Created attachment 112176 [details] Crash log. r98218 Reproducibility: once Steps: 1. I opened an issue in JIRA 4.3 2. I scrolled to the bottom (as there were several comments) and clicked on "Comment" button to add a new comment. What happened: Assert failure and crash. ASSERTION FAILED: !m_visibleContentStatusDirty /Users/rex/WebKit/Source/WebCore/rendering/RenderLayer.cpp(428) : void WebCore::RenderLayer::updateLayerPositionsAfterScroll(bool) 1 0x10bdfafb4 WebCore::RenderLayer::updateLayerPositionsAfterScroll(bool) 2 0x10bdfb09a WebCore::RenderLayer::updateLayerPositionsAfterScroll(bool) 3 0x10bdfb09a WebCore::RenderLayer::updateLayerPositionsAfterScroll(bool) 4 0x10bdfb09a WebCore::RenderLayer::updateLayerPositionsAfterScroll(bool) 5 0x10bdfb09a WebCore::RenderLayer::updateLayerPositionsAfterScroll(bool) 6 0x10bdfb09a WebCore::RenderLayer::updateLayerPositionsAfterScroll(bool) 7 0x10bdfb09a WebCore::RenderLayer::updateLayerPositionsAfterScroll(bool) 8 0x10b3a33a3 WebCore::FrameView::repaintFixedElementsAfterScrolling() 9 0x10bfdd95e WebCore::ScrollView::scrollTo(WebCore::IntSize const&) 10 0x10b3a5634 WebCore::FrameView::scrollTo(WebCore::IntSize const&) 11 0x10bfdd865 WebCore::ScrollView::setScrollOffset(WebCore::IntPoint const&) 12 0x10bfdd89f non-virtual thunk to WebCore::ScrollView::setScrollOffset(WebCore::IntPoint const&) 13 0x10bfc7d83 WebCore::ScrollableArea::setScrollOffsetFromAnimation(WebCore::IntPoint const&) 14 0x10bfc96ef WebCore::ScrollAnimator::notifyPositionChanged() 15 0x10bfcda0d WebCore::ScrollAnimatorMac::notifyPositionChanged() 16 0x10bfcd4e8 WebCore::ScrollAnimatorMac::immediateScrollToPoint(WebCore::FloatPoint const&) 17 0x10bfcc826 WebCore::ScrollAnimatorMac::snapRubberBandTimerFired(WebCore::Timer<WebCore::ScrollAnimatorMac>*) 18 0x10bfd0aa3 WebCore::Timer<WebCore::ScrollAnimatorMac>::fired() 19 0x10c1ea807 WebCore::ThreadTimers::sharedTimerFiredInternal() 20 0x10c1ea5d9 WebCore::ThreadTimers::sharedTimerFired() 21 0x10c014223 _ZN7WebCoreL10timerFiredEP16__CFRunLoopTimerPv 22 0x108b57f84 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ 23 0x108b57ad6 __CFRunLoopDoTimer 24 0x108b38471 __CFRunLoopRun 25 0x108b37ae6 CFRunLoopRunSpecific 26 0x1147f83d3 RunCurrentEventLoopInMode 27 0x1147ff63d ReceiveNextEventCommon 28 0x1147ff4ca BlockUntilNextEventMatchingListInMode 29 0x11040e3f1 _DPSNextEvent 30 0x11040dcf5 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] 31 0x11040a62d -[NSApplication run] Expected result: No assert failure, no crash.
Is this assertion failure reproducible? There is relatively low value in bugs that track unreproducible assertion failures. Most of the time, they can not be acted on.
> I opened an issue in JIRA 4.3 What is JIRA 4.3? Got a URL?
https://jira.atlassian.com/
I can confirm that WebKitGtk+ is also affected by this bug. This is a stacktrace I've just got: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff3a1f108 in WebCore::RenderLayer::updateLayerPositionsAfterScroll (this=0x7fffe4051108, flags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:454 454 ASSERT(!m_visibleDescendantStatusDirty); (gdb) bt #0 0x00007ffff3a1f108 in WebCore::RenderLayer::updateLayerPositionsAfterScroll (this=0x7fffe4051108, flags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:454 #1 0x00007ffff37e0272 in WebCore::FrameView::repaintFixedElementsAfterScrolling (this=0x7fffe404b500) at ../../Source/WebCore/page/FrameView.cpp:1744 #2 0x00007ffff38eeafa in WebCore::ScrollView::scrollTo (this=0x7fffe404b500, newOffset=...) at ../../Source/WebCore/platform/ScrollView.cpp:362 #3 0x00007ffff37e30ad in WebCore::FrameView::scrollTo (this=0x7fffe404b500, newOffset=...) at ../../Source/WebCore/page/FrameView.cpp:2489 #4 0x00007ffff38eea66 in WebCore::ScrollView::setScrollOffset (this=0x7fffe404b500, offset=...) at ../../Source/WebCore/platform/ScrollView.cpp:349 #5 0x00007ffff38e8991 in WebCore::ScrollableArea::setScrollOffsetFromAnimation (this=0x7fffe404b550, offset=...) at ../../Source/WebCore/platform/ScrollableArea.cpp:177 #6 0x00007ffff38e81a5 in WebCore::ScrollAnimator::notifyPositionChanged (this=0x1165260) at ../../Source/WebCore/platform/ScrollAnimator.cpp:141 #7 0x00007ffff38e7c11 in WebCore::ScrollAnimator::scrollToOffsetWithoutAnimation (this=0x1165260, offset=...) at ../../Source/WebCore/platform/ScrollAnimator.cpp:82 #8 0x00007ffff38e87dc in WebCore::ScrollableArea::scrollToOffsetWithoutAnimation (this=0x7fffe404b550, offset=...) at ../../Source/WebCore/platform/ScrollableArea.cpp:130 #9 0x00007ffff38e88ea in WebCore::ScrollableArea::scrollToYOffsetWithoutAnimation (this=0x7fffe404b550, y=0) at ../../Source/WebCore/platform/ScrollableArea.cpp:148 #10 0x00007ffff38e881c in WebCore::ScrollableArea::scrollToOffsetWithoutAnimation (this=0x7fffe404b550, orientation=WebCore::VerticalScrollbar, offset=0) at ../../Source/WebCore/platform/ScrollableArea.cpp:138 #11 0x00007ffff3012ab8 in WebKit::GtkAdjustmentWatcher::adjustmentValueChanged (this=0xf20e20, adjustment=0x7fff9c07ad40) at ../../Source/WebKit/gtk/WebCoreSupport/GtkAdjustmentWatcher.cpp:131 #12 0x00007ffff30128ca in WebKit::adjustmentValueChangedCallback (adjustment=0x7fff9c07ad40, watcher=0xf20e20) at ../../Source/WebKit/gtk/WebCoreSupport/GtkAdjustmentWatcher.cpp:95 #13 0x00007ffff0992e84 in g_cclosure_marshal_VOID__VOID (closure=0xf86230, return_value=0x0, n_param_values=1, param_values=0x1f1e360, invocation_hint=0x7fffffffb710, marshal_data=0x0) at gmarshal.c:85 #14 0x00007ffff099108a in g_closure_invoke (closure=0xf86230, return_value=0x0, n_param_values=1, param_values=0x1f1e360, invocation_hint=0x7fffffffb710) at gclosure.c:774 #15 0x00007ffff09aad71 in signal_emit_unlocked_R (node=0x903d20, detail=0, instance=0x7fff9c07ad40, emission_return=0x0, instance_and_params=0x1f1e360) at gsignal.c:3302 #16 0x00007ffff09a9f82 in g_signal_emit_valist (instance=0x7fff9c07ad40, signal_id=288, detail=0, var_args=0x7fffffffb998) at gsignal.c:3033 #17 0x00007ffff09aa4da in g_signal_emit (instance=0x7fff9c07ad40, signal_id=288, detail=0) at gsignal.c:3090 #18 0x00007ffff193457d in gtk_adjustment_value_changed (adjustment=0x7fff9c07ad40) at gtkadjustment.c:764 #19 0x00007ffff1934427 in gtk_adjustment_configure (adjustment=0x7fff9c07ad40, value=0, lower=0, upper=0, step_increment=0, page_increment=0, page_size=0) at gtkadjustment.c:732 #20 0x00007ffff3012691 in WebKit::updateAdjustmentFromScrollbar (adjustment=0x7fff9c07ad40, scrollbar=0x0) at ../../Source/WebKit/gtk/WebCoreSupport/GtkAdjustmentWatcher.cpp:52 #21 0x00007ffff3012b0c in WebKit::GtkAdjustmentWatcher::disableAllScrollbars (this=0xf20e20) at ../../Source/WebKit/gtk/WebCoreSupport/GtkAdjustmentWatcher.cpp:139 #22 0x00007ffff2ff0fe0 in WebKit::ChromeClient::enterFullScreenForElement (this=0xf20e10, element=0x7fffe4d625c0) at ../../Source/WebKit/gtk/WebCoreSupport/ChromeClientGtk.cpp:907 #23 0x00007ffff33775ad in WebCore::Document::requestFullScreenForElement (this=0x7fffe404be60, element=0x7fffe4d625c0, flags=0, checkType=WebCore::Document::EnforceIFrameAllowFulScreenRequirement) at ../../Source/WebCore/dom/Document.cpp:5054 #24 0x00007ffff33badaa in WebCore::Element::webkitRequestFullScreen (this=0x7fffe4d625c0, flags=0) at ../../Source/WebCore/dom/Element.cpp:1914 #25 0x00007ffff3e94de7 in WebCore::jsElementPrototypeFunctionWebkitRequestFullScreen (exec=0x7fffa1a1d310) at DerivedSources/WebCore/JSElement.cpp:2086
(In reply to comment #2) > > I opened an issue in JIRA 4.3 > What is JIRA 4.3? Got a URL? I have a test case that asserts 100%: 1) Go to http://blog.jilion.com/2011/07/27/world-s-first-true-html5-fullscreen-video 2) Scroll down and click on the video to play it 3) Once the playback starts click on the fullscreen button (the rightmost bottom button of the player) 4) Browser ASSERTS
(In reply to comment #5) > (In reply to comment #2) > > > I opened an issue in JIRA 4.3 > > What is JIRA 4.3? Got a URL? > > I have a test case that asserts 100%: > > 1) Go to http://blog.jilion.com/2011/07/27/world-s-first-true-html5-fullscreen-video > 2) Scroll down and click on the video to play it > 3) Once the playback starts click on the fullscreen button (the rightmost bottom button of the player) > 4) Browser ASSERTS Interesting, I am not getting this ASSERT but another one on ToT Mac WebKit: Reason: KERN_INVALID_ADDRESS at address: 0x00000000bbadbeef 0x0000000102e47d77 in WebCore::RenderBlock::addChildIgnoringAnonymousColumnBlocks (this=0x12461aaf8, newChild=0x125dd4e68, beforeChild=0x124626ae8) at /Users/jchaffraix/Sources/WebKit/Source/WebCore/rendering/RenderBlock.cpp:716 716 ASSERT(beforeChildAnonymousContainer->isTable()); I will file a bug about it.
(In reply to comment #6) > (In reply to comment #5) > > (In reply to comment #2) > > > > I opened an issue in JIRA 4.3 > > > What is JIRA 4.3? Got a URL? > > > > I have a test case that asserts 100%: > > > > 1) Go to http://blog.jilion.com/2011/07/27/world-s-first-true-html5-fullscreen-video > > 2) Scroll down and click on the video to play it > > 3) Once the playback starts click on the fullscreen button (the rightmost bottom button of the player) > > 4) Browser ASSERTS > > Interesting, I am not getting this ASSERT but another one on ToT Mac WebKit: > > Reason: KERN_INVALID_ADDRESS at address: 0x00000000bbadbeef > 0x0000000102e47d77 in WebCore::RenderBlock::addChildIgnoringAnonymousColumnBlocks (this=0x12461aaf8, newChild=0x125dd4e68, beforeChild=0x124626ae8) at /Users/jchaffraix/Sources/WebKit/Source/WebCore/rendering/RenderBlock.cpp:716 > 716 ASSERT(beforeChildAnonymousContainer->isTable()); > > I will file a bug about it. Heh, indeed interesting. Actually I get this bug assert in many different situations, for example scrolling through feeds in Google Reader