Closed
Bug 1577196
Opened 5 years ago
Closed 5 years ago
Assertion failure: mLoadGroup, at /builds/worker/workspace/build/src/dom/fetch/FetchDriver.cpp:510
Categories
(Core :: DOM: Networking, defect, P2)
Core
DOM: Networking
Tracking
()
RESOLVED
FIXED
mozilla71
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox-esr68 | --- | wontfix |
| firefox69 | --- | wontfix |
| firefox70 | --- | wontfix |
| firefox71 | --- | fixed |
People
(Reporter: jkratzer, Assigned: kershaw)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: assertion, regression, testcase, Whiteboard: [necko-triaged])
Attachments
(2 files)
Testcase found while fuzzing mozilla-central rev 546d1fd47c9a. Please note, the testcase must be served via a local webserver in order to reproduce.
Assertion failure: mLoadGroup, at /builds/worker/workspace/build/src/dom/fetch/FetchDriver.cpp:510
rax = 0x000055c50833c1a0 rdx = 0x0000000000000000
rcx = 0x00007f090cc68160 rbx = 0x0000000000000050
rsi = 0x00007f09186528b0 rdi = 0x00007f0918651680
rbp = 0x00007ffef93f9710 rsp = 0x00007ffef93f94d0
r8 = 0x00007f09186528b0 r9 = 0x00007f09197bc780
r10 = 0x0000000000000000 r11 = 0x0000000000000000
r12 = 0x00007f091801f710 r13 = 0x00007f08fe480600
r14 = 0x00007ffef93f9590 r15 = 0x0000000000000000
rip = 0x00007f0908a67935
OS|Linux|0.0.0 Linux 5.0.0-25-generic #26~18.04.1-Ubuntu SMP Thu Aug 1 13:51:02 UTC 2019 x86_64
CPU|amd64|family 6 model 94 stepping 3|1
GPU|||
Crash|SIGSEGV|0x0|0
0|0|libxul.so|mozilla::dom::FetchDriver::HttpFetch(nsTSubstring<char> const&)|hg:hg.mozilla.org/mozilla-central:dom/fetch/FetchDriver.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|421|0x4a
0|1|libxul.so|mozilla::dom::FetchDriver::Fetch(mozilla::dom::AbortSignalImpl*, mozilla::dom::FetchDriverObserver*)|hg:hg.mozilla.org/mozilla-central:dom/fetch/FetchDriver.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|400|0x11
0|2|libxul.so|mozilla::dom::FetchRequest(nsIGlobalObject*, mozilla::dom::RequestOrUSVString const&, mozilla::dom::RequestInit const&, mozilla::dom::CallerType, mozilla::ErrorResult&)|hg:hg.mozilla.org/mozilla-central:dom/fetch/Fetch.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|508|0x21
0|3|libxul.so|nsGlobalWindowInner::Fetch(mozilla::dom::RequestOrUSVString const&, mozilla::dom::RequestInit const&, mozilla::dom::CallerType, mozilla::ErrorResult&)|hg:hg.mozilla.org/mozilla-central:dom/base/nsGlobalWindowInner.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|3475|0x5
0|4|libxul.so|mozilla::dom::Window_Binding::fetch|s3:gecko-generated-sources:5ff8595550da923ca9c78fda9a6bc8927331326b92f6c4215fefbe19babfb648e14b7fa4f01d9649baf9adafbcaf15922f29f0fe6632d49b660e15b01576ae3e/dom/bindings/WindowBinding.cpp:|18697|0x39
0|5|libxul.so|mozilla::dom::Window_Binding::fetch_promiseWrapper|s3:gecko-generated-sources:5ff8595550da923ca9c78fda9a6bc8927331326b92f6c4215fefbe19babfb648e14b7fa4f01d9649baf9adafbcaf15922f29f0fe6632d49b660e15b01576ae3e/dom/bindings/WindowBinding.cpp:|18713|0x5
0|6|libxul.so|bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::MaybeGlobalThisPolicy, mozilla::dom::binding_detail::ConvertExceptionsToPromises>(JSContext*, unsigned int, JS::Value*)|hg:hg.mozilla.org/mozilla-central:dom/bindings/BindingUtils.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|3163|0x24
0|7|libxul.so|CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|447|0x16
0|8|libxul.so|js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|539|0x12
0|9|libxul.so|InternalCall|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|594|0xd
0|10|libxul.so|Interpret|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|598|0xf
0|11|libxul.so|js::RunScript(JSContext*, js::RunState&)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|424|0xb
0|12|libxul.so|js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|567|0xf
0|13|libxul.so|InternalCall|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|594|0xd
0|14|libxul.so|js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>)|hg:hg.mozilla.org/mozilla-central:js/src/vm/Interpreter.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|610|0x5
0|15|libxul.so|JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>)|hg:hg.mozilla.org/mozilla-central:js/src/jsapi.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|2722|0x1c
0|16|libxul.so|mozilla::dom::EventListener::HandleEvent(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, mozilla::ErrorResult&)|s3:gecko-generated-sources:9ca8646d8042e9b4b76d2e1b358b984be17743b71b832c0897d61bb500e0fecbe38fa54273dc522878c87fcb2c9bfd274a8190c7bc56fbbb58cb3ca68462e527/dom/bindings/EventListenerBinding.cpp:|52|0x5
0|17|libxul.so|mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, mozilla::dom::Event*, mozilla::dom::EventTarget*)|s3:gecko-generated-sources:f3d9c01258576daaac3afc4fb3b283652e7f1168abb5287eff6775451ebd0ab6a0e4c8d88d3a67f7147042501bc091c6dfed25b4b8ccf4e4f420897b8d0ba906/dist/include/mozilla/dom/EventListenerBinding.h:|66|0x1c
0|18|libxul.so|mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool)|hg:hg.mozilla.org/mozilla-central:dom/events/EventListenerManager.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|1233|0x19
0|19|libxul.so|mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&)|hg:hg.mozilla.org/mozilla-central:dom/events/EventDispatcher.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|351|0x6
0|20|libxul.so|mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&)|hg:hg.mozilla.org/mozilla-central:dom/events/EventDispatcher.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|551|0x12
0|21|libxul.so|mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*)|hg:hg.mozilla.org/mozilla-central:dom/events/EventDispatcher.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|1048|0x1a
0|22|libxul.so|mozilla::EventDispatcher::DispatchDOMEvent(nsISupports*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsPresContext*, nsEventStatus*)|hg:hg.mozilla.org/mozilla-central:dom/events/EventDispatcher.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|1148|0x19
0|23|libxul.so|nsINode::DispatchEvent(mozilla::dom::Event&, mozilla::dom::CallerType, mozilla::ErrorResult&)|hg:hg.mozilla.org/mozilla-central:dom/base/nsINode.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|1062|0x5
0|24|libxul.so|nsContentUtils::DispatchEvent(mozilla::dom::Document*, nsISupports*, nsTSubstring<char16_t> const&, mozilla::CanBubble, mozilla::Cancelable, mozilla::Composed, mozilla::Trusted, bool*, mozilla::ChromeOnlyDispatch)|hg:hg.mozilla.org/mozilla-central:dom/base/nsContentUtils.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|3973|0x30
0|25|libxul.so|nsContentUtils::DispatchTrustedEvent(mozilla::dom::Document*, nsISupports*, nsTSubstring<char16_t> const&, mozilla::CanBubble, mozilla::Cancelable, mozilla::Composed, bool*)|hg:hg.mozilla.org/mozilla-central:dom/base/nsContentUtils.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|3944|0x19
0|26|libxul.so|mozilla::dom::Document::DispatchContentLoadedEvents()|hg:hg.mozilla.org/mozilla-central:dom/base/Document.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|7062|0x40
0|27|libxul.so|mozilla::detail::RunnableMethodImpl<mozilla::dom::Document*, void (mozilla::dom::Document::*)(), true, (mozilla::RunnableKind)0>::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.h:546d1fd47c9a48b6919848b2c6f28359460731eb|1176|0x13
0|28|libxul.so|mozilla::SchedulerGroup::Runnable::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/SchedulerGroup.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|295|0x15
0|29|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|1225|0x15
0|30|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|486|0x11
0|31|libxul.so|mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|88|0xa
0|32|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:546d1fd47c9a48b6919848b2c6f28359460731eb|315|0x17
0|33|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:546d1fd47c9a48b6919848b2c6f28359460731eb|290|0x8
0|34|libxul.so|nsBaseAppShell::Run()|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|137|0xd
0|35|libxul.so|XRE_RunAppShell()|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|934|0x11
0|36|libxul.so|mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|238|0x5
0|37|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:546d1fd47c9a48b6919848b2c6f28359460731eb|315|0x17
0|38|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:546d1fd47c9a48b6919848b2c6f28359460731eb|290|0x8
0|39|libxul.so|XRE_InitChildProcess(int, char**, XREChildData const*)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|769|0xc
0|40|firefox-bin|content_process_main(mozilla::Bootstrap*, int, char**)|hg:hg.mozilla.org/mozilla-central:ipc/contentproc/plugin-container.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|56|0x14
0|41|firefox-bin|main|hg:hg.mozilla.org/mozilla-central:browser/app/nsBrowserApp.cpp:546d1fd47c9a48b6919848b2c6f28359460731eb|267|0x12
0|42|libc-2.27.so||||0x21b97
0|43|firefox-bin|MOZ_ReportCrash|hg:hg.mozilla.org/mozilla-central:mfbt/Assertions.h:546d1fd47c9a48b6919848b2c6f28359460731eb|184|0x5
Flags: in-testsuite?
|
Assignee | |
Comment 1•5 years ago
|
||
I'll take a look.
Assignee: nobody → kershaw
Priority: -- → P2
Whiteboard: [necko-triaged]
|
|
Assignee | |
Comment 2•5 years ago
|
||
Pushed by kjang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4eca2af6d2d5 Create a new load group if GetDocumentLoadGroup failed r=baku
|
||
Comment 4•5 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox71:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
|
||
Comment 5•5 years ago
|
||
Is there a real-world impact to this bug or can this fix ride Fx71 to release?
status-firefox69:
--- → wontfix
status-firefox-esr60:
--- → unaffected
status-firefox-esr68:
--- → wontfix
Flags: needinfo?(kershaw)
Flags: in-testsuite?
Flags: in-testsuite+
Regressed by: 1525245
|
||
Updated•5 years ago
|
Keywords: regression
|
|
Assignee | |
Comment 6•5 years ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM] from comment #5)
Is there a real-world impact to this bug or can this fix ride Fx71 to release?
It's just a debug assertion. I think we don't have to uplift this.
Flags: needinfo?(kershaw)
|
|
||
Updated•5 years ago
|
|
||
Updated•2 years ago
|
Has Regression Range: --- → yes
You need to log in
before you can comment on or make changes to this bug.
Description
•