Closed Bug 1384526 Opened 2 years ago Closed 2 years ago

Stylo: Crash in mozalloc_abort | abort | geckoservo::glue::Servo_TraverseSubtree

Categories

(Core :: CSS Parsing and Computation, defect, P1, critical)

Unspecified
All
defect

Tracking

()

VERIFIED WORKSFORME

People

(Reporter: calixte, Assigned: heycam)

References

(Blocks 1 open bug, )

Details

(Keywords: crash, reproducible)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-71ff5efc-6fdc-41fe-af56-4f4240170726.
=============================================================

There are 2 crashes (from the same installation) in nightly 56 with buildid 20170725144001.

The url for the crashes is:
https://bug1383780.bmoattachments.org/attachment.cgi?id=8889483
This would normally be a duplicate of
bug 1375902 (marked as fixed by bug 1374175 19 days ago)
or
bug 1377197 (marked as fixed by bug 1376352 23 days ago).


2x 20170725144001 (2017-07-25) on MacOS
That URL leads to a tab crash in my Nightly 56 x64 20170726100241 @ Debian Testing, too.

bp-5395a150-0518-4f08-b84b-130c20170726
bp-21bf915c-3bd5-4d59-accd-487be0170726
Has STR: --- → yes
OS: Mac OS X → All
Version: 56 Branch → Trunk
See Also: → 1383780
Hmm, selecting the <tr> creates different NAC from selecting an <img>, I guess.
I'll look at this tomorrow.
Assignee: nobody → cam
Flags: needinfo?(cam)
Keywords: reproducible
Priority: -- → P1
Priority: P1 → --
Priority: -- → P1
(In reply to Cameron McCormack (:heycam) from comment #5)
> Hmm, selecting the <tr> creates different NAC from selecting an <img>, I
> guess.

Yes, that creates in-table editing UI: https://searchfox.org/mozilla-central/rev/f0e4ae5f8c40ba742214e89aba3f554da0b89a33/editor/libeditor/HTMLInlineTableEditor.cpp#46-93
Note that there are some crash reports with this bug's signature that don't look the same as the editor-related crash in bug 1387481.
(In reply to Cameron McCormack (:heycam) from comment #8)
> Note that there are some crash reports with this bug's signature that don't
> look the same as the editor-related crash in bug 1387481.

Are the frequent? What's the urgency and next steps?
Looking again, I now see no crash reports with this bug's signature that doesn't involve editor stuff after (and including) the 2017-08-04 build.
Flags: needinfo?(cam)
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WORKSFORME
(In reply to Darkspirit from comment #3)
> That URL leads to a tab crash in my Nightly 56 x64 20170726100241 @ Debian Testing, too.
> 
> bp-5395a150-0518-4f08-b84b-130c20170726
> bp-21bf915c-3bd5-4d59-accd-487be0170726

Does not crash anymore. Nightly 57 x64 20170806100257 @ Debian Testing
Status: RESOLVED → VERIFIED
This signature is still top #5 for Nightly 20170806100257 on Linux, and I also see it from Nightly 20170804193726:

  bp-8e07f2c4-decb-4ba4-ad7c-259510170807,
  bp-a5fada28-1720-4ad2-a7ee-d91e40170805
Flags: needinfo?(cam)
Status: VERIFIED → REOPENED
Resolution: WORKSFORME → ---
The fix in bug 1387481 landed in Nightly 20170807. What should we do regarding top crash for 20170806? Should we make a time machine and fix it a day before?
Status: REOPENED → RESOLVED
Closed: 2 years ago2 years ago
Flags: needinfo?(cam)
Resolution: --- → WORKSFORME
In comment 11 I verified that the URL in comment 0 didn't triggered a crash in my Nightly anymore. I should have waited.

The last seen crash was with build 20170806100257 (2017-08-06).
Status: RESOLVED → VERIFIED
There is one new crash with build 20170814100258 (2017-08-14) on macOS. (One week after it should've been fixed?)
bp-8ca9f1b8-b092-4307-bb3e-4a9450170815
The crash stack looks similar, I think.
Reopen, new bug or possibly fixed now (by what)?
(In reply to Jan Andre Ikenmeyer [:darkspirit] from comment #15)
> There is one new crash with build 20170814100258 (2017-08-14) on macOS. (One
> week after it should've been fixed?)
> bp-8ca9f1b8-b092-4307-bb3e-4a9450170815
> The crash stack looks similar, I think.
> Reopen, new bug or possibly fixed now (by what)?

That stack looks different (it's under StyleSubtreeForReconstruct). It may be a bug, but in general we should wait until we see a crash on >5 different installations before filing a bug (otherwise there's too much noise).
You need to log in before you can comment on or make changes to this bug.