Closed Bug 1423250 Opened 3 years ago Closed 3 years ago
Crash in ns
CSSFrame Constructor::Should Create Items For Child
This bug was filed from the Socorro interface and is report bp-9371923b-d41a-4005-b54d-33b300171205. ============================================================= Seen while looking at nightly crash stats - crashes started using 20171204220337: http://bit.ly/2BA8DbD. Appears to be Mac only crash. Possible regression range based on build ID: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=de1f7a92e8726bdd365d4bbc5e65eaa369fbc20a&tochange=88b2d7276416f8b69191ca5fb1b5c670ec8178b8 Top 10 frames of crashing thread: 0 XUL nsCSSFrameConstructor::ShouldCreateItemsForChild dom/base/nsWrapperCache.h:290 1 XUL nsCSSFrameConstructor::AddFrameConstructionItemsInternal layout/base/nsCSSFrameConstructor.cpp:6093 2 XUL nsCSSFrameConstructor::AddFrameConstructionItems layout/base/nsCSSFrameConstructor.cpp:5804 3 XUL nsCSSFrameConstructor::ProcessChildren layout/base/nsCSSFrameConstructor.cpp:11172 4 XUL nsCSSFrameConstructor::ConstructBlock layout/base/nsCSSFrameConstructor.cpp:12132 5 XUL nsCSSFrameConstructor::ConstructNonScrollableBlockWithConstructor layout/base/nsCSSFrameConstructor.cpp:5089 6 XUL nsCSSFrameConstructor::ConstructNonScrollableBlock layout/base/nsCSSFrameConstructor.cpp:5053 7 XUL nsCSSFrameConstructor::ConstructFrameFromItemInternal layout/base/nsCSSFrameConstructor.cpp:4000 8 XUL nsCSSFrameConstructor::ConstructFramesFromItem layout/base/nsCSSFrameConstructor.cpp:6339 9 XUL nsCSSFrameConstructor::ProcessChildren layout/base/nsCSSFrameConstructor.cpp:10876 =============================================================
Changing Platform to all since this affects Window and Linux as well.
OS: Mac OS X → All
Hardware: Unspecified → All
I can reproduce this reliably on a private web app using Nightly. I can provide access if needed.
Last good revision: 08e8c61d3c5a85a9fae9f993092133dbe904abc2 First bad revision: 3fa14b7a60a4b258884725a128403a6d7a2a69a8 Pushlog: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=08e8c61d3c5a85a9fae9f993092133dbe904abc2&tochange=3fa14b7a60a4b258884725a128403a6d7a2a69a8 which is bug 1409975
Crash Signature: [@ nsCSSFrameConstructor::ShouldCreateItemsForChild] → [@ nsCSSFrameConstructor::ShouldCreateItemsForChild] [@ mozilla::dom::ExplicitChildIterator::GetNextChild]
This is probably same as Bug 1422931. We can see if there are still crashes after Bug 1422931 lands. Keep the NI for tracking.
Crash Signature: [@ nsCSSFrameConstructor::ShouldCreateItemsForChild] [@ mozilla::dom::ExplicitChildIterator::GetNextChild] → [@ nsCSSFrameConstructor::ShouldCreateItemsForChild] [@ mozilla::dom::ExplicitChildIterator::GetNextChild] [@ nsCSSFrameConstructor::ProcessChildren]
[Tracking Requested - why for this release]: Guess what Google put on their home page today: https://santatracker.google.com/village.html "Skydive with Santa and boogie with elves in Santa’s Village" unless you're in Nightly where it crashes every time. :-(
I enabled dom.webcomponents.enabled and it does not crash anymore (but it does not render correctly either), so it should be related to bug 1422931. It should be fixed soon, sorry for the incovenience. :(
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
See Also: 1422931 →
Duplicate of bug: 1422931
Group: layout-core-security → dom-core-security
Component: Layout → DOM
Just to mention one other set of STR here: a few of the crash reports mention https://addons.mozilla.org/en-US/firefox/addon/checker-plus-gmail/ , and I was able to reproduce by using that add-on in a fresh Nightly profile. (Specifically: I installed the addon, and then logged into gmail with a throwaway Gmail account (to be on the safe side), and then clicked the add-on in my toolbar, and then clicked an email message in the addon's dropdown menu. That crashed: bp-87167118-6188-438b-9556-bba8e0171207 )
Also reproduces on pageload when I visit https://www.polymer-project.org/2.0/docs/devguide/style-shadow-dom
I tested 'https://www.polymer-project.org/2.0/docs/devguide/style-shadow-dom' now that Bug 1422931 has landed and I don't see the crash anymore.
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.