There's a new crash in Firefox 3.6b3 with the signature "nsFrameManager::ReResolveStyleContext(nsPresContext*, nsIFrame*, nsIContent*, nsStyleChangeList*, nsChangeHint, int)" that hasn't been seen in any of the versions 3\.5.*. So far we've seen 33+ of these crashes in the wild. Please see http://crash-stats.mozilla.com/query/query?product=Firefox&version=Firefox%3A3.6b3&range_value=1&range_unit=weeks&query_search=signature&query_type=exact&query=nsFrameManager%3A%3AReResolveStyleContext%28nsPresContext%2A%2C%20nsIFrame%2A%2C%20nsIContent%2A%2C%20nsStyleChangeList%2A%2C%20nsChangeHint%2C%20int%29&do_query=1 for more crash info.

I think this is windows only.

second frame on the stack has a source file that changed during 3.6 development http://crash-stats.mozilla.com/report/index/a9803b87-b42e-4bae-b765-5d7e32091124 http://hg.mozilla.org/releases/mozilla-1.9.2/annotate/35bb84e06502/layout/base/nsFrameManager.cpp#l1495

Some of these crashes also show up as frame poisoned crashes 187. 1 0xfffffffff0dea800 Windows NT nsFrameManager::ReResolveStyleContext(nsPresContext*, nsIFrame*, nsIContent*, nsStyleChangeList*, nsChangeHint, int) sort this query by address http://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=exact&query=&date=&range_value=1&range_unit=weeks&do_query=1&signature=nsFrameManager::ReResolveStyleContext%28nsPresContext*,%20nsIFrame*,%20nsIContent*,%20nsStyleChangeList*,%20nsChangeHint,%20int%29

Assuming a11y poisons the frame but why does child->GetStateBits() crash instead of aFrame->GetFirstChild()? Robert, do you have any ideas?

I don't know. A minidump would help.

The only thing that's new in 3.6 about this crash is the extra ", int" at the end of the parameter list. Crashes in this function were in 3.5.* and 3.0.*. I don't see much reason to think this is related to the accessibility changes that were made in that function.

Topcrash #200 for Firefox 3.5.7. Topcrash #151 for Firefox 3.6.

It only happens in 3.6 over the last four weeks. I close it as WFM.