Closed
Bug 1554172
Opened 5 years ago
Closed 2 years ago
Assertion failure: IsIdle(oldState), at /builds/worker/workspace/build/src/xpcom/ds/PLDHashTable.h:137
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
WORKSFORME
| Tracking | Status | |
|---|---|---|
| firefox69 | --- | affected |
People
(Reporter: jkratzer, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase)
Attachments
(1 file)
|
312 bytes,
text/html
|
Details |
Testcase found while fuzzing mozilla-central rev f58ae8ec64c8. Testcase must be served via a local webserver in order to reproduce.
Assertion failure: IsIdle(oldState), at /builds/worker/workspace/build/src/xpcom/ds/PLDHashTable.h:137
rax = 0x000055f05f435e40 rdx = 0x00007f887c97fd3c
rcx = 0x0000000000000b40 rbx = 0x00007f886e5f1ee0
rsi = 0x00007f8888ab68b0 rdi = 0x00007f8888ab5680
rbp = 0x00007ffeb9f8ec30 rsp = 0x00007ffeb9f8ec30
r8 = 0x00007f8888ab68b0 r9 = 0x00007f8889c20740
r10 = 0x0000000000000000 r11 = 0x0000000000000000
r12 = 0x00007f886e5f1efc r13 = 0x00007ffeb9f8eca8
r14 = 0x00007ffeb9f8ece0 r15 = 0x00000000ffffffff
rip = 0x00007f8877de64c8
OS|Linux|0.0.0 Linux 4.18.0-17-generic #18~18.04.1-Ubuntu SMP Fri Mar 15 15:27:12 UTC 2019 x86_64
CPU|amd64|family 6 model 94 stepping 3|1
GPU|||
Crash|SIGSEGV|0x0|0
0|0|libxul.so|Checker::StartWriteOp()|hg:hg.mozilla.org/mozilla-central:xpcom/ds/PLDHashTable.h:f58ae8ec64c812739509de09659327bf7ea33494|137|0x2d
0|1|libxul.so|PLDHashTable::RemoveEntry(PLDHashEntryHdr*)|hg:hg.mozilla.org/mozilla-central:xpcom/ds/PLDHashTable.cpp:f58ae8ec64c812739509de09659327bf7ea33494|622|0x5
0|2|libxul.so|mozilla::dom::Document::UnregisterActivityObserver(nsISupports*)|hg:hg.mozilla.org/mozilla-central:dom/base/Document.cpp:f58ae8ec64c812739509de09659327bf7ea33494|9271|0x13
0|3|libxul.so|mozilla::dom::NotifyActivityChanged|hg:hg.mozilla.org/mozilla-central:dom/base/Document.cpp:f58ae8ec64c812739509de09659327bf7ea33494|4637|0x5
0|4|libxul.so|mozilla::dom::Document::EnumerateActivityObservers(void (*)(nsISupports*, void*), void*)|hg:hg.mozilla.org/mozilla-central:dom/base/Document.cpp:f58ae8ec64c812739509de09659327bf7ea33494|9280|0xe
0|5|libxul.so|mozilla::dom::Document::RemovedFromDocShell()|hg:hg.mozilla.org/mozilla-central:dom/base/Document.cpp:f58ae8ec64c812739509de09659327bf7ea33494|7924|0x5
0|6|libxul.so|nsDocumentViewer::Close(nsISHEntry*)|hg:hg.mozilla.org/mozilla-central:layout/base/nsDocumentViewer.cpp:f58ae8ec64c812739509de09659327bf7ea33494|1624|0x2d
0|7|libxul.so|nsDocShell::SetupNewViewer(nsIContentViewer*)|hg:hg.mozilla.org/mozilla-central:docshell/base/nsDocShell.cpp:f58ae8ec64c812739509de09659327bf7ea33494|8408|0x26
0|8|libxul.so|nsDocShell::Embed(nsIContentViewer*, char const*, nsISupports*)|hg:hg.mozilla.org/mozilla-central:docshell/base/nsDocShell.cpp:f58ae8ec64c812739509de09659327bf7ea33494|6336|0xc
0|9|libxul.so|nsDocShell::CreateContentViewer(nsTSubstring<char> const&, nsIRequest*, nsIStreamListener**)|hg:hg.mozilla.org/mozilla-central:docshell/base/nsDocShell.cpp:f58ae8ec64c812739509de09659327bf7ea33494|8247|0x15
0|10|libxul.so|nsDSURIContentListener::DoContent(nsTSubstring<char> const&, bool, nsIRequest*, nsIStreamListener**, bool*)|hg:hg.mozilla.org/mozilla-central:docshell/base/nsDSURIContentListener.cpp:f58ae8ec64c812739509de09659327bf7ea33494|183|0x17
0|11|libxul.so|nsDocumentOpenInfo::TryContentListener(nsIURIContentListener*, nsIChannel*)|hg:hg.mozilla.org/mozilla-central:uriloader/base/nsURILoader.cpp:f58ae8ec64c812739509de09659327bf7ea33494|749|0x2
0|12|libxul.so|nsDocumentOpenInfo::DispatchContent(nsIRequest*, nsISupports*)|hg:hg.mozilla.org/mozilla-central:uriloader/base/nsURILoader.cpp:f58ae8ec64c812739509de09659327bf7ea33494|420|0x18
0|13|libxul.so|nsDocumentOpenInfo::OnStartRequest(nsIRequest*)|hg:hg.mozilla.org/mozilla-central:uriloader/base/nsURILoader.cpp:f58ae8ec64c812739509de09659327bf7ea33494|299|0xd
0|14|libxul.so|mozilla::net::HttpChannelChild::DoOnStartRequest(nsIRequest*, nsISupports*)|hg:hg.mozilla.org/mozilla-central:netwerk/protocol/http/HttpChannelChild.cpp:f58ae8ec64c812739509de09659327bf7ea33494|689|0x11
0|15|libxul.so|mozilla::net::HttpChannelChild::OnStartRequest(nsresult const&, mozilla::net::nsHttpResponseHead const&, bool const&, mozilla::net::nsHttpHeaderArray const&, mozilla::net::ParentLoadInfoForwarderArgs const&, bool const&, bool const&, bool const&, unsigned long const&, int const&, unsigned int const&, nsTString<char> const&, nsTString<char> const&, mozilla::net::NetAddr const&, mozilla::net::NetAddr const&, unsigned int const&, nsTString<char> const&, long const&, bool const&, bool const&, bool const&, mozilla::net::ResourceTimingStruct const&)|hg:hg.mozilla.org/mozilla-central:netwerk/protocol/http/HttpChannelChild.cpp:f58ae8ec64c812739509de09659327bf7ea33494|614|0xc
0|16|libxul.so|mozilla::net::StartRequestEvent::Run()|hg:hg.mozilla.org/mozilla-central:netwerk/protocol/http/HttpChannelChild.cpp:f58ae8ec64c812739509de09659327bf7ea33494|444|0x6
0|17|libxul.so|mozilla::net::ChannelEventQueue::RunOrEnqueue(mozilla::net::ChannelEvent*, bool)|hg:hg.mozilla.org/mozilla-central:netwerk/ipc/ChannelEventQueue.h:f58ae8ec64c812739509de09659327bf7ea33494|210|0x11
0|18|libxul.so|mozilla::net::HttpChannelChild::RecvOnStartRequest(nsresult const&, mozilla::net::nsHttpResponseHead const&, bool const&, mozilla::net::nsHttpHeaderArray const&, mozilla::net::ParentLoadInfoForwarderArgs const&, bool const&, bool const&, bool const&, unsigned long const&, int const&, unsigned int const&, nsTString<char> const&, nsTString<char> const&, mozilla::net::NetAddr const&, mozilla::net::NetAddr const&, short const&, unsigned int const&, nsTString<char> const&, long const&, bool const&, bool const&, bool const&, mozilla::net::ResourceTimingStruct const&)|hg:hg.mozilla.org/mozilla-central:netwerk/protocol/http/HttpChannelChild.cpp:f58ae8ec64c812739509de09659327bf7ea33494|504|0xd
0|19|libxul.so|mozilla::net::PHttpChannelChild::OnMessageReceived(IPC::Message const&)|s3:gecko-generated-sources:4d44eb5dd036b3677f874f97033d4105bb0fd7b00110a4043b3dc4770e5836e12a56ab5dee3d03c4d01bd6e8841af23350774a33e671117acd6c8b1cc94b2103/ipc/ipdl/PHttpChannelChild.cpp:|844|0xae
0|20|libxul.so|mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&)|s3:gecko-generated-sources:e4e6ec5204b901da6e3753a5c6b4fe0b95021073489ad2d65e148968160e2eea18f1bd5929e073018f3f94ff43f1c8b499fd3afa7e5b0555382fbb6e855e5dd4/ipc/ipdl/PContentChild.cpp:|7307|0x15
0|21|libxul.so|mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:f58ae8ec64c812739509de09659327bf7ea33494|2158|0x6
0|22|libxul.so|mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:f58ae8ec64c812739509de09659327bf7ea33494|2082|0xb
0|23|libxul.so|mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:f58ae8ec64c812739509de09659327bf7ea33494|1939|0xb
0|24|libxul.so|mozilla::ipc::MessageChannel::MessageTask::Run()|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:f58ae8ec64c812739509de09659327bf7ea33494|1970|0xc
0|25|libxul.so|mozilla::SchedulerGroup::Runnable::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/SchedulerGroup.cpp:f58ae8ec64c812739509de09659327bf7ea33494|295|0x15
0|26|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:f58ae8ec64c812739509de09659327bf7ea33494|1176|0x15
0|27|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:f58ae8ec64c812739509de09659327bf7ea33494|486|0x11
0|28|libxul.so|mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:f58ae8ec64c812739509de09659327bf7ea33494|110|0xd
0|29|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:f58ae8ec64c812739509de09659327bf7ea33494|315|0x17
0|30|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:f58ae8ec64c812739509de09659327bf7ea33494|290|0x8
0|31|libxul.so|nsBaseAppShell::Run()|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:f58ae8ec64c812739509de09659327bf7ea33494|137|0xd
0|32|libxul.so|XRE_RunAppShell()|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:f58ae8ec64c812739509de09659327bf7ea33494|911|0x11
0|33|libxul.so|mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:f58ae8ec64c812739509de09659327bf7ea33494|238|0x5
0|34|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:f58ae8ec64c812739509de09659327bf7ea33494|315|0x17
0|35|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:f58ae8ec64c812739509de09659327bf7ea33494|290|0x8
0|36|libxul.so|XRE_InitChildProcess(int, char**, XREChildData const*)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:f58ae8ec64c812739509de09659327bf7ea33494|749|0xc
0|37|firefox-bin|content_process_main(mozilla::Bootstrap*, int, char**)|hg:hg.mozilla.org/mozilla-central:ipc/contentproc/plugin-container.cpp:f58ae8ec64c812739509de09659327bf7ea33494|56|0x14
0|38|firefox-bin|main|hg:hg.mozilla.org/mozilla-central:browser/app/nsBrowserApp.cpp:f58ae8ec64c812739509de09659327bf7ea33494|263|0x11
0|39|libc-2.27.so||||0x21b97
0|40|firefox-bin|MOZ_ReportCrash|hg:hg.mozilla.org/mozilla-central:mfbt/Assertions.h:f58ae8ec64c812739509de09659327bf7ea33494|184|0x5
Flags: in-testsuite?
|
||
Updated•5 years ago
|
Component: DOM: Core & HTML → XPCOM
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
|
||
Comment 5•2 years ago
•
|
||
Jason, could you see if this test case still asserts? Thanks. Sorry that we ignored it for so long.
Flags: needinfo?(jkratzer)
|
|
||
Updated•2 years ago
|
Component: XPCOM → DOM: Core & HTML
|
|
||
Updated•2 years ago
|
Group: dom-core-security
|
|
||
Updated•2 years ago
|
Severity: normal → --
|
||
Comment 6•2 years ago
|
||
|
Reporter | |
Comment 7•2 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #5)
Jason, could you see if this test case still asserts? Thanks. Sorry that we ignored it for so long.
The attached testcase no longer reproduces for me and we haven't seen this assertion since 2019/11/30.
Status: NEW → RESOLVED
Closed: 2 years ago
Flags: needinfo?(jkratzer)
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•