Hit MOZ_CRASH(assertion failed: author_styles.quirks_mode == self.as_node().owner_doc().quirks_mode() || author_styles.stylesheets.is_empty() || author_styles.stylesheets.dirty()) at servo/components/style/gecko/wrapper.rs:178

RESOLVED FIXED in Firefox 68

Status

()

defect
RESOLVED FIXED
2 months ago
a month ago

People

(Reporter: tsmith, Assigned: emilio)

Tracking

(Blocks 1 bug, {assertion, crash, testcase})

unspecified
mozilla68
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(firefox-esr60 wontfix, firefox66 wontfix, firefox67 wontfix, firefox68 fixed)

Details

Attachments

(2 attachments)

(Reporter)

Description

2 months ago
Posted file testcase.html

Reduced with m-c:
BuildID=20190402144906
SourceStamp=85476bad25bfbd3525d6d8779f4705a3fedf9103

Hit MOZ_CRASH(assertion failed: author_styles.quirks_mode == self.as_node().owner_doc().quirks_mode() || author_styles.stylesheets.is_empty() || author_styles.stylesheets.dirty()) at servo/components/style/gecko/wrapper.rs:178

#0 MOZ_Crash(char const*, int, char const*) src/obj-firefox/dist/include/mozilla/Assertions.h:314:3
#1 GeckoCrash src/toolkit/xre/nsAppRunner.cpp:5092:3
#2 gkrust_shared::panic_hook::h302c2adb8a7bf134 src/toolkit/library/rust/shared/lib.rs:240:8
#3 core::ops::function::Fn::call::h3f01510bbe29f04e /rustc/9fda7c2237db910e41d6a712e9a2139b352e558b/src/libcore/ops/function.rs:78:4
#4 std::panicking::rust_panic_with_hook::h8cbdfe43764887be /rustc/9fda7c2237db910e41d6a712e9a2139b352e558b/src/libstd/panicking.rs:495:16
#5 std::panicking::begin_panic::hda77394736601d0d /rustc/9fda7c2237db910e41d6a712e9a2139b352e558b/src/libstd/panicking.rs:425:4
#6 _$LT$style..rule_collector..RuleCollector$LT$$u27$a$C$$u20$$u27$b$C$$u20$E$C$$u20$F$GT$$GT$::collect_all::h838d0c2cc17bc470 src/servo/components/style/rule_collector.rs
#7 style::stylist::Stylist::push_applicable_declarations::h9f43bb9e4a28c32c src/servo/components/style/stylist.rs:1119:8
#8 _$LT$style..style_resolver..StyleResolverForElement$LT$$u27$a$C$$u20$$u27$ctx$C$$u20$$u27$le$C$$u20$E$GT$$GT$::match_primary::hfea8d787d3dd42c7 (.llvm.17458187654862310790) src/servo/components/style/style_resolver.rs:435
#9 _$LT$style..style_resolver..StyleResolverForElement$LT$$u27$a$C$$u20$$u27$ctx$C$$u20$$u27$le$C$$u20$E$GT$$GT$::resolve_primary_style::he699f1a562520387 src/servo/components/style/style_resolver.rs:162:30
#10 _$LT$style..style_resolver..StyleResolverForElement$LT$$u27$a$C$$u20$$u27$ctx$C$$u20$$u27$le$C$$u20$E$GT$$GT$::resolve_style::hd681a8bd3d456ba8 src/servo/components/style/style_resolver.rs:232:28
#11 style::traversal::resolve_style::h7d345e3a7afd5fa1 src/servo/components/style/traversal.rs:381:4
#12 Servo_ResolveStyleLazily src/servo/ports/geckolib/glue.rs:4937:17
#13 mozilla::ServoStyleSet::ResolveStyleLazilyInternal(mozilla::dom::Element*, mozilla::PseudoStyleType, mozilla::StyleRuleInclusion) src/layout/style/ServoStyleSet.cpp:1240:7
#14 mozilla::ServoStyleSet::ResolveStyleLazily(mozilla::dom::Element*, mozilla::PseudoStyleType, mozilla::StyleRuleInclusion) src/layout/style/ServoStyleSet.cpp:542:10
#15 mozilla::ServoStyleSet::ResolveStyleFor(mozilla::dom::Element*, mozilla::LazyComputeBehavior) src/layout/style/ServoStyleSet.cpp:355:12
#16 GetPropagatedScrollStylesForViewport(nsPresContext*, mozilla::ScrollStyles*) src/layout/base/nsPresContext.cpp:1091:17
#17 nsPresContext::UpdateViewportScrollStylesOverride() src/layout/base/nsPresContext.cpp:1134:9
#18 nsCSSFrameConstructor::ConstructDocElementFrame(mozilla::dom::Element*, nsILayoutHistoryState*) src/layout/base/nsCSSFrameConstructor.cpp:2220:41
#19 nsCSSFrameConstructor::ContentRangeInserted(nsIContent*, nsIContent*, nsILayoutHistoryState*, nsCSSFrameConstructor::InsertionKind) src/layout/base/nsCSSFrameConstructor.cpp:6998:9
#20 mozilla::PresShell::Initialize() src/layout/base/PresShell.cpp:1743:26
#21 nsContentSink::StartLayout(bool) src/dom/base/nsContentSink.cpp:1200:30
#22 nsHtml5TreeOpExecutor::StartLayout(bool*) src/parser/html/nsHtml5TreeOpExecutor.cpp:666:18
#23 nsHtml5TreeOperation::Perform(nsHtml5TreeOpExecutor*, nsIContent**, bool*, bool*) src/parser/html/nsHtml5TreeOperation.cpp:1115:17
#24 nsHtml5TreeOpExecutor::RunFlushLoop() src/parser/html/nsHtml5TreeOpExecutor.cpp:483:19
#25 nsHtml5ExecutorFlusher::Run() src/parser/html/nsHtml5StreamParser.cpp:133:18
#26 mozilla::SchedulerGroup::Runnable::Run() src/xpcom/threads/SchedulerGroup.cpp:295:32
#27 nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1180:14
#28 NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:482:10
#29 mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:88:21
#30 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:315:10
#31 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290:3
#32 nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:137:27
#33 XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:919:20
#34 mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:238:9
#35 MessageLoop::RunInternal() src/ipc/chromium/src/base/message_loop.cc:315:10
#36 MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:290:3
#37 XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:757:34
#38 content_process_main(mozilla::Bootstrap*, int, char**) src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
#39 main src/browser/app/nsBrowserApp.cpp:263:18
Flags: in-testsuite?
(Assignee)

Comment 1

2 months ago

This looks more like a style system bug to me :)

No longer blocks: fuzzing-webrender
Component: Graphics: WebRender → CSS Parsing and Computation
Flags: needinfo?(emilio)
(Reporter)

Comment 2

2 months ago

(In reply to Emilio Cobos Álvarez (:emilio) from comment #1)

This looks more like a style system bug to me :)

Ah yes, thank you :)

(Assignee)

Comment 3

2 months ago

Nasty one, btw, thanks :)

Assignee: nobody → emilio
Flags: needinfo?(emilio)
(Assignee)

Comment 4

2 months ago

This testcase triggers a case which I hoped I wouldn't need to handle: The
presence of a shadow root in the tree already by the time our compatibility mode
changes.

Just invalidate ShadowRoot data when this happens the same way we invalidate the
document style data.

Comment 5

2 months ago
Pushed by ealvarez@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3fcf01363983
Invalidate ShadowRoot style data when the document's compat mode changes. r=heycam

Comment 6

2 months ago
bugherder
Status: NEW → RESOLVED
Last Resolved: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
Flags: in-testsuite? → in-testsuite+
You need to log in before you can comment on or make changes to this bug.