Closed
Bug 1690658
Opened 4 years ago
Closed 4 years ago
Assertion failure: content->GetFlattenedTreeParentNodeForStyle() (Node not in the flattened tree still has a frame?), at /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4055
Categories
(Core :: Layout, defect)
Core
Layout
Tracking
()
VERIFIED
FIXED
87 Branch
People
(Reporter: jkratzer, Assigned: emilio)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase, Whiteboard: [bugmon:bisected,confirmed], [wptsync upstream])
Attachments
(3 files)
Testcase found while fuzzing mozilla-central rev bbeb977d0676 (built with --enable-debug --enable-fuzzing).
Assertion failure: content->GetFlattenedTreeParentNodeForStyle() (Node not in the flattened tree still has a frame?), at /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4055
#0 0x7fe0f0a16981 in AssertFrameSubtreeIsSane(nsIFrame const&) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4054:5
#1 0x7fe0f0a168d7 in AssertFrameSubtreeIsSane(nsIFrame const&) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4060:7
#2 0x7fe0f0a168d7 in AssertFrameSubtreeIsSane(nsIFrame const&) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4060:7
#3 0x7fe0f0a168d7 in AssertFrameSubtreeIsSane(nsIFrame const&) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4060:7
#4 0x7fe0f0a168d7 in AssertFrameSubtreeIsSane(nsIFrame const&) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4060:7
#5 0x7fe0f0a168d7 in AssertFrameSubtreeIsSane(nsIFrame const&) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4060:7
#6 0x7fe0f0a168d7 in AssertFrameSubtreeIsSane(nsIFrame const&) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4060:7
#7 0x7fe0f0a168d7 in AssertFrameSubtreeIsSane(nsIFrame const&) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4060:7
#8 0x7fe0f0a168d7 in AssertFrameSubtreeIsSane(nsIFrame const&) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4060:7
#9 0x7fe0f0a168d7 in AssertFrameSubtreeIsSane(nsIFrame const&) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4060:7
#10 0x7fe0f0a168d7 in AssertFrameSubtreeIsSane(nsIFrame const&) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4060:7
#11 0x7fe0f0a168d7 in AssertFrameSubtreeIsSane(nsIFrame const&) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4060:7
#12 0x7fe0f0a168d7 in AssertFrameSubtreeIsSane(nsIFrame const&) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4060:7
#13 0x7fe0f09e8744 in AssertFrameTreeIsSane /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4069:5
#14 0x7fe0f09e8744 in mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) /builds/worker/checkouts/gecko/layout/base/PresShell.cpp:4238:5
#15 0x7fe0f0e68567 in nsPrintJob::ReflowPrintObject(mozilla::UniquePtr<nsPrintObject, mozilla::DefaultDelete<nsPrintObject> > const&) /builds/worker/checkouts/gecko/layout/printing/nsPrintJob.cpp:1867:14
#16 0x7fe0f0e67afd in nsPrintJob::ReflowDocList(mozilla::UniquePtr<nsPrintObject, mozilla::DefaultDelete<nsPrintObject> > const&, bool) /builds/worker/checkouts/gecko/layout/printing/nsPrintJob.cpp:1448:3
#17 0x7fe0f0e6427a in nsPrintJob::InitPrintDocConstruction(bool) /builds/worker/checkouts/gecko/layout/printing/nsPrintJob.cpp:1488:5
#18 0x7fe0f0e6b465 in nsPrintJob::Observe(nsISupports*, char const*, char16_t const*) /builds/worker/checkouts/gecko/layout/printing/nsPrintJob.cpp:2687:17
#19 0x7fe0f1f0fe28 in mozilla::embedding::PrintProgressDialogChild::RecvDialogOpened() /builds/worker/checkouts/gecko/toolkit/components/printingui/ipc/PrintProgressDialogChild.cpp:37:18
#20 0x7fe0ecd8547b in mozilla::embedding::PPrintProgressDialogChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PPrintProgressDialogChild.cpp:234:28
#21 0x7fe0ecac7d5c in mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PContentChild.cpp:8707:32
#22 0x7fe0ec93f41e in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:2153:25
#23 0x7fe0ec93b99d in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:2077:9
#24 0x7fe0ec93ce46 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1925:3
#25 0x7fe0ec93db8b in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1956:13
#26 0x7fe0ec00af1f in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:472:16
#27 0x7fe0ec009493 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:753:26
#28 0x7fe0ec0082f4 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:611:15
#29 0x7fe0ec0084a7 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:395:36
#30 0x7fe0ec00ea46 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:133:37
#31 0x7fe0ec00ea46 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_3>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:534:5
#32 0x7fe0ec01ff27 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1158:16
#33 0x7fe0ec02636a in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:548:10
#34 0x7fe0ec944d06 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:87:21
#35 0x7fe0ec8b0643 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:335:10
#36 0x7fe0ec8b055d in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:328:3
#37 0x7fe0ec8b055d in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:310:3
#38 0x7fe0f0704e98 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27
#39 0x7fe0f1f4c943 in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:902:20
#40 0x7fe0ec945bec in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:237:9
#41 0x7fe0ec8b0643 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:335:10
#42 0x7fe0ec8b055d in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:328:3
#43 0x7fe0ec8b055d in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:310:3
#44 0x7fe0f1f4c518 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:733:34
#45 0x561164c3cf76 in content_process_main /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
#46 0x561164c3cf76 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:306:18
#47 0x7fe10107c0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
Flags: in-testsuite?
|
Assignee | |
Updated•4 years ago
|
Flags: needinfo?(emilio)
|
||
Comment 1•4 years ago
|
||
Bugmon Analysis:
Verified bug as reproducible on mozilla-central 20210203214546-ca7a3f92939d.
The bug appears to have been introduced in the following build range:
Start: a25601920fab8afe0b399e3750c53cf411e3c8ec (20200827201039)
End: ae59b435ba7e86aca38535e07e7b12609bb9a9b1 (20200827225009)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=a25601920fab8afe0b399e3750c53cf411e3c8ec&tochange=ae59b435ba7e86aca38535e07e7b12609bb9a9b1
Whiteboard: [bugmon:confirm] → [bugmon:bisected,confirmed]
|
|
Assignee | |
Updated•4 years ago
|
Flags: needinfo?(emilio)
|
|
Assignee | |
Comment 2•4 years ago
|
||
This is needed for the test in the next patch to pass (and seems like
the right thing to do anyways, but let me know if you disagree).
|
||
Updated•4 years ago
|
Assignee: nobody → emilio
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 3•4 years ago
|
||
Depends on D104381
|
||
Comment 4•4 years ago
|
||
:emilio, since this bug contains a bisection range, could you fill (if possible) the regressed_by field?
For more information, please visit auto_nag documentation.
Flags: needinfo?(emilio)
|
|
Assignee | |
Comment 5•4 years ago
|
||
Not really a regression. Regression points to the patch that allowed fuzzers to fuzz this codepath.
Flags: needinfo?(emilio)
|
|
Assignee | |
Updated•4 years ago
|
Keywords: leave-open
Pushed by ealvarez@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3137799764d3
Fix print reftest mismatch to pass with different pages rather than fail. r=jgraham,marionette-reviewers
Pushed by csabou@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4a4cfe9fa7bf
Fix prettier eslint failure on testing/marionette/reftest.js. a=eslint-fix
Pushed by ealvarez@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/967a55082ae9
Don't mess with SVG use shadow trees in print docs. r=smaug
|
||
Comment 9•4 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Updated•4 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
|
|
||
Updated•4 years ago
|
Keywords: leave-open
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/27536 for changes under testing/web-platform/tests
Whiteboard: [bugmon:bisected,confirmed] → [bugmon:bisected,confirmed], [wptsync upstream]
|
|
||
Comment 11•4 years ago
|
||
Bugmon Analysis:
Verified bug as fixed on rev mozilla-central 20210208214800-566f81bfa373.
Removing bugmon keyword as no further action possible.
Please review the bug and re-add the keyword for further analysis.
Status: RESOLVED → VERIFIED
Keywords: bugmon
|
||
Updated•4 years ago
|
status-firefox85:
--- → wontfix
status-firefox86:
--- → wontfix
status-firefox-esr78:
--- → wontfix
Flags: in-testsuite? → in-testsuite+
Target Milestone: --- → 87 Branch
Upstream PR merged by jgraham
|
||
Comment 13•3 years ago
|
||
Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4ccb17e6fde5
[wpt PR 27536] - [Gecko Bug 1690658] Fix print reftest mismatch to pass with different pages rather than fail., a=testonly
|
|
||
Comment 14•3 years ago
|
||
| bugherder | ||
You need to log in
before you can comment on or make changes to this bug.
Description
•