Since this code was added in http://trac.webkit.org/changeset/107168 only a few weeks ago, it seems possible that the crashes started then (we have no good way of telling if this is the case given the state of crashes on the bots). static bool pageContainsAnyHorizontalScrollbars(Frame* mainFrame) { if (FrameView* frameView = mainFrame->view()) { if (hasEnabledHorizontalScrollbar(frameView)) return true; } for (Frame* frame = mainFrame; frame; frame = frame->tree()->traverseNext()) { FrameView* frameView = frame->view(); if (!frameView) continue; const HashSet<ScrollableArea*>* scrollableAreas = frameView->scrollableAreas(); if (!scrollableAreas) continue; for (HashSet<ScrollableArea*>::const_iterator it = scrollableAreas->begin(), end = scrollableAreas->end(); it != end; ++it) { ScrollableArea* scrollableArea = *it; ASSERT(scrollableArea->isOnActivePage()); if (hasEnabledHorizontalScrollbar(scrollableArea)) return true; } } return false; } http://build.webkit.org/results/Lion%20Intel%20Debug%20(WebKit2%20Tests)/r110747%20(4916)/fullscreen/full-screen-twice-crash-log.txt http://build.webkit.org/results/Lion%20Intel%20Debug%20(WebKit2%20Tests)/r110747%20(4916)/fullscreen/full-screen-cancel-crash-log.txt Process: WebProcess [60352] Path: /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Identifier: com.apple.WebProcess Version: 536+ (536.3+) Code Type: X86-64 (Native) Parent Process: ??? [1] Date/Time: 2012-03-14 14:45:50.793 -0700 OS Version: Mac OS X 10.7.2 (11C74) Report Version: 9 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef VM Regions Near 0xbbadbeef: --> __TEXT 0000000109948000-0000000109949000 [ 4K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Application Specific Information: objc[60352]: garbage collection is OFF Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebKit2 0x0000000109d46b84 _ZN6WebKitL35pageContainsAnyHorizontalScrollbarsEPN7WebCore5FrameE + 420 (WebPage.cpp:3071) 1 com.apple.WebKit2 0x0000000109d46953 WebKit::WebPage::recomputeShortCircuitHorizontalWheelEventsState() + 67 (WebPage.cpp:3087) 2 com.apple.WebKit2 0x0000000109ce748d WebKit::WebFrameLoaderClient::dispatchDidLayout() + 93 (WebFrameLoaderClient.cpp:588) 3 com.apple.WebCore 0x000000010bd4d3b7 WebCore::FrameView::performPostLayoutTasks() + 567 (FrameView.cpp:2292) 4 com.apple.WebCore 0x000000010bd4cd98 WebCore::FrameView::layout(bool) + 4392 (FrameView.cpp:1131) 5 com.apple.WebCore 0x000000010bd512f6 WebCore::FrameView::visibleContentsResized() + 86 (FrameView.cpp:1823) 6 com.apple.WebCore 0x000000010cb63158 WebCore::ScrollView::updateScrollbars(WebCore::IntSize const&) + 2344 (ScrollView.cpp:524) 7 com.apple.WebCore 0x000000010cb64add WebCore::ScrollView::setContentsSize(WebCore::IntSize const&) + 173 (ScrollView.cpp:305) 8 com.apple.WebCore 0x000000010bd4a7cc WebCore::FrameView::setContentsSize(WebCore::IntSize const&) + 124 (FrameView.cpp:501) 9 com.apple.WebCore 0x000000010bd4aa74 WebCore::FrameView::adjustViewSize() + 468 (FrameView.cpp:528) 10 com.apple.WebCore 0x000000010bd4ca77 WebCore::FrameView::layout(bool) + 3591 (FrameView.cpp:1085) 11 com.apple.WebCore 0x000000010ba50a76 WebCore::Document::updateLayout() + 278 (Document.cpp:1705) 12 com.apple.WebCore 0x000000010ba50ba5 WebCore::Document::updateLayoutIgnorePendingStylesheets() + 197 (Document.cpp:1738) 13 com.apple.WebCore 0x000000010bc45e87 WebCore::Element::offsetTop() + 39 (Element.cpp:343) 14 com.apple.WebCore 0x000000010c21f48f WebCore::jsElementOffsetTop(JSC::ExecState*, JSC::JSValue, JSC::Identifier const&) + 63 (JSElement.cpp:287) 15 com.apple.JavaScriptCore 0x000000010aa32811 JSC::PropertySlot::getValue(JSC::ExecState*, JSC::Identifier const&) const + 241 (PropertySlot.h:75) 16 com.apple.JavaScriptCore 0x000000010aa4713d JSC::JSValue::get(JSC::ExecState*, JSC::Identifier const&, JSC::PropertySlot&) const + 205 (JSObject.h:801) 17 com.apple.JavaScriptCore 0x000000010ae09424 llint_slow_path_get_by_id + 228 (LLIntSlowPaths.cpp:865) 18 com.apple.JavaScriptCore 0x000000010ae11fdd llint_op_get_by_id + 127 19 com.apple.JavaScriptCore 0x000000010abec4f9 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 121 (JITCode.h:127) 20 com.apple.JavaScriptCore 0x000000010abe8fb8 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1752 (Interpreter.cpp:1270) 21 com.apple.JavaScriptCore 0x000000010aaa3c5b JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 315 (CallData.cpp:39) 22 com.apple.WebCore 0x000000010c104f63 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 179 (JSMainThreadExecState.h:56) 23 com.apple.WebCore 0x000000010c246a2f WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1407 (JSEventListener.cpp:132) 24 com.apple.WebCore 0x000000010bc87ff9 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 393 (EventTarget.cpp:232) 25 com.apple.WebCore 0x000000010bc87e3b WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 331 (EventTarget.cpp:200) 26 com.apple.WebCore 0x000000010bbe1e67 WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 359 (DOMWindow.cpp:1652) 27 com.apple.WebCore 0x000000010bd1e56a WebCore::FrameLoader::stopLoading(WebCore::UnloadEventPolicy) + 1386 (FrameLoader.cpp:384) 28 com.apple.WebCore 0x000000010bd1ead5 WebCore::FrameLoader::closeURL() + 117 (FrameLoader.cpp:453) 29 com.apple.WebCore 0x000000010bd2a324 WebCore::FrameLoader::detachFromParent() + 52 (FrameLoader.cpp:2509) 30 com.apple.WebCore 0x000000010bd232f8 WebCore::FrameLoader::detachChildren() + 216 (FrameLoader.cpp:2435) 31 com.apple.WebCore 0x000000010bd26b1f WebCore::FrameLoader::setDocumentLoader(WebCore::DocumentLoader*) + 303 (FrameLoader.cpp:1675) 32 com.apple.WebCore 0x000000010bd27b70 WebCore::FrameLoader::transitionToCommitted(WTF::PassRefPtr<WebCore::CachedPage>) + 576 (FrameLoader.cpp:1865) 33 com.apple.WebCore 0x000000010bd271db WebCore::FrameLoader::commitProvisionalLoad() + 1083 (FrameLoader.cpp:1770) 34 com.apple.WebCore 0x000000010ba960cd WebCore::DocumentLoader::commitIfReady() + 77 (DocumentLoader.cpp:286) 35 com.apple.WebCore 0x000000010ba961a4 WebCore::DocumentLoader::commitLoad(char const*, int) + 84 (DocumentLoader.cpp:306) 36 com.apple.WebCore 0x000000010ba9645a WebCore::DocumentLoader::receivedData(char const*, int) + 90 (DocumentLoader.cpp:340) 37 com.apple.WebCore 0x000000010c6c64a7 WebCore::MainResourceLoader::addData(char const*, int, bool) + 87 (MainResourceLoader.cpp:171) 38 com.apple.WebCore 0x000000010cad4173 WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 275 (ResourceLoader.cpp:292) 39 com.apple.WebCore 0x000000010c6c7dce WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool) + 878 (MainResourceLoader.cpp:465) 40 com.apple.WebCore 0x000000010cad4b09 WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) + 153 (ResourceLoader.cpp:443) 41 com.apple.WebCore 0x000000010cad10f2 -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] + 306 (ResourceHandleMac.mm:846) 42 com.apple.Foundation 0x00007fff80faa459 ___NSURLConnectionDidReceiveData_block_invoke_1 + 144 43 com.apple.Foundation 0x00007fff80faa3c3 _NSURLConnectionDidReceiveData + 86 44 com.apple.CFNetwork 0x00007fff8a1cd5ec URLConnectionClient::_clientDidReceiveData(__CFArray const*, URLConnectionClient::ClientConnectionEventQueue*) + 348 45 com.apple.CFNetwork 0x00007fff8a27eceb URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 827 46 com.apple.CFNetwork 0x00007fff8a27eefa URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 1354 47 com.apple.CFNetwork 0x00007fff8a27eefa URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 1354 48 com.apple.CFNetwork 0x00007fff8a1a9dfd URLConnectionClient::processEvents() + 185 49 com.apple.CFNetwork 0x00007fff8a1a9ca2 MultiplexerSource::perform() + 212 50 com.apple.CoreFoundation 0x00007fff875e2b51 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 51 com.apple.CoreFoundation 0x00007fff875e23bd __CFRunLoopDoSources0 + 253 52 com.apple.CoreFoundation 0x00007fff876091a9 __CFRunLoopRun + 905 53 com.apple.CoreFoundation 0x00007fff87608ae6 CFRunLoopRunSpecific + 230 54 com.apple.HIToolbox 0x00007fff878c23d3 RunCurrentEventLoopInMode + 277 55 com.apple.HIToolbox 0x00007fff878c963d ReceiveNextEventCommon + 355 56 com.apple.HIToolbox 0x00007fff878c94ca BlockUntilNextEventMatchingListInMode + 62 57 com.apple.AppKit 0x00007fff8b2de3f1 _DPSNextEvent + 659 58 com.apple.AppKit 0x00007fff8b2ddcf5 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135 59 com.apple.AppKit 0x00007fff8b2da62d -[NSApplication run] + 470 60 com.apple.WebCore 0x000000010cafaafc WebCore::RunLoop::run() + 92 (RunLoopMac.mm:101) 61 com.apple.WebKit2 0x0000000109e12ee4 WebKit::WebProcessMain(WebKit::CommandLine const&) + 3556 (WebProcessMainMac.mm:176) 62 com.apple.WebKit2 0x0000000109d1e76f _ZL10WebKitMainRKN6WebKit11CommandLineE + 239 (WebKitMain.cpp:50) 63 com.apple.WebKit2 0x0000000109d1e652 WebKitMain + 178 (WebKitMain.cpp:74) 64 com.apple.WebProcess 0x0000000109948d82 main + 290 65 com.apple.WebProcess 0x0000000109948c54 start + 52