AddressSanitizer: SEGV /builds/worker/workspace/build/src/widget/gtk/GtkCompositorWidget.cpp:31:5 in mozilla::widget::GtkCompositorWidget::GtkCompositorWidget(mozilla::widget::GtkCompositorWidgetInitData const&, mozilla::layers::CompositorOptions const&,
Categories
(Core :: Graphics, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox75 | --- | disabled |
People
(Reporter: jkratzer, Unassigned)
References
(Blocks 2 open bugs)
Details
(Keywords: crash, regression, testcase, Whiteboard: [bugmon:confirmed])
Attachments
(2 files)
Testcase found while fuzzing mozilla-central rev 51efc4b931f7.
==27416==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000001 (pc 0x7f1a5e5fe8b6 bp 0x7f1a50fcade0 sp 0x7f1a50fcac20 T3)
==27416==The signal is caused by a WRITE memory access.
==27416==Hint: address points to the zero page.
#0 0x7f1a5e5fe8b5 in mozilla::widget::GtkCompositorWidget::GtkCompositorWidget(mozilla::widget::GtkCompositorWidgetInitData const&, mozilla::layers::CompositorOptions const&, nsWindow*) /builds/worker/workspace/build/src/widget/gtk/GtkCompositorWidget.cpp:31:5
#1 0x7f1a5e5fe156 in mozilla::widget::CompositorWidgetParent::CompositorWidgetParent(mozilla::widget::CompositorWidgetInitData const&, mozilla::layers::CompositorOptions const&) /builds/worker/workspace/build/src/widget/gtk/CompositorWidgetParent.cpp:16:7
#2 0x7f1a5989ecf1 in mozilla::layers::CompositorBridgeParent::AllocPCompositorWidgetParent(mozilla::widget::CompositorWidgetInitData const&) /builds/worker/workspace/build/src/gfx/layers/ipc/CompositorBridgeParent.cpp:2227:11
#3 0x7f1a577f8e6d in mozilla::layers::PCompositorBridgeParent::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/build/src/obj-firefox/ipc/ipdl/PCompositorBridgeParent.cpp:1073:96
#4 0x7f1a578135ce in mozilla::layers::PCompositorManagerParent::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/build/src/obj-firefox/ipc/ipdl/PCompositorManagerParent.cpp:197:32
#5 0x7f1a574e4f42 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:2187:25
#6 0x7f1a574e014a in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:2111:9
#7 0x7f1a574e264f in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:1959:3
#8 0x7f1a574e3550 in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:1990:13
#9 0x7f1a573e3be2 in MessageLoop::RunTask(already_AddRefed<nsIRunnable>) /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:442:9
#10 0x7f1a573e49c4 in MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask&&) /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:450:5
#11 0x7f1a573e521b in MessageLoop::DoWork() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:523:13
#12 0x7f1a573e6bc6 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/chromium/src/base/message_pump_default.cc:35:31
#13 0x7f1a573e37c7 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:315:10
#14 0x7f1a573e37c7 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:308:3
#15 0x7f1a573e37c7 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:290:3
#16 0x7f1a57402a0a in base::Thread::ThreadMain() /builds/worker/workspace/build/src/ipc/chromium/src/base/thread.cc:192:16
#17 0x7f1a573f452c in ThreadFunc(void*) /builds/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:40:13
#18 0x7f1a79ffe6da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
#19 0x7f1a78fdc88e in clone /build/glibc-OTsEL5/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /builds/worker/workspace/build/src/widget/gtk/GtkCompositorWidget.cpp:31:5 in mozilla::widget::GtkCompositorWidget::GtkCompositorWidget(mozilla::widget::GtkCompositorWidgetInitData const&, mozilla::layers::CompositorOptions const&, nsWindow*)
Thread T3 (Compositor) created by T0 (GPU Process) here:
#0 0x55731cefe00a in pthread_create /builds/worker/fetches/llvm-project/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:209:3
#1 0x7f1a573ef61c in CreateThread /builds/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:123:14
#2 0x7f1a573ef61c in PlatformThread::Create(unsigned long, PlatformThread::Delegate*, unsigned long*) /builds/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:134:10
#3 0x7f1a574021ed in base::Thread::StartWithOptions(base::Thread::Options const&) /builds/worker/workspace/build/src/ipc/chromium/src/base/thread.cc:97:8
#4 0x7f1a598b15ab in CreateCompositorThread /builds/worker/workspace/build/src/gfx/layers/ipc/CompositorThread.cpp:86:26
#5 0x7f1a598b15ab in mozilla::layers::CompositorThreadHolder::CompositorThreadHolder() /builds/worker/workspace/build/src/gfx/layers/ipc/CompositorThread.cpp:38:25
#6 0x7f1a598b1e80 in mozilla::layers::CompositorThreadHolder::Start() /builds/worker/workspace/build/src/gfx/layers/ipc/CompositorThread.cpp:107:33
#7 0x7f1a59ba1b4b in mozilla::gfx::GPUParent::Init(int, char const*, MessageLoop*, mozilla::UniquePtr<IPC::Channel, mozilla::DefaultDelete<IPC::Channel> >) /builds/worker/workspace/build/src/gfx/ipc/GPUParent.cpp:134:3
#8 0x7f1a59bb1588 in mozilla::gfx::GPUProcessImpl::Init(int, char**) /builds/worker/workspace/build/src/gfx/ipc/GPUProcessImpl.cpp:76:15
#9 0x7f1a620f620d in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:727:21
#10 0x55731cf45f83 in content_process_main /builds/worker/workspace/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
#11 0x55731cf45f83 in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:303:18
#12 0x7f1a78edcb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
==27416==ABORTING
Reporter | ||
Comment 1•5 years ago
|
||
Reporter | ||
Comment 2•5 years ago
|
||
Reporter | ||
Comment 3•5 years ago
|
||
Reporter | ||
Updated•5 years ago
|
Comment 4•5 years ago
|
||
(In reply to Jason Kratzer [:jkratzer] from comment #3)
BugMon: Reduced build range to...
Start: 8384972e1f6a408c9c724a9082939bd2ba91dab2 (20190531170346)
End: b2d39cc7a2db1ee5cbadab043d94790470aa48ca (20190531170618)
Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=8384972e1f6a408c9c724a9082939bd2ba91dab2&tochange=b2d39cc7a2db1ee5cbadab043d94790470aa48ca
Enabling the gpu process by default on linux perhaps?
Comment 5•5 years ago
|
||
The priority flag is not set for this bug.
:jbonisteel, could you have a look please?
For more information, please visit auto_nag documentation.
Comment 6•5 years ago
|
||
Bugbug thinks this bug is a regression, but please revert this change in case of error.
Updated•5 years ago
|
Updated•5 years ago
|
Comment 7•5 years ago
|
||
AFAIK webrender and gpu process are still disabled on linux for 75.
Updated•3 years ago
|
Updated•3 years ago
|
Updated•2 years ago
|
Description
•