Closed
Bug 1423250
Opened 3 years ago
Closed 3 years ago
Crash in nsCSSFrameConstructor::ShouldCreateItemsForChild
Categories
(Core :: DOM: Core & HTML, defect, P1)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
DUPLICATE
of bug 1422931
People
(Reporter: marcia, Unassigned)
References
Details
(Keywords: crash, regression, reproducible, Whiteboard: [adv-main59-])
Crash Data
This bug was filed from the Socorro interface and is report bp-9371923b-d41a-4005-b54d-33b300171205. ============================================================= Seen while looking at nightly crash stats - crashes started using 20171204220337: http://bit.ly/2BA8DbD. Appears to be Mac only crash. Possible regression range based on build ID: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=de1f7a92e8726bdd365d4bbc5e65eaa369fbc20a&tochange=88b2d7276416f8b69191ca5fb1b5c670ec8178b8 Top 10 frames of crashing thread: 0 XUL nsCSSFrameConstructor::ShouldCreateItemsForChild dom/base/nsWrapperCache.h:290 1 XUL nsCSSFrameConstructor::AddFrameConstructionItemsInternal layout/base/nsCSSFrameConstructor.cpp:6093 2 XUL nsCSSFrameConstructor::AddFrameConstructionItems layout/base/nsCSSFrameConstructor.cpp:5804 3 XUL nsCSSFrameConstructor::ProcessChildren layout/base/nsCSSFrameConstructor.cpp:11172 4 XUL nsCSSFrameConstructor::ConstructBlock layout/base/nsCSSFrameConstructor.cpp:12132 5 XUL nsCSSFrameConstructor::ConstructNonScrollableBlockWithConstructor layout/base/nsCSSFrameConstructor.cpp:5089 6 XUL nsCSSFrameConstructor::ConstructNonScrollableBlock layout/base/nsCSSFrameConstructor.cpp:5053 7 XUL nsCSSFrameConstructor::ConstructFrameFromItemInternal layout/base/nsCSSFrameConstructor.cpp:4000 8 XUL nsCSSFrameConstructor::ConstructFramesFromItem layout/base/nsCSSFrameConstructor.cpp:6339 9 XUL nsCSSFrameConstructor::ProcessChildren layout/base/nsCSSFrameConstructor.cpp:10876 =============================================================
|
Reporter | |
Comment 1•3 years ago
|
||
Changing Platform to all since this affects Window and Linux as well.
OS: Mac OS X → All
Hardware: Unspecified → All
|
||
Comment 2•3 years ago
|
||
I can reproduce this reliably on a private web app using Nightly. I can provide access if needed.
|
|
||
Comment 3•3 years ago
|
||
Last good revision: 08e8c61d3c5a85a9fae9f993092133dbe904abc2 First bad revision: 3fa14b7a60a4b258884725a128403a6d7a2a69a8 Pushlog: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=08e8c61d3c5a85a9fae9f993092133dbe904abc2&tochange=3fa14b7a60a4b258884725a128403a6d7a2a69a8 which is bug 1409975
|
|
Reporter | |
Updated•3 years ago
|
Crash Signature: [@ nsCSSFrameConstructor::ShouldCreateItemsForChild] → [@ nsCSSFrameConstructor::ShouldCreateItemsForChild]
[@ mozilla::dom::ExplicitChildIterator::GetNextChild]
|
||
Comment 4•3 years ago
|
||
This is probably same as Bug 1422931. We can see if there are still crashes after Bug 1422931 lands. Keep the NI for tracking.
|
|
Reporter | |
Updated•3 years ago
|
Crash Signature: [@ nsCSSFrameConstructor::ShouldCreateItemsForChild]
[@ mozilla::dom::ExplicitChildIterator::GetNextChild] → [@ nsCSSFrameConstructor::ShouldCreateItemsForChild]
[@ mozilla::dom::ExplicitChildIterator::GetNextChild]
[@ nsCSSFrameConstructor::ProcessChildren]
|
||
Comment 5•3 years ago
|
||
[Tracking Requested - why for this release]: Guess what Google put on their home page today: https://santatracker.google.com/village.html "Skydive with Santa and boogie with elves in Santa’s Village" unless you're in Nightly where it crashes every time. :-(
tracking-firefox59:
--- → ?
Priority: -- → P1
|
|
||
Comment 6•3 years ago
|
||
https://crash-stats.mozilla.com/report/index/f39c6be2-1f57-462c-9345-180da0171207
Group: core-security
|
|
||
Comment 7•3 years ago
|
||
I enabled dom.webcomponents.enabled and it does not crash anymore (but it does not render correctly either), so it should be related to bug 1422931. It should be fixed soon, sorry for the incovenience. :(
Flags: needinfo?(jjong)
|
|
Reporter | |
Comment 8•3 years ago
|
||
Tracking 59+ due to high volume in nightly on at least one signature.
|
||
Updated•3 years ago
|
Group: core-security → layout-core-security
|
|
||
Updated•3 years ago
|
Group: layout-core-security → dom-core-security
Component: Layout → DOM
|
||
Comment 10•3 years ago
|
||
Just to mention one other set of STR here: a few of the crash reports mention https://addons.mozilla.org/en-US/firefox/addon/checker-plus-gmail/ , and I was able to reproduce by using that add-on in a fresh Nightly profile. (Specifically: I installed the addon, and then logged into gmail with a throwaway Gmail account (to be on the safe side), and then clicked the add-on in my toolbar, and then clicked an email message in the addon's dropdown menu. That crashed: bp-87167118-6188-438b-9556-bba8e0171207 )
|
|
||
Comment 11•3 years ago
|
||
Also reproduces on pageload when I visit https://www.polymer-project.org/2.0/docs/devguide/style-shadow-dom
|
|
||
Comment 12•3 years ago
|
||
I tested 'https://www.polymer-project.org/2.0/docs/devguide/style-shadow-dom' now that Bug 1422931 has landed and I don't see the crash anymore.
Fixed in 59 in the duplicate.
|
||
Updated•3 years ago
|
Whiteboard: [adv-main59-]
|
||
Updated•2 years ago
|
Group: dom-core-security
|
Assignee | |
Updated•2 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•