Closed Bug 1569706 Opened 1 year ago Closed 1 year ago

Assertion failure: NS_IsMainThread() (LogMessage only works on the main thread, due to the Servo_XXX CSSOM calls it makes), at /builds/worker/workspace/build/src/layout/style/FontFaceSet.cpp:1212

Categories

(Core :: CSS Parsing and Computation, defect, P3)

defect

Tracking

()

RESOLVED FIXED
mozilla71
Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- unaffected
firefox69 --- wontfix
firefox70 --- wontfix
firefox71 --- fixed

People

(Reporter: jkratzer, Assigned: heycam)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: assertion, testcase)

Attachments

(2 files)

Attached file testcase.html

Texstcase found while fuzzing mozilla-central rev 50df4b75c9b6.

Assertion failure: NS_IsMainThread() (LogMessage only works on the main thread, due to the Servo_XXX CSSOM calls it makes), at /builds/worker/workspace/build/src/layout/style/FontFaceSet.cpp:1212

rcx = 0x00007f89bd27c6ba   rbx = 0x00007f89b1712a80
rsi = 0x00007f89c8a3c8b0   rdi = 0x00007f89c8a3b680
rbp = 0x00007f89ae2cffb0   rsp = 0x00007f89ae2cfcd0
r8 = 0x00007f89c8a3c8b0    r9 = 0x00007f89ae2d2700
r10 = 0x0000000000000000   r11 = 0x0000000000000000
r12 = 0x00007f89ae829658   r13 = 0x0000000000000000
r14 = 0x00007f89ae2cfff8   r15 = 0x00007f89c841fe30
rip = 0x00007f89b9767ca2
OS|Linux|0.0.0 Linux 4.18.0-25-generic #26~18.04.1-Ubuntu SMP Thu Jun 27 07:28:31 UTC 2019 x86_64
CPU|amd64|family 6 model 94 stepping 3|1
GPU|||
Crash|SIGSEGV|0x0|28
28|0|libxul.so|mozilla::dom::FontFaceSet::LogMessage(gfxUserFontEntry*, char const*, unsigned int, nsresult)|hg:hg.mozilla.org/mozilla-central:layout/style/FontFaceSet.cpp:50df4b75c9b6c7fec8c8c4685fd188634d193e75|1296|0x35
28|1|libxul.so|gfxUserFontEntry::DoLoadNextSrc(bool)|hg:hg.mozilla.org/mozilla-central:gfx/thebes/gfxUserFontSet.cpp:50df4b75c9b6c7fec8c8c4685fd188634d193e75|667|0x18
28|2|libxul.so|gfxFontGroup::GetFirstValidFont(unsigned int, mozilla::StyleGenericFontFamily*)|hg:hg.mozilla.org/mozilla-central:gfx/thebes/gfxTextRun.cpp:50df4b75c9b6c7fec8c8c4685fd188634d193e75|2069|0x8
28|3|libxul.so|GetMetrics|hg:hg.mozilla.org/mozilla-central:gfx/src/nsFontMetrics.cpp:50df4b75c9b6c7fec8c8c4685fd188634d193e75|155|0x5
28|4|libxul.so|nsFontMetrics::XHeight()|hg:hg.mozilla.org/mozilla-central:gfx/src/nsFontMetrics.cpp:50df4b75c9b6c7fec8c8c4685fd188634d193e75|163|0x5
28|5|libxul.so|Gecko_GetFontMetrics|hg:hg.mozilla.org/mozilla-central:layout/style/GeckoBindings.cpp:50df4b75c9b6c7fec8c8c4685fd188634d193e75|1729|0xd
28|6|libxul.so|<style::gecko::wrapper::GeckoFontMetricsProvider as style::font_metrics::FontMetricsProvider>::query|hg:hg.mozilla.org/mozilla-central:servo/components/style/gecko/wrapper.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|1075|0xf
28|7|libxul.so|style::values::specified::length::FontRelativeLength::to_computed_value|hg:hg.mozilla.org/mozilla-central:servo/components/style/values/specified/length.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|114|0x174
28|8|libxul.so|style::values::computed::length::<impl style::values::computed::ToComputedValue for style::values::specified::length::NoCalcLength>::to_computed_value|hg:hg.mozilla.org/mozilla-central:servo/components/style/values/computed/length.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|39|0x8
28|9|libxul.so|style::properties::longhands::padding_inline_end::cascade_property|s3:gecko-generated-sources:76840f03159e2024ccb55e93385ab751a9c27a9cefd191cc41c7faed1752924e2aee071db334f91fede1c34158d9b305743d9a728827343a14dc18b7bb47bf6f/x86_64-unknown-linux-gnu/debug/build/style-8c84534eaae946c6/out/longhands/padding.rs:|891|0x47
28|10|libxul.so|style::properties::cascade::Cascade::apply_properties|hg:hg.mozilla.org/mozilla-central:servo/components/style/properties/cascade.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|435|0xd
28|11|libxul.so|style::properties::cascade::cascade_rules|hg:hg.mozilla.org/mozilla-central:servo/components/style/properties/cascade.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|307|0xf
28|12|libxul.so|style::stylist::Stylist::cascade_style_and_visited|hg:hg.mozilla.org/mozilla-central:servo/components/style/stylist.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|893|0x3e
28|13|libxul.so|style::style_resolver::StyleResolverForElement<E>::cascade_style_and_visited|hg:hg.mozilla.org/mozilla-central:servo/components/style/style_resolver.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|302|0x2d
28|14|libxul.so|style::style_resolver::StyleResolverForElement<E>::cascade_primary_style|hg:hg.mozilla.org/mozilla-central:servo/components/style/style_resolver.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|216|0x17
28|15|libxul.so|style::style_resolver::StyleResolverForElement<E>::resolve_primary_style|hg:hg.mozilla.org/mozilla-central:servo/components/style/style_resolver.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|176|0x11
28|16|libxul.so|style::style_resolver::StyleResolverForElement<E>::resolve_style|hg:hg.mozilla.org/mozilla-central:servo/components/style/style_resolver.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|232|0x5
28|17|libxul.so|style::style_resolver::StyleResolverForElement<E>::resolve_style_with_default_parents|hg:hg.mozilla.org/mozilla-central:servo/components/style/style_resolver.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|269|0xef
28|18|libxul.so|style::traversal::compute_style|hg:hg.mozilla.org/mozilla-central:servo/components/style/traversal.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|617|0x8
28|19|libxul.so|<style::gecko::traversal::RecalcStyleOnly as style::traversal::DomTraversal<style::gecko::wrapper::GeckoElement>>::process_preorder|hg:hg.mozilla.org/mozilla-central:servo/components/style/traversal.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|435|0x13
28|20|libxul.so|<std::panic::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once|git:github.com/rust-lang/rust:src/libstd/panic.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|315|0x26b
28|21|libxul.so|std::panicking::try::do_call|git:github.com/rust-lang/rust:src/libstd/panicking.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|296|0x16
28|22|libxul.so|__rust_maybe_catch_panic|git:github.com/rust-lang/rust:src/libpanic_abort/lib.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|29|0x5
28|23|libxul.so|<rayon_core::job::HeapJob<BODY> as rayon_core::job::Job>::execute|git:github.com/rust-lang/rust:src/libstd/panicking.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|275|0x6
28|24|libxul.so|rayon_core::registry::WorkerThread::wait_until_cold|hg:hg.mozilla.org/mozilla-central:third_party/rust/rayon-core/src/job.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|59|0x3
28|25|libxul.so|rayon_core::registry::ThreadBuilder::run|hg:hg.mozilla.org/mozilla-central:third_party/rust/rayon-core/src/registry.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|58|0x71
28|26|libxul.so|std::sys_common::backtrace::__rust_begin_short_backtrace|git:github.com/rust-lang/rust:src/libstd/sys_common/backtrace.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|77|0x39
28|27|libxul.so|std::panicking::try::do_call|git:github.com/rust-lang/rust:src/libstd/thread/mod.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|470|0x38
28|28|libxul.so|__rust_maybe_catch_panic|git:github.com/rust-lang/rust:src/libpanic_abort/lib.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|29|0x5
28|29|libxul.so|core::ops::function::FnOnce::call_once{{vtable.shim}}|git:github.com/rust-lang/rust:src/libcore/ops/function.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|231|0xb0
28|30|libxul.so|<alloc::boxed::Box<F> as core::ops::function::FnOnce<A>>::call_once|git:github.com/rust-lang/rust:src/liballoc/boxed.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|746|0x2e
28|31|libxul.so|std::sys::unix::thread::Thread::new::thread_start|git:github.com/rust-lang/rust:src/libstd/sys/unix/thread.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|79|0x86
28|32|libpthread-2.27.so||||0x76db
28|33|libc-2.27.so||||0x12188f
Flags: in-testsuite?

I think this is expected and the assertion should just be tweaked to also include the "in servo traversal" bit, but over to cam to double-check.

Flags: needinfo?(cam)

Yeah, I think the Servo_FontFaceRule_{GetCssText,GetSourceLocation} calls are safe to do during a traversal. (It's just CSSOM functions that need to take the shared lock for writing that we'd need to worry about.)

Flags: needinfo?(cam)

So I think we can just remove the assertion altogether.

Assignee: nobody → cam
Status: NEW → ASSIGNED
Priority: -- → P3
Attachment #9090258 - Attachment description: Bug 1569706 - Remove unnecessary and incorrect assertion. → Bug 1569706 - Update incorrect assertion.
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
Flags: in-testsuite? → in-testsuite-
Regressed by: 1557962
You need to log in before you can comment on or make changes to this bug.