Reduced with m-c: BuildID=20181210160334 SourceStamp=68151063d1c63ce445d67aa743a018d7f66fbb4d ==59895==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000a8 (pc 0x7fb04d5d5fea bp 0x7ffdc327e450 sp 0x7ffdc327e2a0 T0) ==59895==The signal is caused by a READ memory access. ==59895==Hint: address points to the zero page. #0 0x7fb04d5d5fe9 in Get src/obj-firefox/dist/include/PLDHashTable.h:327:32 #1 0x7fb04d5d5fe9 in PLDHashTable::Add(void const*, std::nothrow_t const&) src/xpcom/ds/PLDHashTable.cpp:514 #2 0x7fb04d5d6c3e in PLDHashTable::Add(void const*) src/xpcom/ds/PLDHashTable.cpp:572:28 #3 0x7fb0570dbe77 in mozilla::dom::WindowGlobalParent::Init(mozilla::dom::WindowGlobalInit const&) src/dom/ipc/WindowGlobalParent.cpp:68:21 #4 0x7fb04e9d1c81 in RecvPWindowGlobalConstructor src/ipc/glue/InProcessParent.cpp:21:45 #5 0x7fb04e9d1c81 in non-virtual thunk to mozilla::ipc::InProcessParent::RecvPWindowGlobalConstructor(mozilla::dom::PWindowGlobalParent*, mozilla::dom::WindowGlobalInit const&) src/ipc/glue/InProcessParent.cpp #6 0x7fb04f06aa59 in mozilla::ipc::PInProcessParent::OnMessageReceived(IPC::Message const&) src/obj-firefox/ipc/ipdl/PInProcessParent.cpp:157:20 #7 0x7fb04e9eef99 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2159:21 #8 0x7fb04e9ea91a in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:2086:9 #9 0x7fb04e9ecb21 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1935:3 #10 0x7fb04e9ed9e7 in mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1966:13 #11 0x7fb04d76b2f8 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1157:14 #12 0x7fb04d7740ad in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:468:10 #13 0x7fb04e9f83df in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:88:21 #14 0x7fb04e8eb20e in RunInternal src/ipc/chromium/src/base/message_loop.cc:314:10 #15 0x7fb04e8eb20e in RunHandler src/ipc/chromium/src/base/message_loop.cc:307 #16 0x7fb04e8eb20e in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:289 #17 0x7fb057ab7283 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27 #18 0x7fb05c240620 in nsAppStartup::Run() src/toolkit/components/startup/nsAppStartup.cpp:271:30 #19 0x7fb05c51b326 in XREMain::XRE_mainRun() src/toolkit/xre/nsAppRunner.cpp:4622:22 #20 0x7fb05c51de09 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:4760:8 #21 0x7fb05c51f8d3 in XRE_main(int, char**, mozilla::BootstrapConfig const&) src/toolkit/xre/nsAppRunner.cpp:4845:21 #22 0x5567f8d2f67c in do_main src/browser/app/nsBrowserApp.cpp:214:22 #23 0x5567f8d2f67c in main src/browser/app/nsBrowserApp.cpp:293 #24 0x7fb0716e982f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 #25 0x5567f8c54eec in _start (firefox+0x2deec)

WindowGlobalParent.cpp was added by Nika recently. She might want to take a look. :)

Hmm, it looks like there is some sort of race which is occuring here where the parent process no longer has a copy of the BrowsingContext instance by the point when the RecvPWindowGlobalConstructor call is received. This will probably be fixed by some future planned changes to BrowsingContext, but it's not quite there yet for sure. I'll probably try to see if I can easily reproduce this locally to do more testing to see exactly what is causing these events to occur out-of-order.