Found while fuzzing m-c 20221127-f49e8eca9e34 (--enable-debug --enable-fuzzing)

A reliable test case is not available.
A Pernosco session is available here: https://pernos.co/debug/r5jAIBxtjW3-t7mXC3cOTw/index.html

Assertion failure: !mIsBeingDestroyed, at /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp:3981

#0 0x7f2c2de2e7ab in nsDocShell::LoadErrorPage(nsIURI*, char16_t const*, char const*, char const*, char16_t const*, char const*, nsIChannel*) /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp:3981:3
#1 0x7f2c2de2adc7 in nsDocShell::DisplayLoadError(nsresult, nsIURI*, char16_t const*, nsIChannel*, bool*) /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp:3955:9
#2 0x7f2c2de12681 in DisplayLoadError /builds/worker/checkouts/gecko/docshell/base/nsDocShell.h:772:5
#3 0x7f2c2de12681 in NavigationBlockedByPrinting /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp:3315:5
#4 0x7f2c2de12681 in nsDocShell::IsNavigationAllowed(bool, bool) /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp:3322:21
#5 0x7f2c2de696e8 in nsDocShell::OnLinkClickSync(nsIContent*, nsDocShellLoadState*, bool, nsIPrincipal*) /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp:12967:8
#6 0x7f2c2ad2fc63 in mozilla::dom::HTMLFormElement::SubmitSubmission(mozilla::dom::HTMLFormSubmission*) /builds/worker/checkouts/gecko/dom/html/HTMLFormElement.cpp:825:39
#7 0x7f2c2ad2e129 in mozilla::dom::HTMLFormElement::DoSubmit(mozilla::dom::Event*) /builds/worker/checkouts/gecko/dom/html/HTMLFormElement.cpp:691:10
#8 0x7f2c2ad2ddd2 in mozilla::dom::HTMLFormElement::Submit(mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/html/HTMLFormElement.cpp:270:56
#9 0x7f2c2a483f7f in mozilla::dom::HTMLFormElement_Binding::submit(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/HTMLFormElementBinding.cpp:887:24
#10 0x7f2c2a589f02 in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/dom/bindings/BindingUtils.cpp:3287:13
#11 0x7f2c2e861b9c in CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:459:13
#12 0x7f2c2e8614bf in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:547:12
#13 0x7f2c2e851404 in CallFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:619:10
#14 0x7f2c2e851404 in Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3375:16
#15 0x7f2c2e8434fe in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:431:13
#16 0x7f2c2e8613bb in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:579:13
#17 0x7f2c2e8628fc in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:646:8
#18 0x7f2c2e919a8c in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/CallAndConstruct.cpp:117:10
#19 0x7f2c2a287375 in mozilla::dom::EventHandlerNonNull::Call(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) /builds/worker/workspace/obj-build/dom/bindings/EventHandlerBinding.cpp:65:37
#20 0x7f2c2ab661a9 in void mozilla::dom::EventHandlerNonNull::Call<nsCOMPtr<mozilla::dom::EventTarget>>(nsCOMPtr<mozilla::dom::EventTarget> const&, mozilla::dom::Event&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JS::Realm*) /builds/worker/workspace/obj-build/dist/include/mozilla/dom/EventHandlerBinding.h:82:12
#21 0x7f2c2ab653c4 in mozilla::JSEventHandler::HandleEvent(mozilla::dom::Event*) /builds/worker/checkouts/gecko/dom/events/JSEventHandler.cpp:201:12
#22 0x7f2c2ab4603d in mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, mozilla::dom::Event*, mozilla::dom::EventTarget*) /builds/worker/checkouts/gecko/dom/events/EventListenerManager.cpp:1317:22
#23 0x7f2c2ab46ca9 in mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) /builds/worker/checkouts/gecko/dom/events/EventListenerManager.cpp:1507:17
#24 0x7f2c2ab3bcb6 in HandleEvent /builds/worker/checkouts/gecko/dom/events/EventListenerManager.h:395:5
#25 0x7f2c2ab3bcb6 in mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) /builds/worker/checkouts/gecko/dom/events/EventDispatcher.cpp:348:17
#26 0x7f2c2ab3b1eb in mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) /builds/worker/checkouts/gecko/dom/events/EventDispatcher.cpp:550:16
#27 0x7f2c2ab3d9ab in mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) /builds/worker/checkouts/gecko/dom/events/EventDispatcher.cpp:1119:11
#28 0x7f2c2c803060 in nsDocumentViewer::PageHide(bool) /builds/worker/checkouts/gecko/layout/base/nsDocumentViewer.cpp:1425:5
#29 0x7f2c2de166d6 in nsDocShell::FirePageHideNotificationInternal(bool, bool) /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp:1242:20
#30 0x7f2c2de0b9ba in FirePageHideNotification /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp:1226:3
#31 0x7f2c2de0b9ba in nsDocShell::Destroy() /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp:4580:9
#32 0x7f2c2e288c60 in nsWebBrowser::SetDocShell(nsDocShell*) /builds/worker/checkouts/gecko/toolkit/components/browser/nsWebBrowser.cpp:1123:18
#33 0x7f2c2e288235 in nsWebBrowser::InternalDestroy() /builds/worker/checkouts/gecko/toolkit/components/browser/nsWebBrowser.cpp:176:3
#34 0x7f2c2e28bf8c in Destroy /builds/worker/checkouts/gecko/toolkit/components/browser/nsWebBrowser.cpp:858:3
#35 0x7f2c2e28bf8c in non-virtual thunk to nsWebBrowser::Destroy() /builds/worker/checkouts/gecko/toolkit/components/browser/nsWebBrowser.cpp
#36 0x7f2c2bc3671c in mozilla::dom::BrowserChild::DestroyWindow() /builds/worker/checkouts/gecko/dom/ipc/BrowserChild.cpp:850:31
#37 0x7f2c2bc4652f in mozilla::dom::BrowserChild::RecvDestroy() /builds/worker/checkouts/gecko/dom/ipc/BrowserChild.cpp:2591:3
#38 0x7f2c2bd459d2 in mozilla::dom::PBrowserChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBrowserChild.cpp:7042:80
#39 0x7f2c2bdbdf0b in mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PContentChild.cpp:8700:32
#40 0x7f2c2801238a in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1756:25
#41 0x7f2c2800efe7 in mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::UniquePtr<IPC::Message, mozilla::DefaultDelete<IPC::Message>>) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1681:9
#42 0x7f2c2800fb35 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1481:3
#43 0x7f2c28010e6f in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1579:14
#44 0x7f2c27409cb5 in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:538:16
#45 0x7f2c2740529c in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:851:26
#46 0x7f2c27403e6a in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:683:15
#47 0x7f2c274041c5 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:461:36
#48 0x7f2c2740d629 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:190:37
#49 0x7f2c2740d629 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_3>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:546:5
#50 0x7f2c27422f48 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1204:16
#51 0x7f2c274296bd in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:474:10
#52 0x7f2c2bbf8b9c in bool mozilla::SpinEventLoopUntil<(mozilla::ProcessFailureBehavior)1, mozilla::dom::ContentChild::ProvideWindowCommon(mozilla::dom::BrowserChild*, nsIOpenWindowInfo*, unsigned int, bool, nsIURI*, nsTSubstring<char16_t> const&, nsTSubstring<char> const&, bool, bool, bool, nsDocShellLoadState*, bool*, mozilla::dom::BrowsingContext**)::$_8>(nsTSubstring<char> const&, mozilla::dom::ContentChild::ProvideWindowCommon(mozilla::dom::BrowserChild*, nsIOpenWindowInfo*, unsigned int, bool, nsIURI*, nsTSubstring<char16_t> const&, nsTSubstring<char> const&, bool, bool, bool, nsDocShellLoadState*, bool*, mozilla::dom::BrowsingContext**)::$_8&&, nsIThread*) /builds/worker/workspace/obj-build/dist/include/mozilla/SpinEventLoopUntil.h:176:25
#53 0x7f2c2bbf6b0b in mozilla::dom::ContentChild::ProvideWindowCommon(mozilla::dom::BrowserChild*, nsIOpenWindowInfo*, unsigned int, bool, nsIURI*, nsTSubstring<char16_t> const&, nsTSubstring<char> const&, bool, bool, bool, nsDocShellLoadState*, bool*, mozilla::dom::BrowsingContext**) /builds/worker/checkouts/gecko/dom/ipc/ContentChild.cpp:1275:5
#54 0x7f2c2bc35d11 in mozilla::dom::BrowserChild::ProvideWindow(nsIOpenWindowInfo*, unsigned int, bool, nsIURI*, nsTSubstring<char16_t> const&, nsTSubstring<char> const&, bool, bool, bool, nsDocShellLoadState*, bool*, mozilla::dom::BrowsingContext**) /builds/worker/checkouts/gecko/dom/ipc/BrowserChild.cpp:807:14
#55 0x7f2c2e59ad62 in nsWindowWatcher::OpenWindowInternal(mozIDOMWindowProxy*, nsTSubstring<char> const&, nsTSubstring<char> const&, nsTSubstring<char> const&, bool, bool, bool, nsIArray*, bool, bool, bool, nsPIWindowWatcher::PrintKind, nsDocShellLoadState*, mozilla::dom::BrowsingContext**) /builds/worker/checkouts/gecko/toolkit/components/windowwatcher/nsWindowWatcher.cpp:925:24
#56 0x7f2c2e59d10f in nsWindowWatcher::OpenWindow2(mozIDOMWindowProxy*, nsTSubstring<char> const&, nsTSubstring<char> const&, nsTSubstring<char> const&, bool, bool, bool, nsISupports*, bool, bool, bool, nsPIWindowWatcher::PrintKind, nsDocShellLoadState*, mozilla::dom::BrowsingContext**) /builds/worker/checkouts/gecko/toolkit/components/windowwatcher/nsWindowWatcher.cpp:389:10
#57 0x7f2c28cffab2 in nsGlobalWindowOuter::OpenInternal(nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, nsTSubstring<char16_t> const&, bool, bool, bool, bool, bool, nsIArray*, nsISupports*, nsDocShellLoadState*, bool, nsGlobalWindowOuter::PrintKind, mozilla::dom::BrowsingContext**) /builds/worker/checkouts/gecko/dom/base/nsGlobalWindowOuter.cpp:7034:21
#58 0x7f2c28cfd9fe in nsGlobalWindowOuter::Print(nsIPrintSettings*, mozilla::layout::RemotePrintJobChild*, nsIWebProgressListener*, nsIDocShell*, nsGlobalWindowOuter::IsPreview, nsGlobalWindowOuter::IsForWindowDotPrint, std::function<void (mozilla::dom::PrintPreviewResultInfo const&)>&&, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/base/nsGlobalWindowOuter.cpp:5202:16
#59 0x7f2c28cfcd56 in nsGlobalWindowOuter::PrintOuter(mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/base/nsGlobalWindowOuter.cpp:5105:3
#60 0x7f2c28cb5d19 in nsGlobalWindowInner::Print(mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/base/nsGlobalWindowInner.cpp:3919:3
#61 0x7f2c29f8604f in mozilla::dom::Window_Binding::print(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) /builds/worker/workspace/obj-build/dom/bindings/WindowBinding.cpp:3686:24
#62 0x7f2c2a58b942 in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::MaybeCrossOriginObjectThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/dom/bindings/BindingUtils.cpp:3287:13
#63 0x7f2c2e861b9c in CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:459:13
#64 0x7f2c2e8614bf in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:547:12
#65 0x7f2c2e851404 in CallFromStack /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:619:10
#66 0x7f2c2e851404 in Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:3375:16
#67 0x7f2c2e8434fe in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:431:13
#68 0x7f2c2e8613bb in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:579:13
#69 0x7f2c2e8628fc in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:646:8
#70 0x7f2c2e919a8c in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/CallAndConstruct.cpp:117:10
#71 0x7f2c29e9dcf2 in mozilla::dom::IdleRequestCallback::Call(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::dom::IdleDeadline&, mozilla::ErrorResult&) /builds/worker/workspace/obj-build/dom/bindings/WindowBinding.cpp:827:8
#72 0x7f2c28db5a15 in mozilla::dom::IdleRequestCallback::Call(mozilla::dom::IdleDeadline&, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JS::Realm*) /builds/worker/workspace/obj-build/dist/include/mozilla/dom/WindowBinding.h:691:12
#73 0x7f2c28f2c686 in Call /builds/worker/workspace/obj-build/dist/include/mozilla/dom/WindowBinding.h:704:12
#74 0x7f2c28f2c686 in mozilla::dom::IdleRequest::IdleRun(nsPIDOMWindowInner*, double, bool) /builds/worker/checkouts/gecko/dom/base/IdleRequest.cpp:61:13
#75 0x7f2c28c98974 in nsGlobalWindowInner::RunIdleRequest(mozilla::dom::IdleRequest*, double, bool) /builds/worker/checkouts/gecko/dom/base/nsGlobalWindowInner.cpp:729:12
#76 0x7f2c28c9778b in nsGlobalWindowInner::ExecuteIdleRequest(mozilla::TimeStamp) /builds/worker/checkouts/gecko/dom/base/nsGlobalWindowInner.cpp:757:3
#77 0x7f2c28c974a1 in IdleRequestExecutor::Run() /builds/worker/checkouts/gecko/dom/base/nsGlobalWindowInner.cpp:598:13
#78 0x7f2c27409cb5 in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:538:16
#79 0x7f2c2740529c in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:851:26
#80 0x7f2c27403fce in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:725:15
#81 0x7f2c274041c5 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:461:36
#82 0x7f2c2740d5b6 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:187:37
#83 0x7f2c2740d5b6 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_2>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:546:5
#84 0x7f2c27422f48 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1204:16
#85 0x7f2c274296bd in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:474:10
#86 0x7f2c28017c63 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:85:21
#87 0x7f2c27f3d7b8 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:381:10
#88 0x7f2c27f3d6c1 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374:3
#89 0x7f2c27f3d6c1 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356:3
#90 0x7f2c2c4026d8 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:150:27
#91 0x7f2c2e61b29b in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:884:20
#92 0x7f2c28018b29 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:235:9
#93 0x7f2c27f3d7b8 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:381:10
#94 0x7f2c27f3d6c1 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374:3
#95 0x7f2c27f3d6c1 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356:3
#96 0x7f2c2e61a82c in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:743:34
#97 0x561f20265be0 in content_process_main /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
#98 0x561f20265be0 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:359:18
#99 0x7f2c3bb09082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
#100 0x561f2023c248 in _start (/home/worker/builds/m-c-20221127212619-fuzzing-debug/firefox-bin+0x5b248) (BuildId: bf7fdbcacbfbbd4bdfd4eb014b5cdc48ff6a92ea)

Could you attach a testcase to reproduce it?

(In reply to Masayuki Nakano [:masayuki] (he/him)(JST, +0900) from comment #1)

Could you attach a testcase to reproduce it?

I managed to reduce it but it is not 100% reliable.

To reproduce via Grizzly Replay:

$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.html --repeat 20

Thank you. It seems that this is a bug around navigation.

Verified bug as reproducible on mozilla-central 20230131042526-3479f77e7402.
Unable to bisect testcase (Testcase reproduces on start build!):

Start: 4bff0b888cd9a91b7cb4dc3d35951160e39aa0ae (20220201093942)
End: f49e8eca9e344e5d8b9a5e67ff5859ba3afc3a4d (20221127212619)
BuildFlags: BuildFlags(asan=False, tsan=False, debug=True, fuzzing=True, coverage=False, valgrind=False, no_opt=False, fuzzilli=False, nyx=False)

The assertion looks pretty bogus to me, since later we'd just return early
https://searchfox.org/mozilla-central/rev/8e9b4484408154b80d7ede9e1b035819fda48fd2/docshell/base/nsDocShell.cpp#9274-9275

We'd return early anyhow later in nsDocShell::InternalLoad.
The patch is based on code inspection. If one is closing the window while printing, we could get to this state, among other cases.

https://hg.mozilla.org/mozilla-central/rev/6476bcc7076f

Verified bug as fixed on rev mozilla-central 20230131210346-351f3b41f9fb.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.

The patch landed in nightly and beta is affected.
:smaug, is this bug important enough to require an uplift?

• If yes, please nominate the patch for beta approval.
• If no, please set status-firefox110 to wontfix.

For more information, please visit auto_nag documentation.

Not important. We'd return early later in the code.