Closed
Bug 1402157
Opened 7 years ago
Closed 7 years ago
stylo: Assertion failure: aFrame->HasImageRequest() (why call me?) in [@ mozilla::css::ImageLoader::DisassociateRequestFromFrame]
Categories
(Core :: CSS Parsing and Computation, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla58
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox56 | --- | disabled |
firefox57 | + | wontfix |
firefox58 | --- | fixed |
People
(Reporter: tsmith, Assigned: u459114)
References
(Blocks 2 open bugs)
Details
(Keywords: assertion, testcase)
Attachments
(5 files, 2 obsolete files)
Assertion failure: aFrame->HasImageRequest() (why call me?), at /builds/worker/workspace/build/src/layout/style/ImageLoader.cpp:183 #0 0x7f4141115bd2 in mozilla::css::ImageLoader::DisassociateRequestFromFrame(imgIRequest*, nsIFrame*) /src/layout/style/ImageLoader.cpp:183:3 #1 0x7f414162959f in std::_Function_handler<void (imgRequestProxy*), AddAndRemoveImageAssociations(nsFrame*, nsStyleImageLayers const*, nsStyleImageLayers const*)::$_7>::_M_invoke(std::_Any_data const&, imgRequestProxy*) /src/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.4/../../../../include/c++/4.9.4/functional:2039:2 #2 0x7f414162941c in std::function<void (imgRequestProxy*)>::operator()(imgRequestProxy*) const /src/clang/bin/../lib/gcc/x86_64-unknown-linux-gnu/4.9.4/../../../../include/c++/4.9.4/functional:2440:14 #3 0x7f4141628f78 in CompareLayers(nsStyleImageLayers const*, nsStyleImageLayers const*, std::function<void (imgRequestProxy*)> const&) /src/layout/generic/nsFrame.cpp:854:9 #4 0x7f41415e53fb in AddAndRemoveImageAssociations(nsFrame*, nsStyleImageLayers const*, nsStyleImageLayers const*) /src/layout/generic/nsFrame.cpp:877:5 #5 0x7f414159fb5b in nsFrame::DidSetStyleContext(nsStyleContext*) /src/layout/generic/nsFrame.cpp:922:3 #6 0x7f41413a2450 in nsIFrame::SetStyleContext(nsStyleContext*) /src/layout/generic/nsIFrame.h:770:7 #7 0x7f41416c1842 in nsInlineFrame::UpdateStyleOfOwnedAnonBoxesForIBSplit(mozilla::ServoRestyleState&) /src/layout/generic/nsInlineFrame.cpp:1061:13 #8 0x7f4141610abb in nsIFrame::DoUpdateStyleOfOwnedAnonBoxes(mozilla::ServoRestyleState&) /src/layout/generic/nsFrame.cpp:10651:42 #9 0x7f41414090fb in mozilla::ServoRestyleManager::ProcessPostTraversal(mozilla::dom::Element*, mozilla::ServoStyleContext*, mozilla::ServoRestyleState&, mozilla::ServoPostTraversalFlags) /src/layout/base/ServoRestyleManager.cpp:877:19 #10 0x7f414140934d in mozilla::ServoRestyleManager::ProcessPostTraversal(mozilla::dom::Element*, mozilla::ServoStyleContext*, mozilla::ServoRestyleState&, mozilla::ServoPostTraversalFlags) /src/layout/base/ServoRestyleManager.cpp:920:32 #11 0x7f414140bb2c in mozilla::ServoRestyleManager::DoProcessPendingRestyles(mozilla::ServoTraversalFlags) /src/layout/base/ServoRestyleManager.cpp:1121:28 #12 0x7f41413d736c in mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) /src/layout/base/PresShell.cpp:4170:41 #13 0x7f414136bf73 in nsRefreshDriver::Tick(long, mozilla::TimeStamp) /src/layout/base/nsRefreshDriver.cpp:1921:18 #14 0x7f414137548e in mozilla::RefreshDriverTimer::TickRefreshDrivers(long, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /src/layout/base/nsRefreshDriver.cpp:307:7 #15 0x7f4141375264 in mozilla::RefreshDriverTimer::Tick(long, mozilla::TimeStamp) /src/layout/base/nsRefreshDriver.cpp:328:5 #16 0x7f4141378855 in mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers(mozilla::TimeStamp) /src/layout/base/nsRefreshDriver.cpp:770:5 #17 0x7f41413778f6 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::TimeStamp) /src/layout/base/nsRefreshDriver.cpp:683:35 #18 0x7f4141373867 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run() /src/layout/base/nsRefreshDriver.cpp:529:20 #19 0x7f413b9e471f in nsThread::ProcessNextEvent(bool, bool*) /src/xpcom/threads/nsThread.cpp:1039:14 #20 0x7f413b9e9a90 in NS_ProcessNextEvent(nsIThread*, bool) /src/xpcom/threads/nsThreadUtils.cpp:521:10 #21 0x7f413c55a865 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /src/ipc/glue/MessagePump.cpp:97:21 #22 0x7f413c4af7a7 in MessageLoop::RunInternal() /src/ipc/chromium/src/base/message_loop.cc:326:10 #23 0x7f413c4af639 in MessageLoop::Run() /src/ipc/chromium/src/base/message_loop.cc:299:3 #24 0x7f4140e6b85a in nsBaseAppShell::Run() /src/widget/nsBaseAppShell.cpp:158:27 #25 0x7f4144086641 in nsAppStartup::Run() /src/toolkit/components/startup/nsAppStartup.cpp:288:30 #26 0x7f41441eab01 in XREMain::XRE_mainRun() /src/toolkit/xre/nsAppRunner.cpp:4701:22 #27 0x7f41441ec7ca in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /src/toolkit/xre/nsAppRunner.cpp:4865:8 #28 0x7f41441ed6b8 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /src/toolkit/xre/nsAppRunner.cpp:4960:21 #29 0x4ed398 in do_main(int, char**, char**) /src/browser/app/nsBrowserApp.cpp:236:22 #30 0x4eccb0 in main /src/browser/app/nsBrowserApp.cpp:309:16 #31 0x7f415ab4282f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291 #32 0x41e9e4 in _start (firefox+0x41e9e4)
Flags: in-testsuite?
Comment 1•7 years ago
|
||
I can't reproduce it in any of my local Linux64 debug builds.
Comment 2•7 years ago
|
||
Reproduces on Win10 for me, but not on Ubuntu 17.04. And only with Stylo enabled. INFO: Last good revision: 8b274bfe790511b3517f9dc98f54f56efc8dee7c INFO: First bad revision: 319bc66e5d3a6599a61b686bc58ee399dac77b65 INFO: Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=8b274bfe790511b3517f9dc98f54f56efc8dee7c&tochange=319bc66e5d3a6599a61b686bc58ee399dac77b65
Blocks: 1301245
Has Regression Range: --- → yes
status-firefox56:
--- → disabled
status-firefox-esr52:
--- → unaffected
Flags: needinfo?(cku)
Priority: -- → P2
Summary: Assertion failure: aFrame->HasImageRequest() (why call me?) in [@ mozilla::css::ImageLoader::DisassociateRequestFromFrame] → stylo: Assertion failure: aFrame->HasImageRequest() (why call me?) in [@ mozilla::css::ImageLoader::DisassociateRequestFromFrame]
Version: Trunk → 56 Branch
Comment 3•7 years ago
|
||
I can reproduce it with my local windows debug build, and there seems to be another bug that both processes can be hanged with a reduced testcase.
Comment 4•7 years ago
|
||
(In reply to Xidorn Quan [:xidorn] UTC+10 from comment #3) > I can reproduce it with my local windows debug build, and there seems to be > another bug that both processes can be hanged with a reduced testcase. That one is because we repeatedly call load() in onerror for an invalid url, which is basically a infinite loop, so probably not a bug. But this does help me understand this testcase.
Comment 5•7 years ago
|
||
A somehow simplified testcase.
Comment 6•7 years ago
|
||
Attachment #8916461 -
Attachment is obsolete: true
Comment 7•7 years ago
|
||
Given this testcase, I suppose that it is related to resolution of fragment url with location change. Not sure what's happening here. CJKu may know more details.
Comment 9•7 years ago
|
||
[Tracking Requested - why for this release]: We might want to track this for 57 because this is a reproducible process hang.
tracking-firefox57:
--- → ?
Comment 10•7 years ago
|
||
(In reply to Chris Peterson [:cpeterson] from comment #9) > [Tracking Requested - why for this release]: > > We might want to track this for 57 because this is a reproducible process > hang. Tracking 57+ for this issue.
Assignee | ||
Comment 11•7 years ago
|
||
Flags: needinfo?(cku)
Attachment #8918181 -
Attachment is obsolete: true
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Attachment #8918189 -
Flags: review?(cam)
Attachment #8918212 -
Flags: review?(cam)
Updated•7 years ago
|
Blocks: stylo-fuzzing
Comment 17•7 years ago
|
||
mozreview-review |
Comment on attachment 8918189 [details] Bug 1402157 - Disassociate a frame with an image loader if that frame indeed has any image request. https://reviewboard.mozilla.org/r/189068/#review195236 Sorry for the delay. ::: commit-message-2ca37:8 (Diff revision 3) > +Before enable stylo, an image request is always been resolved before the > +creation time of that request object[1]. > +As a result, in AddAndRemoveImageAssociations, we always associate the request > +objects of style images with the given frame(since they are resolved). > + > +After enable stylo, an image request is resolved after tha object been created[2]. s/tha/that/
Attachment #8918189 -
Flags: review?(cam) → review+
Comment 18•7 years ago
|
||
mozreview-review |
Comment on attachment 8918212 [details] Bug 1402157 - Part 2. A crash test for disassociating image loaders and frames. https://reviewboard.mozilla.org/r/189090/#review195240 ::: commit-message-75994:1 (Diff revision 2) > +Bug 1402157 - Part 2. A crash test for disassociate image loaders and frames. s/disassociate/disassociating/
Attachment #8918212 -
Flags: review?(cam) → review+
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Assignee | ||
Comment 22•7 years ago
|
||
(In reply to Marcia Knous [:marcia - use ni. PTO 10/18-10/20] from comment #10) > (In reply to Chris Peterson [:cpeterson] from comment #9) > > [Tracking Requested - why for this release]: > > > > We might want to track this for 57 because this is a reproducible process > > hang. > > Tracking 57+ for this issue. It's not a process hang, it's an assertion failure. Browser can still work correctly in release version. I don't think we need to uplift these patches to 57.
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Assignee | ||
Comment 25•7 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/14969c3ddcffbfc636be9c49c39a620160846f5f Bug 1402157 - Disassociate a frame with an image loader if that frame indeed has any image request. r=heycam
Comment 26•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/14969c3ddcff
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
Updated•7 years ago
|
Flags: in-testsuite? → in-testsuite+
Assignee | ||
Comment 28•7 years ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM] from comment #27) > Did we not land the tests on purpose? Yes, that test case can not be loaded correctly in reftest harness.
Flags: needinfo?(cku)
Comment 29•7 years ago
|
||
What about the crashtest?
You need to log in
before you can comment on or make changes to this bug.
Description
•