Open Bug 1445438 Opened 8 years ago Updated 3 years ago

IPC: crash [@Hdr]

Categories

(Core :: DOM: Core & HTML, defect, P2)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox61 --- affected

People

(Reporter: posidron, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash)

Attachments

(1 file)

session.txt
255.94 KB, text/plain
Details
==10394==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000060 (pc 0x7f93ceae88fb bp 0x7ffc6de57dc0 sp 0x7ffc6de57d80 T0) ==10394==The signal is caused by a READ memory access. ==10394==Hint: address points to the zero page. #0 0x7f93ceae88fa in Hdr /builds/worker/workspace/build/src/obj-firefox/dist/include/nsTArray.h:507:32 #1 0x7f93ceae88fa in Elements /builds/worker/workspace/build/src/obj-firefox/dist/include/nsTArray.h:1019 #2 0x7f93ceae88fa in IndexOf<imgRequestProxy *, nsDefaultComparator<RefPtr<imgRequestProxy>, imgRequestProxy *> > /builds/worker/workspace/build/src/obj-firefox/dist/include/nsTArray.h:1168 #3 0x7f93ceae88fa in RemoveElement<imgRequestProxy *, nsDefaultComparator<RefPtr<imgRequestProxy>, imgRequestProxy *> > /builds/worker/workspace/build/src/obj-firefox/dist/include/nsTArray.h:1817 #4 0x7f93ceae88fa in RemoveElement<imgRequestProxy *> /builds/worker/workspace/build/src/obj-firefox/dist/include/nsTArray.h:1831 #5 0x7f93ceae88fa in imgCacheValidator::RemoveProxy(imgRequestProxy*) /builds/worker/workspace/build/src/image/imgLoader.cpp:2945 #6 0x7f93ceb238b4 in RemoveFromOwner /builds/worker/workspace/build/src/image/imgRequestProxy.cpp:386:18 #7 0x7f93ceb238b4 in imgRequestProxy::DoCancel(nsresult) /builds/worker/workspace/build/src/image/imgRequestProxy.cpp:530 #8 0x7f93ceb44b28 in imgRequestProxy::imgCancelRunnable::Run() /builds/worker/workspace/build/src/obj-firefox/dist/include/imgRequestProxy.h:170:17 #9 0x7f93cbf43ee0 in mozilla::SchedulerGroup::Runnable::Run() /builds/worker/workspace/build/src/xpcom/threads/SchedulerGroup.cpp:413:25 #10 0x7f93cbf6d6a6 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1040:14 #11 0x7f93cbf88c40 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:517:10 #12 0x7f93d336150c in SpinEventLoopUntil<mozilla::ProcessFailureBehavior::ReportToCaller, (lambda at /builds/worker/workspace/build/src/dom/ipc/ContentChild.cpp:1121:24)> /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:323:25 #13 0x7f93d336150c in mozilla::dom::ContentChild::ProvideWindowCommon(mozilla::dom::TabChild*, mozIDOMWindowProxy*, bool, unsigned int, bool, bool, bool, nsIURI*, nsTSubstring<char16_t> const&, nsTSubstring<char> const&, bool, nsIDocShellLoadInfo*, bool*, mozIDOMWindowProxy**) /builds/worker/workspace/build/src/dom/ipc/ContentChild.cpp:1121 #14 0x7f93d33ea72c in mozilla::dom::TabChild::ProvideWindow(mozIDOMWindowProxy*, unsigned int, bool, bool, bool, nsIURI*, nsTSubstring<char16_t> const&, nsTSubstring<char> const&, bool, nsIDocShellLoadInfo*, bool*, mozIDOMWindowProxy**) /builds/worker/workspace/build/src/dom/ipc/TabChild.cpp:1038:16 #15 0x7f93d7f429a8 in nsWindowWatcher::OpenWindowInternal(mozIDOMWindowProxy*, char const*, char const*, char const*, bool, bool, bool, nsIArray*, bool, bool, nsIDocShellLoadInfo*, mozIDOMWindowProxy**) /builds/worker/workspace/build/src/toolkit/components/windowwatcher/nsWindowWatcher.cpp:851:24 #16 0x7f93d7f48325 in OpenWindow2 /builds/worker/workspace/build/src/toolkit/components/windowwatcher/nsWindowWatcher.cpp:443:10 #17 0x7f93d7f48325 in non-virtual thunk to nsWindowWatcher::OpenWindow2(mozIDOMWindowProxy*, char const*, char const*, char const*, bool, bool, bool, nsISupports*, bool, bool, nsIDocShellLoadInfo*, mozIDOMWindowProxy**) /builds/worker/workspace/build/src/toolkit/components/windowwatcher/nsWindowWatcher.cpp #18 0x7f93cedda0f9 in nsGlobalWindowOuter::OpenInternal(nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, bool, bool, bool, bool, bool, nsIArray*, nsISupports*, nsIDocShellLoadInfo*, bool, nsPIDOMWindowOuter**) /builds/worker/workspace/build/src/dom/base/nsGlobalWindowOuter.cpp:7183:21 #19 0x7f93cedd8e2a in OpenJS /builds/worker/workspace/build/src/dom/base/nsGlobalWindowOuter.cpp:5595:10 #20 0x7f93cedd8e2a in nsGlobalWindowOuter::OpenOuter(nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, mozilla::ErrorResult&) /builds/worker/workspace/build/src/dom/base/nsGlobalWindowOuter.cpp:5570 #21 0x7f93d0a311bf in mozilla::dom::WindowBinding::open(JSContext*, JS::Handle<JSObject*>, nsGlobalWindowInner*, JSJitMethodCallArgs const&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/WindowBinding.cpp:2296:56 #22 0x7f93d0a2ec32 in mozilla::dom::WindowBinding::genericMethod(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/WindowBinding.cpp:16070:13 #23 0x7f93d830416e in CallJSNative /builds/worker/workspace/build/src/js/src/vm/JSContext-inl.h:290:15 #24 0x7f93d830416e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:468 #25 0x7f93d82ecb40 in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:523:12 #26 0x7f93d82ecb40 in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3086 #27 0x7f93d82ced54 in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:418:12 #28 0x7f93d8303f67 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:490:15 #29 0x7f93d8304cd3 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:536:10 #30 0x7f93d8f7b98a in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/jsapi.cpp:3029:12 #31 0x7f93d105b7ad in mozilla::dom::Function::Call(JSContext*, JS::Handle<JS::Value>, nsTArray<JS::Value> const&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/FunctionBinding.cpp:36:8 #32 0x7f93ced8df4b in Call<nsCOMPtr<nsISupports> > /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/FunctionBinding.h:73:12 #33 0x7f93ced8df4b in nsGlobalWindowInner::RunTimeoutHandler(mozilla::dom::Timeout*, nsIScriptContext*) /builds/worker/workspace/build/src/dom/base/nsGlobalWindowInner.cpp:6688 #34 0x7f93cefa4ea7 in mozilla::dom::TimeoutManager::RunTimeout(mozilla::TimeStamp const&, mozilla::TimeStamp const&) /builds/worker/workspace/build/src/dom/base/TimeoutManager.cpp:877:42 #35 0x7f93cefa4264 in mozilla::dom::TimeoutExecutor::MaybeExecute() /builds/worker/workspace/build/src/dom/base/TimeoutExecutor.cpp:171:11 #36 0x7f93cefa61c6 in Notify /builds/worker/workspace/build/src/dom/base/TimeoutExecutor.cpp:239:5 #37 0x7f93cefa61c6 in non-virtual thunk to mozilla::dom::TimeoutExecutor::Notify(nsITimer*) /builds/worker/workspace/build/src/dom/base/TimeoutExecutor.cpp #38 0x7f93cbf8dcef in nsTimerImpl::Fire(int) /builds/worker/workspace/build/src/xpcom/threads/nsTimerImpl.cpp:704:40 #39 0x7f93cbf5d559 in nsTimerEvent::Run() /builds/worker/workspace/build/src/xpcom/threads/TimerThread.cpp:286:11 #40 0x7f93cbf7d30a in mozilla::ThrottledEventQueue::Inner::ExecuteRunnable() /builds/worker/workspace/build/src/xpcom/threads/ThrottledEventQueue.cpp:193:22 #41 0x7f93cbf7ceaf in mozilla::ThrottledEventQueue::Inner::Executor::Run() /builds/worker/workspace/build/src/xpcom/threads/ThrottledEventQueue.cpp:79:15 #42 0x7f93cbf43ee0 in mozilla::SchedulerGroup::Runnable::Run() /builds/worker/workspace/build/src/xpcom/threads/SchedulerGroup.cpp:413:25 #43 0x7f93cbf6d6a6 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1040:14 #44 0x7f93cbf88c40 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:517:10 #45 0x7f93cce3ffe6 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:125:5 #46 0x7f93ccd8e8c9 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10 #47 0x7f93ccd8e8c9 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:319 #48 0x7f93ccd8e8c9 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299 #49 0x7f93d3b2f06a in nsBaseAppShell::Run() /builds/worker/workspace/build/src/widget/nsBaseAppShell.cpp:157:27 #50 0x7f93d7ff0cfb in XRE_RunAppShell() /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:892:22 #51 0x7f93ccd8e8c9 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10 #52 0x7f93ccd8e8c9 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:319 #53 0x7f93ccd8e8c9 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299 #54 0x7f93d7ff06da in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:718:34 #55 0x4f6f2c in content_process_main /builds/worker/workspace/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:50:30 #56 0x4f6f2c in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:280 #57 0x7f93ec53f1c0 in __libc_start_main /build/glibc-itYbWN/glibc-2.26/csu/../csu/libc-start.c:308 #58 0x4265bc in _start (/home/worker/firefox/firefox+0x4265bc) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /builds/worker/workspace/build/src/obj-firefox/dist/include/nsTArray.h:507:32 in Hdr ==10394==ABORTING
Attached file session.txt
Unclear if there's sufficient information for this to be actionable, but it's worth a look sooner than later.
Priority: -- → P2
Component: DOM → DOM: Core & HTML
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: