This bug was filed from the Socorro interface and is report bp-bd03514e-3a05-476c-806b-548560180412. ============================================================= Top 10 frames of crashing thread: 0 libxul.so mozilla::dom::ChildSHistory::LegacySHistory docshell/shistory/ChildSHistory.cpp:87 1 libxul.so nsHistory::PushOrReplaceState dom/base/nsHistory.cpp:292 2 libxul.so nsHistory::ReplaceState dom/base/nsHistory.cpp:258 3 libxul.so mozilla::dom::HistoryBinding::replaceState dom/bindings/HistoryBinding.cpp:384 4 libxul.so mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions> dom/bindings/BindingUtils.cpp:3195 5 libxul.so libxul.so@0x2f2d3fd 6 libxul.so libxul.so@0x2f64d74 7 @0x1e32983dc3c7 8 @0x7f128d223d7f 9 @0x1e32983d64e1 ============================================================= There are 3 crashes (from 3 installations) in nightly 61 with buildid 20180412001050. In analyzing the backtrace, the regression may have been introduced by patch  to fix bug 1434768.  https://hg.mozilla.org/mozilla-central/rev?node=47c477fefd3b
I just hit this https://crash-stats.mozilla.com/report/index/b4096876-e749-498f-89aa-eceda0180413 When clicking a link on a google search result page pointing to an ietf draft.
Approaching 200 crashes since this was filed. Nils - Is the crash reproducible? If so please paste the link. Thanks.
(In reply to Marcia Knous [:marcia - needinfo? me] from comment #2) > Nils - Is the crash > reproducible? If so please paste the link. Thanks. I tried a couple of time with the same search terms and clicking new links as well as links I had clicked before, but was not able to reproduce it any more.
Volume is up to almost 800 crashes since initial filing - Mac and Linux only, with Mac 10.13 accounting for the majority of crashes.
Looks like this accidentally got thrown out in the refactoring.
Attachment #8968315 - Flags: review?(bzbarsky)
Comment on attachment 8968315 [details] [diff] [review] Null-check rootSH in nsDocShell::AddState r=me, though I kinda wonder how we get into this state (torn-down docshell?).
Attachment #8968315 - Flags: review?(bzbarsky) → review+
Pushed by email@example.com: https://hg.mozilla.org/mozilla-central/rev/26d6282bdbe0 Null-check rootSH in nsDocShell::AddState. r=bz, a=RyanVM
You need to log in before you can comment on or make changes to this bug.