[FEISTY] firefox crashed [@nsHTMLContainerFrame::CreateViewForFrame] [@nsCSSFrameConstructor::BeginBuildingScrollFrame]

Binary package hint: firefox

Guaranteed crash when surfing to www.kombirom.nl/online. If Firefox doesn't crash immediately, it will after a few refreshes of the page. It occurs with all versions of Firefox (1.5-2.x) and occurs on Windows as well as Linux. The page that crashes is build up with frames, XSLT and JavaScript.

ProblemType: Crash
Architecture: i386
Date: Thu Apr 26 08:29:08 2007
DistroRelease: Ubuntu 7.04
ExecutablePath: /usr/lib/firefox/firefox-bin
Package: firefox 2.0.0.3+1-0ubuntu2
PackageArchitecture: i386
ProcCmdline: /usr/lib/firefox/firefox-bin
ProcCwd: /home/ubuntu
ProcEnviron:
 SHELL=/bin/bash
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=en_US.UTF-8
Signal: 11
SourcePackage: firefox
StacktraceTop:
 __kernel_vsyscall ()
 raise () from /lib/tls/i686/cmov/libpthread.so.0
 ?? ()
 ?? ()
 ?? ()
Uname: Linux ubuntu 2.6.20-15-generic #2 SMP Sun Apr 15 07:36:31 UTC 2007 i686 GNU/Linux
UserGroups: adm admin audio cdrom dialout dip floppy lpadmin netdev plugdev powerdev scanner video

I've just browsed to the page and everything is fine.

Could you give me a list of extensions that you have? These may be causing the problem.

Retrace done (note for future retaces on this report «if any»: 'ln -s / rofs' as is not the usual file hierarchy).

Extract from retraced stacktrace:
...
#3 <signal handler called>
#4 nsHTMLContainerFrame::CreateViewForFrame (aFrame=0xafb44c08,
#5 nsCSSFrameConstructor::BeginBuildingScrollFrame (
#6 nsCSSFrameConstructor::ConstructRootFrame (this=0xb0fe0470,
#7 PresShell::InitialReflow (this=0xafb12db8, aWidth=18945,
#8 nsContentSink::StartLayout (this=0xafb596a0, aIsFrameset=0)
#9 nsXMLContentSink::StartLayout (this=0xafb596a0)
#10 nsXMLContentSink::OnTransformDone (this=0xafb596a0,
#11 txTransformNotifier::SignalTransformEnd (this=0xb0fca370,
#12 txTransformNotifier::ScriptEvaluated (this=0xb0fca370,
...

Tagging as mt-confirm for further processing

Retraced Thread Stacktrace

This is the crash log of firefox-dbg

And another...

Is this bug reproduceable at all? Is so, can you please tell us the steps you took to reproduce it?

When you go to www.kombirom.nl/online you will be redirected to via a 2-step
process to:

http://www.kombirom.nl/online/get.asp?DBNAME=kombi&DBTYPE=txtifil&QRY=(1=home)&DBVERSION=200707&APPVERSION=200707&MACRO_SKIN=_20041001SKIN&DBNUM=51&TYPE=FRAMES

Next month it will be:

http://www.kombirom.nl/online/get.asp?DBNAME=kombi&DBTYPE=txtifil&QRY=(1=home)&DBVERSION=200708&APPVERSION=200708&MACRO_SKIN=_20041001SKIN&DBNUM=51&TYPE=FRAMES

and so on.

Most of the times, Firefox crashes right at this point. Sometimes you will
need to refresh this page a couple of times to let Firefox crash. It happens
with all Gecko browsers on all OS's on multiple computers at different
geographical locations (I tried Dapper, Feisty and XP). Among our customers,
all Firefox-users experience this problem. Most of them use IE :-(

I tried myself to debug Firefox under Feisty, but I get unresolved externals
when compiling a debug build. Do you know where to get a ready-to-use debug
build with source code? I couldn't find one with Google.

On 6/28/07, Freddy Martinez <email address hidden> wrote:
>
> Is this bug reproduceable at all? Is so, can you please tell us the
> steps you took to reproduce it?
>
> --
> [FEISTY] firefox crashed [@nsHTMLContainerFrame::CreateViewForFrame]
> [@nsCSSFrameConstructor::BeginBuildingScrollFrame]
> https://bugs.launchpad.net/bugs/110212
> You received this bug notification because you are a direct subscriber
> of the bug.
>

I can reproduce the crash with a firefox debug build (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5pre) Gecko/20070607 BonEcho/2.0.0.5preMozilla/5.0)

I'll attach the session log and the gdb log of the crash for latter study

Extract form the retraced stack trace with debug symbols.

...
#0 __kernel_vsyscall ()
#1 ?? () from /lib/tls/i686/cmov/libc.so.6
#2 sleep () from /lib/tls/i686/cmov/libc.so.6
#3 ah_crap_handler (signum=11) at nsSigHandlers.cpp:133
#4 nsProfileLock::FatalSignalHandler (signo=11) at nsProfileLock.cpp:210
#5 <signal handler called>
#6 nsIView::GetViewManager (this=0x0) at ../../../dist/include/view/nsIView.h:142
#7 nsHTMLContainerFrame::CreateViewForFrame (aFrame=0xb0584524, aContentParentFrame=0x0, aForce=0)
#8 nsCSSFrameConstructor::BeginBuildingScrollFrame (this=0xb071c438, aState=@0xbf8f7838,
#9 nsCSSFrameConstructor::ConstructRootFrame (this=0xb071c438, aDocElement=0xb0527c98,
#10 PresShell::InitialReflow (this=0xb0583648, aWidth=18795, aHeight=7170) at nsPresShell.cpp:2862
#11 nsContentSink::StartLayout (this=0xb03040f8, aIsFrameset=0) at nsContentSink.cpp:921
#12 nsXMLContentSink::StartLayout (this=0xb03040f8) at nsXMLContentSink.cpp:875
#13 nsXMLContentSink::OnTransformDone (this=0xb03040f8, aResult=0, aResultDocument=0xb032aba4)
#14 txTransformNotifier::SignalTransformEnd (this=0xb070c3f8, aResult=0) at txMozillaXMLOutput.cpp:955
#15 txTransformNotifier::ScriptEvaluated (this=0xb070c3f8, aResult=0, aElement=0xb0202e94, aIsInline=0,
#16 nsScriptLoader::FireScriptEvaluated (this=0xb05c3038, aResult=0, aRequest=0xb03fc098)
#17 nsScriptLoader::ProcessRequest (this=0xb05c3038, aRequest=0xb03fc098) at nsScriptLoader.cpp:712
#18 nsScriptLoader::ProcessPendingReqests (this=0xb05c3038) at nsScriptLoader.cpp:861
#19 nsScriptLoader::OnStreamComplete (this=0xb05c3038, aLoader=0xb036a6f8, aContext=0xb24dffe8, aStatus=0,
#20 nsStreamLoader::OnStopRequest (this=0xb036a6f8, request=0xb0308718, ctxt=0xb24dffe8, aStatus=0)
#21 nsStreamListenerTee::OnStopRequest (this=0xb03be590, request=0xb0308718, context=0xb24dffe8, status=0)
...

This needs to be tested on IE if anyone has it. Testing with konqueror and it crashes testing with links2 and it doesnt crash but it gives you errors i will attach screenshots. (links2 also askes if you would like to kill this script when it redirects you)

On IE it works without problems. Konqueror and Opera don't work properly (as
far as I know), because our site is optimized for IE and Gecko.

On 6/29/07, John Vivirito <email address hidden> wrote:
>
> This needs to be tested on IE if anyone has it. Testing with konqueror
> and it crashes testing with links2 and it doesnt crash but it gives you
> errors i will attach screenshots. (links2 also askes if you would like
> to kill this script when it redirects you)
>
>
> ** Attachment added: "Links2~2.png"
> http://launchpadlibrarian.net/8252813/Links2%7E2.png
>
> --
> [FEISTY] firefox crashed [@nsHTMLContainerFrame::CreateViewForFrame]
> [@nsCSSFrameConstructor::BeginBuildingScrollFrame]
> https://bugs.launchpad.net/bugs/110212
> You received this bug notification because you are a direct subscriber
> of the bug.
>

Firefox trunk build crashes too.

Stripped stacktrace with debug symbols:
...
#5 <signal handler called>
#6 nsIView::GetViewManager (this=0x0) at ../../dist/include/view/nsIVie...
#7 nsHTMLContainerFrame::CreateViewForFrame (aFrame=0xb0fc82c0, aConten...
#8 nsCSSFrameConstructor::BeginBuildingScrollFrame (this=0xb0f46070, aS...
#9 nsCSSFrameConstructor::ConstructRootFrame (this=0xb0f46070, aDocElem...
#10 PresShell::InitialReflow (this=0xb0fcade0, aWidth=58620, aHeight=918...
#11 nsContentSink::StartLayout (this=0xb0f09800, aIgnorePendingSheets=0)...
#12 nsXMLContentSink::OnTransformDone (this=0xb0f09800, aResult=0, aResu...
#13 txTransformNotifier::SignalTransformEnd (this=0xb0facd58, aResult=0)...
#14 txTransformNotifier::ScriptEvaluated (this=0xb0facd58, aResult=0, aE...
...

ffox 2 won't receive fixes for non top crashers. ffox 3 appears to be fixed.