Closed Bug 935795 Opened 11 years ago Closed 7 years ago

AddressSanitizer crash on Mac: stack-buffer-underflow (ffi_call_unix64, js::ctypes::FunctionType::Call) ASan

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jruderman, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [fuzzblocker])

Attachments

(5 files)

full ASan complaint
3.29 KB, text/plain
Details
mozconfig-asan
1.75 KB, text/plain
Details
Stuff from toolkit.osfile.log up to the crash
5.85 KB, text/plain
Details
a bunch of stuff from lldb
100.60 KB, text/plain
Details
fullbt.txt
131.42 KB, text/plain
Details
Attached file full ASan complaint
With: Mac OS X 10.8 ASan (LLVM r185949, release mode) Firefox (mozilla-central 3254963dccbb, *non-debug* ASan build) > ==54944==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x000119101c00 at pc 0x10002328d bp 0x1191018a0 sp 0x119101880 > WRITE of size 2168 at 0x000119101c00 thread T19 > #0 0x10002328c in wrap_fstatfs (/Users/jruderman/llvm/build/Release/lib/clang/3.4/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x1528c) > #1 0x7fff89ffcff4 in __opendir2 (/usr/lib/system/libsystem_c.dylib+0xa0ff4) > #2 0x10b43787b in ffi_call_unix64 (/Users/jruderman/builds/mozilla-central-asan-opt/dist/Nightly.app/Contents/MacOS/XUL+0x71ce87b) > #3 0x60200004a7af > Address 0x000119101c00 is located in stack of thread T19 at offset 0 in frame > #0 0x10b40413f in js::ctypes::FunctionType::Call(JSContext*, unsigned int, JS::Value*) (/Users/jruderman/builds/mozilla-central-asan-opt/dist/Nightly.app/Contents/MacOS/XUL+0x719b13f) > This frame has 6 object(s): > [32, 40) 'obj.i' <== Memory access at offset 0 partially underflows this variable > [96, 104) 'objTypeProto.i' <== Memory access at offset 0 partially underflows this variable > [160, 312) 'values' <== Memory access at offset 0 partially underflows this variable > [352, 504) 'strings' <== Memory access at offset 0 partially underflows this variable > [544, 568) 'autoCallback' <== Memory access at offset 0 partially underflows this variable > [608, 616) 'returnType' <== Memory access at offset 0 partially underflows this variable > HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext > (longjmp and C++ exceptions *are* supported) Yesterday I was getting this on shutdown, but now I'm getting it on startup.
Attached file mozconfig-asan
I hit this on Mac but not on Linux.
One workaround is to add "-mllvm -asan-stack=0" to my mozconfig's CFLAGS and CXXFLAGS.
Jesse: is this Mac ASan bug still relevant or reproducible?
Flags: needinfo?(jruderman)
Yes. I still need the workaround in comment 3 in order to use ASan on Mac at all.
Flags: needinfo?(jruderman)
We've had problems with ffi_call_* and ASan before, e.g. bug 872577. Not sure if this is related at all but I'll put a needinfo on :Yoric, maybe he can help us to find a start here. Yoric, this happens on Mac OSX only, never seen on Linux, so I thought it would be related to our native libsystem calls on OSX somehow. It could however also be a memory problem in the JS engine and it just doesn't manifest on Linux. Could you try helping us to figure out what's wrong here? Disabling the whole stack checking for ASan on Mac is a really bad workaround :(
Flags: needinfo?(dteller)
Would it be possible to get the JS stack?
Flags: needinfo?(dteller)
Let me rephrase: it's most likely a function that is ill-defined with js-ctypes, so it would be very useful to know which function.
The problem is that the issue occurs randomly on startup/shutdown. Is there any logging that might help in that case?
Setting pref toolkit.osfile.log to true might help if the culprit is OS.File (which seems likely).
Jesse, what version/revision of LLVM are you using? I've been using LLVM 185949, compiled on OS X 10.7.5 (with the 10.6 SDK), as per: http://people.mozilla.org/~stmichaud/bmo/firefox-asan-howto.txt I've never seen one of these crashes, and I haven't had to use your workaround. (It may also be relevant that I've compiled libffi 3.0.11 on the partition where I do my Mac ASan builds, and that's what I build FF with.)
Flags: needinfo?(jruderman)
I was also using LLVM 185949 when I first reported this bug, but now I'm using LLVM 209703 (with a Mozilla-side workaround for bug 982693). I still hit this bug if I don't use the workaround in comment 3.
Flags: needinfo?(jruderman)
Includes C++ stacks for all threads. I could only get the main thread's JS stack (with DumpJSStack), because getting the worker thread's stack (with js_DumpBacktrace) requires a |cx| value that I mysteriously don't have.
Jesse, on which version of OS X did you compile LLVM and Firefox? And for Firefox which SDK did you use? This might make a difference. I gave my answer to these questions in comment #11. (Note, though, that I didn't specify any SDK when compiling LLVM. I only did that when compiling Firefox.)
Flags: needinfo?(jruderman)
I compiled both on Mac OS X 10.9. I didn't specify an SDK in my mozconfig and I'm not sure which the build system chose.
Flags: needinfo?(jruderman)
> I didn't specify an SDK Doing this on OS X 10.9 is equivalent to specifying the 10.9 SDK. At some point I'll build as you have, and see if that allows me to reproduce this bug.
I'm hitting this issue with my first Firefox ASan build. LLVM rev is r214699 and it reproduces on startup every time I try to start. SDK I tried is 10.8, the OS is 10.9.
Also tried with 10.9 SDK, same effect. Fwiw, I'm trying to start in safe mode (I'm getting the safe mode prompt and then click on safe mode) and I get the crash immediately on every try.
I've talked to kcc and he suggested to open a bug in the ASan bug tracker because the stack itself also looks truncated. Issue link is in the "See also" field. Unfortunately, I failed at debugging this so far because setting a breakpoint on __asan_report_error does not work for me (gdb just doesn't see that function). If anyone has any hints on how to do this, please comment :)
See Also: → http://code.google.com/p/address-sanitizer/issues/detail?id=331
I've hit this twice today running under ASAN: I've hit this twice while running ASAN build under mac: ================================================================= [1m[31m==25790==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x700004983720 at pc 0x00010010b806 bp 0x700004982d30 sp 0x7000049824f0 [1m[0m[1m[34mWRITE of size 2168 at 0x700004983720 thread T89[1m[0m #0 0x10010b805 in wrap_fstatfs64 (libclang_rt.asan_osx_dynamic.dylib+0x33805) #1 0x7fff8d45776b in copyfile (libcopyfile.dylib+0x476b) #2 0x11a0b2183 in ffi_call_unix64 (XUL+0x13859183) #3 0x60200008faef (<unknown module>) [1m[32mAddress 0x700004983720 is located in stack of thread T89[1m[0m SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow (libclang_rt.asan_osx_dynamic.dylib+0x33805) in wrap_fstatfs64 Shadow bytes around the buggy address: 0x1e0000930690: [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m 0x1e00009306a0: [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m 0x1e00009306b0: [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m 0x1e00009306c0: [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m 0x1e00009306d0: [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m =>0x1e00009306e0: [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m[[1m[34mca[1m[0m][1m[34mca[1m[0m [1m[34mca[1m[0m [1m[34mca[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m 0x1e00009306f0: [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m 0x1e0000930700: [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[34mcb[1m[0m [1m[34mcb[1m[0m [1m[34mcb[1m[0m [1m[34mcb[1m[0m [1m[34mcb[1m[0m [1m[34mcb[1m[0m [1m[31mf1[1m[0m [1m[31mf1[1m[0m [1m[31mf1[1m[0m [1m[31mf1[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[31mf2[1m[0m [1m[31mf2[1m[0m 0x1e0000930710: [1m[0m04[1m[0m [1m[31mf2[1m[0m [1m[0m04[1m[0m [1m[31mf3[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m 0x1e0000930720: [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m 0x1e0000930730: [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: [1m[0m00[1m[0m Partially addressable: [1m[0m01[1m[0m [1m[0m02[1m[0m [1m[0m03[1m[0m [1m[0m04[1m[0m [1m[0m05[1m[0m [1m[0m06[1m[0m [1m[0m07[1m[0m Heap left redzone: [1m[31mfa[1m[0m Heap right redzone: [1m[31mfb[1m[0m Freed heap region: [1m[35mfd[1m[0m Stack left redzone: [1m[31mf1[1m[0m Stack mid redzone: [1m[31mf2[1m[0m Stack right redzone: [1m[31mf3[1m[0m Stack partial redzone: [1m[31mf4[1m[0m Stack after return: [1m[35mf5[1m[0m Stack use after scope: [1m[35mf8[1m[0m Global redzone: [1m[31mf9[1m[0m Global init order: [1m[36mf6[1m[0m Poisoned by user: [1m[34mf7[1m[0m Container overflow: [1m[34mfc[1m[0m Array cookie: [1m[31mac[1m[0m Intra object redzone: [1m[33mbb[1m[0m ASan internal: [1m[33mfe[1m[0m Left alloca redzone: [1m[34mca[1m[0m Right alloca redzone: [1m[34mcb[1m[0m Thread T89 created by T0 here: #0 0x100116f99 in wrap_pthread_create (libclang_rt.asan_osx_dynamic.dylib+0x3ef99) #1 0x1062885bb in _PR_CreateThread ptthread.c:457 #2 0x1062879d3 in PR_CreateThread ptthread.c:548 #3 0x106c5952b in nsThread::Init() nsThread.cpp:523 #4 0x11101f888 in mozilla::dom::workers::WorkerThread::Create(mozilla::dom::workers::WorkerThreadFriendKey const&) WorkerThread.cpp:92 #5 0x110e81b9c in mozilla::dom::workers::RuntimeService::ScheduleWorker(mozilla::dom::workers::WorkerPrivate*) RuntimeService.cpp:1704 #6 0x110e7fc6f in mozilla::dom::workers::RuntimeService::RegisterWorker(mozilla::dom::workers::WorkerPrivate*) RuntimeService.cpp:1531 #7 0x110fee192 in mozilla::dom::workers::WorkerPrivate::Constructor(JSContext*, nsAString_internal const&, bool, mozilla::dom::WorkerType, nsACString_internal const&, mozilla::dom::workers::WorkerLoadInfo*, mozilla::ErrorResult&) WorkerPrivate.cpp:4168 #8 0x110fed68d in mozilla::dom::workers::WorkerPrivate::Constructor(mozilla::dom::GlobalObject const&, nsAString_internal const&, bool, mozilla::dom::WorkerType, nsACString_internal const&, mozilla::dom::workers::WorkerLoadInfo*, mozilla::ErrorResult&) WorkerPrivate.cpp:4103 #9 0x110fed880 in mozilla::dom::workers::ChromeWorkerPrivate::Constructor(mozilla::dom::GlobalObject const&, nsAString_internal const&, mozilla::ErrorResult&) WorkerPrivate.cpp:4073 #10 0x10dfe3a83 in mozilla::dom::ChromeWorkerBinding::_constructor(JSContext*, unsigned int, JS::Value*) WorkerBinding.cpp:103 #11 0x11965579f in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) jscntxtinlines.h:235 #12 0x119694b09 in js::CallJSNativeConstructor(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) jscntxtinlines.h:268 #13 0x1195fecbb in InternalConstruct(JSContext*, js::AnyConstructArgs const&) Interpreter.cpp:581 #14 0x1195fdfb4 in js::ConstructFromStack(JSContext*, JS::CallArgs const&) Interpreter.cpp:608 #15 0x1195d940e in Interpret(JSContext*, js::RunState&) Interpreter.cpp:2823 #16 0x1195b0451 in js::RunScript(JSContext*, js::RunState&) Interpreter.cpp:426 #17 0x1195fd060 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:498 #18 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #19 0x1195fdb1c in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) Interpreter.cpp:544 #20 0x1195ffe12 in js::CallGetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::MutableHandle<JS::Value>) Interpreter.cpp:656 #21 0x11979032c in CallGetter(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::Handle<js::Shape*>, JS::MutableHandle<JS::Value>) NativeObject.cpp:1743 #22 0x11975a19f in bool GetExistingProperty<(js::AllowGC)1>(JSContext*, js::MaybeRooted<JS::Value, (js::AllowGC)1>::HandleType, js::MaybeRooted<js::NativeObject*, (js::AllowGC)1>::HandleType, js::MaybeRooted<js::Shape*, (js::AllowGC)1>::HandleType, js::MaybeRooted<JS::Value, (js::AllowGC)1>::MutableHandleType) NativeObject.cpp:1791 #23 0x11975b57c in bool NativeGetPropertyInline<(js::AllowGC)1>(JSContext*, js::MaybeRooted<js::NativeObject*, (js::AllowGC)1>::HandleType, js::MaybeRooted<JS::Value, (js::AllowGC)1>::HandleType, js::MaybeRooted<jsid, (js::AllowGC)1>::HandleType, IsNameLookup, js::MaybeRooted<JS::Value, (js::AllowGC)1>::MutableHandleType) NativeObject.cpp:2010 #24 0x11975aa4a in js::NativeGetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JS::Value>, JS::Handle<jsid>, JS::MutableHandle<JS::Value>) NativeObject.cpp:2044 #25 0x1196b8d95 in js::GetProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::Handle<jsid>, JS::MutableHandle<JS::Value>) NativeObject.h:1508 #26 0x119659b71 in js::GetProperty(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, js::PropertyName*, JS::MutableHandle<JS::Value>) jsobj.h:830 #27 0x119607982 in js::GetProperty(JSContext*, JS::Handle<JS::Value>, JS::Handle<js::PropertyName*>, JS::MutableHandle<JS::Value>) Interpreter.cpp:4111 #28 0x119633aca in GetPropertyOperation(JSContext*, js::InterpreterFrame*, JS::Handle<JSScript*>, unsigned char*, JS::MutableHandle<JS::Value>, JS::MutableHandle<JS::Value>) Interpreter.cpp:217 #29 0x1195d11eb in Interpret(JSContext*, js::RunState&) Interpreter.cpp:2548 #30 0x1195b0451 in js::RunScript(JSContext*, js::RunState&) Interpreter.cpp:426 #31 0x1195fd060 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:498 #32 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #33 0x1195fdb1c in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) Interpreter.cpp:544 #34 0x11922daac in js::Wrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const Wrapper.cpp:163 #35 0x1191cb3a3 in js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const CrossCompartmentWrapper.cpp:309 #36 0x119204784 in js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) Proxy.cpp:399 #37 0x11920b8cf in js::proxy_Call(JSContext*, unsigned int, JS::Value*) Proxy.cpp:691 #38 0x11965579f in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) jscntxtinlines.h:235 #39 0x1195fcd9d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:468 #40 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #41 0x1195fd29c in js::CallFromStack(JSContext*, JS::CallArgs const&) Interpreter.cpp:531 #42 0x118058749 in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICCall_Fallback*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) BaselineIC.cpp:5971 #43 0x131eebdaa (<unknown module>) #44 0x6210011d53a7 (<unknown module>) #45 0x131ee4dc3 (<unknown module>) #46 0x11808fe8c in EnterBaseline(JSContext*, js::jit::EnterJitData&) BaselineJIT.cpp:149 #47 0x11808eefe in js::jit::EnterBaselineMethod(JSContext*, js::RunState&) BaselineJIT.cpp:188 #48 0x1195b03a7 in js::RunScript(JSContext*, js::RunState&) Interpreter.cpp:416 #49 0x1195fd060 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:498 #50 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #51 0x1195fd29c in js::CallFromStack(JSContext*, JS::CallArgs const&) Interpreter.cpp:531 #52 0x118058749 in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICCall_Fallback*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) BaselineIC.cpp:5971 #53 0x131eebdaa (<unknown module>) #54 0x621000f60637 (<unknown module>) #55 0x131ee4dc3 (<unknown module>) #56 0x11808fe8c in EnterBaseline(JSContext*, js::jit::EnterJitData&) BaselineJIT.cpp:149 #57 0x11808eefe in js::jit::EnterBaselineMethod(JSContext*, js::RunState&) BaselineJIT.cpp:188 #58 0x1195b03a7 in js::RunScript(JSContext*, js::RunState&) Interpreter.cpp:416 #59 0x1195fd060 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:498 #60 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #61 0x1195fdb1c in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) Interpreter.cpp:544 #62 0x118eb772f in js::fun_call(JSContext*, unsigned int, JS::Value*) jsfun.cpp:1179 #63 0x11965579f in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) jscntxtinlines.h:235 #64 0x1195fcf2c in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:480 #65 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #66 0x1195fdb1c in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) Interpreter.cpp:544 #67 0x11922daac in js::Wrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const Wrapper.cpp:163 #68 0x1191cb3a3 in js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const CrossCompartmentWrapper.cpp:309 #69 0x119204784 in js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) Proxy.cpp:399 #70 0x11920b8cf in js::proxy_Call(JSContext*, unsigned int, JS::Value*) Proxy.cpp:691 #71 0x11965579f in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) jscntxtinlines.h:235 #72 0x1195fcd9d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:468 #73 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #74 0x1195fd29c in js::CallFromStack(JSContext*, JS::CallArgs const&) Interpreter.cpp:531 #75 0x118058749 in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICCall_Fallback*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) BaselineIC.cpp:5971 #76 0x131eebdaa (<unknown module>) #77 0x621001f23b27 (<unknown module>) #78 0x132ae4513 (<unknown module>) #79 0x6210010f331f (<unknown module>) #80 0x132ae4513 (<unknown module>) #81 0x6210005611cf (<unknown module>) #82 0x132ae4513 (<unknown module>) #83 0x621000561197 (<unknown module>) #84 0x131ee4dc3 (<unknown module>) #85 0x11808fe8c in EnterBaseline(JSContext*, js::jit::EnterJitData&) BaselineJIT.cpp:149 #86 0x11808eefe in js::jit::EnterBaselineMethod(JSContext*, js::RunState&) BaselineJIT.cpp:188 #87 0x1195b03a7 in js::RunScript(JSContext*, js::RunState&) Interpreter.cpp:416 #88 0x1195fd060 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:498 #89 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #90 0x1195fdb1c in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) Interpreter.cpp:544 #91 0x118c400c7 in JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) jsapi.cpp:2864 #92 0x109859de7 in nsXPCComponents_Utils::CallFunctionWithAsyncStack(JS::Handle<JS::Value>, nsIStackFrame*, nsAString_internal const&, JSContext*, JS::MutableHandle<JS::Value>) XPCComponents.cpp:2720 #93 0x106cd4dcf in NS_InvokeByIndex xptcinvoke_x86_64_unix.cpp:180 #94 0x109a14c12 in CallMethodHelper::Invoke() XPCWrappedNative.cpp:2083 #95 0x1099ff04f in CallMethodHelper::Call() XPCWrappedNative.cpp:1400 #96 0x1099a6dc1 in XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) XPCWrappedNative.cpp:1367 #97 0x1099abd1f in XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) XPCWrappedNativeJSOps.cpp:1128 #98 0x132ae3e37 (<unknown module>) #99 0x62100208f4d7 (<unknown module>) #100 0x131ee4dc3 (<unknown module>) #101 0x11808fe8c in EnterBaseline(JSContext*, js::jit::EnterJitData&) BaselineJIT.cpp:149 #102 0x11808eefe in js::jit::EnterBaselineMethod(JSContext*, js::RunState&) BaselineJIT.cpp:188 #103 0x1195b03a7 in js::RunScript(JSContext*, js::RunState&) Interpreter.cpp:416 #104 0x1195fd060 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:498 #105 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #106 0x1195fdb1c in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) Interpreter.cpp:544 #107 0x118c41eed in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) jsapi.cpp:2926 #108 0x10cbc0fde in mozilla::dom::AnyCallback::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) PromiseBinding.cpp:93 #109 0x10b6fe8d8 in mozilla::dom::AnyCallback::Call(JS::Handle<JS::Value>, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JSCompartment*) PromiseBinding.h:242 #110 0x111160380 in mozilla::dom::WrapperPromiseCallback::Call(JSContext*, JS::Handle<JS::Value>) PromiseCallback.cpp:336 #111 0x111173ea9 in mozilla::dom::PromiseReactionJob::Run() Promise.cpp:107 #112 0x11113dcb5 in mozilla::dom::Promise::PerformMicroTaskCheckpoint() Promise.cpp:966 #113 0x106a04c7d in mozilla::CycleCollectedJSRuntime::AfterProcessTask(unsigned int) CycleCollectedJSRuntime.cpp:1382 #114 0x1098f833b in XPCJSRuntime::AfterProcessTask(unsigned int) XPCJSRuntime.cpp:3727 #115 0x106c5d591 in nsThread::ProcessNextEvent(bool, bool*) nsThread.cpp:1006 #116 0x106cd4dcf in NS_InvokeByIndex xptcinvoke_x86_64_unix.cpp:180 #117 0x109a14c12 in CallMethodHelper::Invoke() XPCWrappedNative.cpp:2083 #118 0x1099ff04f in CallMethodHelper::Call() XPCWrappedNative.cpp:1400 #119 0x1099a6dc1 in XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) XPCWrappedNative.cpp:1367 #120 0x1099abd1f in XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*) XPCWrappedNativeJSOps.cpp:1128 #121 0x1ad961637 (<unknown module>) #122 0x621000037a1f (<unknown module>) #123 0x131ee4dc3 (<unknown module>) #124 0x11808fe8c in EnterBaseline(JSContext*, js::jit::EnterJitData&) BaselineJIT.cpp:149 #125 0x118091370 in js::jit::EnterBaselineAtBranch(JSContext*, js::InterpreterFrame*, unsigned char*) BaselineJIT.cpp:256 #126 0x1195b6c27 in Interpret(JSContext*, js::RunState&) Interpreter.cpp:1836 #127 0x1195b0451 in js::RunScript(JSContext*, js::RunState&) Interpreter.cpp:426 #128 0x1195fd060 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:498 #129 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #130 0x1195fdb1c in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) Interpreter.cpp:544 #131 0x11922daac in js::Wrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const Wrapper.cpp:163 #132 0x1191cb3a3 in js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const CrossCompartmentWrapper.cpp:309 #133 0x119204784 in js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) Proxy.cpp:399 #134 0x11920b8cf in js::proxy_Call(JSContext*, unsigned int, JS::Value*) Proxy.cpp:691 #135 0x11965579f in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) jscntxtinlines.h:235 #136 0x1195fcd9d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:468 #137 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #138 0x1195fd29c in js::CallFromStack(JSContext*, JS::CallArgs const&) Interpreter.cpp:531 #139 0x1195d9794 in Interpret(JSContext*, js::RunState&) Interpreter.cpp:2831 #140 0x1195b0451 in js::RunScript(JSContext*, js::RunState&) Interpreter.cpp:426 #141 0x1195fd060 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:498 #142 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #143 0x1195fdb1c in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) Interpreter.cpp:544 #144 0x118eb772f in js::fun_call(JSContext*, unsigned int, JS::Value*) jsfun.cpp:1179 #145 0x11965579f in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) jscntxtinlines.h:235 #146 0x1195fcf2c in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:480 #147 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #148 0x1195fdb1c in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) Interpreter.cpp:544 #149 0x11922daac in js::Wrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const Wrapper.cpp:163 #150 0x1191cb3a3 in js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const CrossCompartmentWrapper.cpp:309 #151 0x119204784 in js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) Proxy.cpp:399 #152 0x11920b8cf in js::proxy_Call(JSContext*, unsigned int, JS::Value*) Proxy.cpp:691 #153 0x11965579f in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) jscntxtinlines.h:235 #154 0x1195fcd9d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:468 #155 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #156 0x1195fd29c in js::CallFromStack(JSContext*, JS::CallArgs const&) Interpreter.cpp:531 #157 0x1195d9794 in Interpret(JSContext*, js::RunState&) Interpreter.cpp:2831 #158 0x1195b0451 in js::RunScript(JSContext*, js::RunState&) Interpreter.cpp:426 #159 0x1195fd060 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:498 #160 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #161 0x1195fdb1c in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) Interpreter.cpp:544 #162 0x118eb772f in js::fun_call(JSContext*, unsigned int, JS::Value*) jsfun.cpp:1179 #163 0x11965579f in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) jscntxtinlines.h:235 #164 0x1195fcf2c in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:480 #165 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #166 0x1195fd29c in js::CallFromStack(JSContext*, JS::CallArgs const&) Interpreter.cpp:531 #167 0x1195d9794 in Interpret(JSContext*, js::RunState&) Interpreter.cpp:2831 #168 0x1195b0451 in js::RunScript(JSContext*, js::RunState&) Interpreter.cpp:426 #169 0x1195fd060 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:498 #170 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #171 0x1195fdb1c in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) Interpreter.cpp:544 #172 0x118eb772f in js::fun_call(JSContext*, unsigned int, JS::Value*) jsfun.cpp:1179 #173 0x11965579f in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) jscntxtinlines.h:235 #174 0x1195fcf2c in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:480 #175 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #176 0x1195fd29c in js::CallFromStack(JSContext*, JS::CallArgs const&) Interpreter.cpp:531 #177 0x1195d9794 in Interpret(JSContext*, js::RunState&) Interpreter.cpp:2831 #178 0x1195b0451 in js::RunScript(JSContext*, js::RunState&) Interpreter.cpp:426 #179 0x1195fd060 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:498 #180 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #181 0x1195fdb1c in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) Interpreter.cpp:544 #182 0x11922daac in js::Wrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const Wrapper.cpp:163 #183 0x1191cb3a3 in js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const CrossCompartmentWrapper.cpp:309 #184 0x119204784 in js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) Proxy.cpp:399 #185 0x11920b8cf in js::proxy_Call(JSContext*, unsigned int, JS::Value*) Proxy.cpp:691 #186 0x11965579f in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) jscntxtinlines.h:235 #187 0x1195fcd9d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:468 #188 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #189 0x1195fd29c in js::CallFromStack(JSContext*, JS::CallArgs const&) Interpreter.cpp:531 #190 0x1195d9794 in Interpret(JSContext*, js::RunState&) Interpreter.cpp:2831 #191 0x1195b0451 in js::RunScript(JSContext*, js::RunState&) Interpreter.cpp:426 #192 0x1195fd060 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:498 #193 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #194 0x1195fdb1c in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) Interpreter.cpp:544 #195 0x118eb772f in js::fun_call(JSContext*, unsigned int, JS::Value*) jsfun.cpp:1179 #196 0x11965579f in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) jscntxtinlines.h:235 #197 0x1195fcf2c in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:480 #198 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #199 0x1195fdb1c in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) Interpreter.cpp:544 #200 0x11922daac in js::Wrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const Wrapper.cpp:163 #201 0x1191cb3a3 in js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const CrossCompartmentWrapper.cpp:309 #202 0x119204784 in js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) Proxy.cpp:399 #203 0x11920b8cf in js::proxy_Call(JSContext*, unsigned int, JS::Value*) Proxy.cpp:691 #204 0x11965579f in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) jscntxtinlines.h:235 #205 0x1195fcd9d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:468 #206 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #207 0x1195fd29c in js::CallFromStack(JSContext*, JS::CallArgs const&) Interpreter.cpp:531 #208 0x1195d9794 in Interpret(JSContext*, js::RunState&) Interpreter.cpp:2831 #209 0x1195b0451 in js::RunScript(JSContext*, js::RunState&) Interpreter.cpp:426 #210 0x1195fd060 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:498 #211 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #212 0x1195fdb1c in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) Interpreter.cpp:544 #213 0x11922daac in js::Wrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const Wrapper.cpp:163 #214 0x1191cb3a3 in js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const CrossCompartmentWrapper.cpp:309 #215 0x119204784 in js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) Proxy.cpp:399 #216 0x11920b8cf in js::proxy_Call(JSContext*, unsigned int, JS::Value*) Proxy.cpp:691 #217 0x11965579f in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) jscntxtinlines.h:235 #218 0x1195fcd9d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:468 #219 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #220 0x1195fd29c in js::CallFromStack(JSContext*, JS::CallArgs const&) Interpreter.cpp:531 #221 0x1195d9794 in Interpret(JSContext*, js::RunState&) Interpreter.cpp:2831 #222 0x1195b0451 in js::RunScript(JSContext*, js::RunState&) Interpreter.cpp:426 #223 0x1195fd060 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:498 #224 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #225 0x1195fdb1c in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) Interpreter.cpp:544 #226 0x11922daac in js::Wrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const Wrapper.cpp:163 #227 0x1191cb3a3 in js::CrossCompartmentWrapper::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) const CrossCompartmentWrapper.cpp:309 #228 0x119204784 in js::Proxy::call(JSContext*, JS::Handle<JSObject*>, JS::CallArgs const&) Proxy.cpp:399 #229 0x11920b8cf in js::proxy_Call(JSContext*, unsigned int, JS::Value*) Proxy.cpp:691 #230 0x11965579f in js::CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&) jscntxtinlines.h:235 #231 0x1195fcd9d in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) Interpreter.cpp:468 #232 0x1195fd756 in InternalCall(JSContext*, js::AnyInvokeArgs const&) Interpreter.cpp:525 #233 0x1195fdb1c in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) Interpreter.cpp:544 #234 0x118c400c7 in JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) jsapi.cpp:2864 #235 0x10998cfd9 in nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS*, unsigned short, XPTMethodDescriptor const*, nsXPTCMiniVariant*) XPCWrappedJSClass.cpp:1237 #236 0x109989d55 in nsXPCWrappedJS::CallMethod(unsigned short, XPTMethodDescriptor const*, nsXPTCMiniVariant*) XPCWrappedJS.cpp:602 #237 0x106cd7ca5 in PrepareAndDispatch xptcstubs_x86_64_darwin.cpp:122 #238 0x106cd5b5a in SharedStub (XUL+0x47cb5a) #239 0x106c5d06c in nsThread::ProcessNextEvent(bool, bool*) nsThread.cpp:991 #240 0x106da5425 in NS_ProcessNextEvent(nsIThread*, bool) nsThreadUtils.cpp:290 #241 0x106c5bdbc in nsThread::Shutdown() nsThread.cpp:807 #242 0x10b05e8f8 in ShutdownThreadEvent::Run() gfxFontInfoLoader.cpp:80 #243 0x106c5d06c in nsThread::ProcessNextEvent(bool, bool*) nsThread.cpp:991 #244 0x106da50d6 in NS_ProcessPendingEvents(nsIThread*, unsigned int) nsThreadUtils.cpp:232 #245 0x1117641c8 in nsBaseAppShell::NativeEventCallback() nsBaseAppShell.cpp:97 #246 0x1118e6f3c in nsAppShell::ProcessGeckoEvents(void*) nsAppShell.mm:387 #247 0x7fff8dbf5880 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (CoreFoundation+0xaa880) #248 0x7fff8dbd4fbb in __CFRunLoopDoSources0 (CoreFoundation+0x89fbb) #249 0x7fff8dbd44de in __CFRunLoopRun (CoreFoundation+0x894de) #250 0x7fff8dbd3ed7 in CFRunLoopRunSpecific (CoreFoundation+0x88ed7) #251 0x7fff97575934 in RunCurrentEventLoopInMode (HIToolbox+0x30934) #252 0x7fff9757576e in ReceiveNextEventCommon (HIToolbox+0x3076e) #253 0x7fff975755ae in _BlockUntilNextEventMatchingListInModeWithFilter (HIToolbox+0x305ae) #254 0x7fff8ec30ef9 in _DPSNextEvent (AppKit+0x48ef9) #255 0x7fff8ec30329 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (AppKit+0x48329) ==25790==ABORTING
Attached file fullbt.txt
bt all under lldb
Is this still as issue for anyone? I haven't encountered this in recent ASan builds that I've created. I'm
Summary: AddressSanitizer on Mac: stack-buffer-underflow (ffi_call_unix64, js::ctypes::FunctionType::Call) → AddressSanitizer crash on Mac: stack-buffer-underflow (ffi_call_unix64, js::ctypes::FunctionType::Call) ASan
Rather than building LLVM myself, I'm using the llvm binaries that come with Xcode 9 (the 10.13 SDK) and setting LLVM_SYMBOLIZER to the llvm-symbolizer installed by homebrew using: export LLVM_SYMBOLIZER="/usr/local/opt/llvm/bin/llvm-symbolizer"
Closing this as WFM because nobody has reported this happening for 2 years now. If this is incorrect, please reopen this bug.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: