Closed Bug 1355253 Opened 8 years ago Closed 8 years ago

stylo: Crash when accessing URI off main thread in nsStyleImageLayers::Layer::CalcDifference

Categories

(Core :: CSS Parsing and Computation, defect)

defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 1354772
Tracking Status
firefox55 --- affected

People

(Reporter: erahm, Unassigned)

Details

This is pretty much an insta-crash for on on OSX. STR: Update to central as of April 10, 2017: > [ericrahm@erahm-25043 ~/dev/mozilla-central]$ hg tip > changeset: 352134:b1364675bdf5 > tag: tip > fxtree: central > user: ffxbld > date: Mon Apr 10 07:41:09 2017 -0700 > summary: No bug, Automated HPKP preload list update from host bld-linux64-spot-302 - a=hpkp-update Build: > ./mach build Run: > ./mach run https://en.wikipedia.org/wiki/Barack_Obama --disable-e10s Failure and backtrace: > 0:00.24 /Users/ericrahm/dev/mozilla-central/obj-x86_64-apple-darwin16.4.0-release-stylo/dist/Nightly.app/Contents/MacOS/firefox https://en.wikipedia.org/wiki/Barack_Obama -no-remote -foreground -profile /Users/ericrahm/dev/mozilla-central/obj-x86_64-apple-darwin16.4.0-release-stylo/tmp/scratch_user > [ericrahm@erahm-25043 ~/dev/mozilla-central]$ ./mach run --debug https://en.wikipedia.org/wiki/Barack_Obama --disable-e10s > 0:01.89 /Applications/Xcode.app/Contents/Developer/usr/bin/lldb -- /Users/ericrahm/dev/mozilla-central/obj-x86_64-apple-darwin16.4.0-release-stylo/dist/Nightly.app/Contents/MacOS/firefox https://en.wikipedia.org/wiki/Barack_Obama -no-remote -foreground -profile /Users/ericrahm/dev/mozilla-central/obj-x86_64-apple-darwin16.4.0-release-stylo/tmp/scratch_user > There is a .lldbinit file in the current directory which is not being read. > To silence this warning without sourcing in the local .lldbinit, > add the following to the lldbinit file in your home directory: > settings set target.load-cwd-lldbinit false > To allow lldb to source .lldbinit files in the current working directory, > set the value of this variable to true. Only do so if you understand and > accept the security risk. > (lldb) target create "/Users/ericrahm/dev/mozilla-central/obj-x86_64-apple-darwin16.4.0-release-stylo/dist/Nightly.app/Contents/MacOS/firefox" > Current executable set to '/Users/ericrahm/dev/mozilla-central/obj-x86_64-apple-darwin16.4.0-release-stylo/dist/Nightly.app/Contents/MacOS/firefox' (x86_64). > (lldb) settings set -- target.run-args "https://en.wikipedia.org/wiki/Barack_Obama" "-no-remote" "-foreground" "-profile" "/Users/ericrahm/dev/mozilla-central/obj-x86_64-apple-darwin16.4.0-release-stylo/tmp/scratch_user" > (lldb) run > Process 59352 launched: '/Users/ericrahm/dev/mozilla-central/obj-x86_64-apple-darwin16.4.0-release-stylo/dist/Nightly.app/Contents/MacOS/firefox' (x86_64) > 2017-04-10 15:54:37.345224 firefox[59352:10134758] WARNING: The Gestalt selector gestaltSystemVersion is returning 10.9.3 instead of 10.12.3. This is not a bug in Gestalt -- it is a documented limitation. Use NSProcessInfo's operatingSystemVersion property to get correct system version number. > Call location: > 2017-04-10 15:54:37.349586 firefox[59352:10134758] 0 CarbonCore 0x00007fffbd3d81e1 ___Gestalt_SystemVersion_block_invoke + 121 > 2017-04-10 15:54:37.349618 firefox[59352:10134758] 1 libdispatch.dylib 0x00007fffd19f00b8 _dispatch_client_callout + 8 > 2017-04-10 15:54:37.349626 firefox[59352:10134758] 2 libdispatch.dylib 0x00007fffd19f0075 dispatch_once_f + 38 > 2017-04-10 15:54:37.349633 firefox[59352:10134758] 3 CarbonCore 0x00007fffbd366272 _Gestalt_SystemVersion + 976 > 2017-04-10 15:54:37.349639 firefox[59352:10134758] 4 CarbonCore 0x00007fffbd365a8d Gestalt + 139 > 2017-04-10 15:54:37.349646 firefox[59352:10134758] 5 XUL 0x00000001040eeed6 _cairo_quartz_surface_create_internal + 294 > 2017-04-10 15:54:37.349653 firefox[59352:10134758] 6 XUL 0x00000001040ef495 _moz_cairo_quartz_surface_create_for_data + 309 > XUL was compiled with optimization - stepping may behave oddly; variables may not be available. > Process 59352 stopped > * thread #32, stop reason = EXC_BAD_ACCESS (code=1, address=0x0) > frame #0: 0x0000000103b01894 XUL`mozilla::css::URLValueData::GetURI() const [inlined] nsMainThreadPtrHolder<nsIURI>::get(this=0x000000012cfbcc00) at nsProxyRelease.h:269 [opt] > 266 // Nobody should be touching the raw pointer off-main-thread. > 267 if (mStrict && MOZ_UNLIKELY(!NS_IsMainThread())) { > 268 NS_ERROR("Can't dereference nsMainThreadPtrHolder off main thread"); > -> 269 MOZ_CRASH(); > 270 } > 271 return mRawPtr; > 272 } > (lldb) bt > error: need to add support for DW_TAG_base_type '()' encoded with DW_ATE = 0x7, bit_size = 0 > * thread #32, stop reason = EXC_BAD_ACCESS (code=1, address=0x0) > * frame #0: 0x0000000103b01894 XUL`mozilla::css::URLValueData::GetURI() const [inlined] nsMainThreadPtrHolder<nsIURI>::get(this=0x000000012cfbcc00) at nsProxyRelease.h:269 [opt] > frame #1: 0x0000000103b01883 XUL`mozilla::css::URLValueData::GetURI() const [inlined] nsMainThreadPtrHandle<nsIURI>::get() at nsProxyRelease.h:336 [opt] > frame #2: 0x0000000103b01883 XUL`mozilla::css::URLValueData::GetURI() const [inlined] nsMainThreadPtrHandle<nsIURI>::operator nsIURI*() at nsProxyRelease.h:348 [opt] > frame #3: 0x0000000103b01883 XUL`mozilla::css::URLValueData::GetURI(this=<unavailable>) const at nsCSSValue.cpp:2865 [opt] > frame #4: 0x0000000103b03f56 XUL`mozilla::css::URLValueData::HasRef(this=<unavailable>) const at nsCSSValue.cpp:2875 [opt] > frame #5: 0x0000000103b97882 XUL`nsStyleImageLayers::Layer::CalcDifference(this=0x000000013f026c20, aNewLayer=0x0000000122af12b0) const at nsStyleStruct.cpp:3031 [opt] > frame #6: 0x0000000103b93378 XUL`nsStyleImageLayers::CalcDifference(this=0x0000000122af1280, aNewLayers=0x000000013f026bf0, aType=Background) const at nsStyleStruct.cpp:2661 [opt] > frame #7: 0x0000000103b852e3 XUL`nsChangeHint nsStyleContext::CalcStyleDifferenceInternal<FakeStyleContext>(FakeStyleContext*, unsigned int*, unsigned int*) [inlined] nsStyleBackground::CalcDifference(this=<unavailable>, aNewData=<unavailable>) const at nsStyleStruct.cpp:3112 [opt] > frame #8: 0x0000000103b852cb XUL`nsChangeHint nsStyleContext::CalcStyleDifferenceInternal<FakeStyleContext>(this=0x000000012d35e880, aNewContext=<unavailable>, aEqualStructs=<unavailable>, aSamePointerStructs=<unavailable>) at nsStyleContext.cpp:1083 [opt] > frame #9: 0x0000000103b845d5 XUL`nsStyleContext::CalcStyleDifference(this=<unavailable>, aNewComputedValues=<unavailable>, aEqualStructs=<unavailable>, aSamePointerStructs=<unavailable>) at nsStyleContext.cpp:1253 [opt] > frame #10: 0x0000000103ab9065 XUL`::Gecko_CalcStyleDifference(aOldStyleContext=<unavailable>, aComputedValues=<unavailable>) at ServoBindings.cpp:316 [opt] > frame #11: 0x00000001055f14bc XUL`style::matching::PrivateMatchMethods::accumulate_damage::h3bb91af3670ffa8f + 76 > frame #12: 0x00000001055f2c10 XUL`style::matching::PrivateMatchMethods::cascade_primary_or_pseudo::hc3ae251f2aaa5bf8 + 1664 > frame #13: 0x00000001055eb2b4 XUL`style::traversal::compute_style::h5a0eafa0e320f39b + 10388 > frame #14: 0x00000001055e8386 XUL`_$LT$style..gecko..traversal..RecalcStyleOnly$LT$$u27$recalc$GT$$u20$as$u20$style..traversal..DomTraversal$LT$style..gecko..wrapper..GeckoElement$LT$$u27$le$GT$$GT$$GT$::process_preorder::h229c631689890c88 + 534 > frame #15: 0x00000001053ded89 XUL`style::parallel::traverse_nodes::h5c3331a639529028 + 1225 > frame #16: 0x00000001053df049 XUL`style::parallel::traverse_nodes::h5c3331a639529028 + 1929
Blocks: 1354215
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
No longer blocks: 1354215
You need to log in before you can comment on or make changes to this bug.