https://treeherder.mozilla.org/logviewer.html#?job_id=163498116&repo=try [task 2018-02-21T19:11:40.315Z] 19:11:40 INFO - TEST-START | dom/media/tests/mochitest/test_getUserMedia_basicTabshare.html [task 2018-02-21T19:11:40.597Z] 19:11:40 INFO - GECKO(2840) | TEST DEVICES: Using media devices: [task 2018-02-21T19:11:40.597Z] 19:11:40 INFO - GECKO(2840) | audio: Monitor of Null Output [task 2018-02-21T19:11:40.597Z] 19:11:40 INFO - GECKO(2840) | video: Dummy video device (0x0000) [task 2018-02-21T19:11:40.869Z] 19:11:40 INFO - GECKO(2840) | ================================================================= [task 2018-02-21T19:11:40.871Z] 19:11:40 ERROR - GECKO(2840) | ==2890==ERROR: AddressSanitizer: heap-use-after-free on address 0x7fea6056e800 at pc 0x0000004c0ef9 bp 0x7fea5ffa0490 sp 0x7fea5ff9fc40 [task 2018-02-21T19:11:40.872Z] 19:11:40 INFO - GECKO(2840) | READ of size 2000 at 0x7fea6056e800 thread T13 (ImageBr~geChild) [task 2018-02-21T19:11:40.998Z] 19:11:40 INFO - GECKO(2840) | #0 0x4c0ef8 in __asan_memcpy /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cc:23:3 [task 2018-02-21T19:11:41.560Z] 19:11:41 INFO - GECKO(2840) | #1 0x7fea6e99c039 in mozilla::layers::BufferTextureData::UpdateFromSurface(mozilla::gfx::SourceSurface*) /builds/worker/workspace/build/src/gfx/layers/BufferTexture.cpp:442:5 [task 2018-02-21T19:11:41.582Z] 19:11:41 INFO - GECKO(2840) | #2 0x7fea6ebd86cf in mozilla::layers::TextureClient::UpdateFromSurface(mozilla::gfx::SourceSurface*) /builds/worker/workspace/build/src/gfx/layers/client/TextureClient.cpp:644:14 [task 2018-02-21T19:11:41.582Z] 19:11:41 INFO - GECKO(2840) | #3 0x7fea6ebb7955 in mozilla::layers::TextureClient::CreateFromSurface(mozilla::layers::KnowsCompositor*, mozilla::gfx::SourceSurface*, mozilla::layers::BackendSelector, mozilla::layers::TextureFlags, mozilla::layers::TextureAllocationFlags) /builds/worker/workspace/build/src/gfx/layers/client/TextureClient.cpp:1206:11 [task 2018-02-21T19:11:41.590Z] 19:11:41 INFO - GECKO(2840) | #4 0x7fea6e8f3e20 in mozilla::layers::SourceSurfaceImage::GetTextureClient(mozilla::layers::KnowsCompositor*) /builds/worker/workspace/build/src/gfx/layers/ImageContainer.cpp:852:7 [task 2018-02-21T19:11:41.591Z] 19:11:41 INFO - GECKO(2840) | #5 0x7fea6ebc88c6 in mozilla::layers::ImageClientSingle::UpdateImage(mozilla::layers::ImageContainer*, unsigned int) /builds/worker/workspace/build/src/gfx/layers/client/ImageClient.cpp:202:44 [task 2018-02-21T19:11:41.616Z] 19:11:41 INFO - GECKO(2840) | #6 0x7fea6ecdc3c4 in mozilla::layers::ImageBridgeChild::UpdateImageClient(RefPtr<mozilla::layers::ImageContainer>) /builds/worker/workspace/build/src/gfx/layers/ipc/ImageBridgeChild.cpp:389:11 [task 2018-02-21T19:11:41.616Z] 19:11:41 INFO - GECKO(2840) | #7 0x7fea6ed20de3 in apply<RefPtr<mozilla::layers::ImageBridgeChild>, void (mozilla::layers::ImageBridgeChild::*)(RefPtr<mozilla::layers::ImageContainer>), RefPtr<mozilla::layers::ImageContainer> , 0> /builds/worker/workspace/build/src/obj-firefox/dist/include/mtransport/runnable_utils.h:85:5 [task 2018-02-21T19:11:41.616Z] 19:11:41 INFO - GECKO(2840) | #8 0x7fea6ed20de3 in mozilla::runnable_args_memfn<RefPtr<mozilla::layers::ImageBridgeChild>, void (mozilla::layers::ImageBridgeChild::*)(RefPtr<mozilla::layers::ImageContainer>), RefPtr<mozilla::layers::ImageContainer> >::Run() /builds/worker/workspace/build/src/obj-firefox/dist/include/mtransport/runnable_utils.h:155 [task 2018-02-21T19:11:41.632Z] 19:11:41 INFO - GECKO(2840) | #9 0x7fea6d3026b3 in RunTask /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:452:9 [task 2018-02-21T19:11:41.632Z] 19:11:41 INFO - GECKO(2840) | #10 0x7fea6d3026b3 in DeferOrRunPendingTask /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:460 [task 2018-02-21T19:11:41.634Z] 19:11:41 INFO - GECKO(2840) | #11 0x7fea6d3026b3 in MessageLoop::DoWork() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:535 [task 2018-02-21T19:11:41.635Z] 19:11:41 INFO - GECKO(2840) | #12 0x7fea6d304628 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/chromium/src/base/message_pump_default.cc:36:31 [task 2018-02-21T19:11:41.636Z] 19:11:41 INFO - GECKO(2840) | #13 0x7fea6d2ffa99 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10 [task 2018-02-21T19:11:41.638Z] 19:11:41 INFO - GECKO(2840) | #14 0x7fea6d2ffa99 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:319 [task 2018-02-21T19:11:41.639Z] 19:11:41 INFO - GECKO(2840) | #15 0x7fea6d2ffa99 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299 [task 2018-02-21T19:11:41.641Z] 19:11:41 INFO - GECKO(2840) | #16 0x7fea6d31e8af in base::Thread::ThreadMain() /builds/worker/workspace/build/src/ipc/chromium/src/base/thread.cc:181:16 [task 2018-02-21T19:11:41.642Z] 19:11:41 INFO - GECKO(2840) | #17 0x7fea6d31040c in ThreadFunc(void*) /builds/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:38:13 [task 2018-02-21T19:11:41.643Z] 19:11:41 INFO - GECKO(2840) | #18 0x7fea8c1c96b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9) [task 2018-02-21T19:11:41.721Z] 19:11:41 INFO - GECKO(2840) | #19 0x7fea8b25241c in clone /build/glibc-Cl5G7W/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109 [task 2018-02-21T19:11:41.721Z] 19:11:41 INFO - GECKO(2840) | 0x7fea6056e800 is located 0 bytes inside of 600000-byte region [0x7fea6056e800,0x7fea60600fc0) [task 2018-02-21T19:11:41.722Z] 19:11:41 INFO - GECKO(2840) | freed by thread T0 (Web Content) here: [task 2018-02-21T19:11:41.722Z] 19:11:41 INFO - GECKO(2840) | #0 0x4c1952 in __interceptor_free /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:68:3 [task 2018-02-21T19:11:41.742Z] 19:11:41 INFO - GECKO(2840) | #1 0x7fea72d1c7ed in mozilla::MediaEngineTabVideoSource::~MediaEngineTabVideoSource() /builds/worker/workspace/build/src/dom/media/webrtc/MediaEngineTabVideoSource.h:107:32 [task 2018-02-21T19:11:41.786Z] 19:11:41 INFO - GECKO(2840) | #2 0x7fea726aa416 in Release /builds/worker/workspace/build/src/obj-firefox/dist/include/MediaEngineSource.h:254:3 [task 2018-02-21T19:11:41.787Z] 19:11:41 INFO - GECKO(2840) | #3 0x7fea726aa416 in Release /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:41 [task 2018-02-21T19:11:41.788Z] 19:11:41 INFO - GECKO(2840) | #4 0x7fea726aa416 in Release /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:398 [task 2018-02-21T19:11:41.788Z] 19:11:41 INFO - GECKO(2840) | #5 0x7fea726aa416 in ~RefPtr /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:79 [task 2018-02-21T19:11:41.789Z] 19:11:41 INFO - GECKO(2840) | #6 0x7fea726aa416 in mozilla::MediaDevice::~MediaDevice() /builds/worker/workspace/build/src/dom/media/MediaManager.h:104 [task 2018-02-21T19:11:41.790Z] 19:11:41 INFO - GECKO(2840) | #7 0x7fea726aa57d in mozilla::MediaDevice::~MediaDevice() /builds/worker/workspace/build/src/dom/media/MediaManager.h:104:34 [task 2018-02-21T19:11:41.791Z] 19:11:41 INFO - GECKO(2840) | #8 0x7fea72673cdc in mozilla::MediaDevice::Release() /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:808:1 [task 2018-02-21T19:11:41.792Z] 19:11:41 INFO - GECKO(2840) | #9 0x7fea726ac2e9 in Release /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:41:11 [task 2018-02-21T19:11:41.793Z] 19:11:41 INFO - GECKO(2840) | #10 0x7fea726ac2e9 in Release /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:398 [task 2018-02-21T19:11:41.794Z] 19:11:41 INFO - GECKO(2840) | #11 0x7fea726ac2e9 in ~RefPtr /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:79 [task 2018-02-21T19:11:41.795Z] 19:11:41 INFO - GECKO(2840) | #12 0x7fea726ac2e9 in ~DeviceState /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:156 [task 2018-02-21T19:11:41.796Z] 19:11:41 INFO - GECKO(2840) | #13 0x7fea726ac2e9 in operator() /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/UniquePtr.h:528 [task 2018-02-21T19:11:41.797Z] 19:11:41 INFO - GECKO(2840) | #14 0x7fea726ac2e9 in reset /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/UniquePtr.h:343 [task 2018-02-21T19:11:41.803Z] 19:11:41 INFO - GECKO(2840) | #15 0x7fea726ac2e9 in ~UniquePtr /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/UniquePtr.h:288 [task 2018-02-21T19:11:41.804Z] 19:11:41 INFO - GECKO(2840) | #16 0x7fea726ac2e9 in mozilla::SourceListener::~SourceListener() /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:435 [task 2018-02-21T19:11:41.806Z] 19:11:41 INFO - GECKO(2840) | #17 0x7fea726ac5bd in mozilla::SourceListener::~SourceListener() /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:435:37 [task 2018-02-21T19:11:41.807Z] 19:11:41 INFO - GECKO(2840) | #18 0x7fea726b02a0 in DeleteToBeCalledOnMainThread /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:243:3 [task 2018-02-21T19:11:41.810Z] 19:11:41 INFO - GECKO(2840) | #19 0x7fea726b02a0 in Release /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:243 [task 2018-02-21T19:11:41.812Z] 19:11:41 INFO - GECKO(2840) | #20 0x7fea726b02a0 in Release /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:41 [task 2018-02-21T19:11:41.813Z] 19:11:41 INFO - GECKO(2840) | #21 0x7fea726b02a0 in Release /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:398 [task 2018-02-21T19:11:41.814Z] 19:11:41 INFO - GECKO(2840) | #22 0x7fea726b02a0 in assign_assuming_AddRef /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:66 [task 2018-02-21T19:11:41.815Z] 19:11:41 INFO - GECKO(2840) | #23 0x7fea726b02a0 in operator= /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:168 [task 2018-02-21T19:11:41.817Z] 19:11:41 INFO - GECKO(2840) | #24 0x7fea726b02a0 in Revoke /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:747 [task 2018-02-21T19:11:41.818Z] 19:11:41 INFO - GECKO(2840) | #25 0x7fea726b02a0 in Revoke /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:1216 [task 2018-02-21T19:11:41.819Z] 19:11:41 INFO - GECKO(2840) | #26 0x7fea726b02a0 in ~RunnableMethodImpl /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:1174 [task 2018-02-21T19:11:41.821Z] 19:11:41 INFO - GECKO(2840) | #27 0x7fea726b02a0 in mozilla::detail::RunnableMethodImpl<RefPtr<mozilla::SourceListener>, void (mozilla::SourceListener::*)(), true, (mozilla::RunnableKind)0>::~RunnableMethodImpl() /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:1174 [task 2018-02-21T19:11:41.822Z] 19:11:41 INFO - GECKO(2840) | #28 0x7fea6c531ecc in mozilla::Runnable::Release() /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:47:1 [task 2018-02-21T19:11:41.839Z] 19:11:41 INFO - GECKO(2840) | #29 0x7fea6c51b049 in ~nsCOMPtr_base /builds/worker/workspace/build/src/obj-firefox/dist/include/nsCOMPtr.h:313:7 [task 2018-02-21T19:11:41.840Z] 19:11:41 INFO - GECKO(2840) | #30 0x7fea6c51b049 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1046 [task 2018-02-21T19:11:41.840Z] 19:11:41 INFO - GECKO(2840) | #31 0x7fea6c535650 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:517:10 [task 2018-02-21T19:11:41.856Z] 19:11:41 INFO - GECKO(2840) | #32 0x7fea6d3a993a in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:97:21 [task 2018-02-21T19:11:41.857Z] 19:11:41 INFO - GECKO(2840) | #33 0x7fea6d2ffa99 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10 [task 2018-02-21T19:11:41.858Z] 19:11:41 INFO - GECKO(2840) | #34 0x7fea6d2ffa99 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:319 [task 2018-02-21T19:11:41.858Z] 19:11:41 INFO - GECKO(2840) | #35 0x7fea6d2ffa99 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299 [task 2018-02-21T19:11:41.878Z] 19:11:41 INFO - GECKO(2840) | #36 0x7fea73b21d0a in nsBaseAppShell::Run() /builds/worker/workspace/build/src/widget/nsBaseAppShell.cpp:157:27 [task 2018-02-21T19:11:41.878Z] 19:11:41 INFO - GECKO(2840) | #37 0x7fea7763fe6b in XRE_RunAppShell() /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:892:22 [task 2018-02-21T19:11:41.878Z] 19:11:41 INFO - GECKO(2840) | #38 0x7fea6d2ffa99 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10 [task 2018-02-21T19:11:41.878Z] 19:11:41 INFO - GECKO(2840) | #39 0x7fea6d2ffa99 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:319 [task 2018-02-21T19:11:41.879Z] 19:11:41 INFO - GECKO(2840) | #40 0x7fea6d2ffa99 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299 [task 2018-02-21T19:11:41.879Z] 19:11:41 INFO - GECKO(2840) | #41 0x7fea7763f84a in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:718:34 [task 2018-02-21T19:11:41.879Z] 19:11:41 INFO - GECKO(2840) | #42 0x4f1875 in content_process_main /builds/worker/workspace/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:63:30 [task 2018-02-21T19:11:41.879Z] 19:11:41 INFO - GECKO(2840) | #43 0x4f1875 in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:280 [task 2018-02-21T19:11:41.879Z] 19:11:41 INFO - GECKO(2840) | #44 0x7fea8b16b82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 [task 2018-02-21T19:11:41.880Z] 19:11:41 INFO - GECKO(2840) | previously allocated by thread T0 (Web Content) here: [task 2018-02-21T19:11:41.880Z] 19:11:41 INFO - GECKO(2840) | #0 0x4c1c93 in malloc /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88:3 [task 2018-02-21T19:11:41.881Z] 19:11:41 INFO - GECKO(2840) | #1 0x7fea72cefac1 in operator new[] /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/mozalloc.h:177:12 [task 2018-02-21T19:11:41.883Z] 19:11:41 INFO - GECKO(2840) | #2 0x7fea72cefac1 in MakeUniqueFallible<unsigned char []> /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/UniquePtrExtensions.h:33 [task 2018-02-21T19:11:41.885Z] 19:11:41 INFO - GECKO(2840) | #3 0x7fea72cefac1 in mozilla::MediaEngineTabVideoSource::Draw() /builds/worker/workspace/build/src/dom/media/webrtc/MediaEngineTabVideoSource.cpp:338 [task 2018-02-21T19:11:41.886Z] 19:11:41 INFO - GECKO(2840) | #4 0x7fea72cef44a in mozilla::MediaEngineTabVideoSource::StartRunnable::Run() /builds/worker/workspace/build/src/dom/media/webrtc/MediaEngineTabVideoSource.cpp:41:17 [task 2018-02-21T19:11:41.888Z] 19:11:41 INFO - GECKO(2840) | #5 0x7fea72cf13e1 in mozilla::MediaEngineTabVideoSource::InitRunnable::Run() /builds/worker/workspace/build/src/dom/media/webrtc/MediaEngineTabVideoSource.cpp:104:10 [task 2018-02-21T19:11:41.890Z] 19:11:41 INFO - GECKO(2840) | #6 0x7fea6c51afd0 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1040:14 [task 2018-02-21T19:11:41.892Z] 19:11:41 INFO - GECKO(2840) | #7 0x7fea6c535650 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:517:10 [task 2018-02-21T19:11:41.894Z] 19:11:41 INFO - GECKO(2840) | #8 0x7fea6d3a993a in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:97:21 [task 2018-02-21T19:11:41.896Z] 19:11:41 INFO - GECKO(2840) | #9 0x7fea6d2ffa99 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10 [task 2018-02-21T19:11:41.897Z] 19:11:41 INFO - GECKO(2840) | #10 0x7fea6d2ffa99 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:319 [task 2018-02-21T19:11:41.899Z] 19:11:41 INFO - GECKO(2840) | #11 0x7fea6d2ffa99 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299 [task 2018-02-21T19:11:41.900Z] 19:11:41 INFO - GECKO(2840) | #12 0x7fea73b21d0a in nsBaseAppShell::Run() /builds/worker/workspace/build/src/widget/nsBaseAppShell.cpp:157:27 [task 2018-02-21T19:11:41.902Z] 19:11:41 INFO - GECKO(2840) | #13 0x7fea7763fe6b in XRE_RunAppShell() /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:892:22 [task 2018-02-21T19:11:41.903Z] 19:11:41 INFO - GECKO(2840) | #14 0x7fea6d2ffa99 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10 [task 2018-02-21T19:11:41.904Z] 19:11:41 INFO - GECKO(2840) | #15 0x7fea6d2ffa99 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:319 [task 2018-02-21T19:11:41.905Z] 19:11:41 INFO - GECKO(2840) | #16 0x7fea6d2ffa99 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299 [task 2018-02-21T19:11:41.906Z] 19:11:41 INFO - GECKO(2840) | #17 0x7fea7763f84a in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:718:34 [task 2018-02-21T19:11:41.908Z] 19:11:41 INFO - GECKO(2840) | #18 0x4f1875 in content_process_main /builds/worker/workspace/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:63:30 [task 2018-02-21T19:11:41.909Z] 19:11:41 INFO - GECKO(2840) | #19 0x4f1875 in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:280 [task 2018-02-21T19:11:41.910Z] 19:11:41 INFO - GECKO(2840) | #20 0x7fea8b16b82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 [task 2018-02-21T19:11:41.912Z] 19:11:41 INFO - GECKO(2840) | Thread T13 (ImageBr~geChild) created by T0 (Web Content) here: [task 2018-02-21T19:11:41.929Z] 19:11:41 INFO - GECKO(2840) | #0 0x4aafed in __interceptor_pthread_create /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:204:3 [task 2018-02-21T19:11:41.930Z] 19:11:41 INFO - GECKO(2840) | #1 0x7fea6d30dd6f in CreateThread /builds/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:135:14 [task 2018-02-21T19:11:41.930Z] 19:11:41 INFO - GECKO(2840) | #2 0x7fea6d30dd6f in PlatformThread::Create(unsigned long, PlatformThread::Delegate*, unsigned long*) /builds/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:146 [task 2018-02-21T19:11:41.931Z] 19:11:41 INFO - GECKO(2840) | #3 0x7fea6d31e24f in base::Thread::StartWithOptions(base::Thread::Options const&) /builds/worker/workspace/build/src/ipc/chromium/src/base/thread.cc:99:8 [task 2018-02-21T19:11:41.933Z] 19:11:41 INFO - GECKO(2840) | #4 0x7fea6d31dfcf in base::Thread::Start() /builds/worker/workspace/build/src/ipc/chromium/src/base/thread.cc:88:10 [task 2018-02-21T19:11:41.937Z] 19:11:41 INFO - GECKO(2840) | #5 0x7fea6ecdede5 in mozilla::layers::ImageBridgeChild::InitForContent(mozilla::ipc::Endpoint<mozilla::layers::PImageBridgeChild>&&, unsigned int) /builds/worker/workspace/build/src/gfx/layers/ipc/ImageBridgeChild.cpp:542:45 [task 2018-02-21T19:11:41.955Z] 19:11:41 INFO - GECKO(2840) | #6 0x7fea7337a749 in mozilla::dom::ContentChild::RecvInitRendering(mozilla::ipc::Endpoint<mozilla::layers::PCompositorManagerChild>&&, mozilla::ipc::Endpoint<mozilla::layers::PImageBridgeChild>&&, mozilla::ipc::Endpoint<mozilla::gfx::PVRManagerChild>&&, mozilla::ipc::Endpoint<mozilla::dom::PVideoDecoderManagerChild>&&, nsTArray<unsigned int>&&) /builds/worker/workspace/build/src/dom/ipc/ContentChild.cpp:1361:8 [task 2018-02-21T19:11:42.072Z] 19:11:42 INFO - GECKO(2840) | #7 0x7fea6dc25c1d in mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/build/src/obj-firefox/ipc/ipdl/PContentChild.cpp:5429:20 [task 2018-02-21T19:11:42.073Z] 19:11:42 INFO - GECKO(2840) | #8 0x7fea6d3a1b3e in mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:2110:25 [task 2018-02-21T19:11:42.074Z] 19:11:42 INFO - GECKO(2840) | #9 0x7fea6d39ebb7 in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:2040:17 [task 2018-02-21T19:11:42.075Z] 19:11:42 INFO - GECKO(2840) | #10 0x7fea6d3a02bc in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:1886:5 [task 2018-02-21T19:11:42.076Z] 19:11:42 INFO - GECKO(2840) | #11 0x7fea6d3a0918 in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/workspace/build/src/ipc/glue/MessageChannel.cpp:1919:15 [task 2018-02-21T19:11:42.077Z] 19:11:42 INFO - GECKO(2840) | #12 0x7fea6c51afd0 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1040:14 [task 2018-02-21T19:11:42.078Z] 19:11:42 INFO - GECKO(2840) | #13 0x7fea6c535650 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:517:10 [task 2018-02-21T19:11:42.079Z] 19:11:42 INFO - GECKO(2840) | #14 0x7fea6d3a993a in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:97:21 [task 2018-02-21T19:11:42.080Z] 19:11:42 INFO - GECKO(2840) | #15 0x7fea6d2ffa99 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10 [task 2018-02-21T19:11:42.081Z] 19:11:42 INFO - GECKO(2840) | #16 0x7fea6d2ffa99 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:319 [task 2018-02-21T19:11:42.082Z] 19:11:42 INFO - GECKO(2840) | #17 0x7fea6d2ffa99 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299 [task 2018-02-21T19:11:42.084Z] 19:11:42 INFO - GECKO(2840) | #18 0x7fea73b21d0a in nsBaseAppShell::Run() /builds/worker/workspace/build/src/widget/nsBaseAppShell.cpp:157:27 [task 2018-02-21T19:11:42.085Z] 19:11:42 INFO - GECKO(2840) | #19 0x7fea7763fe6b in XRE_RunAppShell() /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:892:22 [task 2018-02-21T19:11:42.086Z] 19:11:42 INFO - GECKO(2840) | #20 0x7fea6d2ffa99 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:326:10 [task 2018-02-21T19:11:42.086Z] 19:11:42 INFO - GECKO(2840) | #21 0x7fea6d2ffa99 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:319 [task 2018-02-21T19:11:42.087Z] 19:11:42 INFO - GECKO(2840) | #22 0x7fea6d2ffa99 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:299 [task 2018-02-21T19:11:42.087Z] 19:11:42 INFO - GECKO(2840) | #23 0x7fea7763f84a in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:718:34 [task 2018-02-21T19:11:42.088Z] 19:11:42 INFO - GECKO(2840) | #24 0x4f1875 in content_process_main /builds/worker/workspace/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:63:30 [task 2018-02-21T19:11:42.088Z] 19:11:42 INFO - GECKO(2840) | #25 0x4f1875 in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:280 [task 2018-02-21T19:11:42.090Z] 19:11:42 INFO - GECKO(2840) | #26 0x7fea8b16b82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 [task 2018-02-21T19:11:42.091Z] 19:11:42 INFO - GECKO(2840) | SUMMARY: AddressSanitizer: heap-use-after-free /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cc:23:3 in __asan_memcpy [task 2018-02-21T19:11:42.092Z] 19:11:42 INFO - GECKO(2840) | Shadow bytes around the buggy address: [task 2018-02-21T19:11:42.093Z] 19:11:42 INFO - GECKO(2840) | 0x0ffdcc0a5cb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa [task 2018-02-21T19:11:42.097Z] 19:11:42 INFO - GECKO(2840) | 0x0ffdcc0a5cc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa [task 2018-02-21T19:11:42.097Z] 19:11:42 INFO - GECKO(2840) | 0x0ffdcc0a5cd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa [task 2018-02-21T19:11:42.097Z] 19:11:42 INFO - GECKO(2840) | 0x0ffdcc0a5ce0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa [task 2018-02-21T19:11:42.099Z] 19:11:42 INFO - GECKO(2840) | 0x0ffdcc0a5cf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa [task 2018-02-21T19:11:42.100Z] 19:11:42 INFO - GECKO(2840) | =>0x0ffdcc0a5d00:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd [task 2018-02-21T19:11:42.101Z] 19:11:42 INFO - GECKO(2840) | 0x0ffdcc0a5d10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd [task 2018-02-21T19:11:42.105Z] 19:11:42 INFO - GECKO(2840) | 0x0ffdcc0a5d20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd [task 2018-02-21T19:11:42.105Z] 19:11:42 INFO - GECKO(2840) | 0x0ffdcc0a5d30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd [task 2018-02-21T19:11:42.105Z] 19:11:42 INFO - GECKO(2840) | 0x0ffdcc0a5d40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd [task 2018-02-21T19:11:42.105Z] 19:11:42 INFO - GECKO(2840) | 0x0ffdcc0a5d50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd [task 2018-02-21T19:11:42.105Z] 19:11:42 INFO - GECKO(2840) | Shadow byte legend (one shadow byte represents 8 application bytes): [task 2018-02-21T19:11:42.106Z] 19:11:42 INFO - GECKO(2840) | Addressable: 00 [task 2018-02-21T19:11:42.107Z] 19:11:42 INFO - GECKO(2840) | Partially addressable: 01 02 03 04 05 06 07 [task 2018-02-21T19:11:42.108Z] 19:11:42 INFO - GECKO(2840) | Heap left redzone: fa [task 2018-02-21T19:11:42.109Z] 19:11:42 INFO - GECKO(2840) | Freed heap region: fd [task 2018-02-21T19:11:42.111Z] 19:11:42 INFO - GECKO(2840) | Stack left redzone: f1 [task 2018-02-21T19:11:42.111Z] 19:11:42 INFO - GECKO(2840) | Stack mid redzone: f2 [task 2018-02-21T19:11:42.114Z] 19:11:42 INFO - GECKO(2840) | Stack right redzone: f3 [task 2018-02-21T19:11:42.115Z] 19:11:42 INFO - GECKO(2840) | Stack after return: f5 [task 2018-02-21T19:11:42.115Z] 19:11:42 INFO - GECKO(2840) | Stack use after scope: f8 [task 2018-02-21T19:11:42.116Z] 19:11:42 INFO - GECKO(2840) | Global redzone: f9 [task 2018-02-21T19:11:42.118Z] 19:11:42 INFO - GECKO(2840) | Global init order: f6 [task 2018-02-21T19:11:42.118Z] 19:11:42 INFO - GECKO(2840) | Poisoned by user: f7 [task 2018-02-21T19:11:42.120Z] 19:11:42 INFO - GECKO(2840) | Container overflow: fc [task 2018-02-21T19:11:42.121Z] 19:11:42 INFO - GECKO(2840) | Array cookie: ac [task 2018-02-21T19:11:42.123Z] 19:11:42 INFO - GECKO(2840) | Intra object redzone: bb [task 2018-02-21T19:11:42.124Z] 19:11:42 INFO - GECKO(2840) | ASan internal: fe [task 2018-02-21T19:11:42.125Z] 19:11:42 INFO - GECKO(2840) | Left alloca redzone: ca [task 2018-02-21T19:11:42.126Z] 19:11:42 INFO - GECKO(2840) | Right alloca redzone: cb [task 2018-02-21T19:11:42.127Z] 19:11:42 INFO - GECKO(2840) | ==2890==ABORTING [task 2018-02-21T19:11:42.168Z] 19:11:42 INFO - GECKO(2840) | ###!!! [Parent][MessageChannel] Error: (msgtype=0x150081,name=PBrowser::Msg_Destroy) Channel error: cannot send/recv [task 2018-02-21T19:17:52.170Z] 19:17:52 INFO - Buffered messages logged at 19:11:40 [task 2018-02-21T19:17:52.171Z] 19:17:52 INFO - TEST-PASS | dom/media/tests/mochitest/test_getUserMedia_basicTabshare.html | A valid string reason is expected

TabVideoSource (which is basically not used at the moment due to security and UI reasons) has a RefPtr<layers::SourceSurfaceImage> mImage, which I presume held the image that we UAF'd on in the compositor (given the de-allocation point)... I'd have presumed that handing something off to a media element (video.srcObject = tabMediaStream) and compositing it would hold refs to the image... We pass the image to the mediastreamgraph in ::Pull() by RefPtr<layers::Image> image; ... image = mImage; ... aStream->AppendToTrack(image.forget()...) -- so we're passing an image with a ref.

Jeff any thoughts on next steps?

Sotaro any hunches?

As in Comment 1, SourceSurfaceImage seemed to be created by TabVideoSource. It might be possible that SourceSurfaceImage is valid, but its data became invalid. SourceSurfaceImage seemed to hold SourceSurfaceSkia as SourceSurface. There might be a possiblity that SourceSurfaceSkia hold already destroyed data like Bug 1416862.

IIRC Tab sharing is (not longer) exposed to anything (and before that is was only exposed to (trusted) Hello code)- correct?

By default it is not exposed. The functionality can be exposed to content in getUserMedia by setting the "media.getusermedia.browser.enabled" pref. Doing so exposes the functionality through the {mediaSource:"browser"} constraint to regular web content. The only limitation is web content would have to guess window ids to share a tab different from its own (we never added UI for this since the Hello app was the sole user and handled that part itself).

Adding Jessie (new graphics engineering manager) to all sec-crit and sec-high graphics bugs