Closed
Bug 1569706
Opened 5 years ago
Closed 5 years ago
Assertion failure: NS_IsMainThread() (LogMessage only works on the main thread, due to the Servo_XXX CSSOM calls it makes), at /builds/worker/workspace/build/src/layout/style/FontFaceSet.cpp:1212
Categories
(Core :: CSS Parsing and Computation, defect, P3)
Core
CSS Parsing and Computation
Tracking
()
RESOLVED
FIXED
mozilla71
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox-esr68 | --- | unaffected |
| firefox69 | --- | wontfix |
| firefox70 | --- | wontfix |
| firefox71 | --- | fixed |
People
(Reporter: jkratzer, Assigned: heycam)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: assertion, regression, testcase)
Attachments
(2 files)
Texstcase found while fuzzing mozilla-central rev 50df4b75c9b6.
Assertion failure: NS_IsMainThread() (LogMessage only works on the main thread, due to the Servo_XXX CSSOM calls it makes), at /builds/worker/workspace/build/src/layout/style/FontFaceSet.cpp:1212
rcx = 0x00007f89bd27c6ba rbx = 0x00007f89b1712a80
rsi = 0x00007f89c8a3c8b0 rdi = 0x00007f89c8a3b680
rbp = 0x00007f89ae2cffb0 rsp = 0x00007f89ae2cfcd0
r8 = 0x00007f89c8a3c8b0 r9 = 0x00007f89ae2d2700
r10 = 0x0000000000000000 r11 = 0x0000000000000000
r12 = 0x00007f89ae829658 r13 = 0x0000000000000000
r14 = 0x00007f89ae2cfff8 r15 = 0x00007f89c841fe30
rip = 0x00007f89b9767ca2
OS|Linux|0.0.0 Linux 4.18.0-25-generic #26~18.04.1-Ubuntu SMP Thu Jun 27 07:28:31 UTC 2019 x86_64
CPU|amd64|family 6 model 94 stepping 3|1
GPU|||
Crash|SIGSEGV|0x0|28
28|0|libxul.so|mozilla::dom::FontFaceSet::LogMessage(gfxUserFontEntry*, char const*, unsigned int, nsresult)|hg:hg.mozilla.org/mozilla-central:layout/style/FontFaceSet.cpp:50df4b75c9b6c7fec8c8c4685fd188634d193e75|1296|0x35
28|1|libxul.so|gfxUserFontEntry::DoLoadNextSrc(bool)|hg:hg.mozilla.org/mozilla-central:gfx/thebes/gfxUserFontSet.cpp:50df4b75c9b6c7fec8c8c4685fd188634d193e75|667|0x18
28|2|libxul.so|gfxFontGroup::GetFirstValidFont(unsigned int, mozilla::StyleGenericFontFamily*)|hg:hg.mozilla.org/mozilla-central:gfx/thebes/gfxTextRun.cpp:50df4b75c9b6c7fec8c8c4685fd188634d193e75|2069|0x8
28|3|libxul.so|GetMetrics|hg:hg.mozilla.org/mozilla-central:gfx/src/nsFontMetrics.cpp:50df4b75c9b6c7fec8c8c4685fd188634d193e75|155|0x5
28|4|libxul.so|nsFontMetrics::XHeight()|hg:hg.mozilla.org/mozilla-central:gfx/src/nsFontMetrics.cpp:50df4b75c9b6c7fec8c8c4685fd188634d193e75|163|0x5
28|5|libxul.so|Gecko_GetFontMetrics|hg:hg.mozilla.org/mozilla-central:layout/style/GeckoBindings.cpp:50df4b75c9b6c7fec8c8c4685fd188634d193e75|1729|0xd
28|6|libxul.so|<style::gecko::wrapper::GeckoFontMetricsProvider as style::font_metrics::FontMetricsProvider>::query|hg:hg.mozilla.org/mozilla-central:servo/components/style/gecko/wrapper.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|1075|0xf
28|7|libxul.so|style::values::specified::length::FontRelativeLength::to_computed_value|hg:hg.mozilla.org/mozilla-central:servo/components/style/values/specified/length.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|114|0x174
28|8|libxul.so|style::values::computed::length::<impl style::values::computed::ToComputedValue for style::values::specified::length::NoCalcLength>::to_computed_value|hg:hg.mozilla.org/mozilla-central:servo/components/style/values/computed/length.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|39|0x8
28|9|libxul.so|style::properties::longhands::padding_inline_end::cascade_property|s3:gecko-generated-sources:76840f03159e2024ccb55e93385ab751a9c27a9cefd191cc41c7faed1752924e2aee071db334f91fede1c34158d9b305743d9a728827343a14dc18b7bb47bf6f/x86_64-unknown-linux-gnu/debug/build/style-8c84534eaae946c6/out/longhands/padding.rs:|891|0x47
28|10|libxul.so|style::properties::cascade::Cascade::apply_properties|hg:hg.mozilla.org/mozilla-central:servo/components/style/properties/cascade.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|435|0xd
28|11|libxul.so|style::properties::cascade::cascade_rules|hg:hg.mozilla.org/mozilla-central:servo/components/style/properties/cascade.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|307|0xf
28|12|libxul.so|style::stylist::Stylist::cascade_style_and_visited|hg:hg.mozilla.org/mozilla-central:servo/components/style/stylist.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|893|0x3e
28|13|libxul.so|style::style_resolver::StyleResolverForElement<E>::cascade_style_and_visited|hg:hg.mozilla.org/mozilla-central:servo/components/style/style_resolver.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|302|0x2d
28|14|libxul.so|style::style_resolver::StyleResolverForElement<E>::cascade_primary_style|hg:hg.mozilla.org/mozilla-central:servo/components/style/style_resolver.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|216|0x17
28|15|libxul.so|style::style_resolver::StyleResolverForElement<E>::resolve_primary_style|hg:hg.mozilla.org/mozilla-central:servo/components/style/style_resolver.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|176|0x11
28|16|libxul.so|style::style_resolver::StyleResolverForElement<E>::resolve_style|hg:hg.mozilla.org/mozilla-central:servo/components/style/style_resolver.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|232|0x5
28|17|libxul.so|style::style_resolver::StyleResolverForElement<E>::resolve_style_with_default_parents|hg:hg.mozilla.org/mozilla-central:servo/components/style/style_resolver.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|269|0xef
28|18|libxul.so|style::traversal::compute_style|hg:hg.mozilla.org/mozilla-central:servo/components/style/traversal.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|617|0x8
28|19|libxul.so|<style::gecko::traversal::RecalcStyleOnly as style::traversal::DomTraversal<style::gecko::wrapper::GeckoElement>>::process_preorder|hg:hg.mozilla.org/mozilla-central:servo/components/style/traversal.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|435|0x13
28|20|libxul.so|<std::panic::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once|git:github.com/rust-lang/rust:src/libstd/panic.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|315|0x26b
28|21|libxul.so|std::panicking::try::do_call|git:github.com/rust-lang/rust:src/libstd/panicking.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|296|0x16
28|22|libxul.so|__rust_maybe_catch_panic|git:github.com/rust-lang/rust:src/libpanic_abort/lib.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|29|0x5
28|23|libxul.so|<rayon_core::job::HeapJob<BODY> as rayon_core::job::Job>::execute|git:github.com/rust-lang/rust:src/libstd/panicking.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|275|0x6
28|24|libxul.so|rayon_core::registry::WorkerThread::wait_until_cold|hg:hg.mozilla.org/mozilla-central:third_party/rust/rayon-core/src/job.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|59|0x3
28|25|libxul.so|rayon_core::registry::ThreadBuilder::run|hg:hg.mozilla.org/mozilla-central:third_party/rust/rayon-core/src/registry.rs:50df4b75c9b6c7fec8c8c4685fd188634d193e75|58|0x71
28|26|libxul.so|std::sys_common::backtrace::__rust_begin_short_backtrace|git:github.com/rust-lang/rust:src/libstd/sys_common/backtrace.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|77|0x39
28|27|libxul.so|std::panicking::try::do_call|git:github.com/rust-lang/rust:src/libstd/thread/mod.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|470|0x38
28|28|libxul.so|__rust_maybe_catch_panic|git:github.com/rust-lang/rust:src/libpanic_abort/lib.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|29|0x5
28|29|libxul.so|core::ops::function::FnOnce::call_once{{vtable.shim}}|git:github.com/rust-lang/rust:src/libcore/ops/function.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|231|0xb0
28|30|libxul.so|<alloc::boxed::Box<F> as core::ops::function::FnOnce<A>>::call_once|git:github.com/rust-lang/rust:src/liballoc/boxed.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|746|0x2e
28|31|libxul.so|std::sys::unix::thread::Thread::new::thread_start|git:github.com/rust-lang/rust:src/libstd/sys/unix/thread.rs:61d1607e0f6a18bb4897d6f9b10abeac9e11eb8e|79|0x86
28|32|libpthread-2.27.so||||0x76db
28|33|libc-2.27.so||||0x12188f
Flags: in-testsuite?
|
||
Comment 1•5 years ago
|
||
I think this is expected and the assertion should just be tweaked to also include the "in servo traversal" bit, but over to cam to double-check.
Flags: needinfo?(cam)
|
Assignee | |
Comment 2•5 years ago
|
||
Yeah, I think the Servo_FontFaceRule_{GetCssText,GetSourceLocation} calls are safe to do during a traversal. (It's just CSSOM functions that need to take the shared lock for writing that we'd need to worry about.)
Flags: needinfo?(cam)
|
|
Assignee | |
Comment 3•5 years ago
|
||
So I think we can just remove the assertion altogether.
|
|
Assignee | |
Updated•5 years ago
|
Assignee: nobody → cam
Status: NEW → ASSIGNED
Priority: -- → P3
|
|
Assignee | |
Comment 4•5 years ago
|
||
|
||
Updated•5 years ago
|
Attachment #9090258 -
Attachment description: Bug 1569706 - Remove unnecessary and incorrect assertion. → Bug 1569706 - Update incorrect assertion.
Pushed by cmccormack@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1b22eebeb4e4 Update incorrect assertion. r=emilio
|
||
Comment 6•5 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox71:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
|
||
Updated•5 years ago
|
status-firefox69:
--- → wontfix
status-firefox-esr60:
--- → unaffected
status-firefox-esr68:
--- → unaffected
Flags: in-testsuite? → in-testsuite-
Regressed by: 1557962
|
||
Updated•5 years ago
|
Keywords: regression
|
||
Updated•2 years ago
|
Has Regression Range: --- → yes
You need to log in
before you can comment on or make changes to this bug.
Description
•