This bug was filed from the Socorro interface and is report bp-721f016e-45ee-4644-9b58-9b25f0170708. ============================================================= Seen while looking at crash stats - several crashes on nightly: http://bit.ly/2tJGOej One user says he crashes when loading https://clips.twitch.tv/TiredSneakyHamburgerOMGScoots in full screen.

Some of reports include APZ thing, some of them include Element::ClientWidth(). Also I noticed there is no crash since 20170710, I am not sure because there are a few samples.

When I watching the site <https://clips.twitch.tv/TiredSneakyHamburgerOMGScoots> with mouse movements, I got an assertions; thread '<unnamed>' panicked at '<div> (0x7fff9c8fe0d0) has still dirty bit true or animation-only dirty bit false', /home/ikezoe/central/servo/ports/geckolib/glue.rs:2998 The stack is; #8 0x00007fffe7bd71f5 in geckoservo::glue::Servo_AssertTreeIsClean::assert_subtree_is_clean (el=...) at /home/ikezoe/central/servo/ports/geckolib/glue.rs:2998 #9 0x00007fffe7bd72d0 in geckoservo::glue::Servo_AssertTreeIsClean::assert_subtree_is_clean (el=...) at /home/ikezoe/central/servo/ports/geckolib/glue.rs:3003 #10 0x00007fffe7bd72d0 in geckoservo::glue::Servo_AssertTreeIsClean::assert_subtree_is_clean (el=...) at /home/ikezoe/central/servo/ports/geckolib/glue.rs:3003 #11 0x00007fffe7bd72d0 in geckoservo::glue::Servo_AssertTreeIsClean::assert_subtree_is_clean (el=...) at /home/ikezoe/central/servo/ports/geckolib/glue.rs:3003 #12 0x00007fffe7bd72d0 in geckoservo::glue::Servo_AssertTreeIsClean::assert_subtree_is_clean (el=...) at /home/ikezoe/central/servo/ports/geckolib/glue.rs:3003 #13 0x00007fffe7bd72d0 in geckoservo::glue::Servo_AssertTreeIsClean::assert_subtree_is_clean (el=...) at /home/ikezoe/central/servo/ports/geckolib/glue.rs:3003 #14 0x00007fffe7bd72d0 in geckoservo::glue::Servo_AssertTreeIsClean::assert_subtree_is_clean (el=...) at /home/ikezoe/central/servo/ports/geckolib/glue.rs:3003 #15 0x00007fffe7bd72d0 in geckoservo::glue::Servo_AssertTreeIsClean::assert_subtree_is_clean (el=...) at /home/ikezoe/central/servo/ports/geckolib/glue.rs:3003 #16 0x00007fffe7bd72d0 in geckoservo::glue::Servo_AssertTreeIsClean::assert_subtree_is_clean (el=...) at /home/ikezoe/central/servo/ports/geckolib/glue.rs:3003 #17 0x00007fffe7bd6d75 in geckoservo::glue::Servo_AssertTreeIsClean (root=0x7fffc06eacc0) at /home/ikezoe/central/servo/ports/geckolib/glue.rs:3008 #18 0x00007fffe3bd1bc5 in mozilla::ServoStyleSet::AssertTreeIsClean (this=0x7fffc06ead70) at /home/ikezoe/central/layout/style/ServoStyleSet.cpp:1024 #19 0x00007fffe3dbba72 in mozilla::ServoRestyleManager::DoProcessPendingRestyles (this=0x7fffd12cca60, aRestyleBehavior=mozilla::TraversalRestyleBehavior::Normal) at /home/ikezoe/central/layout/base/ServoRestyleManager.cpp:856 #20 0x00007fffe3dbbb45 in mozilla::ServoRestyleManager::ProcessPendingRestyles (this=0x7fffd12cca60) at /home/ikezoe/central/layout/base/ServoRestyleManager.cpp:875 #21 0x00007fffe3dc62b6 in mozilla::RestyleManager::ProcessPendingRestyles (this=0x7fffd12cca60) at /home/ikezoe/central/obj-firefox/dist/include/mozilla/RestyleManagerInlines.h:44 #22 0x00007fffe3d97fa8 in mozilla::PresShell::DoFlushPendingNotifications (this=0x7fffc12d9000, aFlush=...) at /home/ikezoe/central/layout/base/PresShell.cpp:4193 #23 0x00007fffe3d5a5a8 in nsIPresShell::FlushPendingNotifications (this=0x7fffc12d9000, aType=...) at /home/ikezoe/central/layout/base/nsIPresShell.h:587 #24 0x00007fffe3d9797c in mozilla::PresShell::DoFlushPendingNotifications (this=0x7fffc12d9000, aType=mozilla::FlushType::Layout) at /home/ikezoe/central/layout/base/PresShell.cpp:4069 #25 0x00007fffe15981cd in nsIPresShell::FlushPendingNotifications (this=0x7fffc12d9000, aType=mozilla::FlushType::Layout) at /home/ikezoe/central/obj-firefox/dist/include/nsIPresShell.h:578 #26 0x00007fffe18af2f1 in nsDocument::FlushPendingNotifications (this=0x7fffd20cc000, aType=mozilla::FlushType::Layout) at /home/ikezoe/central/dom/base/nsDocument.cpp:8089 #27 0x00007fffe1780620 in mozilla::dom::Element::GetPrimaryFrame (this=0x7fff9e47d000, aType=mozilla::FlushType::Layout) at /home/ikezoe/central/dom/base/Element.cpp:2262 #28 0x00007fffe177ac97 in mozilla::dom::Element::GetScrollFrame (this=0x7fff9e47d000, aStyledFrame=0x7fffffff7c90, aFlushType=mozilla::FlushType::Layout) at /home/ikezoe/central/dom/base/Element.cpp:681 #29 0x00007fffe177be1b in mozilla::dom::Element::GetClientAreaRect (this=0x7fff9e47d000) at /home/ikezoe/central/dom/base/Element.cpp:1012 #30 0x00007fffe24f9089 in mozilla::dom::Element::ClientWidth (this=0x7fff9e47d000) at /home/ikezoe/central/obj-firefox/dist/include/mozilla/dom/Element.h:1065 #31 0x00007fffe24d0ad3 in mozilla::dom::ElementBinding::get_clientWidth (cx=0x7fffd6a2e000, obj=..., self=0x7fff9e47d000, args=...) at /home/ikezoe/central/obj-firefox/dom/bindings/ElementBinding.cpp:2782 This is the ClientWidth() case, and as far as I can tell, it's not animation-only traversal, it's normal traversal.

I got another assertion with the same STR in comment 2. 52 MOZ_ASSERT((otherBits | ourBits) == otherBits, "otherBits should be a superset"); (gdb) bt #0 0x00007fffe3dbfd56 in mozilla::ServoStyleContext::ResolveSameStructsAs (this=0x7fff900fef80, aPresContext=0x7fffad7ba800, aOther=0x7fff9b750980) at /home/ikezoe/central/obj-firefox/dist/include/mozilla/ServoStyleContext.h:52 #1 0x00007fffe3dbabd4 in mozilla::ServoRestyleManager::ProcessPostTraversal (this=0x7fffadbcf060, aElement=0x7fff9daff1f0, aParentContext=0x7fff8e008ac0, aRestyleState=..., aRestyleBehavior=mozilla::TraversalRestyleBehavior::Normal) at /home/ikezoe/central/layout/base/ServoRestyleManager.cpp:545 #2 0x00007fffe3dbaf2d in mozilla::ServoRestyleManager::ProcessPostTraversal (this=0x7fffadbcf060, aElement=0x7fff9cc19780, aParentContext=0x7fffb65b8c00, aRestyleState=..., aRestyleBehavior=mozilla::TraversalRestyleBehavior::Normal) at /home/ikezoe/central/layout/base/ServoRestyleManager.cpp:616 #3 0x00007fffe3dbaf2d in mozilla::ServoRestyleManager::ProcessPostTraversal (this=0x7fffadbcf060, aElement=0x7fff9cd92f70, aParentContext=0x7fffb65b8bc0, aRestyleState=..., aRestyleBehavior=mozilla::TraversalRestyleBehavior::Normal) at /home/ikezoe/central/layout/base/ServoRestyleManager.cpp:616 #4 0x00007fffe3dbaf2d in mozilla::ServoRestyleManager::ProcessPostTraversal (this=0x7fffadbcf060, aElement=0x7fff9cd92ca0, aParentContext=0x7fff9eef8f40, aRestyleState=..., aRestyleBehavior=mozilla::TraversalRestyleBehavior::Normal) at /home/ikezoe/central/layout/base/ServoRestyleManager.cpp:616 #5 0x00007fffe3dbaf2d in mozilla::ServoRestyleManager::ProcessPostTraversal (this=0x7fffadbcf060, aElement=0x7fffa7df1c50, aParentContext=0x7fffb65b8200, aRestyleState=..., aRestyleBehavior=mozilla::TraversalRestyleBehavior::Normal) at /home/ikezoe/central/layout/base/ServoRestyleManager.cpp:616 #6 0x00007fffe3dbaf2d in mozilla::ServoRestyleManager::ProcessPostTraversal (this=0x7fffadbcf060, aElement=0x7fffa7df1b30, aParentContext=0x7fffb65b81c0, aRestyleState=..., aRestyleBehavior=mozilla::TraversalRestyleBehavior::Normal) at /home/ikezoe/central/layout/base/ServoRestyleManager.cpp:616 #7 0x00007fffe3dbaf2d in mozilla::ServoRestyleManager::ProcessPostTraversal (this=0x7fffadbcf060, aElement=0x7fffa7df1aa0, aParentContext=0x7fff9eef8b80, aRestyleState=..., aRestyleBehavior=mozilla::TraversalRestyleBehavior::Normal) at /home/ikezoe/central/layout/base/ServoRestyleManager.cpp:616 #8 0x00007fffe3dbaf2d in mozilla::ServoRestyleManager::ProcessPostTraversal (this=0x7fffadbcf060, aElement=0x7fffa7df1a10, aParentContext=0x7fffb65b8140, aRestyleState=..., aRestyleBehavior=mozilla::TraversalRestyleBehavior::Normal) at /home/ikezoe/central/layout/base/ServoRestyleManager.cpp:616 #9 0x00007fffe3dbaf2d in mozilla::ServoRestyleManager::ProcessPostTraversal (this=0x7fffadbcf060, aElement=0x7fffa7df18f0, aParentContext=0x7fff9eef8180, aRestyleState=..., aRestyleBehavior=mozilla::TraversalRestyleBehavior::Normal) at /home/ikezoe/central/layout/base/ServoRestyleManager.cpp:616 #10 0x00007fffe3dbaf2d in mozilla::ServoRestyleManager::ProcessPostTraversal (this=0x7fffadbcf060, aElement=0x7fffa7d50dc0, aParentContext=0x7fff9eef8080, aRestyleState=..., aRestyleBehavior=mozilla::TraversalRestyleBehavior::Normal) at /home/ikezoe/central/layout/base/ServoRestyleManager.cpp:616 #11 0x00007fffe3dbaf2d in mozilla::ServoRestyleManager::ProcessPostTraversal (this=0x7fffadbcf060, aElement=0x7fffad235190, aParentContext=0x0, aRestyleState=..., aRestyleBehavior=mozilla::TraversalRestyleBehavior::Normal) at /home/ikezoe/central/layout/base/ServoRestyleManager.cpp:616 #12 0x00007fffe3dbb797 in mozilla::ServoRestyleManager::DoProcessPendingRestyles (this=0x7fffadbcf060, aRestyleBehavior=mozilla::TraversalRestyleBehavior::Normal) at /home/ikezoe/central/layout/base/ServoRestyleManager.cpp:805 #13 0x00007fffe3dbbb45 in mozilla::ServoRestyleManager::ProcessPendingRestyles (this=0x7fffadbcf060) at /home/ikezoe/central/layout/base/ServoRestyleManager.cpp:875 #14 0x00007fffe3dc62a0 in mozilla::RestyleManager::ProcessPendingRestyles (this=0x7fffadbcf060) at /home/ikezoe/central/obj-firefox/dist/include/mozilla/RestyleManagerInlines.h:44 #15 0x00007fffe3d97fa8 in mozilla::PresShell::DoFlushPendingNotifications (this=0x7fffad229000, aFlush=...) at /home/ikezoe/central/layout/base/PresShell.cpp:4193 #16 0x00007fffe3d5a5a8 in nsIPresShell::FlushPendingNotifications (this=0x7fffad229000, aType=...) at /home/ikezoe/central/layout/base/nsIPresShell.h:587 #17 0x00007fffe3d9797c in mozilla::PresShell::DoFlushPendingNotifications (this=0x7fffad229000, aType=mozilla::FlushType::InterruptibleLayout) at /home/ikezoe/central/layout/base/PresShell.cpp:4069 #18 0x00007fffe15981cd in nsIPresShell::FlushPendingNotifications (this=0x7fffad229000, aType=mozilla::FlushType::InterruptibleLayout) at /home/ikezoe/central/obj-firefox/dist/include/nsIPresShell.h:578 #19 0x00007fffe29a3ebb in mozilla::EventStateManager::FlushPendingEvents (this=0x7fffad815fa0, aPresContext=0x7fffad7ba800) at /home/ikezoe/central/dom/events/EventStateManager.cpp:5106 #20 0x00007fffe2995b27 in mozilla::EventStateManager::PreHandleEvent (this=0x7fffad815fa0, aPresContext=0x7fffad7ba800, aEvent=0x7fffffffc160, aTargetFrame=0x7fff9cd42310, aTargetContent=0x7fff9daff510, aStatus=0x7fffffffbf7c) at /home/ikezoe/central/dom/events/EventStateManager.cpp:750 #21 0x00007fffe3da67e5 in mozilla::PresShell::HandleEventInternal (this=0x7fffad229000, aEvent=0x7fffffffc160, aStatus=0x7fffffffbf7c, aIsHandlingNativeEvent=true) at /home/ikezoe/central/layout/base/PresShell.cpp:8143 #22 0x00007fffe3da5d9d in mozilla::PresShell::HandlePositionedEvent (this=0x7fffad229000, aTargetFrame=0x7fff9cd42310, aEvent=0x7fffffffc160, aEventStatus=0x7fffffffbf7c) at /home/ikezoe/central/layout/base/PresShell.cpp:7940 #23 0x00007fffe3da4ff8 in mozilla::PresShell::HandleEvent (this=0x7fffc77f4000, aFrame=0x7fffc77f7118, aEvent=0x7fffffffc160, aDontRetargetEvents=false, aEventStatus=0x7fffffffbf7c, aTargetContent=0x0) at /home/ikezoe/central/layout/base/PresShell.cpp:7726 #24 0x00007fffe3934ac1 in nsViewManager::DispatchEvent (this=0x7fffc77ccb00, aEvent=0x7fffffffc160, aView=0x7fffc77e7000, aStatus=0x7fffffffbf7c) at /home/ikezoe/central/view/nsViewManager.cpp:804 This crash definitely is not related to animation-only restyle triggered by event handling since I did comment out DoProcessPendingRestyles in ServoRestyleManager::UpdateOnlyAnimationStyles(). So, I am convinced now that there are two kind of crashes triggered by event handling, one is bug 1371450 which is caused by animation-only restyle by event handling, the other is related to this assertion.

These assertions might be fixed by Emilio's refactor in bug 1379505. I can't reproduce the assertions with the debug build on a try in bud 1379505 comment 93.

No longer happened since 20170716100325. I guess two causes of this crashes, bug 1371450 and bug 1379505 fixed this?