Open Bug 1493566 Opened 6 years ago Updated 2 years ago

Crash in nsAtomTable::Atomize

Categories

(Core :: CSS Transitions and Animations, defect, P3)

x86_64
Windows 10
defect

Tracking

()

Tracking Status
firefox64 --- affected

People

(Reporter: baffclan, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is report bp-d0e1c50f-755b-43e5-9abc-f34750180924. ============================================================= Top 10 frames of crashing thread: 0 xul.dll nsAtomTable::Atomize xpcom/ds/nsAtomTable.cpp:728 1 xul.dll Gecko_Atomize layout/style/ServoBindings.cpp:1118 2 xul.dll static union core::result::Result<core::option::Option<selectors::parser::SimpleSelectorParseResult<style::gecko::selector_parser::SelectorImpl>>, cssparser::parser::ParseError<style_traits::StyleParseErrorKind>> selectors::parser::parse_one_simple_selector<style::selector_parser::SelectorParser, style::gecko::selector_parser::SelectorImpl> servo/components/selectors/parser.rs:2009 3 xul.dll static union core::result::Result<selectors::parser::Selector<style::gecko::selector_parser::SelectorImpl>, cssparser::parser::ParseError<style_traits::StyleParseErrorKind>> selectors::parser::parse_selector<style::selector_parser::SelectorParser, style::gecko::selector_parser::SelectorImpl> servo/components/selectors/parser.rs:1343 4 xul.dll static union core::result::Result<selectors::parser::SelectorList<style::gecko::selector_parser::SelectorImpl>, cssparser::parser::ParseError<style_traits::StyleParseErrorKind>> selectors::parser::SelectorList<style::gecko::selector_parser::SelectorImpl>::parse<style::gecko::selector_parser::SelectorImpl, style::selector_parser::SelectorParser> servo/components/selectors/parser.rs:235 5 xul.dll static union core::result::Result<style::stylesheets::CssRule, cssparser::parser::ParseError<style_traits::StyleParseErrorKind>> cssparser::rules_and_declarations::parse_qualified_rule<style::stylesheets::rule_parser::TopLevelRuleParser, style_traits::StyleParseErrorKind> third_party/rust/cssparser/src/rules_and_declarations.rs:510 6 xul.dll static struct style::stylesheets::stylesheet::StylesheetContents style::stylesheets::stylesheet::StylesheetContents::from_str servo/components/style/stylesheets/stylesheet.rs:85 7 xul.dll static void geckoservo::stylesheet_loader::AsyncStylesheetParser::parse servo/ports/geckolib/stylesheet_loader.rs:113 8 xul.dll static void rayon_core::job::{{impl}}::execute<closure> third_party/rust/rayon-core/src/job.rs:156 9 xul.dll static void rayon_core::registry::WorkerThread::wait_until_cold<rayon_core::latch::CountLatch> third_party/rust/rayon-core/src/registry.rs:567 ============================================================= Application Basics: Name: Firefox Version: 64.0a1 Build ID: 20180923220427 Update Channel: nightly User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0 OS: Windows_NT 10.0
I can't imagine what Stylo is doing here, but it seems more likely to me that bad data is getting passed in somehow, rather than the atom table doing something wrong.
Component: XPCOM → CSS Transitions and Animations
Looks pretty low volume. Cameron: Any initial thoughts on this?
Flags: needinfo?(cam)
Priority: -- → P3
I don't know but there are a number of different signatures mixed up here, with different (non-layout) callers to nsAtomTable::Atomize.
Flags: needinfo?(cam)
Crash Signature: [@ nsAtomTable::Atomize] → [@ nsAtomTable::Atomize] [@ selectors::parser::parse_one_simple_selector]
Crash Signature: [@ nsAtomTable::Atomize] [@ selectors::parser::parse_one_simple_selector] → [@ nsAtomTable::Atomize | selectors::parser::parse_one_simple_selector]
Marcia, what's the right syntax for the Crash Signature field to limit this to crashes in nsAtomTable::Atomize that are under the selectors::parser::parse_one_simple_selector call, like in https://crash-stats.mozilla.com/report/index/13167fed-9ce8-4aa9-984e-01ed90181016?
Flags: needinfo?(mozillamarcia.knous)
(In reply to Cameron McCormack (:heycam) from comment #4) > Marcia, what's the right syntax for the Crash Signature field to limit this > to crashes in nsAtomTable::Atomize that are under the > selectors::parser::parse_one_simple_selector call, like in > https://crash-stats.mozilla.com/report/index/13167fed-9ce8-4aa9-984e- > 01ed90181016? Cameron: You can use the proto signature in search to refine - I did a contains search for the proto signature selectors::parser::parse_one_simple_selector call in all versions of Firefox, using the signature nsAtomTable::Atomize: https://bit.ly/2pVrcmW
Flags: needinfo?(mozillamarcia.knous)
Thanks! I guess that means it's not possible to do that in the Crash Signature field in the bug here?
Crash Signature: [@ nsAtomTable::Atomize | selectors::parser::parse_one_simple_selector] → [@ nsAtomTable::Atomize ]
(In reply to Cameron McCormack (:heycam) from comment #6) > Thanks! I guess that means it's not possible to do that in the Crash > Signature field in the bug here? No, unfortunately you have to do a separate query to ferret out the proto signature.
QA Whiteboard: qa-not-actionable

Since the crash volume is low (less than 5 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.

For more information, please visit auto_nag documentation.

Severity: critical → S3
You need to log in before you can comment on or make changes to this bug.