Assertion failure: cmp != 0 (same content, different frames), at src/layout/base/nsGenConList.cpp:100

#0 0x7f89b97b98cb in nsGenConList::NodeAfter(nsGenConNode const*, nsGenConNode const*) src/layout/base/nsGenConList.cpp:100:3
#1 0x7f89b97b9a93 in nsGenConList::Insert(nsGenConNode*) src/layout/base/nsGenConList.cpp:106:26
#2 0x7f89b97a81a9 in Insert src/layout/base/nsCounterManager.h:175:19
#3 0x7f89b97a81a9 in nsCounterUseNode::InitTextFrame(nsGenConList*, nsIFrame*, nsIFrame*) src/layout/base/nsCounterManager.cpp:30:16
#4 0x7f89b97916c3 in nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem&, nsFrameConstructorState&, nsContainerFrame*, nsFrameList&) src/layout/base/nsCSSFrameConstructor.cpp:3788:15
#5 0x7f89b97956fd in nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItemList::Iterator&, nsContainerFrame*, nsFrameList&) src/layout/base/nsCSSFrameConstructor.cpp:5556:3
#6 0x7f89b9786e3f in nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItemList&, nsContainerFrame*, bool, nsFrameList&) src/layout/base/nsCSSFrameConstructor.cpp:9358:5
#7 0x7f89b9787c9b in nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState&, nsIContent*, mozilla::ComputedStyle*, nsContainerFrame*, bool, nsFrameList&, bool, nsIFrame*) src/layout/base/nsCSSFrameConstructor.cpp:9523:3
#8 0x7f89b978b76e in nsCSSFrameConstructor::ConstructBlock(nsFrameConstructorState&, nsIContent*, nsContainerFrame*, nsContainerFrame*, mozilla::ComputedStyle*, nsContainerFrame**, nsFrameList&, nsIFrame*) src/layout/base/nsCSSFrameConstructor.cpp:10403:3
#9 0x7f89b9791ae3 in ConstructNonScrollableBlockWithConstructor src/layout/base/nsCSSFrameConstructor.cpp:4507:3
#10 0x7f89b9791ae3 in nsCSSFrameConstructor::ConstructNonScrollableBlock(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItem&, nsContainerFrame*, nsStyleDisplay const*, nsFrameList&) src/layout/base/nsCSSFrameConstructor.cpp:4478:10
#11 0x7f89b9790875 in nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem&, nsFrameConstructorState&, nsContainerFrame*, nsFrameList&) src/layout/base/nsCSSFrameConstructor.cpp:3567:16
#12 0x7f89b97956fd in nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItemList::Iterator&, nsContainerFrame*, nsFrameList&) src/layout/base/nsCSSFrameConstructor.cpp:5556:3
#13 0x7f89b9786e3f in nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItemList&, nsContainerFrame*, bool, nsFrameList&) src/layout/base/nsCSSFrameConstructor.cpp:9358:5
#14 0x7f89b9787c9b in nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState&, nsIContent*, mozilla::ComputedStyle*, nsContainerFrame*, bool, nsFrameList&, bool, nsIFrame*) src/layout/base/nsCSSFrameConstructor.cpp:9523:3
#15 0x7f89b978b76e in nsCSSFrameConstructor::ConstructBlock(nsFrameConstructorState&, nsIContent*, nsContainerFrame*, nsContainerFrame*, mozilla::ComputedStyle*, nsContainerFrame**, nsFrameList&, nsIFrame*) src/layout/base/nsCSSFrameConstructor.cpp:10403:3
#16 0x7f89b978f967 in ConstructNonScrollableBlockWithConstructor src/layout/base/nsCSSFrameConstructor.cpp:4507:3
#17 0x7f89b978f967 in nsCSSFrameConstructor::ConstructDetailsFrame(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItem&, nsContainerFrame*, nsStyleDisplay const*, nsFrameList&) src/layout/base/nsCSSFrameConstructor.cpp:3093:12
#18 0x7f89b9790875 in nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem&, nsFrameConstructorState&, nsContainerFrame*, nsFrameList&) src/layout/base/nsCSSFrameConstructor.cpp:3567:16
#19 0x7f89b97956fd in nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItemList::Iterator&, nsContainerFrame*, nsFrameList&) src/layout/base/nsCSSFrameConstructor.cpp:5556:3
#20 0x7f89b9786e3f in nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState&, nsCSSFrameConstructor::FrameConstructionItemList&, nsContainerFrame*, bool, nsFrameList&) src/layout/base/nsCSSFrameConstructor.cpp:9358:5
#21 0x7f89b97a0f58 in nsCSSFrameConstructor::ReplicateFixedFrames(nsPageContentFrame*) src/layout/base/nsCSSFrameConstructor.cpp:8043:7
#22 0x7f89b995a57b in nsPageContentFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsPageContentFrame.cpp:39:56
#23 0x7f89b986a3f8 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:1118:14
#24 0x7f89b995bd2c in nsPageFrame::ReflowPageContent(nsPresContext*, mozilla::ReflowInput const&) src/layout/generic/nsPageFrame.cpp:149:3
#25 0x7f89b995bfc0 in nsPageFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsPageFrame.cpp:176:13
#26 0x7f89b9869fa0 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, mozilla::WritingMode const&, mozilla::LogicalPoint const&, nsSize const&, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:1078:14
#27 0x7f89b9809d0d in mozilla::PrintedSheetFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/PrintedSheetFrame.cpp:206:5
#28 0x7f89b986a3f8 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:1118:14
#29 0x7f89b99606ec in nsPageSequenceFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/nsPageSequenceFrame.cpp:354:5
#30 0x7f89b986a3f8 in nsContainerFrame::ReflowChild(nsIFrame*, nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, int, int, nsIFrame::ReflowChildFlags, nsReflowStatus&, nsOverflowContinuationTracker*) src/layout/generic/nsContainerFrame.cpp:1118:14
#31 0x7f89b9829557 in mozilla::ViewportFrame::Reflow(nsPresContext*, mozilla::ReflowOutput&, mozilla::ReflowInput const&, nsReflowStatus&) src/layout/generic/ViewportFrame.cpp:372:7
#32 0x7f89b97356e0 in mozilla::PresShell::DoReflow(nsIFrame*, bool, mozilla::OverflowChangedTracker*) src/layout/base/PresShell.cpp:9617:11
#33 0x7f89b973f40e in mozilla::PresShell::ProcessReflowCommands(bool) src/layout/base/PresShell.cpp:9790:24
#34 0x7f89b973e919 in mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush) src/layout/base/PresShell.cpp:4256:11
#35 0x7f89b9bc2f07 in nsPrintJob::ReflowPrintObject(mozilla::UniquePtr<nsPrintObject, mozilla::DefaultDelete<nsPrintObject> > const&) src/layout/printing/nsPrintJob.cpp:1867:14
#36 0x7f89b9bc249d in nsPrintJob::ReflowDocList(mozilla::UniquePtr<nsPrintObject, mozilla::DefaultDelete<nsPrintObject> > const&, bool) src/layout/printing/nsPrintJob.cpp:1448:3
#37 0x7f89b9bbec3a in nsPrintJob::InitPrintDocConstruction(bool) src/layout/printing/nsPrintJob.cpp:1488:5
#38 0x7f89b9bc5e35 in nsPrintJob::Observe(nsISupports*, char const*, char16_t const*) src/layout/printing/nsPrintJob.cpp:2688:17
#39 0x7f89bac72258 in mozilla::embedding::PrintProgressDialogChild::RecvDialogOpened() src/toolkit/components/printingui/ipc/PrintProgressDialogChild.cpp:37:18
#40 0x7f89b5ab674b in mozilla::embedding::PPrintProgressDialogChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PPrintProgressDialogChild.cpp:234:28
#41 0x7f89b57f406c in mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PContentChild.cpp:8702:32
#42 0x7f89b5669b1e in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) src/ipc/glue/MessageChannel.cpp:2157:25
#43 0x7f89b56660dd in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) src/ipc/glue/MessageChannel.cpp:2081:9
#44 0x7f89b5667586 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) src/ipc/glue/MessageChannel.cpp:1929:3
#45 0x7f89b56682cb in mozilla::ipc::MessageChannel::MessageTask::Run() src/ipc/glue/MessageChannel.cpp:1960:13
#46 0x7f89b4d2d58f in mozilla::RunnableTask::Run() src/xpcom/threads/TaskController.cpp:472:16
#47 0x7f89b4d2bb00 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:760:26
#48 0x7f89b4d2a8c4 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) src/xpcom/threads/TaskController.cpp:611:15
#49 0x7f89b4d2aa77 in mozilla::TaskController::ProcessPendingMTTask(bool) src/xpcom/threads/TaskController.cpp:395:36
#50 0x7f89b4d31419 in operator() src/xpcom/threads/TaskController.cpp:136:37
#51 0x7f89b4d31419 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_4>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:534:5
#52 0x7f89b4d42897 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1158:16
#53 0x7f89b4d492aa in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:548:10
#54 0x7f89b566f3b4 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:109:5
#55 0x7f89b55da853 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:335:10
#56 0x7f89b55da76d in RunHandler src/ipc/chromium/src/base/message_loop.cc:328:3
#57 0x7f89b55da76d in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:310:3
#58 0x7f89b9457328 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#59 0x7f89bacaee83 in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:902:20
#60 0x7f89b56702ec in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:237:9
#61 0x7f89b55da853 in MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:335:10
#62 0x7f89b55da76d in RunHandler src/ipc/chromium/src/base/message_loop.cc:328:3
#63 0x7f89b55da76d in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:310:3
#64 0x7f89bacaea58 in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:733:34
#65 0x55b6afdf8fa6 in content_process_main src/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
#66 0x55b6afdf8fa6 in main src/browser/app/nsBrowserApp.cpp:309:18
#67 0x7f89c9e3a0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16

A Pernosco session is available here: https://pernos.co/debug/iFh3PVbIb-5H6VsWOOK-yA/index.html

Bugmon Analysis:
Verified bug as reproducible on mozilla-central 20210309161138-5f0f6477c734.
Failed to bisect testcase (Testcase reproduces on start build!):

Start: 884162af76f5225bbf4efe486959d2fa9757bc56 (20200311041149)
End: b332567cbbcaa6e2b70bfe5449410e9cfb8b838f (20210309094921)
BuildFlags: BuildFlags(asan=False, tsan=False, debug=True, fuzzing=False, coverage=False, valgrind=False)

Right, so when we replicate the frame for <details style="position: fixed"> in Print mode we'll get two ::markers for the same originating element. I think the counter node/list code probably doesn't crash in Opt builds due to this but it could be a problem for other code, e.g. we store the ::marker pseudo on a property on the originating element IIRC...

Here's a similar case using <li> that triggers:

ASSERTION: identical: 'pseudoType1 != pseudoType2', file layout/base/nsGenConList.cpp:87

in a local DEBUG build.

Bugmon Analysis
The bug appears to have been fixed in the following build range:

Start: 57328f12e67aafad12fd1f062fddf48b41120a4f (20210614004220)
End: e77eb14241b9e712ddda1e8c1cc21ef455377e3c (20210614070416)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=57328f12e67aafad12fd1f062fddf48b41120a4f&tochange=e77eb14241b9e712ddda1e8c1cc21ef455377e3c
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.

:mats, is it possible that bug 1542807 fixed this issue? Our fuzzers no longer saw this issue after that patch landed.

Clear a needinfo that is pending on an inactive user.

Inactive users most likely will not respond; if the missing information is essential and cannot be collected another way, the bug maybe should be closed as INCOMPLETE.

For more information, please visit BugBot documentation.