crash at 0x0 in [@ OnChannelError]

NEW
Unassigned

Status

()

Core
IPC
P3
normal
10 months ago
8 months ago

People

(Reporter: tsmith, Unassigned)

Tracking

({crash})

Trunk
x86_64
Linux
crash
Points:
---

Firefox Tracking Flags

(firefox57 affected)

Details

(Reporter)

Description

10 months ago
This happens with e10s enabled. It gets in the way when automating the browser.

STR:
0) Get an ASan opt build
1) From the command line run: ./firefox -no-remote
2) wait for launch then hit control+c

/home/user/workspace/browsers/m-c-1501248297-asan-opt/firefox -no-remote
1501698024499	addons.xpi	WARN	disabling ubufox@ubuntu.com since it is not multiprocess compatible
1501698024500	addons.xpi	WARN	disabling ubufox@ubuntu.com since it is not multiprocess compatible
1501698024501	addons.xpi	WARN	disabling ubufox@ubuntu.com since it is not multiprocess compatible
1501698024502	addons.xpi	WARN	disabling ubufox@ubuntu.com since it is not multiprocess compatible
^CASAN:DEADLYSIGNAL
=================================================================
==14467==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fdde95c3385 bp 0x7fdde564f380 sp 0x7fdde564f360 T2)

==14467==The signal is caused by a WRITE memory access.
==14467==Hint: address points to the zero page.
Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Receive IPC close with reason=AbnormalShutdown (t=7.52631)     #0 0x7fdde95c3384 in mozilla::ipc::MessageChannel::OnChannelErrorFromLink() src/ipc/glue/MessageChannel.cpp:2517:13
    #1 0x7fdde95c82c7 in OnChannelError src/ipc/glue/MessageLink.cpp:393:12
    #2 0x7fdde95c82c7 in non-virtual thunk to mozilla::ipc::ProcessLink::OnChannelError() src/ipc/glue/MessageLink.cpp:385
    #3 0x7fdde9572dd1 in event_persist_closure src/ipc/chromium/src/third_party/libevent/event.c:1580:9
    #4 0x7fdde9572dd1 in event_process_active_single_queue src/ipc/chromium/src/third_party/libevent/event.c:1639
    #5 0x7fdde956a539 in event_process_active src/ipc/chromium/src/third_party/libevent/event.c:1741:9
    #6 0x7fdde956a539 in event_base_loop src/ipc/chromium/src/third_party/libevent/event.c:1961
    #7 0x7fdde952ae7d in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) src/ipc/chromium/src/base/message_pump_libevent.cc:373:7
    #8 0x7fdde9525e1b in RunInternal src/ipc/chromium/src/base/message_loop.cc:326:10
    #9 0x7fdde9525e1b in RunHandler src/ipc/chromium/src/base/message_loop.cc:319
    #10 0x7fdde9525e1b in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:299
    #11 0x7fdde9543f99 in base::Thread::ThreadMain() src/ipc/chromium/src/base/thread.cc:181:16
    #12 0x7fdde95342ac in ThreadFunc(void*) src/ipc/chromium/src/base/platform_thread_posix.cc:38:13
    #13 0x7fde071c36b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
    #14 0x7fde0624c3dc in clone /build/glibc-bfm8X4/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV src/ipc/glue/MessageChannel.cpp:2517:13 in mozilla::ipc::MessageChannel::OnChannelErrorFromLink()
Thread T2 (Chrome_~dThread) created by T0 (Web Content) here:
    #0 0x4a3df6 in __interceptor_pthread_create /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:245:3
    #1 0x7fdde95333ec in CreateThread src/ipc/chromium/src/base/platform_thread_posix.cc:135:14
    #2 0x7fdde95333ec in PlatformThread::Create(unsigned long, PlatformThread::Delegate*, unsigned long*) src/ipc/chromium/src/base/platform_thread_posix.cc:146
    #3 0x7fdde95439ce in base::Thread::StartWithOptions(base::Thread::Options const&) src/ipc/chromium/src/base/thread.cc:99:8
    #4 0x7fdde95ca307 in mozilla::ipc::ProcessChild::ProcessChild(int) src/ipc/glue/ProcessChild.cpp:24:5
    #5 0x7fddf309feed in ContentProcess src/obj-firefox/dist/include/mozilla/dom/ContentProcess.h:31:7
    #6 0x7fddf309feed in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:644
    #7 0x4eb843 in content_process_main src/browser/app/../../ipc/contentproc/plugin-container.cpp:64:30
    #8 0x4eb843 in main src/browser/app/nsBrowserApp.cpp:285
    #9 0x7fde0616582f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291

==14467==ABORTING

Updated

8 months ago
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.