Bug 81162

Summary: REGRESSION(r107168?): Assertion failures under pageContainsAnyHorizontalScrollbars causing multiple "crashes" on the Lion Intel Debug WebKit2 testers
Product: WebKit Reporter: Jessie Berlin <jberlin>
Component: FramesAssignee: Anders Carlsson <andersca>
Status: RESOLVED FIXED    
Severity: Normal CC: andersca, ap, kling, thorton, tonikitoo, webkit-bug-importer
Priority: P2 Keywords: InRadar, LayoutTestFailure, MakingBotsRed, Regression
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
URL: http://build.webkit.org/results/Lion%20Intel%20Debug%20(WebKit2%20Tests)/r110747%20(4916)/fullscreen/full-screen-twice-crash-log.txt
Attachments:
Description Flags
Patch bdakin: review+

Description Jessie Berlin 2012-03-14 15:30:06 PDT 
Since this code was added in http://trac.webkit.org/changeset/107168 only a few weeks ago, it seems possible that the crashes started then (we have no good way of telling if this is the case given the state of crashes on the bots).

static bool pageContainsAnyHorizontalScrollbars(Frame* mainFrame)
{
    if (FrameView* frameView = mainFrame->view()) {
        if (hasEnabledHorizontalScrollbar(frameView))
            return true;
    }

    for (Frame* frame = mainFrame; frame; frame = frame->tree()->traverseNext()) {
        FrameView* frameView = frame->view();
        if (!frameView)
            continue;

        const HashSet<ScrollableArea*>* scrollableAreas = frameView->scrollableAreas();
        if (!scrollableAreas)
            continue;

        for (HashSet<ScrollableArea*>::const_iterator it = scrollableAreas->begin(), end = scrollableAreas->end(); it != end; ++it) {
            ScrollableArea* scrollableArea = *it;
            ASSERT(scrollableArea->isOnActivePage());

            if (hasEnabledHorizontalScrollbar(scrollableArea))
                return true;
        }
    }

    return false;
}

http://build.webkit.org/results/Lion%20Intel%20Debug%20(WebKit2%20Tests)/r110747%20(4916)/fullscreen/full-screen-twice-crash-log.txt
http://build.webkit.org/results/Lion%20Intel%20Debug%20(WebKit2%20Tests)/r110747%20(4916)/fullscreen/full-screen-cancel-crash-log.txt

Process:         WebProcess [60352]
Path:            /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess
Identifier:      com.apple.WebProcess
Version:         536+ (536.3+)
Code Type:       X86-64 (Native)
Parent Process:  ??? [1]

Date/Time:       2012-03-14 14:45:50.793 -0700
OS Version:      Mac OS X 10.7.2 (11C74)
Report Version:  9

Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef

VM Regions Near 0xbbadbeef:
--> 
    __TEXT                 0000000109948000-0000000109949000 [    4K] r-x/rwx SM=COW  /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess

Application Specific Information:
objc[60352]: garbage collection is OFF

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebKit2             	0x0000000109d46b84 _ZN6WebKitL35pageContainsAnyHorizontalScrollbarsEPN7WebCore5FrameE + 420 (WebPage.cpp:3071)
1   com.apple.WebKit2             	0x0000000109d46953 WebKit::WebPage::recomputeShortCircuitHorizontalWheelEventsState() + 67 (WebPage.cpp:3087)
2   com.apple.WebKit2             	0x0000000109ce748d WebKit::WebFrameLoaderClient::dispatchDidLayout() + 93 (WebFrameLoaderClient.cpp:588)
3   com.apple.WebCore             	0x000000010bd4d3b7 WebCore::FrameView::performPostLayoutTasks() + 567 (FrameView.cpp:2292)
4   com.apple.WebCore             	0x000000010bd4cd98 WebCore::FrameView::layout(bool) + 4392 (FrameView.cpp:1131)
5   com.apple.WebCore             	0x000000010bd512f6 WebCore::FrameView::visibleContentsResized() + 86 (FrameView.cpp:1823)
6   com.apple.WebCore             	0x000000010cb63158 WebCore::ScrollView::updateScrollbars(WebCore::IntSize const&) + 2344 (ScrollView.cpp:524)
7   com.apple.WebCore             	0x000000010cb64add WebCore::ScrollView::setContentsSize(WebCore::IntSize const&) + 173 (ScrollView.cpp:305)
8   com.apple.WebCore             	0x000000010bd4a7cc WebCore::FrameView::setContentsSize(WebCore::IntSize const&) + 124 (FrameView.cpp:501)
9   com.apple.WebCore             	0x000000010bd4aa74 WebCore::FrameView::adjustViewSize() + 468 (FrameView.cpp:528)
10  com.apple.WebCore             	0x000000010bd4ca77 WebCore::FrameView::layout(bool) + 3591 (FrameView.cpp:1085)
11  com.apple.WebCore             	0x000000010ba50a76 WebCore::Document::updateLayout() + 278 (Document.cpp:1705)
12  com.apple.WebCore             	0x000000010ba50ba5 WebCore::Document::updateLayoutIgnorePendingStylesheets() + 197 (Document.cpp:1738)
13  com.apple.WebCore             	0x000000010bc45e87 WebCore::Element::offsetTop() + 39 (Element.cpp:343)
14  com.apple.WebCore             	0x000000010c21f48f WebCore::jsElementOffsetTop(JSC::ExecState*, JSC::JSValue, JSC::Identifier const&) + 63 (JSElement.cpp:287)
15  com.apple.JavaScriptCore      	0x000000010aa32811 JSC::PropertySlot::getValue(JSC::ExecState*, JSC::Identifier const&) const + 241 (PropertySlot.h:75)
16  com.apple.JavaScriptCore      	0x000000010aa4713d JSC::JSValue::get(JSC::ExecState*, JSC::Identifier const&, JSC::PropertySlot&) const + 205 (JSObject.h:801)
17  com.apple.JavaScriptCore      	0x000000010ae09424 llint_slow_path_get_by_id + 228 (LLIntSlowPaths.cpp:865)
18  com.apple.JavaScriptCore      	0x000000010ae11fdd llint_op_get_by_id + 127
19  com.apple.JavaScriptCore      	0x000000010abec4f9 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 121 (JITCode.h:127)
20  com.apple.JavaScriptCore      	0x000000010abe8fb8 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1752 (Interpreter.cpp:1270)
21  com.apple.JavaScriptCore      	0x000000010aaa3c5b JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 315 (CallData.cpp:39)
22  com.apple.WebCore             	0x000000010c104f63 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 179 (JSMainThreadExecState.h:56)
23  com.apple.WebCore             	0x000000010c246a2f WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1407 (JSEventListener.cpp:132)
24  com.apple.WebCore             	0x000000010bc87ff9 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 393 (EventTarget.cpp:232)
25  com.apple.WebCore             	0x000000010bc87e3b WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 331 (EventTarget.cpp:200)
26  com.apple.WebCore             	0x000000010bbe1e67 WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 359 (DOMWindow.cpp:1652)
27  com.apple.WebCore             	0x000000010bd1e56a WebCore::FrameLoader::stopLoading(WebCore::UnloadEventPolicy) + 1386 (FrameLoader.cpp:384)
28  com.apple.WebCore             	0x000000010bd1ead5 WebCore::FrameLoader::closeURL() + 117 (FrameLoader.cpp:453)
29  com.apple.WebCore             	0x000000010bd2a324 WebCore::FrameLoader::detachFromParent() + 52 (FrameLoader.cpp:2509)
30  com.apple.WebCore             	0x000000010bd232f8 WebCore::FrameLoader::detachChildren() + 216 (FrameLoader.cpp:2435)
31  com.apple.WebCore             	0x000000010bd26b1f WebCore::FrameLoader::setDocumentLoader(WebCore::DocumentLoader*) + 303 (FrameLoader.cpp:1675)
32  com.apple.WebCore             	0x000000010bd27b70 WebCore::FrameLoader::transitionToCommitted(WTF::PassRefPtr<WebCore::CachedPage>) + 576 (FrameLoader.cpp:1865)
33  com.apple.WebCore             	0x000000010bd271db WebCore::FrameLoader::commitProvisionalLoad() + 1083 (FrameLoader.cpp:1770)
34  com.apple.WebCore             	0x000000010ba960cd WebCore::DocumentLoader::commitIfReady() + 77 (DocumentLoader.cpp:286)
35  com.apple.WebCore             	0x000000010ba961a4 WebCore::DocumentLoader::commitLoad(char const*, int) + 84 (DocumentLoader.cpp:306)
36  com.apple.WebCore             	0x000000010ba9645a WebCore::DocumentLoader::receivedData(char const*, int) + 90 (DocumentLoader.cpp:340)
37  com.apple.WebCore             	0x000000010c6c64a7 WebCore::MainResourceLoader::addData(char const*, int, bool) + 87 (MainResourceLoader.cpp:171)
38  com.apple.WebCore             	0x000000010cad4173 WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 275 (ResourceLoader.cpp:292)
39  com.apple.WebCore             	0x000000010c6c7dce WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool) + 878 (MainResourceLoader.cpp:465)
40  com.apple.WebCore             	0x000000010cad4b09 WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) + 153 (ResourceLoader.cpp:443)
41  com.apple.WebCore             	0x000000010cad10f2 -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] + 306 (ResourceHandleMac.mm:846)
42  com.apple.Foundation          	0x00007fff80faa459 ___NSURLConnectionDidReceiveData_block_invoke_1 + 144
43  com.apple.Foundation          	0x00007fff80faa3c3 _NSURLConnectionDidReceiveData + 86
44  com.apple.CFNetwork           	0x00007fff8a1cd5ec URLConnectionClient::_clientDidReceiveData(__CFArray const*, URLConnectionClient::ClientConnectionEventQueue*) + 348
45  com.apple.CFNetwork           	0x00007fff8a27eceb URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 827
46  com.apple.CFNetwork           	0x00007fff8a27eefa URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 1354
47  com.apple.CFNetwork           	0x00007fff8a27eefa URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 1354
48  com.apple.CFNetwork           	0x00007fff8a1a9dfd URLConnectionClient::processEvents() + 185
49  com.apple.CFNetwork           	0x00007fff8a1a9ca2 MultiplexerSource::perform() + 212
50  com.apple.CoreFoundation      	0x00007fff875e2b51 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
51  com.apple.CoreFoundation      	0x00007fff875e23bd __CFRunLoopDoSources0 + 253
52  com.apple.CoreFoundation      	0x00007fff876091a9 __CFRunLoopRun + 905
53  com.apple.CoreFoundation      	0x00007fff87608ae6 CFRunLoopRunSpecific + 230
54  com.apple.HIToolbox           	0x00007fff878c23d3 RunCurrentEventLoopInMode + 277
55  com.apple.HIToolbox           	0x00007fff878c963d ReceiveNextEventCommon + 355
56  com.apple.HIToolbox           	0x00007fff878c94ca BlockUntilNextEventMatchingListInMode + 62
57  com.apple.AppKit              	0x00007fff8b2de3f1 _DPSNextEvent + 659
58  com.apple.AppKit              	0x00007fff8b2ddcf5 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135
59  com.apple.AppKit              	0x00007fff8b2da62d -[NSApplication run] + 470
60  com.apple.WebCore             	0x000000010cafaafc WebCore::RunLoop::run() + 92 (RunLoopMac.mm:101)
61  com.apple.WebKit2             	0x0000000109e12ee4 WebKit::WebProcessMain(WebKit::CommandLine const&) + 3556 (WebProcessMainMac.mm:176)
62  com.apple.WebKit2             	0x0000000109d1e76f _ZL10WebKitMainRKN6WebKit11CommandLineE + 239 (WebKitMain.cpp:50)
63  com.apple.WebKit2             	0x0000000109d1e652 WebKitMain + 178 (WebKitMain.cpp:74)
64  com.apple.WebProcess          	0x0000000109948d82 main + 290
65  com.apple.WebProcess          	0x0000000109948c54 start + 52
Comment 1 Radar WebKit Bug Importer 2012-03-14 15:31:11 PDT 
<rdar://problem/11050423>
Comment 2 Anders Carlsson 2012-03-15 14:25:54 PDT 
Created attachment 132120 [details]
Patch
Comment 3 Anders Carlsson 2012-03-15 14:34:08 PDT 
Committed r110888: <http://trac.webkit.org/changeset/110888>