Closed Bug 1539553 Opened 5 years ago Closed 5 years ago

Intermittent SUMMARY: AddressSanitizer: heap-use-after-free z:\build\build\src\gfx\vr\gfxVR.cpp:51 in mozilla::gfx::VRSystemManager::NotifyVSync(void)

Categories

(Core :: WebVR, defect, P5)

defect

Tracking

()

RESOLVED DUPLICATE of bug 1537692

People

(Reporter: intermittent-bug-filer, Unassigned)

Details

(Keywords: intermittent-failure, regression)

#[markdown(off)]
Filed by: aciure [at] mozilla.com

https://treeherder.mozilla.org/logviewer.html#?job_id=236392950&repo=mozilla-inbound

https://queue.taskcluster.net/v1/task/ZYHZYJ0KQFOjftCniw8BWQ/runs/0/artifacts/public/logs/live_backing.log

https://hg.mozilla.org/mozilla-central/raw-file/tip/layout/tools/reftest/reftest-analyzer.xhtml#logurl=https://queue.taskcluster.net/v1/task/ZYHZYJ0KQFOjftCniw8BWQ/runs/0/artifacts/public/logs/live_backing.log&only_show_unexpected=1

15:58:18 INFO - Thread T2 created by T0 here:
15:58:18 INFO - #0 0x7ff96d0ef9b0 in __asan_wrap_CreateThread Z:\task_1553346333\build\src\build\build-clang\build-clang\src\llvm\projects\compiler-rt\lib\asan\asan_win.cc:146
15:58:18 INFO - #1 0x7ff9333efd0c in PlatformThread::Create(unsigned __int64,class PlatformThread::Delegate *,void * *) z:\build\build\src\ipc\chromium\src\base\platform_thread_win.cc:57
15:58:18 INFO - #2 0x7ff93342a22c in base::Thread::StartWithOptions(struct base::Thread::Options const &) z:\build\build\src\ipc\chromium\src\base\thread.cc:97
15:58:18 INFO - #3 0x7ff93551a27c in mozilla::layers::CompositorThreadHolder::CompositorThreadHolder(void) z:\build\build\src\gfx\layers\ipc\CompositorThread.cpp:42
15:58:18 INFO - #4 0x7ff93551a67e in mozilla::layers::CompositorThreadHolder::Start(void) z:\build\build\src\gfx\layers\ipc\CompositorThread.cpp:111
15:58:18 INFO - #5 0x7ff93588d3b6 in mozilla::gfx::GPUParent::Init(unsigned long,char const *,class MessageLoop *,class IPC::Channel *) z:\build\build\src\gfx\ipc\GPUParent.cpp:125
15:58:18 INFO - #6 0x7ff93589c5e5 in mozilla::gfx::GPUProcessImpl::Init(int,char * * const) z:\build\build\src\gfx\ipc\GPUProcessImpl.cpp:38
15:58:18 INFO - #7 0x7ff9408dba15 in XRE_InitChildProcess(int,char * * const,struct XREChildData const *) z:\build\build\src\toolkit\xre\nsEmbedFunctions.cpp:741
15:58:18 INFO - #8 0x7ff6355021a8 (Z:\task_1553701210\build\application\firefox\firefox.exe+0x1400021a8)
15:58:18 INFO - #9 0x7ff6355014f2 (Z:\task_1553701210\build\application\firefox\firefox.exe+0x1400014f2)
15:58:18 INFO - #10 0x7ff6355e79c7 (Z:\task_1553701210\build\application\firefox\firefox.exe+0x1400e79c7)
15:58:18 INFO - #11 0x7ff989de3033 (C:\Windows\System32\KERNEL32.DLL+0x180013033)
15:58:18 INFO - #12 0x7ff98a751460 (C:\Windows\SYSTEM32\ntdll.dll+0x180071460)
15:58:18 INFO - SUMMARY: AddressSanitizer: heap-use-after-free z:\build\build\src\gfx\vr\gfxVR.cpp:51 in mozilla::gfx::VRSystemManager::NotifyVSync(void)
15:58:18 INFO - Shadow bytes around the buggy address:
15:58:18 INFO - 0x048d5b3100b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
15:58:18 INFO - 0x048d5b3100c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
15:58:18 INFO - 0x048d5b3100d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
15:58:18 INFO - 0x048d5b3100e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
15:58:18 INFO - 0x048d5b3100f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
15:58:18 INFO - =>0x048d5b310100: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
15:58:18 INFO - 0x048d5b310110: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
15:58:18 INFO - 0x048d5b310120: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
15:58:18 INFO - 0x048d5b310130: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
15:58:18 INFO - 0x048d5b310140: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
15:58:18 INFO - 0x048d5b310150: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
15:58:18 INFO - Shadow byte legend (one shadow byte represents 8 application bytes):

Group: gfx-core-security
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
Group: gfx-core-security
You need to log in before you can comment on or make changes to this bug.