Closed
Bug 1511248
Opened 6 years ago
Closed 6 years ago
Crash @ GetExistingSlots /builds/worker/workspace/build/src/dom/base/nsINode.h:1933:12
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1510633
Tracking | Status | |
---|---|---|
firefox65 | --- | affected |
People
(Reporter: geeknik, Unassigned)
Details
(Keywords: csectype-nullptr, nightly-community)
While playing a Tom Segura video (https://www.youtube.com/watch?v=UIs-v-B5t7g) on the YouTube internet web site with Firefox Nightly Build ID 20181129095546, a tab crash which produced the following stack trace interrupted our hearty laughter: ==3399==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000058 (pc 0x7f8f2b2f6632 bp 0x7ffc94fa6560 sp 0x7ffc94fa6540 T0) ==3399==The signal is caused by a READ memory access. ==3399==Hint: address points to the zero page. #0 0x7f8f2b2f6631 in GetExistingSlots /builds/worker/workspace/build/src/dom/base/nsINode.h:1933:12 #1 0x7f8f2b2f6631 in nsINode::RemoveMutationObserver(nsIMutationObserver*) /builds/worker/workspace/build/src/dom/base/nsINode.h:1088 #2 0x7f8f2b33e824 in mozilla::dom::ShadowRoot::Unattach() /builds/worker/workspace/build/src/dom/base/ShadowRoot.cpp:187:14 #3 0x7f8f2b260920 in mozilla::dom::Element::UnattachShadow() /builds/worker/workspace/build/src/dom/base/Element.cpp:1348:15 #4 0x7f8f2e45102b in operator() /builds/worker/workspace/build/src/dom/html/HTMLMediaElement.cpp:4704:15 #5 0x7f8f2e45102b in mozilla::detail::RunnableFunction<mozilla::dom::HTMLMediaElement::UnbindFromTree(bool, bool)::$_7>::Run() /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:577 #6 0x7f8f2b04a5ac in nsContentUtils::RemoveScriptBlocker() /builds/worker/workspace/build/src/dom/base/nsContentUtils.cpp:5682:15 #7 0x7f8f2e4fee6d in nsHTMLDocument::cycleCollection::Unlink(void*) /builds/worker/workspace/build/src/dom/html/nsHTMLDocument.cpp:194:1 #8 0x7f8f27ed3aa5 in nsCycleCollector::CollectWhite() /builds/worker/workspace/build/src/xpcom/base/nsCycleCollector.cpp:3473:26 #9 0x7f8f27ed6af4 in nsCycleCollector::Collect(ccType, js::SliceBudget&, nsICycleCollectorListener*, bool) /builds/worker/workspace/build/src/xpcom/base/nsCycleCollector.cpp:3844:24 #10 0x7f8f27edb654 in nsCycleCollector_collectSlice(js::SliceBudget&, bool) /builds/worker/workspace/build/src/xpcom/base/nsCycleCollector.cpp:4427:21 #11 0x7f8f2b5587f5 in nsJSContext::RunCycleCollectorSlice(mozilla::TimeStamp) /builds/worker/workspace/build/src/dom/base/nsJSEnvironment.cpp:1580:3 #12 0x7f8f2b5594c2 in ICCRunnerFired(mozilla::TimeStamp) /builds/worker/workspace/build/src/dom/base/nsJSEnvironment.cpp:1639:3 #13 0x7f8f2801cf94 in operator() /builds/worker/workspace/build/src/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.4/../../../../include/c++/4.9.4/functional:2440:14 #14 0x7f8f2801cf94 in mozilla::IdleTaskRunner::Run() /builds/worker/workspace/build/src/xpcom/threads/IdleTaskRunner.cpp:63 #15 0x7f8f28063249 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1244:14 #16 0x7f8f2806a1e1 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:530:10 #17 0x7f8f28fe99b0 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:97:21 #18 0x7f8f28f3b62f in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:325:10 #19 0x7f8f28f3b62f in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:318 #20 0x7f8f28f3b62f in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:298 #21 0x7f8f2ff1be4a in nsBaseAppShell::Run() /builds/worker/workspace/build/src/widget/nsBaseAppShell.cpp:158:27 #22 0x7f8f340cb9bf in XRE_RunAppShell() /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:951:22 #23 0x7f8f28f3b62f in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:325:10 #24 0x7f8f28f3b62f in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:318 #25 0x7f8f28f3b62f in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:298 #26 0x7f8f340cb248 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:777:34 #27 0x55c9870173d4 in content_process_main /builds/worker/workspace/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:50:30 #28 0x55c9870173d4 in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:287 #29 0x7f8f3fbfe412 in __libc_start_main (/lib64/libc.so.6+0x24412) #30 0x55c986f3caa8 in _start (/home/geeknik/firefox/firefox+0x29aa8) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /builds/worker/workspace/build/src/dom/base/nsINode.h:1933:12 in GetExistingSlots ==3399==ABORTING
Updated•6 years ago
|
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•