Bug 105932 - [Mac] http/tests/inspector/resource-har-pages.html asserts in updateLayerPositionsAfterScroll on Debug builds
Summary: [Mac] http/tests/inspector/resource-har-pages.html asserts in updateLayerPosi...
Status: RESOLVED DUPLICATE of bug 103432
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2013-01-02 11:06 PST by Ryosuke Niwa
Modified: 2013-01-29 16:02 PST (History)
5 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ryosuke Niwa 2013-01-02 11:06:10 PST
http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK1%20(Tests)/r138620%20(4245)/http/tests/inspector/resource-har-pages-crash-log.txt

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef

VM Regions Near 0xbbadbeef:
--> 
    __TEXT                 0000000109c49000-0000000109ce5000 [  624K] r-x/rwx SM=COW  /Volumes/VOLUME/*

Application Specific Information:
CRASHING TEST: /inspector/resource-har-pages.html

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x000000010c97f78c WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int) + 620 (RenderLayer.cpp:726)
1   com.apple.WebCore             	0x000000010c97f899 WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int) + 889 (RenderLayer.cpp:730)
2   com.apple.WebCore             	0x000000010c97f899 WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int) + 889 (RenderLayer.cpp:730)
3   com.apple.WebCore             	0x000000010c97f899 WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int) + 889 (RenderLayer.cpp:730)
4   com.apple.WebCore             	0x000000010c97fa05 WebCore::RenderLayer::updateLayerPositionsAfterOverflowScroll() + 165 (RenderLayer.cpp:689)
5   com.apple.WebCore             	0x000000010c985289 WebCore::RenderLayer::scrollTo(int, int) + 505 (RenderLayer.cpp:2017)
6   com.apple.WebCore             	0x000000010c987cae WebCore::RenderLayer::setScrollOffset(WebCore::IntPoint const&) + 62 (RenderLayer.cpp:2355)
7   com.apple.WebCore             	0x000000010cbd4a90 WebCore::ScrollableArea::scrollPositionChanged(WebCore::IntPoint const&) + 96 (ScrollableArea.cpp:156)
8   com.apple.WebCore             	0x000000010cbd4d81 WebCore::ScrollableArea::setScrollOffsetFromAnimation(WebCore::IntPoint const&) + 81 (ScrollableArea.cpp:200)
9   com.apple.WebCore             	0x000000010cbd72cb WebCore::ScrollAnimator::notifyPositionChanged() + 59 (ScrollAnimator.cpp:145)
10  com.apple.WebCore             	0x000000010cbdb639 WebCore::ScrollAnimatorMac::notifyPositionChanged() + 41 (ScrollAnimatorMac.mm:741)
11  com.apple.WebCore             	0x000000010cbdb182 WebCore::ScrollAnimatorMac::immediateScrollTo(WebCore::FloatPoint const&) + 210 (ScrollAnimatorMac.mm:720)
12  com.apple.WebCore             	0x000000010cbdb0a3 WebCore::ScrollAnimatorMac::scrollToOffsetWithoutAnimation(WebCore::FloatPoint const&) + 67 (ScrollAnimatorMac.mm:696)
13  com.apple.WebCore             	0x000000010cbd48dc WebCore::ScrollableArea::scrollToOffsetWithoutAnimation(WebCore::FloatPoint const&) + 60 (ScrollableArea.cpp:130)
14  com.apple.WebCore             	0x000000010c984b35 WebCore::RenderLayer::scrollToOffset(WebCore::IntSize const&, WebCore::RenderLayer::ScrollOffsetClamping) + 197 (RenderLayer.cpp:1979)
15  com.apple.WebCore             	0x000000010c8fd4dd WebCore::RenderLayer::scrollToYOffset(int, WebCore::RenderLayer::ScrollOffsetClamping) + 61 (RenderLayer.h:333)
16  com.apple.WebCore             	0x000000010c8e329b WebCore::RenderBox::setScrollTop(int) + 75 (RenderBox.cpp:435)
17  com.apple.WebCore             	0x000000010bbf08e3 WebCore::Element::setScrollTop(int) + 147 (Element.cpp:556)
18  com.apple.WebCore             	0x000000010c237b4d WebCore::setJSElementScrollTop(JSC::ExecState*, JSC::JSObject*, JSC::JSValue) + 93 (JSElement.cpp:1229)
19  com.apple.WebCore             	0x000000010c241699 bool JSC::lookupPut<WebCore::JSElement>(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSElement*, bool) + 249 (Lookup.h:373)
20  com.apple.WebCore             	0x000000010c2400b8 void JSC::lookupPut<WebCore::JSElement, WebCore::JSNode>(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSElement*, JSC::PutPropertySlot&) + 120 (Lookup.h:389)
21  com.apple.WebCore             	0x000000010c234937 WebCore::JSElement::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 279 (JSElement.cpp:1212)
22  com.apple.WebCore             	0x000000010c2bd89c void JSC::lookupPut<WebCore::JSHTMLElement, WebCore::JSElement>(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLElement*, JSC::PutPropertySlot&) + 172 (Lookup.h:391)
23  com.apple.WebCore             	0x000000010c2baab7 WebCore::JSHTMLElement::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 279 (JSHTMLElement.cpp:446)
24  com.apple.WebCore             	0x000000010c2b418c void JSC::lookupPut<WebCore::JSHTMLDivElement, WebCore::JSHTMLElement>(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLDivElement*, JSC::PutPropertySlot&) + 172 (Lookup.h:391)
25  com.apple.WebCore             	0x000000010c2b3217 WebCore::JSHTMLDivElement::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 279 (JSHTMLDivElement.cpp:144)
26  com.apple.JavaScriptCore      	0x000000010a04a319 JSC::JSValue::put(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 185 (JSObject.h:1523)
27  com.apple.JavaScriptCore      	0x000000010a2f29f0 llint_slow_path_put_by_id + 416 (LLIntSlowPaths.cpp:981)
28  com.apple.JavaScriptCore      	0x000000010a2fb977 llint_op_put_by_id + 155
29  com.apple.JavaScriptCore      	0x000000010a0fbb74 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::JSGlobalData*) + 84 (JITCode.h:134)
30  com.apple.JavaScriptCore      	0x000000010a0f8def JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1519 (Interpreter.cpp:1055)
31  com.apple.JavaScriptCore      	0x0000000109f74e32 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 306 (CallData.cpp:39)
32  com.apple.JavaScriptCore      	0x000000010a150407 JSC::boundFunctionCall(JSC::ExecState*) + 647 (JSBoundFunction.cpp:53)
33  com.apple.JavaScriptCore      	0x000000010a0f8e19 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1561 (Interpreter.cpp:1058)
34  com.apple.JavaScriptCore      	0x0000000109f74e32 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 306 (CallData.cpp:39)
35  com.apple.WebCore             	0x000000010c1186e2 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 146 (JSMainThreadExecState.h:56)
36  com.apple.WebCore             	0x000000010cb92baf WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext*) + 559 (ScheduledAction.cpp:112)
37  com.apple.WebCore             	0x000000010cb92773 WebCore::ScheduledAction::execute(WebCore::Document*) + 323 (ScheduledAction.cpp:134)
38  com.apple.WebCore             	0x000000010cb925b4 WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext*) + 116 (ScheduledAction.cpp:80)
39  com.apple.WebCore             	0x000000010bb8110a WebCore::DOMTimer::fired() + 538 (DOMTimer.cpp:139)
40  com.apple.WebCore             	0x000000010cf248e6 WebCore::ThreadTimers::sharedTimerFiredInternal() + 294 (ThreadTimers.cpp:119)
41  com.apple.WebCore             	0x000000010cf24679 WebCore::ThreadTimers::sharedTimerFired() + 25 (ThreadTimers.cpp:94)
42  com.apple.WebCore             	0x000000010cc53343 WebCore::timerFired(__CFRunLoopTimer*, void*) + 67 (SharedTimerMac.mm:167)
43  com.apple.CoreFoundation      	0x00007fff8a050da4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
44  com.apple.CoreFoundation      	0x00007fff8a0508bd __CFRunLoopDoTimer + 557
45  com.apple.CoreFoundation      	0x00007fff8a036099 __CFRunLoopRun + 1513
46  com.apple.CoreFoundation      	0x00007fff8a0356b2 CFRunLoopRunSpecific + 290
47  com.apple.Foundation          	0x00007fff8702389e -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 268
48  DumpRenderTree                	0x0000000109c60839 runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 5017 (DumpRenderTree.mm:1381)
49  DumpRenderTree                	0x0000000109c5f42a runTestingServerLoop() + 282 (DumpRenderTree.mm:846)
50  DumpRenderTree                	0x0000000109c5ecf7 dumpRenderTree(int, char const**) + 391 (DumpRenderTree.mm:893)
51  DumpRenderTree                	0x0000000109c61029 main + 105 (DumpRenderTree.mm:931)
52  libdyld.dylib                 	0x00007fff89ebe7e1 start + 1

Also see webkit.org/b/92279 and webkit.org/b/85615
Comment 2 Jessie Berlin 2013-01-29 12:04:02 PST
Nope, appears to happen on Lion WK1 as well:

http://build.webkit.org/results/Apple%20Lion%20Debug%20WK1%20(Tests)/r141128%20(6314)/http/tests/inspector/resource-har-pages-crash-log.txt

Process:         DumpRenderTree [15683]
Path:            /Volumes/VOLUME/*/DumpRenderTree
Identifier:      DumpRenderTree
Version:         ??? (???)
Code Type:       X86-64 (Native)
Parent Process:  Python [15682]

Date/Time:       2013-01-29 10:47:19.314 -0800
OS Version:      Mac OS X 10.7.5 (11G56)
Report Version:  9

Anonymous UUID:                      8D613337-F106-4023-88AB-11A474AF2011

Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef

VM Regions Near 0xbbadbeef:
--> 
    __TEXT                 0000000102e72000-0000000102f0f000 [  628K] r-x/rwx SM=COW  /Volumes/VOLUME/*

Application Specific Information:
CRASHING TEST: /inspector/resource-har-pages.html
objc[15683]: garbage collection is OFF

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x0000000105d6e68f WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int) + 623 (RenderLayer.cpp:765)
1   com.apple.WebCore             	0x0000000105d6e79c WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int) + 892 (RenderLayer.cpp:769)
2   com.apple.WebCore             	0x0000000105d6e79c WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int) + 892 (RenderLayer.cpp:769)
3   com.apple.WebCore             	0x0000000105d6e79c WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int) + 892 (RenderLayer.cpp:769)
4   com.apple.WebCore             	0x0000000105d6e905 WebCore::RenderLayer::updateLayerPositionsAfterOverflowScroll() + 165 (RenderLayer.cpp:728)
5   com.apple.WebCore             	0x0000000105d74079 WebCore::RenderLayer::scrollTo(int, int) + 505 (RenderLayer.cpp:2087)
6   com.apple.WebCore             	0x0000000105d76a9e WebCore::RenderLayer::setScrollOffset(WebCore::IntPoint const&) + 62 (RenderLayer.cpp:2429)
7   com.apple.WebCore             	0x0000000105fcee70 WebCore::ScrollableArea::scrollPositionChanged(WebCore::IntPoint const&) + 96 (ScrollableArea.cpp:156)
8   com.apple.WebCore             	0x0000000105fcf161 WebCore::ScrollableArea::setScrollOffsetFromAnimation(WebCore::IntPoint const&) + 81 (ScrollableArea.cpp:200)
9   com.apple.WebCore             	0x0000000105fd16ab WebCore::ScrollAnimator::notifyPositionChanged() + 59 (ScrollAnimator.cpp:145)
10  com.apple.WebCore             	0x0000000105fd5a19 WebCore::ScrollAnimatorMac::notifyPositionChanged() + 41 (ScrollAnimatorMac.mm:741)
11  com.apple.WebCore             	0x0000000105fd5562 WebCore::ScrollAnimatorMac::immediateScrollTo(WebCore::FloatPoint const&) + 210 (ScrollAnimatorMac.mm:720)
12  com.apple.WebCore             	0x0000000105fd5483 WebCore::ScrollAnimatorMac::scrollToOffsetWithoutAnimation(WebCore::FloatPoint const&) + 67 (ScrollAnimatorMac.mm:696)
13  com.apple.WebCore             	0x0000000105fcecbc WebCore::ScrollableArea::scrollToOffsetWithoutAnimation(WebCore::FloatPoint const&) + 60 (ScrollableArea.cpp:130)
14  com.apple.WebCore             	0x0000000105d73922 WebCore::RenderLayer::scrollToOffset(WebCore::IntSize const&, WebCore::RenderLayer::ScrollOffsetClamping) + 178 (RenderLayer.cpp:2049)
15  com.apple.WebCore             	0x0000000105ce554d WebCore::RenderLayer::scrollToYOffset(int, WebCore::RenderLayer::ScrollOffsetClamping) + 61 (RenderLayer.h:335)
16  com.apple.WebCore             	0x0000000105cca5db WebCore::RenderBox::setScrollTop(int) + 75 (RenderBox.cpp:475)
17  com.apple.WebCore             	0x0000000104ef2353 WebCore::Element::setScrollTop(int) + 147 (Element.cpp:596)
18  com.apple.WebCore             	0x00000001055f06fd WebCore::setJSElementScrollTop(JSC::ExecState*, JSC::JSObject*, JSC::JSValue) + 93
Comment 3 Jessie Berlin 2013-01-29 12:14:46 PST
<rdar://problem/12841615>
Comment 4 Simon Fraser (smfr) 2013-01-29 16:02:43 PST
See also bug 105096,

*** This bug has been marked as a duplicate of bug 103432 ***