Closed Bug 1857251 Opened 2 years ago Closed 2 years ago

Crash in [@ nsPresContext::GetPresShell] from nsRefreshDriver::UpdateRelevancyOfContentVisibilityAutoFrames()

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Platform:
Unspecified
Android
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
120 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox118 --- unaffected
firefox119 --- unaffected
firefox120 + fixed

People

(Reporter: aryx, Assigned: dholbert)

References

(Regression)

Details

(Keywords: crash, regression, topcrash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/1afa6d93-4fb9-4a6d-9c25-536850231005

Reason: SIGSEGV / SEGV_MAPERR

Top 10 frames of crashing thread:

0  libxul.so  nsPresContext::GetPresShell const  layout/base/nsPresContext.h:213
0  libxul.so  nsRefreshDriver::UpdateRelevancyOfContentVisibilityAutoFrames  layout/base/nsRefreshDriver.cpp:2236
0  libxul.so  nsRefreshDriver::Tick  layout/base/nsRefreshDriver.cpp:2748
1  libxul.so  mozilla::RefreshDriverTimer::TickDriver  layout/base/nsRefreshDriver.cpp:359
1  libxul.so  mozilla::RefreshDriverTimer::TickRefreshDrivers  layout/base/nsRefreshDriver.cpp:337
2  libxul.so  mozilla::RefreshDriverTimer::Tick  layout/base/nsRefreshDriver.cpp:353
3  libxul.so  mozilla::VsyncRefreshDriverTimer::RunRefreshDrivers  layout/base/nsRefreshDriver.cpp:924
3  libxul.so  mozilla::VsyncRefreshDriverTimer::TickRefreshDriver  layout/base/nsRefreshDriver.cpp:834
4  libxul.so  mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsyncTimerOnMainThread  layout/base/nsRefreshDriver.cpp:578
5  libxul.so  mozilla::dom::VsyncMainChild::RecvNotify  dom/ipc/VsyncMainChild.cpp:66

Looks like another missing null check, this time in nsRefreshDriver::UpdateRelevancyOfContentVisibilityAutoFrames.

See Also: → 1857115
Summary: Crash in [@ nsPresContext::GetPresShell] → Crash in [@ nsPresContext::GetPresShell] from nsRefreshDriver::UpdateRelevancyOfContentVisibilityAutoFrames()

This is first showing up on the 20231003213105 build, like bug 1857115, so I'm guessing this is also a regression from bug 1807253, though it seems less obviously connected as UpdateRelevancyOfContentVisibilityAutoFrames itself did not change.

Keywords: regression
Regressed by: 1807253

:surkov, since you are the author of the regressor, bug 1807253, could you take a look?

For more information, please visit BugBot documentation.

Flags: needinfo?(surkov.alexander)

The bug is linked to a topcrash signature, which matches the following criterion:

  • Top 10 AArch64 and ARM crashes on nightly

For more information, please visit BugBot documentation.

Keywords: topcrash

The bug is marked as tracked for firefox120 (nightly). We have limited time to fix this, the soft freeze is in 10 days. However, the bug still isn't assigned.

:fgriffith, could you please find an assignee for this tracked bug? Given that it is a regression and we know the cause, we could also simply backout the regressor. If you disagree with the tracking decision, please talk with the release managers.

For more information, please visit BugBot documentation.

Flags: needinfo?(fgriffith)

This should be fixed by bug 1857561, which makes us bail out of nsRefreshDriver::Tick before the call to UpdateRelevancyOfContentVisibilityAutoFrames, if either the pres context or the pres shell are null.

Assignee: nobody → dholbert
Depends on: 1857561
Flags: needinfo?(surkov.alexander)
Flags: needinfo?(fgriffith)

Fixed by bug 1857561

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox120: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 120 Branch
You need to log in before you can comment on or make changes to this bug.