Closed
Bug 1699512
Opened 4 years ago
Closed 4 years ago
Intermittent /FileAPI/url/sandboxed-iframe.html | application crashed [@ js::GCMarker::eagerlyMarkChildren(JSLinearString*)] | After Assertion failure: linearStr->JSString::isLinear(), at /builds/worker/checkouts/gecko/js/src/gc/Marking.cpp:1329
Categories
(Core :: JavaScript: GC, defect)
Core
JavaScript: GC
Tracking
()
RESOLVED
DUPLICATE
of bug 1699364
People
(Reporter: intermittent-bug-filer, Unassigned)
References
Details
(Keywords: crash, intermittent-failure)
Crash Data
Filed by: nbeleuzu [at] mozilla.com
Parsed log: https://treeherder.mozilla.org/logviewer?job_id=333658309&repo=mozilla-central
Full log: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/dPGDhKcMR7iu94S5tm5Dpg/runs/0/artifacts/public/logs/live_backing.log
[task 2021-03-18T16:30:08.006Z] 16:30:08 INFO - PROCESS-CRASH | /FileAPI/url/sandboxed-iframe.html | application crashed [@ js::GCMarker::eagerlyMarkChildren(JSLinearString*)]
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - Mozilla crash reason: MOZ_ASSERT(linearStr->JSString::isLinear())
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - Crash dump filename: /tmp/tmpn8wxbunh/minidumps/593e329a-8cea-9d1e-84bb-6923ac10395b.dmp
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - Operating system: Linux
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - 0.0.0 Linux 4.4.0-1014-aws #14taskcluster1-Ubuntu SMP Tue Apr 3 10:27:00 UTC 2018 x86_64
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - CPU: amd64
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - family 23 model 1 stepping 2
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - 4 CPUs
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO -
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - GPU: UNKNOWN
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO -
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - Crash reason: SIGSEGV /SEGV_MAPERR
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - Crash address: 0x0
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - Process uptime: not available
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO -
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - Thread 0 (crashed)
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - 0 libxul.so!js::GCMarker::eagerlyMarkChildren(JSLinearString*) [Marking.cpp:0438c8585f5f1ddd5b45008926aa948a26ddd96f : 1329 + 0x29]
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - rax = 0x00007f536f11ac59 rdx = 0x0000000000000000
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - rcx = 0x000056231f07c538 rbx = 0x00000e94df80d820
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - rsi = 0x00007f53831d78b0 rdi = 0x00007f53831d6680
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - rbp = 0x00007ffc464888e0 rsp = 0x00007ffc464888d0
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - r8 = 0x00007f53831d78b0 r9 = 0x00007f53840cc780
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - r10 = 0x0000000000000000 r11 = 0x0000000000000000
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - r12 = 0x0000000000000000 r13 = 0x00000e94df88bd00
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - r14 = 0x00007f5366a20400 r15 = 0x0000000000000000
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - rip = 0x00007f5376c4914b
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - Found by: given as instruction pointer in context
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - 1 libxul.so!js::GCMarker::traceBarrieredCell(JS::GCCellPtr) [Marking.cpp:0438c8585f5f1ddd5b45008926aa948a26ddd96f : 4187 + 0x39c]
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - rbx = 0x00007f5366a20578 rbp = 0x00007ffc46488930
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - rsp = 0x00007ffc464888f0 r12 = 0x0000000000000000
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - r13 = 0x00000e94df88bd00 r14 = 0x00007f5366a20400
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - r15 = 0x0000000000000000 rip = 0x00007f5376c1dfbb
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - Found by: call frame info
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - 2 libxul.so!js::GCMarker::traceBarrieredCells(js::SliceBudget&) [Marking.cpp:0438c8585f5f1ddd5b45008926aa948a26ddd96f : 4172 + 0x27]
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - rbx = 0x00000e94df88bd02 rbp = 0x00007ffc46488980
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - rsp = 0x00007ffc46488940 r12 = 0x00007f5366a20430
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - r13 = 0x00007f5366a20400 r14 = 0x00007ffc464889a0
[task 2021-03-18T16:30:08.007Z] 16:30:08 INFO - r15 = 0x00007f5366a2d001 rip = 0x00007f5376c0c3f0
[task 2021-03-18T16:30:08.008Z] 16:30:08 INFO - Found by: call frame info
[task 2021-03-18T16:30:08.008Z] 16:30:08 INFO - 3 libxul.so!js::gc::BarrierTracer::performBarrier(JS::GCCellPtr) [Marking.cpp:0438c8585f5f1ddd5b45008926aa948a26ddd96f : 4151 + 0x3c]
[task 2021-03-18T16:30:08.008Z] 16:30:08 INFO - rbx = 0x00000e94df88bd1a rbp = 0x00007ffc46488a00
[task 2021-03-18T16:30:08.008Z] 16:30:08 INFO - rsp = 0x00007ffc46488990 r12 = 0x00000e94df862c28
[task 2021-03-18T16:30:08.008Z] 16:30:08 INFO - r13 = 0x00007f53661e3a27 r14 = 0x00007f5366a205d8
[task 2021-03-18T16:30:08.008Z] 16:30:08 INFO - r15 = 0x00000e94df88bd1a rip = 0x00007f5376c07217
[task 2021-03-18T16:30:08.008Z] 16:30:08 INFO - Found by: call frame info
[task 2021-03-18T16:30:08.008Z] 16:30:08 INFO - 4 libxul.so!JSLinearString* JSRope::flattenInternal<(JSRope::UsingBarrier)0, unsigned char>(JSContext*) [StringType.cpp:0438c8585f5f1ddd5b45008926aa948a26ddd96f : 765 + 0x8]
[task 2021-03-18T16:30:08.008Z] 16:30:08 INFO - rbx = 0x00000e94df88bd18 rbp = 0x00007ffc46488a90
[task 2021-03-18T16:30:08.008Z] 16:30:08 INFO - rsp = 0x00007ffc46488a10 r12 = 0x00000e94df862c28
[task 2021-03-18T16:30:08.008Z] 16:30:08 INFO - r13 = 0x00007f53661e3a27 r14 = 0x00000e94df862c28
[task 2021-03-18T16:30:08.012Z] 16:30:08 INFO - r15 = 0x00000e94df80d820 rip = 0x00007f53767c4df6
[task 2021-03-18T16:30:08.012Z] 16:30:08 INFO - Found by: call frame info
[task 2021-03-18T16:30:08.012Z] 16:30:08 INFO - 5 libxul.so!JSRope::flatten(JSContext*) [StringType.cpp:0438c8585f5f1ddd5b45008926aa948a26ddd96f : 858 + 0x5]
[task 2021-03-18T16:30:08.012Z] 16:30:08 INFO - rbx = 0x00007f5366a2d000 rbp = 0x00007ffc46488ae0
[task 2021-03-18T16:30:08.012Z] 16:30:08 INFO - rsp = 0x00007ffc46488aa0 r12 = 0x0000000000000009
[task 2021-03-18T16:30:08.013Z] 16:30:08 INFO - r13 = 0x00007ffc46488bc0 r14 = 0x00000e94df80d820
[task 2021-03-18T16:30:08.013Z] 16:30:08 INFO - r15 = 0x00007f5382920780 rip = 0x00007f53767a17ef
[task 2021-03-18T16:30:08.013Z] 16:30:08 INFO - Found by: call frame info
[task 2021-03-18T16:30:08.014Z] 16:30:08 INFO - 6 libxul.so!bool ArrayJoinKernel<CharSeparatorOp<unsigned char> >(JSContext*, CharSeparatorOp<unsigned char>, JS::Handle<JSObject*>, unsigned long, js::StringBuffer&) [Array.cpp:0438c8585f5f1ddd5b45008926aa948a26ddd96f : 1301 + 0x11c]
[task 2021-03-18T16:30:08.015Z] 16:30:08 INFO - rbx = 0x0000000000000201 rbp = 0x00007ffc46488b70
[task 2021-03-18T16:30:08.016Z] 16:30:08 INFO - rsp = 0x00007ffc46488af0 r12 = 0x00007ffc46488c18
[task 2021-03-18T16:30:08.017Z] 16:30:08 INFO - r13 = 0x00007ffc46488bc0 r14 = 0x0000000000001387
[task 2021-03-18T16:30:08.018Z] 16:30:08 INFO - r15 = 0x00007f5366a2d000 rip = 0x00007f53763c899f
[task 2021-03-18T16:30:08.019Z] 16:30:08 INFO - Found by: call frame info
[task 2021-03-18T16:30:08.020Z] 16:30:08 INFO - 7 libxul.so!js::array_join(JSContext*, unsigned int, JS::Value*) [Array.cpp:0438c8585f5f1ddd5b45008926aa948a26ddd96f : 1442 + 0x8]
[task 2021-03-18T16:30:08.021Z] 16:30:08 INFO - rbx = 0x0000000000000001 rbp = 0x00007ffc46488ce0
[task 2021-03-18T16:30:08.022Z] 16:30:08 INFO - rsp = 0x00007ffc46488b80 r12 = 0x0000000000001387
[task 2021-03-18T16:30:08.023Z] 16:30:08 INFO - r13 = 0x00007f5366a2d000 r14 = 0x00007ffc46488bc0
[task 2021-03-18T16:30:08.024Z] 16:30:08 INFO - r15 = 0x00007ffc46488bb0 rip = 0x00007f53763c7e2a
[task 2021-03-18T16:30:08.025Z] 16:30:08 INFO - Found by: call frame info
[task 2021-03-18T16:30:08.026Z] 16:30:08 INFO - 8 libxul.so!CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&) [Interpreter.cpp:0438c8585f5f1ddd5b45008926aa948a26ddd96f : 435 + 0x12]
[task 2021-03-18T16:30:08.027Z] 16:30:08 INFO - rbx = 0x00007f5364f8d400 rbp = 0x00007ffc46488d60
[task 2021-03-18T16:30:08.028Z] 16:30:08 INFO - rsp = 0x00007ffc46488cf0 r12 = 0x00007f5364f8d400
[task 2021-03-18T16:30:08.029Z] 16:30:08 INFO - r13 = 0x00007ffc46488f80 r14 = 0x00007f5366a2d000
[task 2021-03-18T16:30:08.030Z] 16:30:08 INFO - r15 = 0x00007f53763c7790 rip = 0x00007f5376391621
[task 2021-03-18T16:30:08.031Z] 16:30:08 INFO - Found by: call frame info
[task 2021-03-18T16:30:08.032Z] 16:30:08 INFO - 9 libxul.so!js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) [Interpreter.cpp:0438c8585f5f1ddd5b45008926aa948a26ddd96f : 520 + 0xb]
[task 2021-03-18T16:30:08.033Z] 16:30:08 INFO - rbx = 0x0000354422c3a468 rbp = 0x00007ffc46488e10
[task 2021-03-18T16:30:08.034Z] 16:30:08 INFO - rsp = 0x00007ffc46488d70 r12 = 0x00007ffc46488d90
[task 2021-03-18T16:30:08.035Z] 16:30:08 INFO - r13 = 0x0000000000000000 r14 = 0x00007f5366a2d000
[task 2021-03-18T16:30:08.036Z] 16:30:08 INFO - r15 = 0x00007ffc46488f80 rip = 0x00007f5376390d60
[task 2021-03-18T16:30:08.037Z] 16:30:08 INFO - Found by: call frame info
[task 2021-03-18T16:30:08.038Z] 16:30:08 INFO - 10 libxul.so!InternalCall(JSContext*, js::AnyInvokeArgs const&, js::CallReason) [Interpreter.cpp:0438c8585f5f1ddd5b45008926aa948a26ddd96f : 580 + 0x10]
[task 2021-03-18T16:30:08.039Z] 16:30:08 INFO - rbx = 0x00007ffc46488f80 rbp = 0x00007ffc46488e60
[task 2021-03-18T16:30:08.040Z] 16:30:08 INFO - rsp = 0x00007ffc46488e20 r12 = 0x0000354422c3a468
[task 2021-03-18T16:30:08.041Z] 16:30:08 INFO - r13 = 0x00007f5378fc2830 r14 = 0x0000000000000000
[task 2021-03-18T16:30:08.042Z] 16:30:08 INFO - r15 = 0x00007f5366a2d000 rip = 0x00007f5376392551
[task 2021-03-18T16:30:08.043Z] 16:30:08 INFO - Found by: call frame info
[task 2021-03-18T16:30:08.044Z] 16:30:08 INFO - 11 libxul.so!Interpret(JSContext*, js::RunState&) [Interpreter.cpp:0438c8585f5f1ddd5b45008926aa948a26ddd96f : 3244 + 0x15]
[task 2021-03-18T16:30:08.045Z] 16:30:08 INFO - rbx = 0x0000354422c3a468 rbp = 0x00007ffc46489360
[task 2021-03-18T16:30:08.047Z] 16:30:08 INFO - rsp = 0x00007ffc46488e70 r12 = 0xfff9800000000000
[task 2021-03-18T16:30:08.048Z] 16:30:08 INFO - r13 = 0xffff800000000000 r14 = 0x000000000000006c
[task 2021-03-18T16:30:08.049Z] 16:30:08 INFO - r15 = 0x00007f5378fb2390 rip = 0x00007f53763858dd
[task 2021-03-18T16:30:08.050Z] 16:30:08 INFO - Found by: call frame info
[task 2021-03-18T16:30:08.052Z] 16:30:08 INFO - 12 libxul.so!js::RunScript(JSContext*, js::RunState&) [Interpreter.cpp:0438c8585f5f1ddd5b45008926aa948a26ddd96f : 405 + 0xb]
[task 2021-03-18T16:30:08.053Z] 16:30:08 INFO - rbx = 0x00007f5365cbaea1 rbp = 0x00007ffc464893b0
[task 2021-03-18T16:30:08.054Z] 16:30:08 INFO - rsp = 0x00007ffc46489370 r12 = 0x00007f5382920701
[task 2021-03-18T16:30:08.055Z] 16:30:08 INFO - r13 = 0x00007f5366a2d000 r14 = 0x00007ffc46489400
[task 2021-03-18T16:30:08.056Z] 16:30:08 INFO - r15 = 0x0000000000000000 rip = 0x00007f537637c651
[task 2021-03-18T16:30:08.057Z] 16:30:08 INFO - Found by: call frame info```
|
||
Updated•4 years ago
|
Group: javascript-core-security
Status: NEW → RESOLVED
Closed: 4 years ago
Depends on: 1699364
Resolution: --- → DUPLICATE
|
||
Updated•1 years ago
|
Group: javascript-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•