Open Bug 1752667 Opened 3 years ago Updated 13 days ago

Assertion failure: !documentIsTopLevel (How could this happen?), at /builds/worker/checkouts/gecko/layout/printing/nsPrintJob.cpp:1083

Categories

(Core :: Print Preview, defect, P3)

Product:
Core
Component:
Print Preview
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox98 --- affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase)

Attachments

(1 file)

testcase.html
589 bytes, text/html
Details
Attached file testcase.html

Found while fuzzing m-c 20220122-61861c0babc6 (--enable-debug --enable-fuzzing)

To reproduce via Grizzly Replay:

$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.html --xvfb

The testcase could likely be cleaned up a bit more but it works.

Assertion failure: !documentIsTopLevel (How could this happen?), at /builds/worker/checkouts/gecko/layout/printing/nsPrintJob.cpp:1083

#0 0x7faf25891927 in nsPrintJob::ReconstructAndReflow(bool) src/layout/printing/nsPrintJob.cpp:1083:7
#1 0x7faf25890374 in nsPrintJob::SetupToPrintContent() src/layout/printing/nsPrintJob.cpp:1152:19
#2 0x7faf25893fa3 in DocumentReadyForPrinting src/layout/printing/nsPrintJob.cpp:924:17
#3 0x7faf25893fa3 in nsPrintJob::FinishPrintPreview() src/layout/printing/nsPrintJob.cpp:2449:8
#4 0x7faf25893b21 in nsPrintJob::MaybeResumePrintAfterResourcesLoaded(bool) src/layout/printing/nsPrintJob.cpp:1432:10
#5 0x7faf25894362 in nsPrintJob::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) src/layout/printing/nsPrintJob.cpp:1453:5
#6 0x7faf218d73bc in nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, nsresult) src/uriloader/base/nsDocLoader.cpp:1377:3
#7 0x7faf218d62bf in nsDocLoader::FireOnStateChange(nsIWebProgress*, nsIRequest*, int, nsresult) src/uriloader/base/nsDocLoader.cpp:1340:14
#8 0x7faf218d6490 in nsDocLoader::doStopURLLoad(nsIRequest*, nsresult) src/uriloader/base/nsDocLoader.cpp:936:3
#9 0x7faf218d5b75 in nsDocLoader::OnStopRequest(nsIRequest*, nsresult) src/uriloader/base/nsDocLoader.cpp:645:3
#10 0x7faf26ad6b5d in nsDocShell::OnStopRequest(nsIRequest*, nsresult) src/docshell/base/nsDocShell.cpp:13540:23
#11 0x7faf2063d1ba in mozilla::net::nsLoadGroup::NotifyRemovalObservers(nsIRequest*, nsresult) src/netwerk/base/nsLoadGroup.cpp:614:22
#12 0x7faf2063c7dc in mozilla::net::nsLoadGroup::Cancel(nsresult) src/netwerk/base/nsLoadGroup.cpp:240:11
#13 0x7faf218d44be in nsDocLoader::Stop() src/uriloader/base/nsDocLoader.cpp:258:36
#14 0x7faf26a80a5a in Stop src/docshell/base/nsDocShell.h:185:25
#15 0x7faf26a80a5a in nsDocShell::Stop(unsigned int) src/docshell/base/nsDocShell.cpp:4196:5
#16 0x7faf26a95ca0 in nsDocShell::Destroy() src/docshell/base/nsDocShell.cpp:4447:3
#17 0x7faf26df83c0 in nsWebBrowser::SetDocShell(nsDocShell*) src/toolkit/components/browser/nsWebBrowser.cpp:1123:18
#18 0x7faf26df7945 in nsWebBrowser::InternalDestroy() src/toolkit/components/browser/nsWebBrowser.cpp:176:3
#19 0x7faf26dfb62c in Destroy src/toolkit/components/browser/nsWebBrowser.cpp:856:3
#20 0x7faf26dfb62c in non-virtual thunk to nsWebBrowser::Destroy() src/toolkit/components/browser/nsWebBrowser.cpp
#21 0x7faf24b8e4b9 in mozilla::dom::BrowserChild::DestroyWindow() src/dom/ipc/BrowserChild.cpp:879:31
#22 0x7faf24b9ee0b in mozilla::dom::BrowserChild::RecvDestroy() src/dom/ipc/BrowserChild.cpp:2600:3
#23 0x7faf2169ca6e in mozilla::dom::PBrowserChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBrowserChild.cpp:6619:56
#24 0x7faf21092ecb in mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PContentChild.cpp:8250:32
#25 0x7faf20f059bf in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2039:25
#26 0x7faf20f02291 in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:1964:9
#27 0x7faf20f0376c in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1823:3
#28 0x7faf20f043ad in mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1851:14
#29 0x7faf2047201e in mozilla::RunnableTask::Run() src/xpcom/threads/TaskController.cpp:467:16
#30 0x7faf2044be76 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:770:26
#31 0x7faf2044ab38 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:606:15
#32 0x7faf2044adb3 in mozilla::TaskController::ProcessPendingMTTask(bool) src/xpcom/threads/TaskController.cpp:390:36
#33 0x7faf204750c9 in operator() src/xpcom/threads/TaskController.cpp:127:37
#34 0x7faf204750c9 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_1>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:531:5
#35 0x7faf20460773 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1195:16
#36 0x7faf2046785a in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:467:10
#37 0x7faf20f0b774 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:107:5
#38 0x7faf20e2b6d7 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:331:10
#39 0x7faf20e2b5e2 in RunHandler src/ipc/chromium/src/base/message_loop.cc:324:3
#40 0x7faf20e2b5e2 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:306:3
#41 0x7faf250d8e08 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#42 0x7faf271334a3 in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:870:20
#43 0x7faf20f0c6ba in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:235:9
#44 0x7faf20e2b6d7 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:331:10
#45 0x7faf20e2b5e2 in RunHandler src/ipc/chromium/src/base/message_loop.cc:324:3
#46 0x7faf20e2b5e2 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:306:3
#47 0x7faf27132adc in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:707:34
#48 0x558888cc9029 in content_process_main src/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
#49 0x558888cc9029 in main src/browser/app/nsBrowserApp.cpp:327:18
#50 0x7faf3524f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#51 0x558888ca47bc in _start (/home/worker/builds/m-c-20220122095122-fuzzing-debug/firefox-bin+0x157bc)

A Pernosco session is available here: https://pernos.co/debug/qI79Hq1t5RGzQBli6wGEVg/index.html

I think bug 1747851 would also fix this.

Severity: -- → S3
Depends on: 1747851
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: