Open Bug 1527060 Opened 3 years ago Updated 4 months ago

AddressSanitizer: access-violation z:\build\build\src\gfx\layers\ipc\CompositorBridgeParent.cpp:1283 in mozilla::layers::CompositorBridgeParent::SetTestSampleTime(struct mozilla::layers::LayersId const &,class mozilla::TimeStamp const &)

Categories

(Core :: Graphics: Layers, defect, P3)

defect

Tracking

()

People

(Reporter: RaulG, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: intermittent-failure, regression, Whiteboard: [retriggered][stockwell unknown])

Log link: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=227678117&repo=mozilla-inbound&lineNumber=9687

Log snippet:

17:34:08 INFO - TEST-START | dom/events/test/test_bug574663.html
17:34:09 INFO - GECKO(6964) | MEMORY STAT | vsize 19404862MB | vsizeMaxContiguous 71079240MB | residentFast 731MB
17:34:09 INFO - GECKO(6964) | =================================================================
17:34:09 ERROR - GECKO(6964) | ==1612==ERROR: AddressSanitizer: access-violation on unknown address 0x000000000190 (pc 0x7ffa09af3ce1 bp 0x00eb88ffe690 sp 0x00eb88ffe540 T2)
17:34:09 INFO - GECKO(6964) | ==1612==The signal is caused by a READ memory access.
17:34:09 INFO - GECKO(6964) | ==1612==Hint: address points to the zero page.
17:34:09 INFO - GECKO(6964) | #0 0x7ffa09af3ce0 in mozilla::layers::CompositorBridgeParent::SetTestSampleTime(struct mozilla::layers::LayersId const &,class mozilla::TimeStamp const &) z:\build\build\src\gfx\layers\ipc\CompositorBridgeParent.cpp:1283
17:34:09 INFO - GECKO(6964) | #1 0x7ffa09b5ee06 in mozilla::layers::LayerTransactionParent::RecvSetTestSampleTime(class mozilla::TimeStamp const &) z:\build\build\src\gfx\layers\ipc\LayerTransactionParent.cpp:669
17:34:09 INFO - GECKO(6964) | #2 0x7ffa07f6f4ab in mozilla::layers::PLayerTransactionParent::OnMessageReceived(class IPC::Message const &,class IPC::Message * &) z:\build\build\src\obj-firefox\ipc\ipdl\PLayerTransactionParent.cpp:491
17:34:09 INFO - GECKO(6964) | #3 0x7ffa07ae697e in mozilla::ipc::MessageChannel::DispatchSyncMessage(class IPC::Message const &,class IPC::Message * &) z:\build\build\src\ipc\glue\MessageChannel.cpp:2120
17:34:09 INFO - GECKO(6964) | #4 0x7ffa07ae3ee2 in ?DispatchMessage@MessageChannel@ipc@mozilla@@AEAAX$$QEAVMessage@IPC@@@Z z:\build\build\src\ipc\glue\MessageChannel.cpp:2073
17:34:09 INFO - GECKO(6964) | #5 0x7ffa07ae5c14 in mozilla::ipc::MessageChannel::RunMessage(class mozilla::ipc::MessageChannel::MessageTask &) z:\build\build\src\ipc\glue\MessageChannel.cpp:1936
17:34:09 INFO - GECKO(6964) | #6 0x7ffa07ae62c5 in mozilla::ipc::MessageChannel::MessageTask::Run(void) z:\build\build\src\ipc\glue\MessageChannel.cpp:1967
17:34:09 INFO - GECKO(6964) | #7 0x7ffa07a4a653 in ?DeferOrRunPendingTask@MessageLoop@@IEAA_N$$QEAUPendingTask@1@@Z z:\build\build\src\ipc\chromium\src\base\message_loop.cc:450
17:34:09 INFO - GECKO(6964) | #8 0x7ffa07a4c04e in MessageLoop::DoWork(void) z:\build\build\src\ipc\chromium\src\base\message_loop.cc:523
17:34:09 INFO - GECKO(6964) | #9 0x7ffa07a1c631 in base::MessagePumpForUI::DoRunLoop(void) z:\build\build\src\ipc\chromium\src\base\message_pump_win.cc:203
17:34:09 INFO - GECKO(6964) | #10 0x7ffa07a1ec59 in base::MessagePumpWin::Run(class base::MessagePump::Delegate *) z:\build\build\src\ipc\chromium\src\base\message_pump_win.h:79
17:34:09 INFO - GECKO(6964) | #11 0x7ffa07a493ce in MessageLoop::RunHandler(void) z:\build\build\src\ipc\chromium\src\base\message_loop.cc:308
17:34:09 INFO - GECKO(6964) | #12 0x7ffa07a5b662 in base::Thread::ThreadMain(void) z:\build\build\src\ipc\chromium\src\base\thread.cc:192
17:34:09 INFO - GECKO(6964) | #13 0x7ffa07a2046f in `anonymous namespace'::ThreadFunc z:\build\build\src\ipc\chromium\src\base\platform_thread_win.cc:30
17:34:09 INFO - GECKO(6964) | #14 0x7ffa3508e888 in __asan::AsanThread::ThreadStart(unsigned __int64,struct __sanitizer::atomic_uintptr_t *) Z:\task_1549718260\build\src\build\build-clang\build-clang\src\llvm\projects\compiler-rt\lib\asan\asan_thread.cc:264
17:34:09 INFO - GECKO(6964) | #15 0x7ffa5a953033 (C:\Windows\System32\KERNEL32.DLL+0x180013033)
17:34:09 INFO - GECKO(6964) | #16 0x7ffa4e8ddf21 in patched_BaseThreadInitThunk z:\build\build\src\mozglue\build\WindowsDllBlocklist.cpp:734
17:34:09 INFO - GECKO(6964) | #17 0x7ffa5cc51460 (C:\Windows\SYSTEM32\ntdll.dll+0x180071460)
17:34:09 INFO - GECKO(6964) | AddressSanitizer can not provide additional info.
17:34:09 INFO - GECKO(6964) | SUMMARY: AddressSanitizer: access-violation z:\build\build\src\gfx\layers\ipc\CompositorBridgeParent.cpp:1283 in mozilla::layers::CompositorBridgeParent::SetTestSampleTime(struct mozilla::layers::LayersId const &,class mozilla::TimeStamp const &)
17:34:09 INFO - GECKO(6964) | Thread T2 created by T0 here:
17:34:09 INFO - GECKO(6964) | #0 0x7ffa3508f9b0 in __asan_wrap_CreateThread Z:\task_1549718260\build\src\build\build-clang\build-clang\src\llvm\projects\compiler-rt\lib\asan\asan_win.cc:146
17:34:09 INFO - GECKO(6964) | #1 0x7ffa07a2040c in PlatformThread::Create(unsigned __int64,class PlatformThread::Delegate *,void * *) z:\build\build\src\ipc\chromium\src\base\platform_thread_win.cc:68
17:34:09 INFO - GECKO(6964) | #2 0x7ffa07a5ac8c in base::Thread::StartWithOptions(struct base::Thread::Options const &) z:\build\build\src\ipc\chromium\src\base\thread.cc:97
17:34:09 INFO - GECKO(6964) | #3 0x7ffa09b0d6ac in mozilla::layers::CompositorThreadHolder::CompositorThreadHolder(void) z:\build\build\src\gfx\layers\ipc\CompositorThread.cpp:45
17:34:09 INFO - GECKO(6964) | #4 0x7ffa09b0daae in mozilla::layers::CompositorThreadHolder::Start(void) z:\build\build\src\gfx\layers\ipc\CompositorThread.cpp:113
17:34:09 INFO - GECKO(6964) | #5 0x7ffa09e826e6 in mozilla::gfx::GPUParent::Init(unsigned long,char const *,class MessageLoop *,class IPC::Channel *) z:\build\build\src\gfx\ipc\GPUParent.cpp:124
17:34:09 INFO - GECKO(6964) | #6 0x7ffa09e919d5 in mozilla::gfx::GPUProcessImpl::Init(int,char * * const) z:\build\build\src\gfx\ipc\GPUProcessImpl.cpp:38
17:34:09 INFO - GECKO(6964) | #7 0x7ffa154e3ca7 in XRE_InitChildProcess(int,char * * const,struct XREChildData const *) z:\build\build\src\toolkit\xre\nsEmbedFunctions.cpp:719
17:34:09 INFO - GECKO(6964) | #8 0x7ff74c292034 (Z:\task_1549904518\build\application\firefox\firefox.exe+0x140002034)
17:34:09 INFO - GECKO(6964) | #9 0x7ff74c2914b3 (Z:\task_1549904518\build\application\firefox\firefox.exe+0x1400014b3)
17:34:09 INFO - GECKO(6964) | #10 0x7ff74c3749d7 (Z:\task_1549904518\build\application\firefox\firefox.exe+0x1400e49d7)
17:34:09 INFO - GECKO(6964) | #11 0x7ffa5a953033 (C:\Windows\System32\KERNEL32.DLL+0x180013033)
17:34:09 INFO - GECKO(6964) | #12 0x7ffa5cc51460 (C:\Windows\SYSTEM32\ntdll.dll+0x180071460)
17:34:09 INFO - GECKO(6964) | ==1612==ABORTING
17:34:09 INFO - GECKO(6964) | ###!!! [Child][MessageChannel::SendAndWait] Error: Channel error: cannot send/recv
17:34:09 INFO - GECKO(6964) | Crash Annotation GraphicsCriticalError: |[C0][GFX1-]: Receive IPC close with reason=AbnormalShutdown (t=137.331) Crash Annotation GraphicsCri[GFX1-]: Receive IPC close with rteaicalErrson=AbnormalShutdowno
17:34:09 INFO - GECKO(6964) | r: |[0][GFX1-]: ReceiveCrash Annota IPC clostion eG with reasonra=AbnormalShputdown (t=149.423) hicsCriticalError: |[C0[GFX1-]: Receive IPC clo][se with rGeason=AbnoFX1-]: Receive IrmalShutdown
17:34:09 INFO - GECKO(6964) | PC c
17:34:09 INFO - GECKO(6964) | ###!!! [Parent][MessageChannel] Error: (msgtype=0x4B001A,name=PGPU::Msg_ShutdownVR) Channel error: cannot send/recv
17:34:09 INFO - GECKO(6964) | lose with reason=AbnormalShutdown (t=137.875) [GFX1-]: Receive IPC close with reason=AbnormalShutdown
17:34:09 INFO - GECKO(6964) | ###!!! [Child][MessageChannel] Error: (msgtype=0x580015,name=PLayerTransaction::Msg_ClearCachedResources) Channel error: cannot send/recv
17:34:09 INFO - GECKO(6964) | ###!!! [Child][MessageChannel] Error: (msgtype=0x920003,name=PTexture::Msg_Destroy) Channel error: cannot send/recv
17:34:09 INFO - GECKO(6964) | ###!!! [Child][MessageChannel] Error: (msgtype=0x920003,name=PTexture::Msg_Destroy) Channel error: cannot send/recv

This looks like a null deref, so I'm just going to go ahead and unhide this.

Group: core-security
Duplicate of this bug: 1550319
Whiteboard: [retriggered] → [retriggered][stockwell needswork]

I'm sorry, I don't think that change could have impacted this test -- the change added a configuration option that should have no impact on our automation builds.

Flags: needinfo?(cmanchester)
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.