Closed
Bug 1671496
Opened 4 years ago
Closed 2 years ago
crash near null in [@ nsIFrame::BuildDisplayListForChild]
Categories
(Core :: Layout: Columns, defect)
Core
Layout: Columns
Tracking
()
RESOLVED
DUPLICATE
of bug 1663232
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: crash, regression, testcase, Whiteboard: [bugmon:bisected,confirmed])
Crash Data
Attachments
(1 file)
|
459 bytes,
text/html
|
Details |
==13395==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000030 (pc 0x7fd00085c51c bp 0x7ffdd2e23290 sp 0x7ffdd2e228c0 T0)
==13395==The signal is caused by a READ memory access.
==13395==Hint: address points to the zero page.
#0 0x7fd00085c51c in GetParent src/layout/generic/nsIFrame.h:974:48
#1 0x7fd00085c51c in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4024:40
#2 0x7fd00080c6d5 in DisplayLine(nsDisplayListBuilder*, nsLineList_iterator&, bool, nsDisplayListSet const&, nsBlockFrame*, mozilla::css::TextOverflow*, unsigned int, int, int&) src/layout/generic/nsBlockFrame.cpp:6913:13
#3 0x7fd00080a9b6 in nsBlockFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsBlockFrame.cpp:7071:9
#4 0x7fd00096fe32 in nsIFrame::BuildDisplayListForSimpleChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&) src/layout/generic/nsIFrame.cpp:3968:11
#5 0x7fd00085cb26 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4057:5
#6 0x7fd00082f667 in nsColumnSetFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsColumnSetFrame.cpp:1286:5
#7 0x7fd00096fe32 in nsIFrame::BuildDisplayListForSimpleChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&) src/layout/generic/nsIFrame.cpp:3968:11
#8 0x7fd00085cb26 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4057:5
#9 0x7fd00080c6d5 in DisplayLine(nsDisplayListBuilder*, nsLineList_iterator&, bool, nsDisplayListSet const&, nsBlockFrame*, mozilla::css::TextOverflow*, unsigned int, int, int&) src/layout/generic/nsBlockFrame.cpp:6913:13
#10 0x7fd00080a9b6 in nsBlockFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsBlockFrame.cpp:7071:9
#11 0x7fd000967a92 in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) src/layout/generic/nsIFrame.cpp:3428:5
#12 0x7fd00085dc6e in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4231:12
#13 0x7fd00080c6d5 in DisplayLine(nsDisplayListBuilder*, nsLineList_iterator&, bool, nsDisplayListSet const&, nsBlockFrame*, mozilla::css::TextOverflow*, unsigned int, int, int&) src/layout/generic/nsBlockFrame.cpp:6913:13
#14 0x7fd00080a9b6 in nsBlockFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsBlockFrame.cpp:7071:9
#15 0x7fd00096fe32 in nsIFrame::BuildDisplayListForSimpleChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&) src/layout/generic/nsIFrame.cpp:3968:11
#16 0x7fd00085cb26 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4057:5
#17 0x7fd00082f667 in nsColumnSetFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsColumnSetFrame.cpp:1286:5
#18 0x7fd00096fe32 in nsIFrame::BuildDisplayListForSimpleChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&) src/layout/generic/nsIFrame.cpp:3968:11
#19 0x7fd00085cb26 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4057:5
#20 0x7fd00080c6d5 in DisplayLine(nsDisplayListBuilder*, nsLineList_iterator&, bool, nsDisplayListSet const&, nsBlockFrame*, mozilla::css::TextOverflow*, unsigned int, int, int&) src/layout/generic/nsBlockFrame.cpp:6913:13
#21 0x7fd00080a9b6 in nsBlockFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsBlockFrame.cpp:7071:9
#22 0x7fd000967a92 in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) src/layout/generic/nsIFrame.cpp:3428:5
#23 0x7fd00085dc6e in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4231:12
#24 0x7fd00080c6d5 in DisplayLine(nsDisplayListBuilder*, nsLineList_iterator&, bool, nsDisplayListSet const&, nsBlockFrame*, mozilla::css::TextOverflow*, unsigned int, int, int&) src/layout/generic/nsBlockFrame.cpp:6913:13
#25 0x7fd00080a9b6 in nsBlockFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsBlockFrame.cpp:7071:9
#26 0x7fd000967a92 in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) src/layout/generic/nsIFrame.cpp:3428:5
#27 0x7fd00085dc6e in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4231:12
#28 0x7fd00080c6d5 in DisplayLine(nsDisplayListBuilder*, nsLineList_iterator&, bool, nsDisplayListSet const&, nsBlockFrame*, mozilla::css::TextOverflow*, unsigned int, int, int&) src/layout/generic/nsBlockFrame.cpp:6913:13
#29 0x7fd00080a9b6 in nsBlockFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsBlockFrame.cpp:7071:9
#30 0x7fd000967a92 in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) src/layout/generic/nsIFrame.cpp:3428:5
#31 0x7fd00085dc6e in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4231:12
#32 0x7fd00080c6d5 in DisplayLine(nsDisplayListBuilder*, nsLineList_iterator&, bool, nsDisplayListSet const&, nsBlockFrame*, mozilla::css::TextOverflow*, unsigned int, int, int&) src/layout/generic/nsBlockFrame.cpp:6913:13
#33 0x7fd00080a9b6 in nsBlockFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsBlockFrame.cpp:7071:9
#34 0x7fd000967a92 in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) src/layout/generic/nsIFrame.cpp:3428:5
#35 0x7fd00085dc6e in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4231:12
#36 0x7fd00080c6d5 in DisplayLine(nsDisplayListBuilder*, nsLineList_iterator&, bool, nsDisplayListSet const&, nsBlockFrame*, mozilla::css::TextOverflow*, unsigned int, int, int&) src/layout/generic/nsBlockFrame.cpp:6913:13
#37 0x7fd00080a9b6 in nsBlockFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsBlockFrame.cpp:7071:9
#38 0x7fd00085e1a0 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4270:14
#39 0x7fd00082f667 in nsColumnSetFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsColumnSetFrame.cpp:1286:5
#40 0x7fd00085e1a0 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4270:14
#41 0x7fd00080c6d5 in DisplayLine(nsDisplayListBuilder*, nsLineList_iterator&, bool, nsDisplayListSet const&, nsBlockFrame*, mozilla::css::TextOverflow*, unsigned int, int, int&) src/layout/generic/nsBlockFrame.cpp:6913:13
#42 0x7fd00080a9b6 in nsBlockFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsBlockFrame.cpp:7071:9
#43 0x7fd000967a92 in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) src/layout/generic/nsIFrame.cpp:3428:5
#44 0x7fd00085dc6e in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4231:12
#45 0x7fd00080c6d5 in DisplayLine(nsDisplayListBuilder*, nsLineList_iterator&, bool, nsDisplayListSet const&, nsBlockFrame*, mozilla::css::TextOverflow*, unsigned int, int, int&) src/layout/generic/nsBlockFrame.cpp:6913:13
#46 0x7fd00080a9b6 in nsBlockFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsBlockFrame.cpp:7071:9
#47 0x7fd00096fe32 in nsIFrame::BuildDisplayListForSimpleChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&) src/layout/generic/nsIFrame.cpp:3968:11
#48 0x7fd00085cb26 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4057:5
#49 0x7fd00082f667 in nsColumnSetFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsColumnSetFrame.cpp:1286:5
#50 0x7fd00096fe32 in nsIFrame::BuildDisplayListForSimpleChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&) src/layout/generic/nsIFrame.cpp:3968:11
#51 0x7fd00085cb26 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4057:5
#52 0x7fd00080c6d5 in DisplayLine(nsDisplayListBuilder*, nsLineList_iterator&, bool, nsDisplayListSet const&, nsBlockFrame*, mozilla::css::TextOverflow*, unsigned int, int, int&) src/layout/generic/nsBlockFrame.cpp:6913:13
#53 0x7fd00080a9b6 in nsBlockFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsBlockFrame.cpp:7071:9
#54 0x7fd000967a92 in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) src/layout/generic/nsIFrame.cpp:3428:5
#55 0x7fd00085dc6e in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4231:12
#56 0x7fd00080c6d5 in DisplayLine(nsDisplayListBuilder*, nsLineList_iterator&, bool, nsDisplayListSet const&, nsBlockFrame*, mozilla::css::TextOverflow*, unsigned int, int, int&) src/layout/generic/nsBlockFrame.cpp:6913:13
#57 0x7fd00080a9b6 in nsBlockFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsBlockFrame.cpp:7071:9
#58 0x7fd00096fe32 in nsIFrame::BuildDisplayListForSimpleChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&) src/layout/generic/nsIFrame.cpp:3968:11
#59 0x7fd00085cb26 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4057:5
#60 0x7fd00082f667 in nsColumnSetFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsColumnSetFrame.cpp:1286:5
#61 0x7fd00096fe32 in nsIFrame::BuildDisplayListForSimpleChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&) src/layout/generic/nsIFrame.cpp:3968:11
#62 0x7fd00085cb26 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4057:5
#63 0x7fd00080c6d5 in DisplayLine(nsDisplayListBuilder*, nsLineList_iterator&, bool, nsDisplayListSet const&, nsBlockFrame*, mozilla::css::TextOverflow*, unsigned int, int, int&) src/layout/generic/nsBlockFrame.cpp:6913:13
#64 0x7fd00080a9b6 in nsBlockFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsBlockFrame.cpp:7071:9
#65 0x7fd000967a92 in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) src/layout/generic/nsIFrame.cpp:3428:5
#66 0x7fd00085dc6e in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4231:12
#67 0x7fd000822733 in nsCanvasFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsCanvasFrame.cpp:622:5
#68 0x7fd00096fe32 in nsIFrame::BuildDisplayListForSimpleChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&) src/layout/generic/nsIFrame.cpp:3968:11
#69 0x7fd00085cb26 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4057:5
#70 0x7fd0008e05a8 in mozilla::ScrollFrameHelper::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/nsGfxScrollFrame.cpp:3900:15
#71 0x7fd00096fe32 in nsIFrame::BuildDisplayListForSimpleChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&) src/layout/generic/nsIFrame.cpp:3968:11
#72 0x7fd00085cb26 in nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder*, nsIFrame*, nsDisplayListSet const&, mozilla::EnumSet<nsIFrame::DisplayChildFlag, unsigned int>) src/layout/generic/nsIFrame.cpp:4057:5
#73 0x7fd0007c80cd in mozilla::ViewportFrame::BuildDisplayList(nsDisplayListBuilder*, nsDisplayListSet const&) src/layout/generic/ViewportFrame.cpp:63:5
#74 0x7fd000967a92 in nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder*, nsDisplayList*, bool*) src/layout/generic/nsIFrame.cpp:3428:5
#75 0x7fd000706992 in nsLayoutUtils::PaintFrame(gfxContext*, nsIFrame*, nsRegion const&, unsigned int, nsDisplayListBuilderMode, nsLayoutUtils::PaintFrameFlags) src/layout/base/nsLayoutUtils.cpp:3364:17
#76 0x7fd00060fae0 in mozilla::PresShell::Paint(nsView*, nsRegion const&, mozilla::PaintFlags) src/layout/base/PresShell.cpp:6361:5
#77 0x7fcffffd0f1e in nsViewManager::ProcessPendingUpdatesPaint(nsIWidget*) src/view/nsViewManager.cpp:460:18
#78 0x7fcffffd058e in nsViewManager::ProcessPendingUpdatesForView(nsView*, bool) src/view/nsViewManager.cpp:395:22
#79 0x7fcffffd2f9c in nsViewManager::ProcessPendingUpdates() src/view/nsViewManager.cpp:1018:5
#80 0x7fd0005869a9 in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:2369:11
#81 0x7fd000593289 in TickDriver src/layout/base/nsRefreshDriver.cpp:374:13
#82 0x7fd000593289 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) src/layout/base/nsRefreshDriver.cpp:353:7
#83 0x7fd000592f01 in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:368:5
#84 0x7fd000592114 in RunRefreshDrivers src/layout/base/nsRefreshDriver.cpp:829:5
#85 0x7fd000592114 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) src/layout/base/nsRefreshDriver.cpp:747:16
#86 0x7fd00059157b in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyParentProcessVsync() src/layout/base/nsRefreshDriver.cpp:649:7
#87 0x7fd000590d60 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) src/layout/base/nsRefreshDriver.cpp:570:9
#88 0x7fd000d35738 in mozilla::layout::VsyncChild::RecvNotify(mozilla::VsyncEvent const&) src/layout/ipc/VsyncChild.cpp:55:16
#89 0x7fcff9d615a6 in mozilla::layout::PVsyncChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PVsyncChild.cpp:187:54
#90 0x7fcff9951dfb in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBackgroundChild.cpp:6249:32
#91 0x7fcff93a5aee in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2150:25
#92 0x7fcff93a1aa4 in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:2074:9
#93 0x7fcff93a38a8 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1922:3
#94 0x7fcff93a4378 in mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1953:13
#95 0x7fcff80aea49 in mozilla::RunnableTask::Run() src/xpcom/threads/TaskController.cpp:245:16
#96 0x7fcff80ab537 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:515:26
#97 0x7fcff80a93d7 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:374:15
#98 0x7fcff80a982d in mozilla::TaskController::ProcessPendingMTTask(bool) src/xpcom/threads/TaskController.cpp:171:36
#99 0x7fcff80b6311 in operator() src/xpcom/threads/TaskController.cpp:85:37
#100 0x7fcff80b6311 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_3>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:577:5
#101 0x7fcff80d5dbb in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1197:14
#102 0x7fcff80e063c in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:513:10
#103 0x7fcff93ae69f in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:87:21
#104 0x7fcff92b10c1 in RunInternal src/ipc/chromium/src/base/message_loop.cc:334:10
#105 0x7fcff92b10c1 in RunHandler src/ipc/chromium/src/base/message_loop.cc:327:3
#106 0x7fcff92b10c1 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:309:3
#107 0x7fd00007ea97 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#108 0x7fd003d99dbf in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:913:20
#109 0x7fcff92b10c1 in RunInternal src/ipc/chromium/src/base/message_loop.cc:334:10
#110 0x7fcff92b10c1 in RunHandler src/ipc/chromium/src/base/message_loop.cc:327:3
#111 0x7fcff92b10c1 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:309:3
#112 0x7fd003d9935c in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:744:34
#113 0x55a5ebd9ae2d in content_process_main(mozilla::Bootstrap*, int, char**) src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
#114 0x55a5ebd9b267 in main src/browser/app/nsBrowserApp.cpp:304:18
Flags: in-testsuite?
|
Reporter | |
Comment 1•4 years ago
|
||
A Pernosco session is available here: https://pernos.co/debug/077UXFnZUnwsSalGPY5rLA/index.html
|
||
Comment 2•4 years ago
|
||
Bugmon Analysis:
Verified bug as reproducible on mozilla-central 20201015215335-c8b4cf6696dd.
The bug appears to have been introduced in the following build range:
Start: 5be393d34bbdcbb4a45d3000a32a6eb3f3d51fef (20201007171520)
End: 4dd764090184ab677567b39dd8805742368d2f5e (20201007171734)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=5be393d34bbdcbb4a45d3000a32a6eb3f3d51fef&tochange=4dd764090184ab677567b39dd8805742368d2f5e
Whiteboard: [bugmon:bisected,confirmed]
|
||
Updated•4 years ago
|
Has Regression Range: --- → yes
|
||
Comment 3•4 years ago
|
||
I'm surprised that a change to forms.css would cause this crash. It seems to be exposing an underlying problem. Matt, as the module owner for web painting I'm hoping that you might know where to direct this to?
Flags: needinfo?(spohl.mozilla.bugs) → needinfo?(matt.woodrow)
|
||
Updated•4 years ago
|
Keywords: regression
|
|
||
Comment 4•4 years ago
|
||
Set release status flags based on info from the regressing bug 1656004
status-firefox81:
--- → unaffected
status-firefox82:
--- → unaffected
status-firefox-esr78:
--- → unaffected
|
||
Comment 5•4 years ago
|
||
This is crashing because we have a placeholder frame without an associated OOF frame. We can add a null check here easily, but the underlying problem is an invalid frame tree.
Looks like we have a pushed float OOF frame on a later line than its placeholder, and then we delete the latter lines leaving only the placeholder on the first line.
Frame tree before we delete the lines: https://paste.mozilla.org/oCK4Jq8U#L124,141
Other assertions:
[Child 22164, Main Thread] ###!!! ASSERTION: frame tree not empty, but caller reported complete status: 'aSubtreeRoot->GetPrevInFlow()', file /home/twsmith/code/mozilla-central/layout/base/nsLayoutUtils.cpp:7248
[Child 22164, Main Thread] ###!!! ASSERTION: Placeholder relationship should have been torn down already; this might mean we have a stray placeholder in the tree.: '!placeholder || nsLayoutUtils::IsProperAncestorFrame( aDestructRoot, placeholder)', file /home/twsmith/code/mozilla-central/layout/generic/nsIFrame.cpp:809
[Child 22164, Main Thread] ###!!! ASSERTION: Null out-of-flow for placeholder?: 'outOfFlow', file /home/twsmith/code/mozilla-central/layout/generic/nsPlaceholderFrame.h:186
[Child 22164, Main Thread] ###!!! ASSERTION: How did that happen?: 'outOfFlowFrame && outOfFlowFrame->IsFloating()', file /home/twsmith/code/mozilla-central/layout/base/nsLayoutUtils.cpp:968
Emilio, any idea what's supposed to happen in this case?
Flags: needinfo?(matt.woodrow) → needinfo?(emilio)
|
||
Comment 6•4 years ago
|
||
This is similar to other fragmentation crashes like bug 1671527 which delete the placeholder but not the out of flow. That's not supposed to happen.
|
||
Updated•4 years ago
|
Severity: -- → S2
|
||
Updated•4 years ago
|
Crash Signature: [@ nsIFrame::BuildDisplayListForChild]
|
|
||
Updated•4 years ago
|
|
||
Updated•3 years ago
|
|
||
Comment 7•3 years ago
|
||
Bugmon Analysis
The bug appears to have been fixed in the following build range:
Start: a812a52adea843ccf7986746c78923262b07d37d (20201207222159)
End: f4b357295aa3b4c3f143bcfb52f719f966724a69 (20201207223432)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=a812a52adea843ccf7986746c78923262b07d37d&tochange=f4b357295aa3b4c3f143bcfb52f719f966724a69
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
Keywords: bugmon
|
||
Comment 8•2 years ago
|
||
(In reply to Emilio Cobos Álvarez (:emilio) from comment #6)
This is similar to other fragmentation crashes like bug 1671527 which delete the placeholder but not the out of flow. That's not supposed to happen.
Comment 7 indicates that bug 1663232 fixed this (which was indeed about the same category of thing, per bug 1663232 comment 2 "This means that we've removed a placeholder from the frame tree without removing its corresponding out-of-flow frame").
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → DUPLICATE
|
|
||
Updated•2 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•