This bug was filed from the Socorro interface and is report bp-95527a29-1bb1-4d76-8601-8834a0180517. ============================================================= Top 10 frames of crashing thread: 0 xul.dll mozilla::Maybe<mozilla::layers::ScrollDirection>::operator* mfbt/Maybe.h:589 1 xul.dll mozilla::layers::AsyncPanZoomController::ConvertScrollbarPoint gfx/layers/apz/src/AsyncPanZoomController.cpp:1754 2 xul.dll mozilla::layers::APZCTreeManager::SetupScrollbarDrag gfx/layers/apz/src/APZCTreeManager.cpp:1816 3 xul.dll mozilla::layers::APZCTreeManager::ReceiveInputEvent gfx/layers/apz/src/APZCTreeManager.cpp:1228 4 xul.dll mozilla::layers::APZInputBridgeParent::RecvReceiveMouseInputEvent gfx/layers/ipc/APZInputBridgeParent.cpp:58 5 xul.dll mozilla::layers::PAPZInputBridgeParent::OnMessageReceived ipc/ipdl/PAPZInputBridgeParent.cpp:237 6 xul.dll mozilla::gfx::PGPUParent::OnMessageReceived ipc/ipdl/PGPUParent.cpp:1196 7 xul.dll mozilla::ipc::MessageChannel::DispatchSyncMessage ipc/glue/MessageChannel.cpp:2104 8 xul.dll mozilla::ipc::MessageChannel::DispatchMessageW ipc/glue/MessageChannel.cpp:2062 9 xul.dll mozilla::ipc::MessageChannel::RunMessage ipc/glue/MessageChannel.cpp:1912 ============================================================= There are 8 crashes (from 8 installations) in nightly 62 with buildid 20180516220130. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1410186. [1] https://hg.mozilla.org/mozilla-central/rev?node=c82274a23aea

Yay, we're finding real bugs with this assertion!

While this crash doesn't affect <= 61, the underlying bug (the misuse of an empty Maybe) affects 59-61. The code was added in Firefox 59 by ScrollDirection bug 1420516.

(In reply to Chris Peterson [:cpeterson] from comment #2) > While this crash doesn't affect <= 61, the underlying bug (the misuse of an > empty Maybe) affects 59-61. The code was added in Firefox 59 by > ScrollDirection bug 1420516. Previously to that change, we would silently treat a "none" value as "vertical" in that code, which was still wrong, just with different effects (possibly no noticeable effects, depending on how/when the "none" value arises).

Same STR, got this crash, which doesn't link to this bug from its "bugzilla" tab => https://crash-stats.mozilla.com/report/index/303d0aa1-4833-4a71-a665-d64bf0180530

(In reply to Julien Wajsberg [:julienw] from comment #4) > Same STR, got this crash, which doesn't link to this bug from its "bugzilla" > tab => > https://crash-stats.mozilla.com/report/index/303d0aa1-4833-4a71-a665- > d64bf0180530 In the bugzilla tab of this crash report I see both this bug and bug 1457590. At any rate, this should be fixed in the May 31 nightly onwards. I'll check the crash-stats data in a few days to verify; parking with me for now. Also to ward off some possible confusion: the [@ mozilla::Maybe<T>::operator* ] signature is more generic than this bug. There are other causes for that signature as well (e.g. https://crash-stats.mozilla.com/report/index/8cdf6dc0-2c48-4bed-90d2-9d1f80180531) so I don't expect that signature to disappear entirely. But it should drop dramatically.

Bug 1457590 fixed many instances of this crash, but there's a few more. The patch on bug 1463184 should take care of them. I'll leave this open for a few more days to remind myself to recheck crash-stats.

Looks good now, last crash was on buildid 20180604100129.