Found while fuzzing 20250822-fd9ad3129f48 (--enable-address-sanitizer --enable-fuzzing) This is currently one of our most frequently reported issues when fuzzing on Android. Assertion failure: sf && sf->PresShell() && !sf->PresShell()->IsResolutionUpdated(), at /builds/worker/checkouts/gecko/layout/base/nsLayoutUtils.cpp:783 ``` 14|0|libxul.so|nsLayoutUtils::NotifyPaintSkipTransaction(unsigned long)|hg:hg.mozilla.org/mozilla-central:layout/base/nsLayoutUtils.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|782|0xd7 14|1|libxul.so|mozilla::layers::WebRenderLayerManager::EndTransactionWithoutLayer(mozilla::nsDisplayList*, mozilla::nsDisplayListBuilder*, WrFiltersHolder&&, mozilla::layers::WebRenderBackgroundData*, double, bool)|hg:hg.mozilla.org/mozilla-central:gfx/layers/wr/WebRenderLayerManager.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|425|0x688 14|2|libxul.so|mozilla::nsDisplayList::PaintRoot(mozilla::nsDisplayListBuilder*, gfxContext*, unsigned int, mozilla::Maybe<double>)|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|2300|0x6e6 14|3|libxul.so|nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, mozilla::nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags)|hg:hg.mozilla.org/mozilla-central:layout/base/nsLayoutUtils.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|3260|0x1bed 14|4|libxul.so|mozilla::PresShell::PaintInternal(nsIFrame*, mozilla::WindowRenderer*, mozilla::PaintInternalFlags)|hg:hg.mozilla.org/mozilla-central:layout/base/PresShell.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|6734|0x4db 14|5|libxul.so|nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*)|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|383|0x24d 14|6|libxul.so|nsViewManager::ProcessPendingUpdatesForView(nsView*, bool)|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|318|0x23e 14|7|libxul.so|nsViewManager::ProcessPendingUpdates()|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|771|0xac 14|8|libxul.so|nsRefreshDriver::PaintIfNeeded()|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|2639|0x47f 14|9|libxul.so|nsRefreshDriver::RunRenderingPhaseLegacy<nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsRefreshDriver::IsExtraTick)::$_13>(mozilla::RenderingPhase, nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsRefreshDriver::IsExtraTick)::$_13&&)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|1288|0x72 14|10|libxul.so|nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsRefreshDriver::IsExtraTick)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|2557|0x8f8 14|11|libxul.so|mozilla::detail::RunnableFunction<nsRefreshDriver::FinishedWaitingForTransaction()::$_0>::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.h:28553dbd41b69719386bc09fe09d84c3de72daa4|550|0x36 14|12|libxul.so|mozilla::RunnableTask::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskController.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|705|0x17 14|13|libxul.so|mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskController.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|1325|0x5b1 14|14|libxul.so|mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskController.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|1148|0x57 14|15|libxul.so|mozilla::TaskController::ProcessPendingMTTask(bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskController.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|641|0x65 14|16|libxul.so|mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.h:28553dbd41b69719386bc09fe09d84c3de72daa4|550|0x16 14|17|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|1161|0x5aa 14|18|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|462|0x4f 14|19|libxul.so|mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|85|0xc0 14|20|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:28553dbd41b69719386bc09fe09d84c3de72daa4|343|0x61 14|21|libxul.so|nsBaseAppShell::Run()|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|152|0x28 14|22|libxul.so|XRE_RunAppShell()|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|657|0x6b 14|23|libxul.so|mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|235|0x3c 14|24|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:28553dbd41b69719386bc09fe09d84c3de72daa4|343|0x61 14|25|libxul.so|XRE_InitChildProcess(int, char**, XREChildData const*)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|595|0x89b 14|26|libmozglue.so|Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun|hg:hg.mozilla.org/mozilla-central:mozglue/android/APKOpen.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|471|0x2f2 ```
Bug 1995803 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Found while fuzzing 20250822-fd9ad3129f48 (--enable-debug --enable-fuzzing) This is currently one of our most frequently reported issues when fuzzing on Android. Assertion failure: sf && sf->PresShell() && !sf->PresShell()->IsResolutionUpdated(), at /builds/worker/checkouts/gecko/layout/base/nsLayoutUtils.cpp:783 ``` 14|0|libxul.so|nsLayoutUtils::NotifyPaintSkipTransaction(unsigned long)|hg:hg.mozilla.org/mozilla-central:layout/base/nsLayoutUtils.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|782|0xd7 14|1|libxul.so|mozilla::layers::WebRenderLayerManager::EndTransactionWithoutLayer(mozilla::nsDisplayList*, mozilla::nsDisplayListBuilder*, WrFiltersHolder&&, mozilla::layers::WebRenderBackgroundData*, double, bool)|hg:hg.mozilla.org/mozilla-central:gfx/layers/wr/WebRenderLayerManager.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|425|0x688 14|2|libxul.so|mozilla::nsDisplayList::PaintRoot(mozilla::nsDisplayListBuilder*, gfxContext*, unsigned int, mozilla::Maybe<double>)|hg:hg.mozilla.org/mozilla-central:layout/painting/nsDisplayList.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|2300|0x6e6 14|3|libxul.so|nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, mozilla::nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags)|hg:hg.mozilla.org/mozilla-central:layout/base/nsLayoutUtils.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|3260|0x1bed 14|4|libxul.so|mozilla::PresShell::PaintInternal(nsIFrame*, mozilla::WindowRenderer*, mozilla::PaintInternalFlags)|hg:hg.mozilla.org/mozilla-central:layout/base/PresShell.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|6734|0x4db 14|5|libxul.so|nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*)|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|383|0x24d 14|6|libxul.so|nsViewManager::ProcessPendingUpdatesForView(nsView*, bool)|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|318|0x23e 14|7|libxul.so|nsViewManager::ProcessPendingUpdates()|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|771|0xac 14|8|libxul.so|nsRefreshDriver::PaintIfNeeded()|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|2639|0x47f 14|9|libxul.so|nsRefreshDriver::RunRenderingPhaseLegacy<nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsRefreshDriver::IsExtraTick)::$_13>(mozilla::RenderingPhase, nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsRefreshDriver::IsExtraTick)::$_13&&)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|1288|0x72 14|10|libxul.so|nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsRefreshDriver::IsExtraTick)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|2557|0x8f8 14|11|libxul.so|mozilla::detail::RunnableFunction<nsRefreshDriver::FinishedWaitingForTransaction()::$_0>::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.h:28553dbd41b69719386bc09fe09d84c3de72daa4|550|0x36 14|12|libxul.so|mozilla::RunnableTask::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskController.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|705|0x17 14|13|libxul.so|mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskController.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|1325|0x5b1 14|14|libxul.so|mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskController.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|1148|0x57 14|15|libxul.so|mozilla::TaskController::ProcessPendingMTTask(bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskController.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|641|0x65 14|16|libxul.so|mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.h:28553dbd41b69719386bc09fe09d84c3de72daa4|550|0x16 14|17|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|1161|0x5aa 14|18|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|462|0x4f 14|19|libxul.so|mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|85|0xc0 14|20|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:28553dbd41b69719386bc09fe09d84c3de72daa4|343|0x61 14|21|libxul.so|nsBaseAppShell::Run()|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|152|0x28 14|22|libxul.so|XRE_RunAppShell()|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|657|0x6b 14|23|libxul.so|mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|235|0x3c 14|24|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:28553dbd41b69719386bc09fe09d84c3de72daa4|343|0x61 14|25|libxul.so|XRE_InitChildProcess(int, char**, XREChildData const*)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|595|0x89b 14|26|libmozglue.so|Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun|hg:hg.mozilla.org/mozilla-central:mozglue/android/APKOpen.cpp:28553dbd41b69719386bc09fe09d84c3de72daa4|471|0x2f2 ```