I found one nullptr value up one level from where we crash: https://searchfox.org/mozilla-central/rev/6d5be71ac78856ab388a1a5a923c666080f61e6a/gfx/layers/CompositorAnimationStorage.cpp#247-250 ```cpp case eCSSProperty_opacity: { MOZ_ASSERT(aAnimationValues.Length() == 1); SetAnimatedValue(aId, aAnimatedValueEntry, Servo_AnimationValue_GetOpacity(aAnimationValues[0])); ``` At this moment when we crash, that `aAnimationValues[0]` value is nullptr. Not sure if this is the exact nullptr that we're dereferencing, but maybe it is? I think Rust is expecting something non-null there, if I'm reading https://searchfox.org/mozilla-central/rev/6d5be71ac78856ab388a1a5a923c666080f61e6a/servo/ports/geckolib/glue.rs#770-775 correctly. On the assumption that that nullptr is the source of badness here, I traced it back a little ways to see where it comes from; I worked back a few steps to a moment ([link in pernosco trace](https://pernos.co/debug/dUptkciDs2Sn9mzIiMoGHQ/index.html#f{m[A2C0,BfoI_,t[2Q,vhA_,f{e[A2C0,BZYd_,s{afvXPAAAA,bAfs,uBRY0Dw,oBSB2nw___,v[{wiLg,v[{f'list',q'stdouterr',p{_,xAYag_,{f'container',q'stack',p{_,xAYag_,{f'list',q'alerts',p{_,xAYag_,{f'notebook',q'notebook',p.,xAYag___,{w/eg,v[{f'source',q'source',p{_,xAYag____/)) at the start of a loop iteration in `CompositorAnimationStorage::SampleAnimations`'s lambda callback where `animationStorageData->mAnimation` is an array of length 1, and that one entry is a null-valued RefPtr, which ends up ultimately getting passed around and ends up being what we call `Servo_AnimationValue_GetOpacity` on. Boris: hoping you can take it from there, when time allows. (See the "notebook" pane in pernosco for some relevant timestamps that I marked, mostly the first and last ones are relevant.)
Bug 1929723 Comment 3 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
I found one nullptr value up one level from where we crash: https://searchfox.org/mozilla-central/rev/6d5be71ac78856ab388a1a5a923c666080f61e6a/gfx/layers/CompositorAnimationStorage.cpp#247-250 ```cpp case eCSSProperty_opacity: { MOZ_ASSERT(aAnimationValues.Length() == 1); SetAnimatedValue(aId, aAnimatedValueEntry, Servo_AnimationValue_GetOpacity(aAnimationValues[0])); ``` At this moment when we crash, that `aAnimationValues[0]` value is nullptr. Not sure if this is the exact nullptr that we're dereferencing, but maybe it is? I think Rust is expecting something non-null there, if I'm reading https://searchfox.org/mozilla-central/rev/6d5be71ac78856ab388a1a5a923c666080f61e6a/servo/ports/geckolib/glue.rs#770-775 correctly. On the assumption that that nullptr is the source of badness here, I traced it back a little ways to see where it comes from; I worked back a few steps to a moment ([link in pernosco trace](https://pernos.co/debug/dUptkciDs2Sn9mzIiMoGHQ/index.html#f{m[A2C0,BfoI_,t[2Q,vhA_,f{e[A2C0,BZYd_,s{afvXPAAAA,bAfs,uBRY0Dw,oBSB2nw___,v[{wiLg,v[{f'list',q'stdouterr',p{_,xAYag_,{f'container',q'stack',p{_,xAYag_,{f'list',q'alerts',p{_,xAYag_,{f'notebook',q'notebook',p.,xAYag___,{w/eg,v[{f'source',q'source',p{_,xAYag____/)) at the start of a loop iteration in `CompositorAnimationStorage::SampleAnimations`'s lambda callback where `animationStorageData->mAnimation` is an array of length 1, and that one entry has a `mBaseStyle` which is a null-valued RefPtr, which ends up ultimately getting passed around and ends up being what we call `Servo_AnimationValue_GetOpacity` on. (I don't know enough about the code here to know if it's reasonable for `mBaseStyle` to be nullptr or not; or, if it is reasonable, if we're expecting to have been able to convert/replace that with something else [or bail out] before we make it to calling `Servo_AnimationValue_GetOpacity` on it.) Boris: hoping you can take it from there, when time allows. (See the "notebook" pane in pernosco for some relevant timestamps that I marked, mostly the first and last ones are relevant.)