Open Bug 1840754 Opened 2 years ago Updated 17 days ago

Assertion failure: value, at /builds/worker/workspace/obj-build/dist/include/mozilla/SharedSubResourceCache.h:498

Categories

(Core :: CSS Parsing and Computation, defect)

Product:
Core
Component:
CSS Parsing and Computation
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox116 --- wontfix
firefox124 --- wontfix
firefox125 --- affected
firefox126 --- affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: assertion, pernosco, testcase)

Attachments

(1 file)

testcase.html
819 bytes, text/html
Details
Attached file testcase.html

Found while fuzzing m-c 20230624-36c126e25c92 (--enable-debug --enable-fuzzing)

To reproduce via Grizzly Replay:

$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.html --repeat 25

Unfortunately the attached test case is not very reliable.

Assertion failure: value, at /builds/worker/workspace/obj-build/dist/include/mozilla/SharedSubResourceCache.h:498

#0 0x7fbdcf084288 in mozilla::SharedSubResourceCache<mozilla::SharedStyleSheetCacheTraits, mozilla::SharedStyleSheetCache>::LoadCompleted(mozilla::css::SheetLoadData&) /builds/worker/workspace/obj-build/dist/include/mozilla/SharedSubResourceCache.h:498:3
#1 0x7fbdcf0836d7 in mozilla::SharedStyleSheetCache::LoadCompletedInternal(mozilla::SharedStyleSheetCache*, mozilla::css::SheetLoadData&, nsTArray<RefPtr<mozilla::css::SheetLoadData>>&) /builds/worker/checkouts/gecko/layout/style/SharedStyleSheetCache.cpp:108:13
#2 0x7fbdcf083528 in mozilla::SharedStyleSheetCache::LoadCompleted(mozilla::SharedStyleSheetCache*, mozilla::css::SheetLoadData&, nsresult) /builds/worker/checkouts/gecko/layout/style/SharedStyleSheetCache.cpp:63:3
#3 0x7fbdcf065637 in mozilla::css::SheetLoadData::VerifySheetReadyToParse(nsresult, nsTSubstring<char> const&, nsTSubstring<char> const&, nsIChannel*) /builds/worker/checkouts/gecko/layout/style/Loader.cpp:662:14
#4 0x7fbdcf084f1b in mozilla::css::StreamLoader::OnStopRequest(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/layout/style/StreamLoader.cpp:81:26
#5 0x7fbdc9fb37dc in mozilla::net::HttpChannelChild::DoOnStopRequest(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/netwerk/protocol/http/HttpChannelChild.cpp:1068:15
#6 0x7fbdc9fb2f94 in mozilla::net::HttpChannelChild::OnStopRequest(nsresult const&, mozilla::net::ResourceTimingStructArgs const&, mozilla::net::nsHttpHeaderArray const&) /builds/worker/checkouts/gecko/netwerk/protocol/http/HttpChannelChild.cpp:945:5
#7 0x7fbdca02129c in operator() /builds/worker/checkouts/gecko/netwerk/protocol/http/HttpChannelChild.cpp:816:15
#8 0x7fbdca02129c in std::_Function_handler<void (), mozilla::net::HttpChannelChild::ProcessOnStopRequest(nsresult const&, mozilla::net::ResourceTimingStructArgs const&, mozilla::net::nsHttpHeaderArray const&, nsTArray<mozilla::net::ConsoleReportCollected>&&, bool)::$_0>::_M_invoke(std::_Any_data const&) /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/std_function.h:297:2
#9 0x7fbdca237a80 in mozilla::net::ChannelEventQueue::FlushQueue() /builds/worker/checkouts/gecko/netwerk/ipc/ChannelEventQueue.cpp:94:12
#10 0x7fbdca26d47e in mozilla::net::ChannelEventQueue::ResumeInternal()::CompleteResumeRunnable::Run() /builds/worker/checkouts/gecko/netwerk/ipc/ChannelEventQueue.cpp:152:17
#11 0x7fbdc981eef7 in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:555:16
#12 0x7fbdc9816bf1 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:880:26
#13 0x7fbdc9815587 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:704:15
#14 0x7fbdc98159e5 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:491:36
#15 0x7fbdc9822d76 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:218:37
#16 0x7fbdc9822d76 in mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.h:548:5
#17 0x7fbdc98394ba in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1199:16
#18 0x7fbdc984027d in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:480:10
#19 0x7fbdca4f2285 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:85:21
#20 0x7fbdca40b6b1 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:363:3
#21 0x7fbdca40b6b1 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:345:3
#22 0x7fbdced2f1d8 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:148:27
#23 0x7fbdd105793b in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:717:20
#24 0x7fbdca4f3166 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:235:9
#25 0x7fbdca40b6b1 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:363:3
#26 0x7fbdca40b6b1 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:345:3
#27 0x7fbdd105720a in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:652:34
#28 0x55c0e2cea526 in content_process_main /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
#29 0x55c0e2cea526 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:375:18
#30 0x7fbddd629d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#31 0x7fbddd629e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#32 0x55c0e2cc17c8 in _start (/home/user/workspace/browsers/m-c-20230627094831-fuzzing-debug/firefox-bin+0x587c8) (BuildId: 1c7aa18211b8cc304440f81a56d478f9971e0515)
Flags: in-testsuite?

Unable to reproduce bug 1840754 using build mozilla-central 20230624211408-36c126e25c92. Without a baseline, bugmon is unable to analyze this bug.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.

Keywords: bugmon

A Pernosco session is available here: https://pernos.co/debug/HcWiFe2k5TOEfF3RfHbuSQ/index.html

Keywords: pernosco

The severity field is not set for this bug.
:tlouw, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(tlouw)

This doesn't seem critical, marking as S3.

Severity: -- → S3
Flags: needinfo?(tlouw)

This is being reported by live site testing.

Blocks: site-scout
status-firefox116: affectedwontfix
status-firefox124: --- → wontfix
status-firefox125: --- → affected
status-firefox126: --- → affected
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: