It appears as bug#1294237 is occurring on the latest m-c asan build: * firefox-51.0a1 (asan) CRASHES <--- * firefox-51.0a1 (regular) NO CRASH * firefox-50.0a2 (asan) - NO CRASH * firefox-50.0a2 (regular) - NO CRASH * firefox-49.0 (asan) - NO CRASH * firefox-49.0 (regular) - NO CRASH I'm not sure if this is an actual issue, or an issue with the m-c asan build. I attempted to build asan myself on Ubuntu 16.04.1 LTS and couldn't reproduce the issue.. But whenever I download the latest version of m-c asan [1] [2], I run into this crash. [1] https://archive.mozilla.org/pub/firefox/tinderbox-builds/mozilla-central-linux64-asan/1470837316/ [2] https://tools.taskcluster.net/index/artifacts/#gecko.v2.mozilla-central.latest.firefox/gecko.v2.mozilla-central.latest.firefox.linux64-asan STR: * launch the latest version of m-c asan (used Ubuntu 16.04.1 LTS VM) * create a new container via "File -> New Container Tab" * load a website within the container tab and tear it off into it's own separate window Every tab that's currently opened will crash and asan will produce the following stack: ASAN:DEADLYSIGNAL ================================================================= ==7497==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fbd5051ea17 bp 0x7ffe9486af40 sp 0x7ffe9486ac80 T0) #0 0x7fbd5051ea16 in mozilla::dom::TabChild::RecvSwappedWithOtherRemoteLoader(mozilla::dom::IPCTabContext const&) /builds/slave/m-cen-l64-asan-000000000000000/build/src/dom/ipc/TabChild.cpp:2377:5 #1 0x7fbd5051eaac in non-virtual thunk to mozilla::dom::TabChild::RecvSwappedWithOtherRemoteLoader(mozilla::dom::IPCTabContext const&) /builds/slave/m-cen-l64-asan-000000000000000/build/src/dom/ipc/TabChild.cpp:2349:11 #2 0x7fbd4b8da258 in mozilla::dom::PBrowserChild::OnMessageReceived(IPC::Message const&) /builds/slave/m-cen-l64-asan-000000000000000/build/src/obj-firefox/ipc/ipdl/PBrowserChild.cpp:4845:20 #3 0x7fbd4ba5bedc in mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) /builds/slave/m-cen-l64-asan-000000000000000/build/src/obj-firefox/ipc/ipdl/PContentChild.cpp:7438:16 #4 0x7fbd4b1385a7 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) /builds/slave/m-cen-l64-asan-000000000000000/build/src/ipc/glue/MessageChannel.cpp:1662:14 #5 0x7fbd4b1353e6 in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /builds/slave/m-cen-l64-asan-000000000000000/build/src/ipc/glue/MessageChannel.cpp:1600:17 #6 0x7fbd4b1231b7 in mozilla::ipc::MessageChannel::OnMaybeDequeueOne() /builds/slave/m-cen-l64-asan-000000000000000/build/src/ipc/glue/MessageChannel.cpp:1567:5 #7 0x7fbd4b152ad2 in applyImpl<mozilla::ipc::MessageChannel, bool (mozilla::ipc::MessageChannel::*)()> /builds/slave/m-cen-l64-asan-000000000000000/build/src/obj-firefox/dist/include/nsThreadUtils.h:729:12 #8 0x7fbd4b152ad2 in apply<mozilla::ipc::MessageChannel, bool (mozilla::ipc::MessageChannel::*)()> /builds/slave/m-cen-l64-asan-000000000000000/build/src/obj-firefox/dist/include/nsThreadUtils.h:735 #9 0x7fbd4b152ad2 in mozilla::detail::RunnableMethodImpl<bool (mozilla::ipc::MessageChannel::*)(), false, true>::Run() /builds/slave/m-cen-l64-asan-000000000000000/build/src/obj-firefox/dist/include/nsThreadUtils.h:764 #10 0x7fbd4b1520bf in Run /builds/slave/m-cen-l64-asan-000000000000000/build/src/obj-firefox/dist/include/mozilla/ipc/MessageChannel.h:546:22 #11 0x7fbd4b1520bf in mozilla::ipc::MessageChannel::DequeueTask::Run() /builds/slave/m-cen-l64-asan-000000000000000/build/src/obj-firefox/dist/include/mozilla/ipc/MessageChannel.h:565 #12 0x7fbd4a3a32d6 in nsThread::ProcessNextEvent(bool, bool*) /builds/slave/m-cen-l64-asan-000000000000000/build/src/xpcom/threads/nsThread.cpp:1058:7 #13 0x7fbd4a42126c in NS_ProcessNextEvent(nsIThread*, bool) /builds/slave/m-cen-l64-asan-000000000000000/build/src/xpcom/glue/nsThreadUtils.cpp:290:10 #14 0x7fbd4b13f90f in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/slave/m-cen-l64-asan-000000000000000/build/src/ipc/glue/MessagePump.cpp:96:21 #15 0x7fbd4b0b4818 in RunInternal /builds/slave/m-cen-l64-asan-000000000000000/build/src/ipc/chromium/src/base/message_loop.cc:232:3 #16 0x7fbd4b0b4818 in RunHandler /builds/slave/m-cen-l64-asan-000000000000000/build/src/ipc/chromium/src/base/message_loop.cc:225 #17 0x7fbd4b0b4818 in MessageLoop::Run() /builds/slave/m-cen-l64-asan-000000000000000/build/src/ipc/chromium/src/base/message_loop.cc:205 #18 0x7fbd50bf678f in nsBaseAppShell::Run() /builds/slave/m-cen-l64-asan-000000000000000/build/src/widget/nsBaseAppShell.cpp:156:3 #19 0x7fbd52ca4c07 in XRE_RunAppShell /builds/slave/m-cen-l64-asan-000000000000000/build/src/toolkit/xre/nsEmbedFunctions.cpp:846:12 #20 0x7fbd4b0b4818 in RunInternal /builds/slave/m-cen-l64-asan-000000000000000/build/src/ipc/chromium/src/base/message_loop.cc:232:3 #21 0x7fbd4b0b4818 in RunHandler /builds/slave/m-cen-l64-asan-000000000000000/build/src/ipc/chromium/src/base/message_loop.cc:225 #22 0x7fbd4b0b4818 in MessageLoop::Run() /builds/slave/m-cen-l64-asan-000000000000000/build/src/ipc/chromium/src/base/message_loop.cc:205 #23 0x7fbd52ca42a3 in XRE_InitChildProcess /builds/slave/m-cen-l64-asan-000000000000000/build/src/toolkit/xre/nsEmbedFunctions.cpp:676:7 #24 0x4dfb2b in content_process_main /builds/slave/m-cen-l64-asan-000000000000000/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:197:19 #25 0x4dfb2b in main /builds/slave/m-cen-l64-asan-000000000000000/build/src/browser/app/nsBrowserApp.cpp:357 #26 0x7fbd6583c82f in __libc_start_main /build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291 #27 0x41ba08 in _start (/home/kjozwiak/Downloads/firefox/firefox-bin+0x41ba08) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /builds/slave/m-cen-l64-asan-000000000000000/build/src/dom/ipc/TabChild.cpp:2377:5 in mozilla::dom::TabChild::RecvSwappedWithOtherRemoteLoader(mozilla::dom::IPCTabContext const&) ==7497==ABORTING

Are you able to reproduce it in nightly? This seems old code...

(In reply to Kamil Jozwiak [:kjozwiak] from comment #0) > But whenever I download the latest version of m-c asan > [1] [2], I run into this crash. > > [1] > https://archive.mozilla.org/pub/firefox/tinderbox-builds/mozilla-central- > linux64-asan/1470837316/ That shows last-modified times from August 10th, and 1470837316 is Unix time for Wed Aug 10 13:55:16 2016 (UTC). > [2] > https://tools.taskcluster.net/index/artifacts/#gecko.v2.mozilla-central. > latest.firefox/gecko.v2.mozilla-central.latest.firefox.linux64-asan The artifacts linked there show a build ID of 20160809064620 which would also be a month old. This could be a duplicate of bug 1294237, but I wonder why that TC “latest” link goes to a month-old build.

> This could be a duplicate of bug 1294237, but I wonder why that TC “latest” > link goes to a month-old build. That's what I'm trying to figure out as well. For some reason, I can't find a reliable up to date source that has the latest m-c asan builds :/

As Jed mentioned in comment#2, I'm pretty sure this is a duplicate of bug#1294237. It looks like I was using asan builds that are a month old. Using the latest m-c source [1], I created an asan build and couldn't reproduce the crash. Jed, should I create a new bug regarding the TC “latest” link pointing to an older asan build? Perhaps m-c asan builds are broken? [1] changeset used: 938ce16be25f tip

Yes, please file a bug against TaskCluster. Even if it turns out to be just confusing UX or a bad link somewhere, they should know about it.

(In reply to Jed Davis [:jld] {⏰UTC-6} from comment #5) > Yes, please file a bug against TaskCluster. Even if it turns out to be just > confusing UX or a bad link somewhere, they should know about it. Thanks Jed, created bug#1301747.