Assertion failure: aSize.width >= 0.0 && aSize.height >= 0.0, at src/layout/base/nsLayoutUtils.cpp:8832
Categories
(Core :: Layout, defect, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox69 | --- | affected |
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: assertion, testcase)
Attachments
(1 file)
|
156 bytes,
text/html
|
Details |
This test case only repros on Android.
Assertion failure: aSize.width >= 0.0 && aSize.height >= 0.0, at src/layout/base/nsLayoutUtils.cpp:8832
eip = 0xc790a718 esp = 0xcd7fddf0 ebp = 0xcd7fde68 ebx = 0xccbdcdc8
esi = 0x00002280 edi = 0xaf804e50 eax = 0xca58015b ecx = 0xcdc3617c
edx = 0x00000094 efl = 0x00210282
OS|Android|0.0.0 Linux 4.4.124+ #1 SMP PREEMPT Wed Jan 30 07:13:09 UTC 2019 i686
CPU|x86|GenuineIntel family 6 model 6 stepping 3|4
GPU|||
Crash|SIGSEGV|0x0|13
13|0|libxul.so|nsLayoutUtils::SetVisualViewportSize(mozilla::PresShell*, mozilla::gfx::SizeTyped<mozilla::CSSPixel, float>)|hg:hg.mozilla.org/mozilla-central:layout/base/nsLayoutUtils.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|8832|0x22
13|1|libxul.so|mozilla::GeckoMVMContext::SetVisualViewportSize(mozilla::gfx::SizeTyped<mozilla::CSSPixel, float> const&)|hg:hg.mozilla.org/mozilla-central:layout/base/GeckoMVMContext.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|135|0x1c
13|2|libxul.so|MobileViewportManager::UpdateVisualViewportSize(mozilla::gfx::IntSizeTyped<mozilla::ScreenPixel> const&, mozilla::gfx::ScaleFactor<mozilla::CSSPixel, mozilla::ScreenPixel> const&)|hg:hg.mozilla.org/mozilla-central:layout/base/MobileViewportManager.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|437|0x19
13|3|libxul.so|MobileViewportManager::UpdateResolution(nsViewportInfo const&, mozilla::gfx::IntSizeTyped<mozilla::ScreenPixel> const&, mozilla::gfx::SizeTyped<mozilla::CSSPixel, float> const&, mozilla::Maybe<float> const&, MobileViewportManager::UpdateType)|hg:hg.mozilla.org/mozilla-central:layout/base/MobileViewportManager.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|402|0x13
13|4|libxul.so|MobileViewportManager::RefreshViewportSize(bool)|hg:hg.mozilla.org/mozilla-central:layout/base/MobileViewportManager.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|530|0x26
13|5|libxul.so|mozilla::PresShell::ResizeReflow(int, int, int, int, mozilla::ResizeReflowOptions)|hg:hg.mozilla.org/mozilla-central:layout/base/PresShell.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|1856|0x15
13|6|libxul.so|nsViewManager::DoSetWindowDimensions(int, int)|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|182|0x20
13|7|libxul.so|nsViewManager::FlushDelayedResize(bool)|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|230|0xd
13|8|libxul.so|mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush)|hg:hg.mozilla.org/mozilla-central:layout/base/PresShell.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|4230|0x1e
13|9|libxul.so|mozilla::PresShell::FlushPendingNotifications(mozilla::ChangesToFlush)|hg:hg.mozilla.org/mozilla-central:layout/base/PresShell.h:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|1453|0x18
13|10|libxul.so|nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|1979|0x14
13|11|libxul.so|mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|349|0x33
13|12|libxul.so|mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|342|0x53
13|13|libxul.so|mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|709|0x41
13|14|libxul.so|mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run()|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|509|0x3d
13|15|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|1176|0x16
13|16|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|486|0x11
13|17|libxul.so|mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|88|0xd
13|18|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|315|0x16
13|19|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|290|0xb
13|20|libxul.so|nsBaseAppShell::Run()|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|137|0xe
13|21|libxul.so|nsAppStartup::Run()|hg:hg.mozilla.org/mozilla-central:toolkit/components/startup/nsAppStartup.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|276|0x18
13|22|libxul.so|XREMain::XRE_mainRun()|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsAppRunner.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|4550|0x10
13|23|libxul.so|XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsAppRunner.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|4688|0x8
13|24|libxul.so|XRE_main(int, char**, mozilla::BootstrapConfig const&)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsAppRunner.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|4769|0xf
13|25|libxul.so|GeckoStart|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsAndroidStartup.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|47|0xd
13|26|libxul.so|mozilla::BootstrapImpl::GeckoStart(_JNIEnv*, char**, int, mozilla::StaticXREAppData const&)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/Bootstrap.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|77|0x11
13|27|libmozglue.so|Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun|hg:hg.mozilla.org/mozilla-central:mozglue/android/APKOpen.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|372|0x2a
13|28|libart.so||||0x634318
|
||
Updated•5 years ago
|
|
|
||
Comment 1•5 years ago
|
||
Hmm I can't reproduce the assertion locally on Android emulators. We bail out early somewhere?
|
||
Comment 2•5 years ago
|
||
The call stack looks identical the one in bug 1548896.
Brad, this should be fixed bug 1548896, right?
|
||
Comment 3•5 years ago
|
||
Those callstacks do look identical to me. I can't explain how this bug is happening. The code changed by Bug 1548896 should resolve this. It seems clear that MobileViewportManager::UpdateVisualViewportSize is not allowed to return a negative size, since MobileViewportManager::GetCompositionSize now only returns non-negative sizes. Is it possible that this test was done with an earlier Android build that didn't have the code that landed in Bug 1548896?
|
|
||
Comment 4•5 years ago
|
||
Thank you, Ting-Yu and Brad.
Hey Tyson, which revision did you use in comment 0? Are you still able to reproduce the assertion on the latest m-c?
|
Reporter | |
Comment 5•5 years ago
|
||
The report is from m-c 20190529-2bb77ed1fcc5. I can reproduce it consistently.
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
|
||
Comment 8•5 years ago
|
||
There are 21 failures in the last 7 days on macosx1014-64 debug: https://treeherder.mozilla.org/intermittent-failures.html#/bugdetails?bug=1555457&startday=2019-07-08&endday=2019-07-14&tree=all
Recent log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=256413812&repo=mozilla-inbound&lineNumber=28611
Tyson, any updates regarding this?
|
|
Reporter | |
Comment 9•5 years ago
|
||
(In reply to Alexandru Michis [:malexandru] from comment #8)
Tyson, any updates regarding this?
Not sure what else to say here... did I miss something?
|
|
||
Comment 10•5 years ago
|
||
We should ask Brad instead.
| Comment hidden (Intermittent Failures Robot) |
|
||
Comment 13•5 years ago
•
|
||
Note, I'm chasing this down a bit (gathering more info at least by adding earlier assertions) in bug 1566991 and bug 1568673.
The former bug (which landed yesterday) added an assertion that seems to be catching this problem a bit earlier (and it seems to have done so, e.g. in newly-filed intermittent bug 1568405). I suspect that any intermittent failures that would have been reported here will now instead appear on bug 1568405 (and soon perhaps on a new bug for the new assertion I'm adding in bug 1568673).
So: this bug here might go "quiet" in terms of treeherder failure reports, but it's likely that the problem will have just been caught earlier (via an assertion with different text).
Also: it's notable that we've hit this assertion on Android (comment 0 w/ the fuzzer testcase) and MacOS (the intermittent reports), the two platforms where we have overlay scrollbars. I suspect overlay scrollbars are involved in causing trouble here.
| Comment hidden (Intermittent Failures Robot) |
|
|
||
Comment 15•5 years ago
|
||
(In reply to Daniel Holbert [:dholbert] from comment #13)
Note, I'm chasing this down a bit (gathering more info at least by adding earlier assertions) in bug 1566991 and bug 1568673.
Okay, if zoom can become negative (is this ever useful?) then my patches in Bug 1548896 are not adequate to solve this. I'll see if I can understand the call stack in Bug 1568405 which is generating the negative zoom values. I propose that this should be closed as a duplicate of that bug.
|
|
||
Comment 16•5 years ago
|
||
Tyson, would you mind seeing if you can still reproduce this with your attached testcase?
(Based on comment 1 / comment 4, I'm guessing that I [like hiro] might not be able to repro, but you probably have the right environment to reproduce with your testcase.)
I'm guessing bug 1569475's patch may have fixed this. (Or rather, converted into an earlier nonfatal assert with sane fallback behavior.)
|
|
||
Updated•5 years ago
|
|
|
Reporter | |
Comment 17•5 years ago
|
||
I am no longer able to reproduce this with m-c:
BuildID=20190806161505
SourceStamp=747f5a90f7d8a627d157b6b21861a8ec309d31b7
|
|
||
Comment 18•5 years ago
|
||
Great, thanks Tyson!
Calling this WORKSFORME since I wouldn't claim to be 100% sure what fixed it (though I'd bet it was bug 1569475).
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
|
|
||
Comment 23•5 years ago
|
||
Note: recent failure-robot starrings are all from mozilla-release and mozilla-beta, which is consistent with this having been fixed on central as of comment 18.
(One exception: comment 20 has a starring for mozilla-central from after this was fixed -- but that seems to have been an incorrect association. I don't see any instance of this bug's assertion-failure in the verbose log there.)
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
Description
•