Closed
Bug 1455108
Opened 7 years ago
Closed 7 years ago
Crash in mozalloc_abort | abort | panic_abort::__rust_start_panic::abort::h091e61b1e9ef8f82 | panic_abort::__rust_start_panic | core::option::expect_failed::h665835dead85fc51 | geckoservo::glue::Servo_Element_IsDisplayContents
Categories
(Core :: CSS Parsing and Computation, defect)
Tracking
()
VERIFIED
FIXED
mozilla61
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox59 | --- | unaffected |
| firefox60 | --- | unaffected |
| firefox61 | --- | verified |
People
(Reporter: marcia, Assigned: emilio)
References
()
Details
(Keywords: crash, regression, reproducible)
Crash Data
Attachments
(2 files)
This bug was filed from the Socorro interface and is
report bp-f6b42204-53c0-45f2-8ffa-3f19e0180418.
=============================================================
Reproducible crash using http://piro.sakura.ne.jp/xul/_treestyletab.html.en. Load page and the tab crashes.
Top 10 frames of crashing thread:
0 libmozglue.dylib mozalloc_abort memory/mozalloc/mozalloc_abort.cpp:34
1 libmozglue.dylib abort memory/mozalloc/mozalloc_abort.cpp:81
2 XUL panic_abort::__rust_start_panic::abort::h091e61b1e9ef8f82 src/libpanic_abort/lib.rs:62
3 XUL panic_abort::__rust_start_panic src/libpanic_abort/lib.rs:57
4 XUL std::panicking::rust_panic_with_hook::hfb431ab23831437f src/libstd/panicking.rs:607
5 XUL std::panicking::begin_panic::h083a5eed938a1a63 src/libstd/panicking.rs:537
6 XUL std::panicking::begin_panic_fmt::h2d93f83eaf48dbcd src/libstd/panicking.rs:521
7 XUL core::panicking::panic_fmt::he42c3e63824a6609 src/libstd/panicking.rs:497
8 XUL core::option::expect_failed::h665835dead85fc51 src/libcore/option.rs:917
9 XUL geckoservo::glue::Servo_Element_IsDisplayContents src/libcore/option.rs:302
=============================================================
|
Assignee | |
Comment 1•7 years ago
|
||
I haven't been able to repro this on Linux, is there anything special about your setup?
I think I know what can be going wrong though...
Flags: needinfo?(mozillamarcia.knous)
Flags: needinfo?(emilio)
|
||
Comment 2•7 years ago
|
||
I can't reproduce this either...
|
Reporter | |
Comment 3•7 years ago
|
||
(In reply to Emilio Cobos Álvarez [:emilio] from comment #1)
> I haven't been able to repro this on Linux, is there anything special about
> your setup?
>
> I think I know what can be going wrong though...
Nothing special, but I am on Mac and it appears all the crashes are Mac 10.13.
Flags: needinfo?(mozillamarcia.knous)
|
|
Assignee | |
Comment 4•7 years ago
|
||
Yup, I knew how this could happen :)
Assignee: nobody → emilio
Status: NEW → ASSIGNED
Flags: needinfo?(emilio)
| Comment hidden (mozreview-request) |
|
||
Updated•7 years ago
|
Blocks: 1303605
status-firefox59:
--- → unaffected
status-firefox60:
--- → unaffected
status-firefox-esr52:
--- → unaffected
|
||
Comment 6•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8969339 [details]
Bug 1455108: Don't reparent first-line stuff in display: none subtrees.
https://reviewboard.mozilla.org/r/238074/#review244076
::: layout/base/RestyleManager.cpp:3535
(Diff revision 1)
> + // We're getting into a display: none subtree, avoid reparenting into stuff
> + // that is going to go away anyway in seconds.
Comment nit: Is it reparenting styles into other frames about to go away, or reparenting styles of frames about to go away into other frames? (I think it's the latter?)
Attachment #8969339 -
Flags: review?(cam) → review+
|
|
Assignee | |
Comment 7•7 years ago
|
||
| mozreview-review-reply | ||
Comment on attachment 8969339 [details]
Bug 1455108: Don't reparent first-line stuff in display: none subtrees.
https://reviewboard.mozilla.org/r/238074/#review244076
> Comment nit: Is it reparenting styles into other frames about to go away, or reparenting styles of frames about to go away into other frames? (I think it's the latter?)
We're now in a display: none subtree, so the frame tree will completely go away.
Pushed by ecoal95@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/cafdf61a721b
Don't reparent first-line stuff in display: none subtrees. r=heycam
|
||
Comment 9•7 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
|
||
Updated•7 years ago
|
Flags: qe-verify+
|
||
Comment 10•7 years ago
|
||
Hello guys,
This issue has been reproduced using the Testcase attachment with a macOS 10.13.3 on Nightly 61.0a1 (2018-04-18) with the same repro steps.
Issue has been verified on the following builds:
- 62.0a1
- 61.0b5
- 60.0
And the crash is no longer present.
Flags: qe-verify+
|
|
||
Comment 11•7 years ago
|
||
Later Edit:
https://crash-stats.mozilla.com/report/index/2b69128d-cd55-44da-bb9c-583880180515
Here you have the crash log link for the Nightly 61.0a1 (2018-04-18) crash on macOS 10.13.3 with the Testcase attachment for further information.
|
|
||
Updated•7 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•