Open
Bug 1752240
Opened 3 years ago
Updated 3 years ago
Assertion failure: NS_IsMainThread() (CMS should be initialized on the main thread), at /builds/worker/checkouts/gecko/gfx/thebes/gfxPlatform.cpp:2062
Categories
(Core :: Graphics: Color Management, defect, P3)
Core
Graphics: Color Management
Tracking
()
NEW
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: assertion)
This first found while fuzzing m-c 20211127-afed7ee7a5dc (--enable-address-sanitizer --enable-fuzzing). It is hit a few times a week by fuzzers since then. The latest build used as of logging was m-c 20220126-504105450146. Unfortunatly no reported test cases seem to reproduce the issue.
Assertion failure: NS_IsMainThread() (CMS should be initialized on the main thread), at /builds/worker/checkouts/gecko/gfx/thebes/gfxPlatform.cpp:2062
#0 0x7f5f3ae9cb08 in gfxPlatform::InitializeCMS() /gecko/gfx/thebes/gfxPlatform.cpp:2061:3
#1 0x7f5f3b140841 in EnsureCMSInitialized /builds/worker/workspace/obj-build/dist/include/gfxPlatform.h:952:7
#2 0x7f5f3b140841 in GetCMSOutputProfile /builds/worker/workspace/obj-build/dist/include/gfxPlatform.h:552:5
#3 0x7f5f3b140841 in mozilla::image::Decoder::GetCMSsRGBTransform(mozilla::gfx::SurfaceFormat) const /gecko/image/Decoder.cpp:116:28
#4 0x7f5f3b2821d2 in mozilla::image::nsJPEGDecoder::ReadJPEGData(char const*, unsigned long) /gecko/image/decoders/nsJPEGDecoder.cpp:331:24
#5 0x7f5f3b326f33 in operator() /gecko/image/decoders/nsJPEGDecoder.cpp:186:34
#6 0x7f5f3b326f33 in mozilla::Maybe<mozilla::Variant<mozilla::image::TerminalState, mozilla::image::Yield> > mozilla::image::StreamingLexer<mozilla::image::nsJPEGDecoder::State, 16ul>::ContinueUnbufferedRead<mozilla::image::nsJPEGDecoder::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*)::$_8>(char const*, unsigned long, unsigned long, mozilla::image::nsJPEGDecoder::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*)::$_8) /gecko/image/StreamingLexer.h:555:9
#7 0x7f5f3b27f37d in UnbufferedRead<(lambda at /builds/worker/checkouts/gecko/image/decoders/nsJPEGDecoder.cpp:183:21)> /gecko/image/StreamingLexer.h:501:12
#8 0x7f5f3b27f37d in Lex<(lambda at /builds/worker/checkouts/gecko/image/decoders/nsJPEGDecoder.cpp:183:21)> /gecko/image/StreamingLexer.h:469:26
#9 0x7f5f3b27f37d in mozilla::image::nsJPEGDecoder::DoDecode(mozilla::image::SourceBufferIterator&, mozilla::image::IResumable*) /gecko/image/decoders/nsJPEGDecoder.cpp:182:17
#10 0x7f5f3b12bbb7 in mozilla::image::Decoder::Decode(mozilla::image::IResumable*) /gecko/image/Decoder.cpp:177:19
#11 0x7f5f3b13e6ff in mozilla::image::DecodedSurfaceProvider::Run() /gecko/image/DecodedSurfaceProvider.cpp:125:34
#12 0x7f5f3b168abc in mozilla::image::DecodingTask::Run() /gecko/image/DecodePool.cpp:146:12
#13 0x7f5f37e92552 in mozilla::TaskController::RunPoolThread() /gecko/xpcom/threads/TaskController.cpp:256:33
#14 0x7f5f5aaef02e in _pt_root /gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5
#15 0x7f5f5cc11608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477:8
#16 0x7f5f5c7d9292 in __clone /build/glibc-eX1tMB/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /gecko/gfx/thebes/gfxPlatform.cpp:2061:3 in gfxPlatform::InitializeCMS()
Thread T21 (TaskCon~ller #0) created by T8 (ImageIO) here:
#0 0x5626c8c8ae4c in __interceptor_pthread_create /builds/worker/fetches/llvm-project/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cpp:207:3
#1 0x7f5f5aadf0b4 in _PR_CreateThread /gecko/nsprpub/pr/src/pthreads/ptthread.c:458:14
#2 0x7f5f5aad035e in PR_CreateThread /gecko/nsprpub/pr/src/pthreads/ptthread.c:533:12
#3 0x7f5f37e9302b in mozilla::TaskController::InitializeThreadPool() /gecko/xpcom/threads/TaskController.cpp:163:10
#4 0x7f5f37e948aa in mozilla::TaskController::AddTask(already_AddRefed<mozilla::Task>&&) /gecko/xpcom/threads/TaskController.cpp:322:7
#5 0x7f5f3b12a032 in mozilla::image::DecodePool::AsyncRun(mozilla::image::IDecodingTask*) /gecko/image/DecodePool.cpp:164:26
#6 0x7f5f3b18e91f in mozilla::image::LaunchDecodingTask(mozilla::image::IDecodingTask*, mozilla::image::RasterImage*, unsigned int, bool) /gecko/image/RasterImage.cpp:1115:28
#7 0x7f5f3b18c9b3 in mozilla::image::RasterImage::DecodeMetadata(unsigned int) /gecko/image/RasterImage.cpp:1237:3
#8 0x7f5f3b18cdac in mozilla::image::RasterImage::OnImageDataAvailable(nsIRequest*, nsIInputStream*, unsigned long, unsigned int) /gecko/image/RasterImage.cpp:928:12
#9 0x7f5f3b204e72 in imgRequest::OnDataAvailable(nsIRequest*, nsIInputStream*, unsigned long, unsigned int) /gecko/image/imgRequest.cpp:1027:16
#10 0x7f5f3a38c46a in nsJARChannel::OnDataAvailable(nsIRequest*, nsIInputStream*, unsigned long, unsigned int) /gecko/modules/libjar/nsJARChannel.cpp:1266:19
#11 0x7f5f3821cbc8 in nsInputStreamPump::OnStateTransfer() /gecko/netwerk/base/nsInputStreamPump.cpp:541:23
#12 0x7f5f3821ba8e in nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) /gecko/netwerk/base/nsInputStreamPump.cpp:374:21
#13 0x7f5f37e05146 in nsInputStreamReadyEvent::Run() /gecko/xpcom/io/nsStreamUtils.cpp:94:20
#14 0x7f5f37eb8beb in nsThread::ProcessNextEvent(bool, bool*) /gecko/xpcom/threads/nsThread.cpp:1189:16
#15 0x7f5f37ec359c in NS_ProcessNextEvent(nsIThread*, bool) /gecko/xpcom/threads/nsThreadUtils.cpp:467:10
#16 0x7f5f393db571 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /gecko/ipc/glue/MessagePump.cpp:330:5
#17 0x7f5f39259a81 in RunInternal /gecko/ipc/chromium/src/base/message_loop.cc:331:10
#18 0x7f5f39259a81 in RunHandler /gecko/ipc/chromium/src/base/message_loop.cc:324:3
#19 0x7f5f39259a81 in MessageLoop::Run() /gecko/ipc/chromium/src/base/message_loop.cc:306:3
#20 0x7f5f37eb10ff in nsThread::ThreadFunc(void*) /gecko/xpcom/threads/nsThread.cpp:391:10
#21 0x7f5f5aaef02e in _pt_root /gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5
#22 0x7f5f5cc11608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477:8
Thread T8 (ImageIO) created by T0 (Isolated Web Co) here:
#0 0x5626c8c8ae4c in __interceptor_pthread_create /builds/worker/fetches/llvm-project/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cpp:207:3
#1 0x7f5f5aadf0b4 in _PR_CreateThread /gecko/nsprpub/pr/src/pthreads/ptthread.c:458:14
#2 0x7f5f5aad035e in PR_CreateThread /gecko/nsprpub/pr/src/pthreads/ptthread.c:533:12
#3 0x7f5f37eb4445 in nsThread::Init(nsTSubstring<char> const&) /gecko/xpcom/threads/nsThread.cpp:627:18
#4 0x7f5f37ec137f in nsThreadManager::NewNamedThread(nsTSubstring<char> const&, unsigned int, nsIThread**) /gecko/xpcom/threads/nsThreadManager.cpp:581:12
#5 0x7f5f37ecc911 in NS_NewNamedThread(nsTSubstring<char> const&, nsIThread**, already_AddRefed<nsIRunnable>, unsigned int) /gecko/xpcom/threads/nsThreadUtils.cpp:163:57
#6 0x7f5f3b13c46b in NS_NewNamedThread<8UL> /gecko/xpcom/threads/nsThreadUtils.h:85:10
#7 0x7f5f3b13c46b in mozilla::image::DecodePool::DecodePool() /gecko/image/DecodePool.cpp:100:17
#8 0x7f5f3b129db0 in mozilla::image::DecodePool::Singleton() /gecko/image/DecodePool.cpp:63:22
#9 0x7f5f3b13c1d3 in mozilla::image::DecodePool::Initialize() /gecko/image/DecodePool.cpp:56:3
#10 0x7f5f3b237bad in mozilla::image::EnsureModuleInitialized() /gecko/image/build/nsImageModule.cpp:74:3
#11 0x7f5f37e1b782 in CallInitFunc /builds/worker/workspace/obj-build/xpcom/components/StaticComponents.cpp:8738:7
#12 0x7f5f37e1b782 in mozilla::xpcom::CreateInstanceImpl(mozilla::xpcom::ModuleID, nsISupports*, nsID const&, void**) /builds/worker/workspace/obj-build/xpcom/components/StaticComponents.cpp:10186:7
#13 0x7f5f37e64587 in CreateInstance /gecko/xpcom/components/nsComponentManager.cpp:181:46
#14 0x7f5f37e64587 in nsComponentManagerImpl::GetServiceLocked(mozilla::Maybe<mozilla::MonitorAutoLock>&, (anonymous namespace)::EntryWrapper&, nsID const&, void**) /gecko/xpcom/components/nsComponentManager.cpp:1288:17
#15 0x7f5f37e66404 in nsComponentManagerImpl::GetServiceByContractID(char const*, nsID const&, void**) /gecko/xpcom/components/nsComponentManager.cpp:1477:10
#16 0x7f5f37e6b779 in CallGetService /gecko/xpcom/components/nsComponentManagerUtils.cpp:61:43
#17 0x7f5f37e6b779 in nsGetServiceByContractID::operator()(nsID const&, void**) const /gecko/xpcom/components/nsComponentManagerUtils.cpp:243:21
#18 0x7f5f37cc383f in nsCOMPtr_base::assign_from_gs_contractid(nsGetServiceByContractID, nsID const&) /gecko/xpcom/base/nsCOMPtr.cpp:82:7
#19 0x7f5f3ae99adb in nsCOMPtr /builds/worker/workspace/obj-build/dist/include/nsCOMPtr.h:627:5
#20 0x7f5f3ae99adb in gfxPlatform::Init() /gecko/gfx/thebes/gfxPlatform.cpp:1000:34
#21 0x7f5f3ae9ac09 in gfxPlatform::InitChild(mozilla::gfx::ContentDeviceData const&) /gecko/gfx/thebes/gfxPlatform.cpp:482:3
#22 0x7f5f3f872141 in InitGraphicsDeviceData /gecko/dom/ipc/ContentChild.cpp:1315:3
#23 0x7f5f3f872141 in mozilla::dom::ContentChild::RecvSetXPCOMProcessAttributes(mozilla::dom::XPCOMInitData&&, mozilla::dom::ipc::StructuredCloneData const&, mozilla::widget::FullLookAndFeel&&, mozilla::dom::SystemFontList&&, mozilla::Maybe<mozilla::UniquePtr<int, mozilla::detail::FileHandleDeleter> >&&, unsigned long const&, nsTArray<mozilla::UniquePtr<int, mozilla::detail::FileHandleDeleter> >&&) /gecko/dom/ipc/ContentChild.cpp:698:3
#24 0x7f5f39667b70 in mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PContentChild.cpp:10992:56
#25 0x7f5f393d12e9 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /gecko/ipc/glue/MessageChannel.cpp:2024:25
#26 0x7f5f393ce1d8 in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /gecko/ipc/glue/MessageChannel.cpp:1949:9
#27 0x7f5f393cfa00 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /gecko/ipc/glue/MessageChannel.cpp:1816:3
#28 0x7f5f393d0417 in mozilla::ipc::MessageChannel::MessageTask::Run() /gecko/ipc/glue/MessageChannel.cpp:1844:14
#29 0x7f5f37ed27c2 in mozilla::RunnableTask::Run() /gecko/xpcom/threads/TaskController.cpp:467:16
#30 0x7f5f37e980bd in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /gecko/xpcom/threads/TaskController.cpp:770:26
#31 0x7f5f37e95618 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /gecko/xpcom/threads/TaskController.cpp:606:15
#32 0x7f5f37e95d29 in mozilla::TaskController::ProcessPendingMTTask(bool) /gecko/xpcom/threads/TaskController.cpp:390:36
#33 0x7f5f37edabc1 in operator() /gecko/xpcom/threads/TaskController.cpp:124:37
#34 0x7f5f37edabc1 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_0>::Run() /gecko/xpcom/threads/nsThreadUtils.h:531:5
#35 0x7f5f37eb83b7 in nsThread::ProcessNextEvent(bool, bool*) /gecko/xpcom/threads/nsThread.cpp:1195:16
#36 0x7f5f37ec359c in NS_ProcessNextEvent(nsIThread*, bool) /gecko/xpcom/threads/nsThreadUtils.cpp:467:10
#37 0x7f5f393d9c7f in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /gecko/ipc/glue/MessagePump.cpp:85:21
#38 0x7f5f39259a81 in RunInternal /gecko/ipc/chromium/src/base/message_loop.cc:331:10
#39 0x7f5f39259a81 in RunHandler /gecko/ipc/chromium/src/base/message_loop.cc:324:3
#40 0x7f5f39259a81 in MessageLoop::Run() /gecko/ipc/chromium/src/base/message_loop.cc:306:3
#41 0x7f5f401edfd7 in nsBaseAppShell::Run() /gecko/widget/nsBaseAppShell.cpp:137:27
#42 0x7f5f44f1c9df in XRE_RunAppShell() /gecko/toolkit/xre/nsEmbedFunctions.cpp:870:20
#43 0x7f5f39259a81 in RunInternal /gecko/ipc/chromium/src/base/message_loop.cc:331:10
#44 0x7f5f39259a81 in RunHandler /gecko/ipc/chromium/src/base/message_loop.cc:324:3
#45 0x7f5f39259a81 in MessageLoop::Run() /gecko/ipc/chromium/src/base/message_loop.cc:306:3
#46 0x7f5f44f1bc13 in XRE_InitChildProcess(int, char**, XREChildData const*) /gecko/toolkit/xre/nsEmbedFunctions.cpp:707:34
#47 0x5626c8cd50ad in content_process_main(mozilla::Bootstrap*, int, char**) /gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
#48 0x5626c8cd54d8 in main /gecko/browser/app/nsBrowserApp.cpp:327:18
#49 0x7f5f5c6de0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
|
||
Updated•3 years ago
|
Component: Graphics: Text → GFX: Color Management
|
||
Updated•3 years ago
|
Severity: -- → S4
Priority: -- → P3
You need to log in
before you can comment on or make changes to this bug.
Description
•