I think this is a similar situation to what tnikkel described in bug 1708808 comment 6; looking at recent reports, it looks like we're crashing while walking the whole frame tree, and we're tripping over some corruption that was left behind by something that went wrong earlier. bp-25809414-9c40-4965-9da8-cb5390221013 is in MarkFramesInSubtreeApproximatelyVisible (the function that bug 1708808 is about). We also have bp-968acb38-75db-47d6-beea-8b69c0221013 `nsIFrame::ClearInvalidationStateBits` which similarly walks the whole frame tree.
Bug 707699 Comment 15 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
I think this is a similar situation to what tnikkel described in bug 1708808 comment 6; looking at recent reports, it looks like we're crashing while walking the whole frame tree, and we're tripping over some corruption that was left behind by something that went wrong earlier. bp-25809414-9c40-4965-9da8-cb5390221013 is a crash with this `GetChildLists` signature, inside of `MarkFramesInSubtreeApproximatelyVisible` (the function that bug 1708808 is about). We also have bp-968acb38-75db-47d6-beea-8b69c0221013 `nsIFrame::ClearInvalidationStateBits` which similarly walks the whole frame tree.
I think this is a similar situation to what tnikkel described in bug 1708808 comment 6; looking at recent reports, it looks like we're crashing while walking the whole frame tree, and we're tripping over some corruption that was left behind by something that went wrong earlier. bp-25809414-9c40-4965-9da8-cb5390221013 is a crash with this `GetChildLists` signature, inside of `MarkFramesInSubtreeApproximatelyVisible` (the function that bug 1708808 is about, which walks the whole frame tree). We also have bp-968acb38-75db-47d6-beea-8b69c0221013 `nsIFrame::ClearInvalidationStateBits` which similarly walks the whole frame tree.