Closed Bug 1675794 Opened 4 years ago Closed 4 years ago

Assertion failure: !mNextEndRef, at /builds/worker/checkouts/gecko/dom/base/nsRange.cpp:403

Categories

(Core :: DOM: Core & HTML, defect)

defect

Tracking

()

RESOLVED DUPLICATE of bug 1641563

People

(Reporter: hdir.yassine, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Attached file testcase.zip

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0

Steps to reproduce:

[2020-11-06 16:21:01] Starting Grizzly Replay
[2020-11-06 16:21:01] Ignoring: timeout, log-limit
[2020-11-06 16:21:01] Repeat: 1, Minimum crashes: 1, Relaunch 1
[2020-11-06 16:21:01] Using prefs.js from testcase
[2020-11-06 16:21:04] Performing replay (1/1)...
[2020-11-06 16:21:04] Running test (1/1)...
[2020-11-06 16:21:10] Result: Assertion failure: !mNextEndRef, at /builds/worker/checkouts/gecko/dom/base/nsRange.cpp:403 (5d41848b:192e1007)
[2020-11-06 16:21:10] Result successfully reproduced
[2020-11-06 16:21:10] Shutting down...
[2020-11-06 16:21:10] Done.
ef

Actual results:

==78866==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f60eb58b0dc bp 0x7ffde421d700 sp 0x7ffde421d300 T78866)
==78866==The signal is caused by a WRITE memory access.
==78866==Hint: address points to the zero page.
#0 0x7f60eb58b0dc in GetPartialPrerenderData /builds/worker/checkouts/gecko/gfx/layers/AnimationInfo.cpp:743:7
#1 0x7f60eb58b0dc in CreateAnimationData /builds/worker/checkouts/gecko/gfx/layers/AnimationInfo.cpp:829:33
#2 0x7f60eb58b0dc in mozilla::layers::AnimationInfo::AddAnimationsForDisplayItem(nsIFrame*, nsDisplayListBuilder*, nsDisplayItem*, DisplayItemType, mozilla::layers::LayerManager*, mozilla::Maybe<mozilla::gfx::PointTyped<mozilla::LayoutDevicePixel, float> > const&) /builds/worker/checkouts/gecko/gfx/layers/AnimationInfo.cpp:965:7
#3 0x7f60eed58f88 in nsDisplayListBuilder::AddAnimationsAndTransitionsToLayer(mozilla::layers::Layer*, nsDisplayListBuilder*, nsDisplayItem*, nsIFrame*, DisplayItemType) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:368:17
#4 0x7f60eed80894 in nsDisplayTransform::BuildLayer(nsDisplayListBuilder*, mozilla::layers::LayerManager*, mozilla::ContainerLayerParameters const&) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:8152:5
#5 0x7f60eed20dbf in mozilla::ContainerState::ProcessDisplayItems(nsDisplayList*) /builds/worker/checkouts/gecko/layout/painting/FrameLayerBuilder.cpp:4889:41
#6 0x7f60eed29439 in mozilla::FrameLayerBuilder::BuildContainerLayerFor(nsDisplayListBuilder*, mozilla::layers::LayerManager*, nsIFrame*, nsDisplayItem*, nsDisplayList*, mozilla::ContainerLayerParameters const&, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits, float> const*, unsigned int) /builds/worker/checkouts/gecko/layout/painting/FrameLayerBuilder.cpp:6307:9
#7 0x7f60eed74b9f in nsDisplayOpacity::BuildLayer(nsDisplayListBuilder*, mozilla::layers::LayerManager*, mozilla::ContainerLayerParameters const&) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:5778:58
#8 0x7f60eed20dbf in mozilla::ContainerState::ProcessDisplayItems(nsDisplayList*) /builds/worker/checkouts/gecko/layout/painting/FrameLayerBuilder.cpp:4889:41
#9 0x7f60eed29439 in mozilla::FrameLayerBuilder::BuildContainerLayerFor(nsDisplayListBuilder*, mozilla::layers::LayerManager*, nsIFrame*, nsDisplayItem*, nsDisplayList*, mozilla::ContainerLayerParameters const&, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits, float> const*, unsigned int) /builds/worker/checkouts/gecko/layout/painting/FrameLayerBuilder.cpp:6307:9
#10 0x7f60eed806d8 in nsDisplayTransform::BuildLayer(nsDisplayListBuilder*, mozilla::layers::LayerManager*, mozilla::ContainerLayerParameters const&) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:8128:36
#11 0x7f60eed20dbf in mozilla::ContainerState::ProcessDisplayItems(nsDisplayList*) /builds/worker/checkouts/gecko/layout/painting/FrameLayerBuilder.cpp:4889:41
#12 0x7f60eed29439 in mozilla::FrameLayerBuilder::BuildContainerLayerFor(nsDisplayListBuilder*, mozilla::layers::LayerManager*, nsIFrame*, nsDisplayItem*, nsDisplayList*, mozilla::ContainerLayerParameters const&, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits, float> const*, unsigned int) /builds/worker/checkouts/gecko/layout/painting/FrameLayerBuilder.cpp:6307:9
#13 0x7f60eed74b9f in nsDisplayOpacity::BuildLayer(nsDisplayListBuilder*, mozilla::layers::LayerManager*, mozilla::ContainerLayerParameters const&) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:5778:58
#14 0x7f60eed20dbf in mozilla::ContainerState::ProcessDisplayItems(nsDisplayList*) /builds/worker/checkouts/gecko/layout/painting/FrameLayerBuilder.cpp:4889:41
#15 0x7f60eed29439 in mozilla::FrameLayerBuilder::BuildContainerLayerFor(nsDisplayListBuilder*, mozilla::layers::LayerManager*, nsIFrame*, nsDisplayItem*, nsDisplayList*, mozilla::ContainerLayerParameters const&, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits, float> const*, unsigned int) /builds/worker/checkouts/gecko/layout/painting/FrameLayerBuilder.cpp:6307:9
#16 0x7f60eed74b9f in nsDisplayOpacity::BuildLayer(nsDisplayListBuilder*, mozilla::layers::LayerManager*, mozilla::ContainerLayerParameters const&) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:5778:58
#17 0x7f60eed20dbf in mozilla::ContainerState::ProcessDisplayItems(nsDisplayList*) /builds/worker/checkouts/gecko/layout/painting/FrameLayerBuilder.cpp:4889:41
#18 0x7f60eed29439 in mozilla::FrameLayerBuilder::BuildContainerLayerFor(nsDisplayListBuilder*, mozilla::layers::LayerManager*, nsIFrame*, nsDisplayItem*, nsDisplayList*, mozilla::ContainerLayerParameters const&, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits, float> const*, unsigned int) /builds/worker/checkouts/gecko/layout/painting/FrameLayerBuilder.cpp:6307:9
#19 0x7f60eed76fc9 in nsDisplayOwnLayer::BuildLayer(nsDisplayListBuilder*, mozilla::layers::LayerManager*, mozilla::ContainerLayerParameters const&) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:6346:36
#20 0x7f60eed7bb9a in nsDisplayAsyncZoom::BuildLayer(nsDisplayListBuilder*, mozilla::layers::LayerManager*, mozilla::ContainerLayerParameters const&) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:7323:26
#21 0x7f60eed20dbf in mozilla::ContainerState::ProcessDisplayItems(nsDisplayList*) /builds/worker/checkouts/gecko/layout/painting/FrameLayerBuilder.cpp:4889:41
#22 0x7f60eed29439 in mozilla::FrameLayerBuilder::BuildContainerLayerFor(nsDisplayListBuilder*, mozilla::layers::LayerManager*, nsIFrame*, nsDisplayItem*, nsDisplayList*, mozilla::ContainerLayerParameters const&, mozilla::gfx::Matrix4x4Typed<mozilla::gfx::UnknownUnits, mozilla::gfx::UnknownUnits, float> const*, unsigned int) /builds/worker/checkouts/gecko/layout/painting/FrameLayerBuilder.cpp:6307:9
#23 0x7f60eed614b7 in nsDisplayList::BuildLayers(nsDisplayListBuilder*, mozilla::layers::LayerManager*, unsigned int, bool) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:2343:28
#24 0x7f60eed625b6 in nsDisplayList::PaintRoot(nsDisplayListBuilder*, gfxContext*, unsigned int) /builds/worker/checkouts/gecko/layout/painting/nsDisplayList.cpp:2558:9
#25 0x7f60ee9c3b4d in nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) /builds/worker/checkouts/gecko/layout/base/nsLayoutUtils.cpp:3423:13
#26 0x7f60ee94130c in mozilla::PresShell::Paint(nsView*, nsRegion const&, mozilla::PaintFlags) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:6359:5
#27 0x7f60ee61102f in nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) /builds/worker/checkouts/gecko/view/nsViewManager.cpp:460:18
#28 0x7f60ee610b23 in nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) /builds/worker/checkouts/gecko/view/nsViewManager.cpp:395:22
#29 0x7f60ee61248f in nsViewManager::ProcessPendingUpdates() /builds/worker/checkouts/gecko/view/nsViewManager.cpp:1018:5
#30 0x7f60ee900911 in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:2382:11
#31 0x7f60ee907d11 in TickDriver /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:374:13
#32 0x7f60ee907d11 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:353:7
#33 0x7f60ee907bfc in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:368:5
#34 0x7f60ee9071a8 in RunRefreshDrivers /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:829:5
#35 0x7f60ee9071a8 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:747:16
#36 0x7f60ee906ab0 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyParentProcessVsync() /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:649:7
#37 0x7f60ee906529 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:570:9
#38 0x7f60eeccb537 in mozilla::layout::VsyncChild::RecvNotify(mozilla::VsyncEvent const&) /builds/worker/checkouts/gecko/layout/ipc/VsyncChild.cpp:55:16
#39 0x7f60eaf78095 in mozilla::layout::PVsyncChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PVsyncChild.cpp:187:54
#40 0x7f60ead2a52d in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBackgroundChild.cpp:6268:32
#41 0x7f60ea9e84ae in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:2150:25
#42 0x7f60ea9e4c6f in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:2074:9
#43 0x7f60ea9e6076 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1922:3
#44 0x7f60ea9e6c9b in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1953:13
#45 0x7f60ea0e77af in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:450:16
#46 0x7f60ea0e5e1a in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:720:26
#47 0x7f60ea0e4ec4 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:579:15
#48 0x7f60ea0e5077 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:373:36
#49 0x7f60ea0eb006 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:120:37
#50 0x7f60ea0eb006 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_3>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:577:5
#51 0x7f60ea0fc587 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1197:14
#52 0x7f60ea1022ca in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:513:10
#53 0x7f60ea9edd96 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:87:21
#54 0x7f60ea95fc83 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:334:10
#55 0x7f60ea95fb9d in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:327:3
#56 0x7f60ea95fb9d in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:309:3
#57 0x7f60ee657038 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27
#58 0x7f60efe61583 in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:913:20
#59 0x7f60ea9eeb59 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:237:9
#60 0x7f60ea95fc83 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:334:10
#61 0x7f60ea95fb9d in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:327:3
#62 0x7f60ea95fb9d in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:309:3
#63 0x7f60efe61168 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:744:34
#64 0x558607cc2997 in content_process_main /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
#65 0x558607cc2997 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:304:18
#66 0x7f61003d80b2 in __libc_start_main /build/glibc-ZN95T4/glibc-2.31/csu/../csu/libc-start.c:308:16
#67 0x558607ca0749 in _start (/home/valentino/code/browsers/firefox/firefox-bin+0x14749)

UndefinedBehaviorSanitizer can not provide additional info.
SUMMARY: UndefinedBehaviorSanitizer: SEGV /builds/worker/checkouts/gecko/gfx/layers/AnimationInfo.cpp:743:7 in GetPartialPrerenderData
==78866==ABORTING

Blocks: grizzly
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Component: Untriaged → DOM: Core & HTML
Product: Firefox → Core
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: