This bug was filed from the Socorro interface and is report bp-2a898450-ac50-4b21-8849-69e640170921. ============================================================= STR: 1. Go to a Google Slides 2. Hit the little arrow besides the [Present] button on the top right. 3. Hit [Presenter view] Expected: 1. Two popups opened and they work. Actual: 1. Two popups opened and they all crash.

For some reasons it only happens on my MBP ... how do I debug further?

I was able to reproduce this issue too. All the tabs related to the presentation crash. Tested with: Browser / Version: Firefox Mobile Nightly 57.0a1 (2017-09-20) Operating System: Windows 10 Pro

There are 48 crashes in nightly 57 starting with buildid 20170919220202. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1400599. :bz, could you investigate please ? [1] https://hg.mozilla.org/mozilla-central/rev?node=13f651129c38f79e0b7efa67892dcb296e41fe1a

(In reply to Tim Guan-tin Chien [:timdream] (please needinfo) from comment #1) > For some reasons it only happens on my MBP ... how do I debug further? You are not alone.. I hit this crash quite often in these two days.

The testcase is: <style> html { display: table; } body { overflow: scroll; } </style> <script> onload = function() { document.body.style.display = 'inline'; } </script> What happens is that we go to reframe the <body>. That calls ContentRemoved on the body, which calls MaybeRecreateContainerForFrameRemoval. That detects that the body has a table pseudo parent and goes to recreate the <html>. That computes the "new" scrollbar override element, which is just the <body> (because it's not gone from the DOM or anything). Since the thing being removed is not the <body> itself, we RecreateFramesForContent(newOverrideElement) and now we're doing infinite recursion and eventually we run out of stack. Fix coming up. This is definitely a regression from bug 1400599.

MozReview-Commit-ID: EJiO8Nq5Frb

Calixte, thanks for pinning down the problem!

Comment on attachment 8911385 [details] [diff] [review] Make sure to not end up with infinite recursion when reframing a <body> that has a table pseudo parent coming from the root <html> Approval Request Comment [Feature/Bug causing the regression]: Bug 1400599 [User impact if declined]: Crashes on trying to present Google slides. [Is this code covered by automated tests?]: Yes. [Has the fix been verified in Nightly?]: Locally, yes... [Needs manual test from QE? If yes, steps to reproduce]: Probably not, but the steps are in comment 0 anyway. [List of other uplifts needed for the feature/fix]: None. [Is the change risky?]: No. [Why is the change risky/not risky?]: I think at this point we've caught all the edge cases in this stuff... [String changes made/needed]: None.

Comment on attachment 8911385 [details] [diff] [review] Make sure to not end up with infinite recursion when reframing a <body> that has a table pseudo parent coming from the root <html> Review of attachment 8911385 [details] [diff] [review]: ----------------------------------------------------------------- r=me

Pushed by bzbarsky@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/d26a0adf4c2e Make sure to not end up with infinite recursion when reframing a <body> that has a table pseudo parent coming from the root <html>. r=dholbert

Comment on attachment 8911385 [details] [diff] [review] Make sure to not end up with infinite recursion when reframing a <body> that has a table pseudo parent coming from the root <html> Fix a crash, taking it. Should be in 57b3