Closed Bug 1555457 Opened 10 months ago Closed 8 months ago

Assertion failure: aSize.width >= 0.0 && aSize.height >= 0.0, at src/layout/base/nsLayoutUtils.cpp:8832

Categories

(Core :: Layout, defect, P3)

Unspecified
Android
defect

Tracking

()

RESOLVED WORKSFORME
Tracking Status
firefox69 --- affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase)

Attachments

(1 file)

Attached file testcase.html

This test case only repros on Android.

Assertion failure: aSize.width >= 0.0 && aSize.height >= 0.0, at src/layout/base/nsLayoutUtils.cpp:8832

eip = 0xc790a718   esp = 0xcd7fddf0   ebp = 0xcd7fde68   ebx = 0xccbdcdc8
esi = 0x00002280   edi = 0xaf804e50   eax = 0xca58015b   ecx = 0xcdc3617c
edx = 0x00000094   efl = 0x00210282
OS|Android|0.0.0 Linux 4.4.124+ #1 SMP PREEMPT Wed Jan 30 07:13:09 UTC 2019 i686
CPU|x86|GenuineIntel family 6 model 6 stepping 3|4
GPU|||
Crash|SIGSEGV|0x0|13
13|0|libxul.so|nsLayoutUtils::SetVisualViewportSize(mozilla::PresShell*, mozilla::gfx::SizeTyped<mozilla::CSSPixel, float>)|hg:hg.mozilla.org/mozilla-central:layout/base/nsLayoutUtils.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|8832|0x22
13|1|libxul.so|mozilla::GeckoMVMContext::SetVisualViewportSize(mozilla::gfx::SizeTyped<mozilla::CSSPixel, float> const&)|hg:hg.mozilla.org/mozilla-central:layout/base/GeckoMVMContext.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|135|0x1c
13|2|libxul.so|MobileViewportManager::UpdateVisualViewportSize(mozilla::gfx::IntSizeTyped<mozilla::ScreenPixel> const&, mozilla::gfx::ScaleFactor<mozilla::CSSPixel, mozilla::ScreenPixel> const&)|hg:hg.mozilla.org/mozilla-central:layout/base/MobileViewportManager.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|437|0x19
13|3|libxul.so|MobileViewportManager::UpdateResolution(nsViewportInfo const&, mozilla::gfx::IntSizeTyped<mozilla::ScreenPixel> const&, mozilla::gfx::SizeTyped<mozilla::CSSPixel, float> const&, mozilla::Maybe<float> const&, MobileViewportManager::UpdateType)|hg:hg.mozilla.org/mozilla-central:layout/base/MobileViewportManager.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|402|0x13
13|4|libxul.so|MobileViewportManager::RefreshViewportSize(bool)|hg:hg.mozilla.org/mozilla-central:layout/base/MobileViewportManager.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|530|0x26
13|5|libxul.so|mozilla::PresShell::ResizeReflow(int, int, int, int, mozilla::ResizeReflowOptions)|hg:hg.mozilla.org/mozilla-central:layout/base/PresShell.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|1856|0x15
13|6|libxul.so|nsViewManager::DoSetWindowDimensions(int, int)|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|182|0x20
13|7|libxul.so|nsViewManager::FlushDelayedResize(bool)|hg:hg.mozilla.org/mozilla-central:view/nsViewManager.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|230|0xd
13|8|libxul.so|mozilla::PresShell::DoFlushPendingNotifications(mozilla::ChangesToFlush)|hg:hg.mozilla.org/mozilla-central:layout/base/PresShell.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|4230|0x1e
13|9|libxul.so|mozilla::PresShell::FlushPendingNotifications(mozilla::ChangesToFlush)|hg:hg.mozilla.org/mozilla-central:layout/base/PresShell.h:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|1453|0x18
13|10|libxul.so|nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|1979|0x14
13|11|libxul.so|mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|349|0x33
13|12|libxul.so|mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|342|0x53
13|13|libxul.so|mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp)|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|709|0x41
13|14|libxul.so|mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run()|hg:hg.mozilla.org/mozilla-central:layout/base/nsRefreshDriver.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|509|0x3d
13|15|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|1176|0x16
13|16|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|486|0x11
13|17|libxul.so|mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|88|0xd
13|18|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|315|0x16
13|19|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|290|0xb
13|20|libxul.so|nsBaseAppShell::Run()|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|137|0xe
13|21|libxul.so|nsAppStartup::Run()|hg:hg.mozilla.org/mozilla-central:toolkit/components/startup/nsAppStartup.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|276|0x18
13|22|libxul.so|XREMain::XRE_mainRun()|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsAppRunner.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|4550|0x10
13|23|libxul.so|XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsAppRunner.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|4688|0x8
13|24|libxul.so|XRE_main(int, char**, mozilla::BootstrapConfig const&)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsAppRunner.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|4769|0xf
13|25|libxul.so|GeckoStart|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsAndroidStartup.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|47|0xd
13|26|libxul.so|mozilla::BootstrapImpl::GeckoStart(_JNIEnv*, char**, int, mozilla::StaticXREAppData const&)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/Bootstrap.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|77|0x11
13|27|libmozglue.so|Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun|hg:hg.mozilla.org/mozilla-central:mozglue/android/APKOpen.cpp:29c76bc4b5901f6fd331435e6db5ff47bcde04bb|372|0x2a
13|28|libart.so||||0x634318
Flags: in-testsuite?
Flags: needinfo?(hikezoe)

Hmm I can't reproduce the assertion locally on Android emulators. We bail out early somewhere?

Flags: needinfo?(hikezoe)
Priority: -- → P3

The call stack looks identical the one in bug 1548896.

Brad, this should be fixed bug 1548896, right?

Flags: needinfo?(bwerth)

Those callstacks do look identical to me. I can't explain how this bug is happening. The code changed by Bug 1548896 should resolve this. It seems clear that MobileViewportManager::UpdateVisualViewportSize is not allowed to return a negative size, since MobileViewportManager::GetCompositionSize now only returns non-negative sizes. Is it possible that this test was done with an earlier Android build that didn't have the code that landed in Bug 1548896?

Flags: needinfo?(bwerth)

Thank you, Ting-Yu and Brad.
Hey Tyson, which revision did you use in comment 0? Are you still able to reproduce the assertion on the latest m-c?

Flags: needinfo?(twsmith)

The report is from m-c 20190529-2bb77ed1fcc5. I can reproduce it consistently.

Flags: needinfo?(twsmith)

(In reply to Alexandru Michis [:malexandru] from comment #8)

Tyson, any updates regarding this?

Not sure what else to say here... did I miss something?

Flags: needinfo?(twsmith) → needinfo?(malexandru)

We should ask Brad instead.

Flags: needinfo?(malexandru) → needinfo?(bwerth)
Duplicate of this bug: 1566824
See Also: → 1568405

Note, I'm chasing this down a bit (gathering more info at least by adding earlier assertions) in bug 1566991 and bug 1568673.

The former bug (which landed yesterday) added an assertion that seems to be catching this problem a bit earlier (and it seems to have done so, e.g. in newly-filed intermittent bug 1568405). I suspect that any intermittent failures that would have been reported here will now instead appear on bug 1568405 (and soon perhaps on a new bug for the new assertion I'm adding in bug 1568673).

So: this bug here might go "quiet" in terms of treeherder failure reports, but it's likely that the problem will have just been caught earlier (via an assertion with different text).

Also: it's notable that we've hit this assertion on Android (comment 0 w/ the fuzzer testcase) and MacOS (the intermittent reports), the two platforms where we have overlay scrollbars. I suspect overlay scrollbars are involved in causing trouble here.

(In reply to Daniel Holbert [:dholbert] from comment #13)

Note, I'm chasing this down a bit (gathering more info at least by adding earlier assertions) in bug 1566991 and bug 1568673.

Okay, if zoom can become negative (is this ever useful?) then my patches in Bug 1548896 are not adequate to solve this. I'll see if I can understand the call stack in Bug 1568405 which is generating the negative zoom values. I propose that this should be closed as a duplicate of that bug.

Flags: needinfo?(bwerth)

Tyson, would you mind seeing if you can still reproduce this with your attached testcase?

(Based on comment 1 / comment 4, I'm guessing that I [like hiro] might not be able to repro, but you probably have the right environment to reproduce with your testcase.)

I'm guessing bug 1569475's patch may have fixed this. (Or rather, converted into an earlier nonfatal assert with sane fallback behavior.)

Flags: needinfo?(twsmith)

I am no longer able to reproduce this with m-c:
BuildID=20190806161505
SourceStamp=747f5a90f7d8a627d157b6b21861a8ec309d31b7

Flags: needinfo?(twsmith)

Great, thanks Tyson!

Calling this WORKSFORME since I wouldn't claim to be 100% sure what fixed it (though I'd bet it was bug 1569475).

Status: NEW → RESOLVED
Closed: 8 months ago
Resolution: --- → WORKSFORME

Note: recent failure-robot starrings are all from mozilla-release and mozilla-beta, which is consistent with this having been fixed on central as of comment 18.

(One exception: comment 20 has a starring for mozilla-central from after this was fixed -- but that seems to have been an incorrect association. I don't see any instance of this bug's assertion-failure in the verbose log there.)

You need to log in before you can comment on or make changes to this bug.