Closed Bug 1596492 Opened 5 months ago Closed 5 months ago

Assertion failure: stackPointer == 0, at /builds/worker/workspace/build/src/js/src/vm/ProfilingStack.cpp:21

Categories

(Core :: Gecko Profiler, defect)

defect
Not set

Tracking

()

RESOLVED DUPLICATE of bug 1445822
Tracking Status
firefox72 --- affected

People

(Reporter: jkratzer, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, testcase)

Attachments

(1 file)

Attached file testcase.html

Testcase found while fuzzing mozilla-central rev caf55914ccdd. Testcase required the pref 'dom.paintWorklet.enabled' set to true.

My apologies if this is filed under the wrong component but mach's bugzilla-component lists PaintWorklet under CSS Parsing and Computation.

Assertion failure: stackPointer == 0, at /builds/worker/workspace/build/src/js/src/vm/ProfilingStack.cpp:21

==22207==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000001 (pc 0x7eff94c25cc7 bp 0x7ffe1b1dc690 sp 0x7ffe1b1dc690 T0)
==22207==The signal is caused by a WRITE memory access.
==22207==Hint: address points to the zero page.
    #0 0x7eff94c25cc6 in ProfilingStack::~ProfilingStack() /builds/worker/workspace/build/src/js/src/vm/ProfilingStack.cpp:21:3
    #1 0x7eff940a64ba in ~RacyRegisteredThread /builds/worker/workspace/build/src/tools/profiler/core/RegisteredThread.h:30:67
    #2 0x7eff940a64ba in ~RegisteredThread /builds/worker/workspace/build/src/tools/profiler/core/RegisteredThread.cpp:28:75
    #3 0x7eff940a64ba in mozilla::DefaultDelete<RegisteredThread>::operator()(RegisteredThread*) const /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/UniquePtr.h:486:5
    #4 0x7eff940a6aaf in reset /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/UniquePtr.h:323:7
    #5 0x7eff940a6aaf in ~UniquePtr /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/UniquePtr.h:274:18
    #6 0x7eff940a6aaf in destroy /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/Vector.h:65:11
    #7 0x7eff940a6aaf in ~Vector /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/Vector.h:909:3
    #8 0x7eff940a6aaf in CorePS::~CorePS() /builds/worker/workspace/build/src/tools/profiler/core/platform.cpp:382:14
    #9 0x7eff9404c99f in Destroy /builds/worker/workspace/build/src/tools/profiler/core/platform.cpp:392:5
    #10 0x7eff9404c99f in profiler_shutdown() /builds/worker/workspace/build/src/tools/profiler/core/platform.cpp:3422:5
    #11 0x7eff94943af0 in ~AutoProfilerInit /builds/worker/workspace/build/src/obj-firefox/dist/include/GeckoProfiler.h:957:25
    #12 0x7eff94943af0 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4795:1
    #13 0x7eff94945200 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/workspace/build/src/toolkit/xre/nsAppRunner.cpp:4802:21
    #14 0x55bec394ac4b in do_main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:218:22
    #15 0x55bec394ac4b in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:300:16
    #16 0x7effaa872b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /builds/worker/workspace/build/src/js/src/vm/ProfilingStack.cpp:21:3 in ProfilingStack::~ProfilingStack()
Flags: in-testsuite?

This off-hand looks like a profiler issue, so moving there, but cc'ing some folks that may be familiar with paint worklets too.

Component: CSS Parsing and Computation → Gecko Profiler

It looks like a dupe of Bug 1445822. Gerald is working on it right now. But I don't think we had a test case before. If that test case is causing a crash persistently, I'm sure it's going to be really helpful for Gerald. Thanks!

Status: NEW → RESOLVED
Closed: 5 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1445822
You need to log in before you can comment on or make changes to this bug.