stylo: Crash when accessing URI off main thread in nsStyleImageLayers::Layer::CalcDifference

RESOLVED DUPLICATE of bug 1354772

Status

()

RESOLVED DUPLICATE of bug 1354772
2 years ago
2 years ago

People

(Reporter: erahm, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(firefox55 affected)

Details

This is pretty much an insta-crash for on on OSX. STR:

Update to central as of April 10, 2017:

> [ericrahm@erahm-25043 ~/dev/mozilla-central]$ hg tip
> changeset:   352134:b1364675bdf5
> tag:         tip
> fxtree:      central
> user:        ffxbld
> date:        Mon Apr 10 07:41:09 2017 -0700
> summary:     No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update

Build:

> ./mach build

Run:

> ./mach run https://en.wikipedia.org/wiki/Barack_Obama --disable-e10s

Failure and backtrace:

>  0:00.24 /Users/ericrahm/dev/mozilla-central/obj-x86_64-apple-darwin16.4.0-release-stylo/dist/Nightly.app/Contents/MacOS/firefox https://en.wikipedia.org/wiki/Barack_Obama -no-remote -foreground -profile /Users/ericrahm/dev/mozilla-central/obj-x86_64-apple-darwin16.4.0-release-stylo/tmp/scratch_user
> [ericrahm@erahm-25043 ~/dev/mozilla-central]$ ./mach run --debug https://en.wikipedia.org/wiki/Barack_Obama --disable-e10s
>  0:01.89 /Applications/Xcode.app/Contents/Developer/usr/bin/lldb -- /Users/ericrahm/dev/mozilla-central/obj-x86_64-apple-darwin16.4.0-release-stylo/dist/Nightly.app/Contents/MacOS/firefox https://en.wikipedia.org/wiki/Barack_Obama -no-remote -foreground -profile /Users/ericrahm/dev/mozilla-central/obj-x86_64-apple-darwin16.4.0-release-stylo/tmp/scratch_user
> There is a .lldbinit file in the current directory which is not being read.              
> To silence this warning without sourcing in the local .lldbinit,                         
> add the following to the lldbinit file in your home directory:
>     settings set target.load-cwd-lldbinit false
> To allow lldb to source .lldbinit files in the current working directory,
> set the value of this variable to true.  Only do so if you understand and
> accept the security risk.
> (lldb) target create "/Users/ericrahm/dev/mozilla-central/obj-x86_64-apple-darwin16.4.0-release-stylo/dist/Nightly.app/Contents/MacOS/firefox"
> Current executable set to '/Users/ericrahm/dev/mozilla-central/obj-x86_64-apple-darwin16.4.0-release-stylo/dist/Nightly.app/Contents/MacOS/firefox' (x86_64).
> (lldb) settings set -- target.run-args  "https://en.wikipedia.org/wiki/Barack_Obama" "-no-remote" "-foreground" "-profile" "/Users/ericrahm/dev/mozilla-central/obj-x86_64-apple-darwin16.4.0-release-stylo/tmp/scratch_user"
> (lldb) run
> Process 59352 launched: '/Users/ericrahm/dev/mozilla-central/obj-x86_64-apple-darwin16.4.0-release-stylo/dist/Nightly.app/Contents/MacOS/firefox' (x86_64)
> 2017-04-10 15:54:37.345224 firefox[59352:10134758] WARNING: The Gestalt selector gestaltSystemVersion is returning 10.9.3 instead of 10.12.3. This is not a bug in Gestalt -- it is a documented limitation. Use NSProcessInfo's operatingSystemVersion property to get correct system version number.
> Call location:
> 2017-04-10 15:54:37.349586 firefox[59352:10134758] 0   CarbonCore                          0x00007fffbd3d81e1 ___Gestalt_SystemVersion_block_invoke + 121
> 2017-04-10 15:54:37.349618 firefox[59352:10134758] 1   libdispatch.dylib                   0x00007fffd19f00b8 _dispatch_client_callout + 8
> 2017-04-10 15:54:37.349626 firefox[59352:10134758] 2   libdispatch.dylib                   0x00007fffd19f0075 dispatch_once_f + 38
> 2017-04-10 15:54:37.349633 firefox[59352:10134758] 3   CarbonCore                          0x00007fffbd366272 _Gestalt_SystemVersion + 976
> 2017-04-10 15:54:37.349639 firefox[59352:10134758] 4   CarbonCore                          0x00007fffbd365a8d Gestalt + 139
> 2017-04-10 15:54:37.349646 firefox[59352:10134758] 5   XUL                                 0x00000001040eeed6 _cairo_quartz_surface_create_internal + 294
> 2017-04-10 15:54:37.349653 firefox[59352:10134758] 6   XUL                                 0x00000001040ef495 _moz_cairo_quartz_surface_create_for_data + 309
> XUL was compiled with optimization - stepping may behave oddly; variables may not be available.
> Process 59352 stopped
> * thread #32, stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
>     frame #0: 0x0000000103b01894 XUL`mozilla::css::URLValueData::GetURI() const [inlined] nsMainThreadPtrHolder<nsIURI>::get(this=0x000000012cfbcc00) at nsProxyRelease.h:269 [opt]
>    266      // Nobody should be touching the raw pointer off-main-thread.
>    267      if (mStrict && MOZ_UNLIKELY(!NS_IsMainThread())) {
>    268        NS_ERROR("Can't dereference nsMainThreadPtrHolder off main thread");
> -> 269        MOZ_CRASH();
>    270      }
>    271      return mRawPtr;
>    272    }
> (lldb) bt
> error: need to add support for DW_TAG_base_type '()' encoded with DW_ATE = 0x7, bit_size = 0
> * thread #32, stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
>   * frame #0: 0x0000000103b01894 XUL`mozilla::css::URLValueData::GetURI() const [inlined] nsMainThreadPtrHolder<nsIURI>::get(this=0x000000012cfbcc00) at nsProxyRelease.h:269 [opt]
>     frame #1: 0x0000000103b01883 XUL`mozilla::css::URLValueData::GetURI() const [inlined] nsMainThreadPtrHandle<nsIURI>::get() at nsProxyRelease.h:336 [opt]
>     frame #2: 0x0000000103b01883 XUL`mozilla::css::URLValueData::GetURI() const [inlined] nsMainThreadPtrHandle<nsIURI>::operator nsIURI*() at nsProxyRelease.h:348 [opt]
>     frame #3: 0x0000000103b01883 XUL`mozilla::css::URLValueData::GetURI(this=<unavailable>) const at nsCSSValue.cpp:2865 [opt]
>     frame #4: 0x0000000103b03f56 XUL`mozilla::css::URLValueData::HasRef(this=<unavailable>) const at nsCSSValue.cpp:2875 [opt]
>     frame #5: 0x0000000103b97882 XUL`nsStyleImageLayers::Layer::CalcDifference(this=0x000000013f026c20, aNewLayer=0x0000000122af12b0) const at nsStyleStruct.cpp:3031 [opt]
>     frame #6: 0x0000000103b93378 XUL`nsStyleImageLayers::CalcDifference(this=0x0000000122af1280, aNewLayers=0x000000013f026bf0, aType=Background) const at nsStyleStruct.cpp:2661 [opt]
>     frame #7: 0x0000000103b852e3 XUL`nsChangeHint nsStyleContext::CalcStyleDifferenceInternal<FakeStyleContext>(FakeStyleContext*, unsigned int*, unsigned int*) [inlined] nsStyleBackground::CalcDifference(this=<unavailable>, aNewData=<unavailable>) const at nsStyleStruct.cpp:3112 [opt]
>     frame #8: 0x0000000103b852cb XUL`nsChangeHint nsStyleContext::CalcStyleDifferenceInternal<FakeStyleContext>(this=0x000000012d35e880, aNewContext=<unavailable>, aEqualStructs=<unavailable>, aSamePointerStructs=<unavailable>) at nsStyleContext.cpp:1083 [opt]
>     frame #9: 0x0000000103b845d5 XUL`nsStyleContext::CalcStyleDifference(this=<unavailable>, aNewComputedValues=<unavailable>, aEqualStructs=<unavailable>, aSamePointerStructs=<unavailable>) at nsStyleContext.cpp:1253 [opt]
>     frame #10: 0x0000000103ab9065 XUL`::Gecko_CalcStyleDifference(aOldStyleContext=<unavailable>, aComputedValues=<unavailable>) at ServoBindings.cpp:316 [opt]
>     frame #11: 0x00000001055f14bc XUL`style::matching::PrivateMatchMethods::accumulate_damage::h3bb91af3670ffa8f + 76
>     frame #12: 0x00000001055f2c10 XUL`style::matching::PrivateMatchMethods::cascade_primary_or_pseudo::hc3ae251f2aaa5bf8 + 1664
>     frame #13: 0x00000001055eb2b4 XUL`style::traversal::compute_style::h5a0eafa0e320f39b + 10388
>     frame #14: 0x00000001055e8386 XUL`_$LT$style..gecko..traversal..RecalcStyleOnly$LT$$u27$recalc$GT$$u20$as$u20$style..traversal..DomTraversal$LT$style..gecko..wrapper..GeckoElement$LT$$u27$le$GT$$GT$$GT$::process_preorder::h229c631689890c88 + 534
>     frame #15: 0x00000001053ded89 XUL`style::parallel::traverse_nodes::h5c3331a639529028 + 1225
>     frame #16: 0x00000001053df049 XUL`style::parallel::traverse_nodes::h5c3331a639529028 + 1929
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1354772
No longer blocks: 1354215
You need to log in before you can comment on or make changes to this bug.