Open Bug 1663471 Opened 4 years ago Updated 2 years ago

AddressSanitizer: SEGV on unknown address 0x000000000000 in XRE_InitChildProcess

Categories

(Toolkit :: Startup and Profile System, defect)

Product:
Toolkit
Component:
Startup and Profile System
Platform:
Unspecified
Linux
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox82 --- affected

People

(Reporter: bj, Unassigned)

References

(Blocks 1 open bug)

Details

Starting ASan Nightly with -P I see the console output below. The message ends with "ABORTING" but the profile manager appears to work and Firefox can be started.

AddressSanitizer:DEADLYSIGNAL

==6849==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f218d843425 bp 0x7ffdd79e3590 sp 0x7ffdd79e31a0 T0)
==6849==The signal is caused by a WRITE memory access.
==6849==Hint: address points to the zero page.
error: address range table at offset 0xd50 has an invalid tuple (length = 0) at offset 0xd60
#0 0x7f218d843425 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:359:7
#1 0x55bdc919ddc8 in content_process_main /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
#2 0x55bdc919ddc8 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:303:18
#3 0x7f219edc6b96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310
#4 0x55bdc90f0ca8 in _start (/home/bj/Software/ASanNightly/firefox/firefox-bin+0xb1ca8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:359:7 in XRE_InitChildProcess(int, char**, XREChildData const*)
==6849==ABORTING

This is 100% reproducible for me on linux.
Nika is this related to Bug 1652144?

Flags: needinfo?(nika)

Based on the line of the crash, it looks like we're crashing on this line: https://searchfox.org/mozilla-central/rev/b58ca45005fe02077c92779483d1b60e9a49687c/toolkit/xre/nsEmbedFunctions.cpp#359, which is a very-early-during-startup MOZ_CRASH due to not having the ASAN_REPORTER_PATH environment variable configured. This variable is configured after we select a profile, to be the profile directory, so it makes sense it wouldn't be set in the profile selector. (https://searchfox.org/mozilla-central/rev/b58ca45005fe02077c92779483d1b60e9a49687c/toolkit/xre/nsAppRunner.cpp#4257)

It might be interesting to find out why we're starting a content process while rendering the profile selector. I'm guessing some background service of some kind is still being started, and is causing the extension process to launch and crash, or something like that.

Flags: needinfo?(nika)
Severity: -- → S4
You need to log in before you can comment on or make changes to this bug.