #60: ???[/usr/lib/x86_64-linux-gnu/libgdk-3.so.0 +0x4fb72] #61: g_main_context_dispatch[/lib/x86_64-linux-gnu/libglib-2.0.so.0 +0x49c5d] #62: ???[/lib/x86_64-linux-gnu/libglib-2.0.so.0 +0x49f48] #63: g_main_context_iteration[/lib/x86_64-linux-gnu/libglib-2.0.so.0 +0x49ffc] #64: ???[/home/geeknik/firefox/libxul.so +0x83579ff] #65: ???[/home/geeknik/firefox/libxul.so +0x82b81f9] #66: ???[/home/geeknik/firefox/libxul.so +0x82b8860] #67: ???[/home/geeknik/firefox/libxul.so +0x1f0870b] #68: ???[/home/geeknik/firefox/libxul.so +0x1f8bb5d] #69: ???[/home/geeknik/firefox/libxul.so +0x2d272d5] #70: ???[/home/geeknik/firefox/libxul.so +0x2c96679] #71: ???[/home/geeknik/firefox/libxul.so +0x82b7630] #72: ???[/home/geeknik/firefox/libxul.so +0xa3183a2] #73: ???[/home/geeknik/firefox/libxul.so +0xa4a709f] #74: ???[/home/geeknik/firefox/libxul.so +0xa4a85b3] #75: XRE_main[/home/geeknik/firefox/libxul.so +0xa4a946d] #76: ???[./firefox +0xdf8cb] #77: __libc_start_main[/lib/x86_64-linux-gnu/libc.so.6 +0x21b45] #78: ???[./firefox +0x1ba39] ASAN:DEADLYSIGNAL ================================================================= ==115479==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f91cf285b78 bp 0x7ffc925782d0 sp 0x7ffc92577fc0 T0) #0 0x7f91cf285b77 in nsDocShell::CopyFavicon(nsIURI*, nsIURI*, nsIPrincipal*, bool) /home/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9560:3 #1 0x7f91cf22251c in nsDocShell::InternalLoad(nsIURI*, nsIURI*, bool, nsIURI*, unsigned int, nsIPrincipal*, nsIPrincipal*, unsigned int, nsAString_internal const&, char const*, nsAString_internal const&, nsIInputStream*, nsIInputStream*, unsigned int, nsISHEntry*, bool, nsAString_internal const&, nsIDocShell*, nsIURI*, nsIDocShell**, nsIRequest**) /home/worker/workspace/build/src/docshell/base/nsDocShell.cpp:10438:7 #2 0x7f91cf21b0b4 in nsDocShell::LoadURI(nsIURI*, nsIDocShellLoadInfo*, unsigned int, bool) /home/worker/workspace/build/src/docshell/base/nsDocShell.cpp:1558:10 #3 0x7f91ca32fab5 in mozilla::dom::Location::SetURI(nsIURI*, bool) /home/worker/workspace/build/src/dom/base/Location.cpp:288:12 #4 0x7f91ca330e9b in mozilla::dom::Location::SetHash(nsAString_internal const&) /home/worker/workspace/build/src/dom/base/Location.cpp:367:10 #5 0x7f91cbed10dc in SetHash /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/Location.h:209:14 #6 0x7f91cbed10dc in mozilla::dom::LocationBinding::set_hash(JSContext*, JS::Handle<JSObject*>, mozilla::dom::Location*, JSJitSetterCallArgs) /home/worker/workspace/build/src/obj-firefox/dom/bindings/LocationBinding.cpp:703 #7 0x7f91cbeebbc3 in mozilla::dom::GenericBindingSetter(JSContext*, unsigned int, JS::Value*) /home/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:2847:8 #8 0x7f91d228bbec in CallJSNative /home/worker/workspace/build/src/js/src/jscntxtinlines.h:239:15 #9 0x7f91d228bbec in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:447 #10 0x7f91d228df08 in Call /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:523:10 #11 0x7f91d228df08 in js::CallSetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<JS::Value>) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:650 #12 0x7f91d1f9d4bf in js::SetPropertyIgnoringNamedGetter(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::Handle<JS::PropertyDescriptor>, JS::ObjectOpResult&) /home/worker/workspace/build/src/js/src/proxy/BaseProxyHandler.cpp:245:10 #13 0x7f91cbef5d55 in mozilla::dom::DOMProxyHandler::set(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) const /home/worker/workspace/build/src/dom/bindings/DOMJSProxyHandler.cpp:258:10 #14 0x7f91d1fc9ae1 in js::Proxy::set(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) /home/worker/workspace/build/src/js/src/proxy/Proxy.cpp:333:12 #15 0x7f91d1eb2dba in JSObject::nonNativeSetProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<jsid>, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::ObjectOpResult&) /home/worker/workspace/build/src/js/src/jsobj.cpp:1019:12 #16 0x7f91d22649cf in SetProperty /home/worker/workspace/build/src/js/src/vm/NativeObject.h:1539:16 #17 0x7f91d22649cf in SetPropertyOperation /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:259 #18 0x7f91d22649cf in Interpret(JSContext*, js::RunState&) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:2715 #19 0x7f91d2250dc6 in js::RunScript(JSContext*, js::RunState&) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:405:12 #20 0x7f91d228c404 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:477:15 #21 0x7f91d228ce72 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:523:10 #22 0x7f91d1d6635d in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /home/worker/workspace/build/src/js/src/jsapi.cpp:2830:12 #23 0x7f91cb901c8c in mozilla::dom::EventListener::HandleEvent(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, mozilla::ErrorResult&) /home/worker/workspace/build/src/obj-firefox/dom/bindings/EventListenerBinding.cpp:47:8 #24 0x7f91cc312182 in HandleEvent<mozilla::dom::EventTarget *> /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/EventListenerBinding.h:64:12 #25 0x7f91cc312182 in mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, nsIDOMEvent*, mozilla::dom::EventTarget*) /home/worker/workspace/build/src/dom/events/EventListenerManager.cpp:1129 #26 0x7f91cc313bec in mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent**, mozilla::dom::EventTarget*, nsEventStatus*) /home/worker/workspace/build/src/dom/events/EventListenerManager.cpp:1286:17 #27 0x7f91cc2fe263 in mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) /home/worker/workspace/build/src/dom/events/EventDispatcher.cpp:463:5 #28 0x7f91cc301bc4 in mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) /home/worker/workspace/build/src/dom/events/EventDispatcher.cpp:820:9 #29 0x7f91cc303ef7 in mozilla::EventDispatcher::DispatchDOMEvent(nsISupports*, mozilla::WidgetEvent*, nsIDOMEvent*, nsPresContext*, nsEventStatus*) /home/worker/workspace/build/src/dom/events/EventDispatcher.cpp:889:12 #30 0x7f91ca5b1df1 in nsINode::DispatchEvent(nsIDOMEvent*, bool*) /home/worker/workspace/build/src/dom/base/nsINode.cpp:1302:5 #31 0x7f91cc31f28e in mozilla::dom::EventTarget::DispatchEvent(mozilla::dom::Event&, mozilla::dom::CallerType, mozilla::ErrorResult&) /home/worker/workspace/build/src/dom/events/EventTarget.cpp:73:9 #32 0x7f91cb9e3002 in mozilla::dom::EventTargetBinding::dispatchEvent(JSContext*, JS::Handle<JSObject*>, mozilla::dom::EventTarget*, JSJitMethodCallArgs const&) /home/worker/workspace/build/src/obj-firefox/dom/bindings/EventTargetBinding.cpp:966:15 #33 0x7f91cb9e043c in mozilla::dom::EventTargetBinding::genericMethod(JSContext*, unsigned int, JS::Value*) /home/worker/workspace/build/src/obj-firefox/dom/bindings/EventTargetBinding.cpp:1142:13 #34 0x7f91d228bbec in CallJSNative /home/worker/workspace/build/src/js/src/jscntxtinlines.h:239:15 #35 0x7f91d228bbec in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:447 #36 0x7f91d226bced in CallFromStack /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:510:12 #37 0x7f91d226bced in Interpret(JSContext*, js::RunState&) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:2922 #38 0x7f91d2250dc6 in js::RunScript(JSContext*, js::RunState&) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:405:12 #39 0x7f91d228c404 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:477:15 #40 0x7f91d228ce72 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /home/worker/workspace/build/src/js/src/vm/Interpreter.cpp:523:10 #41 0x7f91d1d6635d in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /home/worker/workspace/build/src/js/src/jsapi.cpp:2830:12 #42 0x7f91cb8fe64f in mozilla::dom::EventHandlerNonNull::Call(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) /home/worker/workspace/build/src/obj-firefox/dom/bindings/EventHandlerBinding.cpp:259:37 #43 0x7f91cc3485e1 in Call<nsISupports *> /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/EventHandlerBinding.h:361:12 #44 0x7f91cc3485e1 in mozilla::JSEventHandler::HandleEvent(nsIDOMEvent*) /home/worker/workspace/build/src/dom/events/JSEventHandler.cpp:214 #45 0x7f91cd78812c in nsXBLPrototypeHandler::ExecuteHandler(mozilla::dom::EventTarget*, nsIDOMEvent*) /home/worker/workspace/build/src/dom/xbl/nsXBLPrototypeHandler.cpp:325:3 #46 0x7f91cd786ad1 in nsXBLEventHandler::HandleEvent(nsIDOMEvent*) /home/worker/workspace/build/src/dom/xbl/nsXBLEventHandler.cpp:49:3 #47 0x7f91cc3121cd in mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, nsIDOMEvent*, mozilla::dom::EventTarget*) /home/worker/workspace/build/src/dom/events/EventListenerManager.cpp:1133:16 #48 0x7f91cc313bec in mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent**, mozilla::dom::EventTarget*, nsEventStatus*) /home/worker/workspace/build/src/dom/events/EventListenerManager.cpp:1286:17 #49 0x7f91cc2fe57d in mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) /home/worker/workspace/build/src/dom/events/EventDispatcher.cpp:487:9 #50 0x7f91cc301bc4 in mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, nsIDOMEvent*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) /home/worker/workspace/build/src/dom/events/EventDispatcher.cpp:820:9 #51 0x7f91ce473d00 in PresShell::DispatchEventToDOM(mozilla::WidgetEvent*, nsEventStatus*, nsPresShellEventCB*) /home/worker/workspace/build/src/layout/base/nsPresShell.cpp:8431:7 #52 0x7f91ce470570 in PresShell::HandleEventInternal(mozilla::WidgetEvent*, nsEventStatus*, bool) /home/worker/workspace/build/src/layout/base/nsPresShell.cpp:8304:11 #53 0x7f91ce471956 in PresShell::HandlePositionedEvent(nsIFrame*, mozilla::WidgetGUIEvent*, nsEventStatus*) /home/worker/workspace/build/src/layout/base/nsPresShell.cpp:8129:10 #54 0x7f91ce46d31d in PresShell::HandleEvent(nsIFrame*, mozilla::WidgetGUIEvent*, bool, nsEventStatus*, nsIContent**) /home/worker/workspace/build/src/layout/base/nsPresShell.cpp:7915:12 #55 0x7f91cdb5631f in nsViewManager::DispatchEvent(mozilla::WidgetGUIEvent*, nsView*, nsEventStatus*) /home/worker/workspace/build/src/view/nsViewManager.cpp:815:7 #56 0x7f91cdb4e088 in nsView::HandleEvent(mozilla::WidgetGUIEvent*, bool) /home/worker/workspace/build/src/view/nsView.cpp:1117:5 #57 0x7f91cdc0e128 in nsWindow::DispatchEvent(mozilla::WidgetGUIEvent*, nsEventStatus&) /home/worker/workspace/build/src/widget/gtk/nsWindow.cpp:582:17 #58 0x7f91cdb69e90 in nsBaseWidget::ProcessUntransformedAPZEvent(mozilla::WidgetInputEvent*, mozilla::layers::ScrollableLayerGuid const&, unsigned long, nsEventStatus) /home/worker/workspace/build/src/widget/nsBaseWidget.cpp:1097:3 #59 0x7f91cdb6abc0 in nsBaseWidget::DispatchInputEvent(mozilla::WidgetInputEvent*) /home/worker/workspace/build/src/widget/nsBaseWidget.cpp:1237:14 #60 0x7f91cdc23de4 in nsWindow::OnButtonPressEvent(_GdkEventButton*) /home/worker/workspace/build/src/widget/gtk/nsWindow.cpp:2850:5 #61 0x7f91cdc3377c in button_press_event_cb(_GtkWidget*, _GdkEventButton*) /home/worker/workspace/build/src/widget/gtk/nsWindow.cpp:5723:5 #62 0x7f91dc99234c in _gtk_marshal_BOOLEAN__BOXED /tmp/buildd/gtk+3.0-3.14.5/./gtk/gtkmarshalers.c:85 #63 0x7f91d9ad7244 in g_closure_invoke (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x10244) #64 0x7f91d9ae8f6b (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x21f6b) #65 0x7f91d9af1284 in g_signal_emit_valist (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x2a284) #66 0x7f91d9af19de in g_signal_emit (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x2a9de) #67 0x7f91dcac2e33 in gtk_widget_event_internal /tmp/buildd/gtk+3.0-3.14.5/./gtk/gtkwidget.c:7773 #68 0x7f91dcae18da in _gtk_window_check_handle_wm_event /tmp/buildd/gtk+3.0-3.14.5/./gtk/gtkwindow.c:7725 #69 0x7f91dc991517 in gtk_main_do_event /tmp/buildd/gtk+3.0-3.14.5/./gtk/gtkmain.c:1566 #70 0x7f91dc539b71 in gdk_event_source_dispatch /tmp/buildd/gtk+3.0-3.14.5/./gdk/x11/gdkeventsource.c:364 #71 0x7f91d9801c5c in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49c5c) #72 0x7f91d9801f47 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49f47) #73 0x7f91d9801ffb in g_main_context_iteration (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49ffb) #74 0x7f91cdc719fe in nsAppShell::ProcessNextNativeEvent(bool) /home/worker/workspace/build/src/widget/gtk/nsAppShell.cpp:270:12 #75 0x7f91cdbd21f8 in DoProcessNextNativeEvent /home/worker/workspace/build/src/widget/nsBaseAppShell.cpp:138:17 #76 0x7f91cdbd21f8 in nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal*, bool) /home/worker/workspace/build/src/widget/nsBaseAppShell.cpp:289 #77 0x7f91cdbd285f in non-virtual thunk to nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal*, bool) /home/worker/workspace/build/src/widget/nsBaseAppShell.cpp:233:17 #78 0x7f91c782270a in nsThread::ProcessNextEvent(bool, bool*) /home/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1186:5 #79 0x7f91c78a5b5c in NS_ProcessNextEvent(nsIThread*, bool) /home/worker/workspace/build/src/xpcom/glue/nsThreadUtils.cpp:361:10 #80 0x7f91c86412d4 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /home/worker/workspace/build/src/ipc/glue/MessagePump.cpp:124:5 #81 0x7f91c85b0678 in RunInternal /home/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:232:3 #82 0x7f91c85b0678 in RunHandler /home/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:225 #83 0x7f91c85b0678 in MessageLoop::Run() /home/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:205 #84 0x7f91cdbd162f in nsBaseAppShell::Run() /home/worker/workspace/build/src/widget/nsBaseAppShell.cpp:156:3 #85 0x7f91cfc323a1 in nsAppStartup::Run() /home/worker/workspace/build/src/toolkit/components/startup/nsAppStartup.cpp:283:19 #86 0x7f91cfdc109e in XREMain::XRE_mainRun() /home/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4467:10 #87 0x7f91cfdc25b2 in XREMain::XRE_main(int, char**, nsXREAppData const*) /home/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4600:8 #88 0x7f91cfdc346c in XRE_main /home/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4691:16 #89 0x4df8ca in do_main /home/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:328:10 #90 0x4df8ca in main /home/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:461 #91 0x7f91e10b1b44 in __libc_start_main /build/glibc-daoqzt/glibc-2.19/csu/libc-start.c:287 #92 0x41ba38 in _start (/home/geeknik/firefox/firefox+0x41ba38) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9560:3 in nsDocShell::CopyFavicon(nsIURI*, nsIURI*, nsIPrincipal*, bool) ==115479==ABORTING [Child 115520] ###!!! ABORT: Aborting on channel error.: file /home/worker/workspace/build/src/ipc/glue/MessageChannel.cpp, line 2155 [Child 115520] ###!!! ABORT: Aborting on channel error.: file /home/worker/workspace/build/src/ipc/glue/MessageChannel.cpp, line 2155 ASAN:DEADLYSIGNAL ================================================================= ==115520==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004e114b bp 0x7f37e7de0090 sp 0x7f37e7de0080 T2) Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Receive IPC close with reason=AbnormalShutdown (t=35.3286) #0 0x4e114a in mozalloc_abort(char const*) /home/worker/workspace/build/src/memory/mozalloc/mozalloc_abort.cpp:33:5 #1 0x7f37ea99f1d5 in Abort(char const*) /home/worker/workspace/build/src/xpcom/base/nsDebugImpl.cpp:449:3 #2 0x7f37ea99ef7c in NS_DebugBreak /home/worker/workspace/build/src/xpcom/base/nsDebugImpl.cpp:405:7 #3 0x7f37eb9039ef in mozilla::ipc::MessageChannel::OnChannelErrorFromLink() /home/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:2155:13 #4 0x7f37eb908c93 in OnChannelError /home/worker/workspace/build/src/ipc/glue/MessageLink.cpp:367:5 #5 0x7f37eb908c93 in non-virtual thunk to mozilla::ipc::ProcessLink::OnChannelError() /home/worker/workspace/build/src/ipc/glue/MessageLink.cpp:359 #6 0x7f37eb8bed7b in event_process_active_single_queue /home/worker/workspace/build/src/ipc/chromium/src/third_party/libevent/event.c:1350:4 #7 0x7f37eb8bed7b in event_process_active /home/worker/workspace/build/src/ipc/chromium/src/third_party/libevent/event.c:1420 #8 0x7f37eb8bed7b in event_base_loop /home/worker/workspace/build/src/ipc/chromium/src/third_party/libevent/event.c:1621 #9 0x7f37eb87e211 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) /home/worker/workspace/build/src/ipc/chromium/src/base/message_pump_libevent.cc:372:7 #10 0x7f37eb878678 in RunInternal /home/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:232:3 #11 0x7f37eb878678 in RunHandler /home/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:225 #12 0x7f37eb878678 in MessageLoop::Run() /home/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:205 #13 0x7f37eb898821 in base::Thread::ThreadMain() /home/worker/workspace/build/src/ipc/chromium/src/base/thread.cc:180:3 #14 0x7f37eb89937c in ThreadFunc(void*) /home/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:38:3 #15 0x7f38053390a3 in start_thread /build/glibc-daoqzt/glibc-2.19/nptl/pthread_create.c:309 #16 0x7f380444062c in clone /build/glibc-daoqzt/glibc-2.19/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:111 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/worker/workspace/build/src/memory/mozalloc/mozalloc_abort.cpp:33:5 in mozalloc_abort(char const*) Thread T2 (Chrome_ChildThr) created by T0 (Web Content) here: #0 0x49a869 in __interceptor_pthread_create /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:238:3 #1 0x7f37eb89843b in CreateThread /home/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:137:14 #2 0x7f37eb89843b in Create /home/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:148 #3 0x7f37eb89843b in base::Thread::StartWithOptions(base::Thread::Options const&) /home/worker/workspace/build/src/ipc/chromium/src/base/thread.cc:98 #4 0x7f37eb90ae77 in mozilla::ipc::ProcessChild::ProcessChild(int) /home/worker/workspace/build/src/ipc/glue/ProcessChild.cpp:24:5 #5 0x7f37f308fbcb in ContentProcess /home/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/ContentProcess.h:31:7 #6 0x7f37f308fbcb in XRE_InitChildProcess /home/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:660 #7 0x4dfb5b in content_process_main /home/worker/workspace/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:115:19 #8 0x4dfb5b in main /home/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:438 #9 0x7f3804379b44 in __libc_start_main /build/glibc-daoqzt/glibc-2.19/csu/libc-start.c:287 ==115520==ABORTING real 0m52.690s user 0m21.384s sys 0m12.224s
We've 148 crashes on nightly with build-id 20161124030208. The regression is probably due to patch https://hg.mozilla.org/mozilla-central/rev?node=2bbc7be933e2cd52fb1e328119075cf9aab50c5f for bug 1309070.
Flags: needinfo?(huseby)
Crash Signature: nsDocShell::CopyFavicon
Crash Signature: nsDocShell::CopyFavicon → [@ nsDocShell::CopyFavicon ]
CC'ing :tanvi and :baku as well. This seems like a container issue. STR: * open a new PB window via Hamburger -> New Private Window * paste "about:preferences#privacy" Platforms Used: * macOS 10.12.1 x64 -> Reproduced * Win 10 x64 -> Reproduced * Ubuntu 16.04 x64 -> Reproduced Crashes: * bp-fd50ce1c-48e1-46c1-8f10-7432c2161125 (macOS x64) * bp-167bc3d6-14b6-4f1c-8914-bba742161125 (Win10 x64) * bp-75f625e7-145e-43d2-8017-bdd722161125 (Ubuntu 16.04 x64)
Blocks: ContextualIdentity
Has STR: --- → yes
status-firefox50: --- → unaffected
status-firefox51: --- → unaffected
status-firefox52: --- → unaffected
OS: Linux → All
Hardware: x86_64 → All
Whiteboard: [userContextId][domsecurity-backlog]
Version: Trunk → 53 Branch
CC'ing Ethan from the Taipei team as well incase someone is available to take a look at this before the folks from the US get back on Monday.
This is hitting a release assert, and looks to only relate to chrome code, so I don't think this needs to be hidden.
Group: core-security
Keywords: topcrash
[Tracking Requested - why for this release]: #1 crash on Nightly
tracking-firefox53: --- → ?
Flags: needinfo?(ehsan)
Keywords: regression
I backed out bug 1309070 on inbound. Hopefully that will fix this.
Tracking 53+ for this new top crash.
tracking-firefox53: ?+
(In reply to Andrew McCreight [:mccr8] from comment #10) > I backed out bug 1309070 on inbound. Hopefully that will fix this. It's present in Nightly builds 20161125030214 and 20161126030207, but is gone in 20161127030208.
Status: NEW → RESOLVED
Crash Signature: [@ nsDocShell::CopyFavicon ] → [@ nsDocShell::CopyFavicon]
Closed: 8 years ago
Resolution: --- → FIXED
I confirm that this crash is no longer reproducible on Firefox 53.0a1 (2016-11-27) under Windows 10 64-bit and Ubuntu 16.04 32-bit.
Status: RESOLVED → VERIFIED
Not sure what information is requested from me. Clearing the needinfo flag.
Flags: needinfo?(ehsan)
Clearing the flag because the backout is successful. I have reproduced the crash with the original patch and I'm fixing it now.
Flags: needinfo?(huseby)
Updating status flags.
status-firefox53: affectedfixed
See Also: → 1321646
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: