Closed
Bug 656646
Opened 14 years ago
Closed 14 years ago
Firefox Crash [@ nsCSSFrameConstructor::MaybeRecreateContainerForFrameRemoval ]
Categories
(Core :: Layout, defect)
Tracking
()
RESOLVED
FIXED
mozilla10
People
(Reporter: marcia, Assigned: ehsan.akhgari)
References
()
Details
(Keywords: crash, reproducible)
Crash Data
Seen while reviewing crash stats. Affects Mac and Linux only. Able to repro with the URL in URL field. Crashes started showing up in crash stats using 2011050700 build.
Possible Pushlog regression range: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=88fdbd974f82&tochange=62941612320d
https://crash-stats.mozilla.com/report/index/f2542041-05b8-4f68-9efd-06a912110512
Frame Module Signature [Expand] Source
0 XUL nsCSSFrameConstructor::MaybeRecreateContainerForFrameRemoval layout/generic/nsIFrame.h:796
1 XUL nsCSSFrameConstructor::ContentRemoved layout/base/nsCSSFrameConstructor.cpp:7420
2 XUL PresShell::ContentRemoved layout/base/nsPresShell.cpp:5115
3 XUL nsNodeUtils::ContentRemoved content/base/src/nsNodeUtils.cpp:196
4 XUL nsINode::doRemoveChildAt content/base/src/nsGenericElement.cpp:3702
5 XUL nsGenericElement::RemoveChildAt content/base/src/nsGenericElement.cpp:3672
6 XUL nsIDOMNode_RemoveChild obj-firefox/x86_64/js/src/xpconnect/src/dom_quickstubs.cpp:6584
7 XUL js::Interpret js/src/jscntxtinlines.h:277
8 XUL js::RunScript js/src/jsinterp.cpp:603
9 XUL js::Invoke js/src/jsinterp.cpp:684
10 XUL js_fun_apply js/src/jsfun.cpp:2203
11 XUL js::Interpret js/src/jscntxtinlines.h:277
12 XUL js::mjit::stubs::UncachedCallHelper js/src/methodjit/InvokeHelpers.cpp:381
13 XUL CallCompiler::update js/src/methodjit/MonoIC.cpp:958
14 XUL js::mjit::ic::Call js/src/methodjit/MonoIC.cpp:1012
15 @0x1112415b7
16 XUL js::mjit::EnterMethodJIT js/src/methodjit/MethodJIT.cpp:685
17 XUL array_extra js/src/jsinterpinlines.h:146
18 @0x11124e2cd
19 XUL js::mjit::EnterMethodJIT js/src/methodjit/MethodJIT.cpp:685
20 XUL js::mjit::JaegerShot js/src/methodjit/MethodJIT.cpp:715
21 XUL js::Interpret js/src/jsinterp.cpp:4647
22 XUL js::RunScript js/src/jsinterp.cpp:603
23 XUL js::Invoke js/src/jsinterp.cpp:684
24 XUL js_fun_apply js/src/jsfun.cpp:2203
25 XUL js::Interpret js/src/jscntxtinlines.h:277
26 XUL js::RunScript js/src/jsinterp.cpp:603
27 XUL js::Invoke js/src/jsinterp.cpp:684
28 XUL js::ExternalInvoke js/src/jsinterp.cpp:806
29 XUL JS_CallFunctionValue js/src/jsapi.cpp:5087
30 XUL nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:1903
31 XUL nsJSEventListener::HandleEvent dom/src/events/nsJSEventListener.cpp:224
32 XUL nsEventListenerManager::HandleEventSubType content/events/src/nsEventListenerManager.cpp:1141
33 XUL nsEventListenerManager::HandleEventInternal content/events/src/nsEventListenerManager.cpp:1236
34 XUL nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventListenerManager.h:146
35 XUL nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:648
36 XUL nsGlobalWindow::PostHandleEvent dom/base/nsGlobalWindow.cpp:2722
37 XUL nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:289
38 XUL nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:398
39 XUL nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:648
40 XUL DocumentViewerImpl::LoadComplete layout/base/nsDocumentViewer.cpp:1030
41 XUL nsDocShell::EndPageLoad docshell/base/nsDocShell.cpp:6057
42 XUL nsDocShell::OnStateChange docshell/base/nsDocShell.cpp:5917
43 XUL nsDocLoader::FireOnStateChange uriloader/base/nsDocLoader.cpp:1339
44 XUL nsDocLoader::DocLoaderIsEmpty uriloader/base/nsDocLoader.cpp:947
45 XUL nsDocLoader::OnStopRequest uriloader/base/nsDocLoader.cpp:707
46 XUL nsLoadGroup::RemoveRequest netwerk/base/src/nsLoadGroup.cpp:680
47 XUL nsDocument::DoUnblockOnload content/base/src/nsDocument.cpp:7341
48 XUL nsLoadBlockingPLDOMEvent::~nsLoadBlockingPLDOMEvent content/events/src/nsPLDOMEvent.cpp:101
49 XUL nsRunnable::Release obj-firefox/x86_64/xpcom/build/nsThreadUtils.cpp:55
50 XUL nsThread::ProcessNextEvent
51 XUL NS_ProcessPendingEvents_P obj-firefox/x86_64/xpcom/build/nsThreadUtils.cpp:200
52 XUL nsBaseAppShell::NativeEventCallback widget/src/xpwidgets/nsBaseAppShell.cpp:130
53 XUL nsAppShell::ProcessGeckoEvents widget/src/cocoa/nsAppShell.mm:422
54 CoreFoundation CoreFoundation@0x49b4c
55 CoreFoundation CoreFoundation@0x49508
56 CarbonCore CarbonCore@0x51ac
57 libsystem_c.dylib libsystem_c.dylib@0xa17c8
58 XUL nsTArray_base<nsTArrayDefaultAllocator>::ShrinkCapacity nsTArray.h:92
59 @0x7fff5fbfccdb
60 XUL nsBlockFrame::Reflow c.h:253
61 @0x120b2de6f
62 CoreFoundation CoreFoundation@0x122fe5
63 CoreFoundation CoreFoundation@0x1193ad
64 libobjc.A.dylib libobjc.A.dylib@0x22d57
65 libobjc.A.dylib libobjc.A.dylib@0x21eda
66 libsystem_c.dylib libsystem_c.dylib@0x6809f
67 libsystem_c.dylib libsystem_c.dylib@0xa17c8
68 CoreFoundation CoreFoundation@0x49a43
69 libsystem_c.dylib libsystem_c.dylib@0xa17c8
70 XUL nsContainerFrame::FinishReflowChild layout/generic/nsContainerFrame.cpp:1072
|
Reporter | |
Comment 1•14 years ago
|
||
Bug 526853 was on file a while back and contains a similar stack. There are Windows crashes in [@nsCSSFrameConstructor::MaybeRecreateContainerForFrameRemoval(nsIFrame*, unsigned int*) ] across 3.6.x, 4.0.x and trunk. http://tinyurl.com/3rhmvfj links to those crashes in the last week.
Summary: Firefox 6.0a1 Crash Report [@ nsCSSFrameConstructor::MaybeRecreateContainerForFrameRemoval ] → Firefox Crash [@ nsCSSFrameConstructor::MaybeRecreateContainerForFrameRemoval ]
|
||
Comment 2•14 years ago
|
||
I think this is the same initial situation as bug 656130 but more stuff happens after it and that leads to a crash. We should test with the patch from that bug.
|
||
Comment 3•14 years ago
|
||
(In reply to comment #2)
> I think this is the same initial situation as bug 656130 but more stuff
> happens after it and that leads to a crash. We should test with the patch
> from that bug.
I tried the patch of bug 656130 but the problem cannot be solved.
|
Assignee | |
Comment 4•14 years ago
|
||
(In reply to comment #3)
> (In reply to comment #2)
> > I think this is the same initial situation as bug 656130 but more stuff
> > happens after it and that leads to a crash. We should test with the patch
> > from that bug.
>
> I tried the patch of bug 656130 but the problem cannot be solved.
I don't get the crash in my current builds. Can you please try these patches, in this order:
attachment 531218 [details] [diff] [review]
attachment 532749 [details] [diff] [review]
attachment 532973 [details] [diff] [review]
|
|
||
Comment 5•14 years ago
|
||
Ehsan, did you get the crash in a build without those patches?
|
|
Assignee | |
Comment 6•14 years ago
|
||
(In reply to comment #5)
> Ehsan, did you get the crash in a build without those patches?
Yes.
|
||
Comment 7•14 years ago
|
||
|
||
Comment 8•14 years ago
|
||
Confirmed that Nightly on Windows 7 is crashing too on the same URL:
bp-ae23419c-a265-449a-b582-15de12110521
OS: Mac OS X → All
|
|
||
Comment 9•14 years ago
|
||
Regression window:
Works:
http://hg.mozilla.org/mozilla-central/rev/8d0ca70728ff
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0a1) Gecko/20110505 Firefox/6.0a1 ID:20110506095431
Crashes:
http://hg.mozilla.org/mozilla-central/rev/14fe8a6cfd45
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0a1) Gecko/20110505 Firefox/6.0a1 ID:20110506112151
Pushlog:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=8d0ca70728ff&tochange=14fe8a6cfd45
|
|
||
Comment 10•14 years ago
|
||
confirmed crash since BuildID 20110506112151
Crash [@ xul.dll@0xcd924 ] bp-5bbdf21f-4a9d-40f6-929f-41fad2110521
[@ xul.dll@0x13aed4 ] bp-1c991cfa-f1d4-4449-ba6a-8e6132110521
[@ xul.dll@0x12fcd4 ] bp-4dab4cbc-1d9a-4ac3-93a6-f87172110521
[@ xul.dll@0x1420f4 ] bp-68a096af-be00-487a-80ee-e60192110521
|
|
||
Comment 11•14 years ago
|
||
(In reply to comment #4)
> (In reply to comment #3)
> > (In reply to comment #2)
> > > I think this is the same initial situation as bug 656130 but more stuff
> > > happens after it and that leads to a crash. We should test with the patch
> > > from that bug.
> >
> > I tried the patch of bug 656130 but the problem cannot be solved.
>
> I don't get the crash in my current builds. Can you please try these
> patches, in this order:
>
> attachment 531218 [details] [diff] [review] [review]
> attachment 532749 [details] [diff] [review] [review]
> attachment 532973 [details] [diff] [review] [review]
FYI,
In local build(Windows 7),
build from 9c8537aa965a + above 3 attachments : _no_ crash
build from 9c8537aa965a : crash
|
|
||
Comment 12•14 years ago
|
||
(In reply to comment #7)
> Affects on Windows 7 too.
> http://www.webupd8.org/2009/12/true-transparency-for-gnome-panel.html
>
> bp-7f48ec32-1c35-44c9-bbb4-694c32110521
> bp-24a9baa0-ece5-4008-a69d-748bb2110521
> bp-c4f1c824-2c8d-4ac7-9b6c-4ca9b2110521
I tried above patches with Linux build.
Firefox doesn't crash.
|
|
||
Comment 13•14 years ago
|
||
same as comment 9
UA: Mozilla/5.0 (X11; Linux i686; rv:6.0a1) Gecko/20110506 Firefox/6.0a1
Build ID: 20110506112151
http://hg.mozilla.org/mozilla-central/rev/14fe8a6cfd45
Crash bp-51bf6749-97aa-4cad-a520-e44042110522
Latest Build
UA: Mozilla/5.0 (X11; Linux i686; rv:6.0a1) Gecko/20110522 Firefox/6.0a1
Build ID: 20110522012505
http://hg.mozilla.org/mozilla-central/rev/107bbdaf84c0
Crash bp-266eaa30-395f-4b6f-9bb5-90ad72110522
|
||
Comment 15•14 years ago
|
||
see also bug 660451
|
||
Updated•14 years ago
|
Crash Signature: [@ nsCSSFrameConstructor::MaybeRecreateContainerForFrameRemoval ]
|
|
Assignee | |
Comment 16•14 years ago
|
||
This should be fixed by bug 656130.
Assignee: nobody → ehsan
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla10
You need to log in
before you can comment on or make changes to this bug.
Description
•