[Webkit-unassigned] [Bug 228983] New: ASSERT(!m_visibleContentStatusDirty) in RenderLayer::clearRepaintRects()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 10 21:19:58 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=228983
Bug ID: 228983
Summary: ASSERT(!m_visibleContentStatusDirty) in
RenderLayer::clearRepaintRects()
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Layout and Rendering
Assignee: webkit-unassigned at lists.webkit.org
Reporter: jean-yves.avenard at apple.com
CC: bfulgham at webkit.org, simon.fraser at apple.com,
zalan at apple.com
STR:
- Start debug build of MiniBrowser
- Open YouTube
- Scroll down and click on a video
Happens all the time.
warning: could not execute support code to read Objective-C class data in the process. This may reduce the quality of type information available.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef)
frame #0: 0x000000078ab7558e JavaScriptCore`::WTFCrash() at Assertions.cpp:321:35
frame #1: 0x000000079beae9ab WebCore`WTFCrashWithInfo((null)=1100, (null)="./rendering/RenderLayer.cpp", (null)="void WebCore::RenderLayer::clearRepaintRects()", (null)=2262) at Assertions.h:703:5
* frame #2: 0x00000007a0392d72 WebCore`WebCore::RenderLayer::clearRepaintRects(this=0x00007f98fc45ec60) at RenderLayer.cpp:1100:5
frame #3: 0x00000007a0394043 WebCore`WebCore::RenderLayer::updateSelfPaintingLayer(this=0x00007f98fc45ec60) at RenderLayer.cpp:5154:9
frame #4: 0x00000007a03ac86a WebCore`WebCore::RenderLayer::styleChanged(this=0x00007f98fc45ec60, diff=Repaint, oldStyle=0x00007ff7b40861f0) at RenderLayer.cpp:5328:5
frame #5: 0x00000007a03842fb WebCore`WebCore::RenderLayerModelObject::styleDidChange(this=0x00007f98fc45eb40, diff=Repaint, oldStyle=0x00007ff7b40861f0) at RenderLayerModelObject.cpp:143:18
frame #6: 0x00000007a02afcde WebCore`WebCore::RenderBox::styleDidChange(this=0x00007f98fc45eb40, diff=Repaint, oldStyle=0x00007ff7b40861f0) at RenderBox.cpp:299:27
frame #7: 0x00000007a0234bd5 WebCore`WebCore::RenderBlock::styleDidChange(this=0x00007f98fc45eb40, diff=Repaint, oldStyle=0x00007ff7b40861f0) at RenderBlock.cpp:436:16
frame #8: 0x00000007a02a489d WebCore`WebCore::RenderBlockFlow::styleDidChange(this=0x00007f98fc45eb40, diff=Repaint, oldStyle=0x00007ff7b40861f0) at RenderBlockFlow.cpp:2103:18
frame #9: 0x00000007a0318976 WebCore`WebCore::RenderElement::setStyle(this=0x00007f98fc45eb40, style=0x00007f98dbf99260, minimalStyleDifference=Equal) at RenderElement.cpp:534:5
frame #10: 0x00000007a0667f20 WebCore`WebCore::RenderTreeUpdater::updateRendererStyle(this=0x00007ff7b4088df8, renderer=0x00007f98fc45eb40, newStyle=0x00007f98dbf99260, minimalStyleDifference=Equal) at RenderTreeUpdater.cpp:299:14
frame #11: 0x00000007a066746d WebCore`WebCore::RenderTreeUpdater::updateElementRenderer(this=0x00007ff7b4088df8, element=0x00007f990dc291e0, updates=0x00007f999027b1e0) at RenderTreeUpdater.cpp:366:5
frame #12: 0x00000007a0666881 WebCore`WebCore::RenderTreeUpdater::updateRenderTree(this=0x00007ff7b4088df8, root=0x00007f990dc273b0) at RenderTreeUpdater.cpp:194:13
frame #13: 0x00000007a0666125 WebCore`WebCore::RenderTreeUpdater::commit(this=0x00007ff7b4088df8, styleUpdate=nullptr) at RenderTreeUpdater.cpp:126:9
frame #14: 0x000000079ebde28b WebCore`WebCore::Document::updateRenderTree(this=0x00007f99ee009000, styleUpdate=nullptr) at Document.cpp:1996:21
frame #15: 0x000000079ebde875 WebCore`WebCore::Document::resolveStyle(this=0x00007f99ee009000, type=Normal) at Document.cpp:2086:13
frame #16: 0x000000079ebdf50d WebCore`WebCore::Document::updateStyleIfNeeded(this=0x00007f99ee009000) at Document.cpp:2178:5
frame #17: 0x000000079ebdfdda WebCore`WebCore::Document::updateLayoutIfDimensionsOutOfDate(this=0x00007f99ee009000, element=0x00007f9a1ce4b5f0, dimensionsCheck=WidthDimensionsCheck) at Document.cpp:2277:5
frame #18: 0x000000079ecb5a8a WebCore`WebCore::Element::clientWidth(this=0x00007f9a1ce4b5f0) at Element.cpp:1265:16
frame #19: 0x000000079c9648fc WebCore`WebCore::jsElement_clientWidthGetter(lexicalGlobalObject=0x00007f99ee00a868, thisObject=0x00007f9a2c351c98) at JSElement.cpp:2817:5
frame #20: 0x000000079c7fa8cc WebCore`long long WebCore::IDLAttribute<WebCore::JSElement>::get<&(lexicalGlobalObject=0x00007f99ee00a868, thisValue=140300143369368, attributeName=PropertyName @ 0x00007ff7b40897d0)), (WebCore::CastedThisErrorBehavior)3>(JSC::JSGlobalObject&, long long, JSC::PropertyName) at JSDOMAttribute.h:88:13
frame #21: 0x000000079c7fa77d WebCore`WebCore::jsElement_clientWidth(lexicalGlobalObject=0x00007f99ee00a868, thisValue=140300143369368, attributeName=PropertyName @ 0x00007ff7b4089808) at JSElement.cpp:2822:12
frame #22: 0x000000078c763f48 JavaScriptCore`JSC::PropertySlot::customGetter(this=0x00007ff7b4089b38, vm=0x00007f99f0008000, propertyName=PropertyName @ 0x00007ff7b4089920) const at PropertySlot.cpp:47:28
frame #23: 0x000000078c3a3386 JavaScriptCore`JSC::PropertySlot::getValue(this=0x00007ff7b4089b38, globalObject=0x00007f99ee00a868, propertyName=PropertyName @ 0x00007ff7b4089960) const at PropertySlot.h:408:12
frame #24: 0x000000078c3a30dd JavaScriptCore`JSC::JSValue::get(this=0x00007ff7b4089c18, globalObject=0x00007f99ee00a868, propertyName=PropertyName @ 0x00007ff7b4089a40, slot=0x00007ff7b4089b38) const at JSCJSValueInlines.h:950:5
frame #25: 0x000000078c1b5835 JavaScriptCore`JSC::LLInt::performLLIntGetByID(pc=0x00007f9a1cdf4ac2, codeBlock=0x00007f9a2d197d40, globalObject=0x00007f99ee00a868, baseValue=JSValue @ 0x00007ff7b4089c18, ident=0x00007f9a1cd8e920, metadata=0x00007f9a1cdf4910) at LLIntSlowPaths.cpp:770:32
frame #26: 0x000000078c1b55d1 JavaScriptCore`::llint_slow_path_get_by_id(callFrame=0x00007ff7b4089e50, pc=0x00007f9a1cdf4ac2) at LLIntSlowPaths.cpp:844:22
frame #27: 0x000000078b17c6a4 JavaScriptCore`llint_entry at LowLevelInterpreter64.asm:97
frame #28: 0x000000078b194094 JavaScriptCore`llint_entry at LowLevelInterpreter.asm:1097
frame #29: 0x000000078b194094 JavaScriptCore`llint_entry at LowLevelInterpreter.asm:1097
frame #30: 0x000000078b194094 JavaScriptCore`llint_entry at LowLevelInterpreter.asm:1097
frame #31: 0x0000493e485bf659
frame #32: 0x0000493e4779e204
frame #33: 0x0000493e4795777a
frame #34: 0x0000493e47556fcd
frame #35: 0x000000078b1718f0 JavaScriptCore`vmEntryToJavaScript at LowLevelInterpreter64.asm:316
frame #36: 0x000000078c035ea5 JavaScriptCore`JSC::JITCode::execute(this=0x00007f9a2c290240, vm=0x00007f99f0008000, protoCallFrame=0x00007ff7b408a7a0) at JITCodeInlines.h:42:38
frame #37: 0x000000078c0365eb JavaScriptCore`JSC::Interpreter::executeCall(this=0x00007f9a2c208870, lexicalGlobalObject=0x00007f99ee00a868, function=0x00007f995ee60a20, callData=0x00007ff7b408a9d8, thisValue=JSValue @ 0x00007ff7b408a8e0, args=0x00007ff7b408a9b8) at Interpreter.cpp:903:27
frame #38: 0x000000078c3ee17a JavaScriptCore`JSC::call(globalObject=0x00007f99ee00a868, functionObject=JSValue @ 0x00007ff7b408a950, callData=0x00007ff7b408a9d8, thisValue=JSValue @ 0x00007ff7b408a948, args=0x00007ff7b408a9b8) at CallData.cpp:57:28
frame #39: 0x000000078c4b57e6 JavaScriptCore`JSC::GetterSetter::callSetter(this=0x00007f997c03b980, globalObject=0x00007f99ee00a868, thisValue=JSValue @ 0x00007ff7b408aaf0, value=JSValue @ 0x00007ff7b408aae8, shouldThrow=true) at GetterSetter.cpp:79:5
frame #40: 0x000000078c63e33b JavaScriptCore`JSC::JSObject::putInlineSlow(this=0x00007f98dcba4b70, globalObject=0x00007f99ee00a868, propertyName=PropertyName @ 0x00007ff7b408ad70, value=JSValue @ 0x00007ff7b408ad68, slot=0x00007ff7b408b108) at JSObject.cpp:810:17
frame #41: 0x000000078bcc2bdc JavaScriptCore`JSC::JSObject::putInlineForJSObject(cell=0x00007f98dcba4b70, globalObject=0x00007f99ee00a868, propertyName=PropertyName @ 0x00007ff7b408ae80, value=JSValue @ 0x00007ff7b408ae78, slot=0x00007ff7b408b108) at JSObjectInlines.h:272:28
frame #42: 0x000000078bcc28c4 JavaScriptCore`JSC::JSCell::putInline(this=0x00007f98dcba4b70, globalObject=0x00007f99ee00a868, propertyName=PropertyName @ 0x00007ff7b408aef0, value=JSValue @ 0x00007ff7b408aee8, slot=0x00007ff7b408b108) at JSCellInlines.h:447:16
frame #43: 0x000000078bcc3580 JavaScriptCore`JSC::JSValue::putInline(this=0x00007ff7b408b130, globalObject=0x00007f99ee00a868, propertyName=PropertyName @ 0x00007ff7b408af60, value=JSValue @ 0x00007ff7b408af58, slot=0x00007ff7b408b108) at JSCJSValueInlines.h:1072:22
frame #44: 0x000000078c1b6e20 JavaScriptCore`::llint_slow_path_put_by_id(callFrame=0x00007ff7b408b320, pc=0x00007f9a1cd8d150) at LLIntSlowPaths.cpp:918:19
frame #45: 0x000000078b17d3ac JavaScriptCore`llint_entry at LowLevelInterpreter64.asm:97
frame #46: 0x000000078b194094 JavaScriptCore`llint_entry at LowLevelInterpreter.asm:1097
frame #47: 0x000000078b194094 JavaScriptCore`llint_entry at LowLevelInterpreter.asm:1097
frame #48: 0x000000078b1718f0 JavaScriptCore`vmEntryToJavaScript at LowLevelInterpreter64.asm:316
frame #49: 0x000000078c035ea5 JavaScriptCore`JSC::JITCode::execute(this=0x00007f9a0bf58300, vm=0x00007f99f0008000, protoCallFrame=0x00007ff7b408b650) at JITCodeInlines.h:42:38
frame #50: 0x000000078c0365eb JavaScriptCore`JSC::Interpreter::executeCall(this=0x00007f9a2c208870, lexicalGlobalObject=0x00007f99ee00a868, function=0x00007f99def91080, callData=0x00007ff7b408b870, thisValue=JSValue @ 0x00007ff7b408b790, args=0x00007ff7b408b848) at Interpreter.cpp:903:27
frame #51: 0x000000078c3ee17a JavaScriptCore`JSC::call(globalObject=0x00007f99ee00a868, functionObject=JSValue @ 0x00007ff7b408b800, callData=0x00007ff7b408b870, thisValue=JSValue @ 0x00007ff7b408b7f8, args=0x00007ff7b408b848) at CallData.cpp:57:28
frame #52: 0x000000078c563581 JavaScriptCore`JSC::boundThisNoArgsFunctionCall(globalObject=0x00007f99ee00a868, callFrame=0x00007ff7b408b950) at JSBoundFunction.cpp:60:28
frame #53: 0x0000493e4740baf7
frame #54: 0x0000493e4787352f
frame #55: 0x000000078b195402 JavaScriptCore`llint_entry at LowLevelInterpreter.asm:1097
frame #56: 0x000000078b194094 JavaScriptCore`llint_entry at LowLevelInterpreter.asm:1097
frame #57: 0x000000078b193fec JavaScriptCore`llint_entry at LowLevelInterpreter.asm:1097
frame #58: 0x0000493e478482f8
frame #59: 0x000000078b193fec JavaScriptCore`llint_entry at LowLevelInterpreter.asm:1097
frame #60: 0x000000078b194094 JavaScriptCore`llint_entry at LowLevelInterpreter.asm:1097
frame #61: 0x000000078b194094 JavaScriptCore`llint_entry at LowLevelInterpreter.asm:1097
frame #62: 0x000000078b193fec JavaScriptCore`llint_entry at LowLevelInterpreter.asm:1097
frame #63: 0x000000078b193fec JavaScriptCore`llint_entry at LowLevelInterpreter.asm:1097
frame #64: 0x000000078b193fec JavaScriptCore`llint_entry at LowLevelInterpreter.asm:1097
frame #65: 0x000000078b194094 JavaScriptCore`llint_entry at LowLevelInterpreter.asm:1097
frame #66: 0x0000493e4761e0ce
frame #67: 0x0000493e48601beb
frame #68: 0x0000493e47986933
frame #69: 0x0000493e47617f05
frame #70: 0x000000078b1718f0 JavaScriptCore`vmEntryToJavaScript at LowLevelInterpreter64.asm:316
frame #71: 0x000000078c035ea5 JavaScriptCore`JSC::JITCode::execute(this=0x00007f990d9e9440, vm=0x00007f99f0008000, protoCallFrame=0x00007ff7b408c520) at JITCodeInlines.h:42:38
frame #72: 0x000000078c0365eb JavaScriptCore`JSC::Interpreter::executeCall(this=0x00007f9a2c208870, lexicalGlobalObject=0x00007f99ee00a868, function=0x00007f99de826be0, callData=0x00007ff7b408c868, thisValue=JSValue @ 0x00007ff7b408c660, args=0x00007ff7b408c7c0) at Interpreter.cpp:903:27
frame #73: 0x000000078c3ee17a JavaScriptCore`JSC::call(globalObject=0x00007f99ee00a868, functionObject=JSValue @ 0x00007ff7b408c6d0, callData=0x00007ff7b408c868, thisValue=JSValue @ 0x00007ff7b408c6c8, args=0x00007ff7b408c7c0) at CallData.cpp:57:28
frame #74: 0x000000078c3ee435 JavaScriptCore`JSC::profiledCall(globalObject=0x00007f99ee00a868, reason=Microtask, functionObject=JSValue @ 0x00007ff7b408c750, callData=0x00007ff7b408c868, thisValue=JSValue @ 0x00007ff7b408c748, args=0x00007ff7b408c7c0) at CallData.cpp:78:12
frame #75: 0x000000078c620b30 JavaScriptCore`JSC::JSMicrotask::run(this=0x00007f999bf830e0, globalObject=0x00007f99ee00a868) at JSMicrotask.cpp:93:5
frame #76: 0x000000079e5f571b WebCore`WebCore::JSExecState::runTask(lexicalGlobalObject=0x00007f99ee00a868, task=0x00007f999bf830e0) at JSExecState.h:91:14
frame #77: 0x000000079e5fbcbe WebCore`WebCore::JSMicrotaskCallback::call(this=0x00007f999bf83530) at JSMicrotaskCallback.h:47:9
frame #78: 0x000000079e5fbb4f WebCore`WebCore::JSDOMWindowBase::queueMicrotaskToEventLoop(this=0x00007f999bf83558)::$_40::operator()() at JSDOMWindowBase.cpp:237:19
frame #79: 0x000000079e5fba29 WebCore`WTF::Detail::CallableWrapper<WebCore::JSDOMWindowBase::queueMicrotaskToEventLoop(JSC::JSGlobalObject&, WTF::Ref<JSC::Microtask, WTF::RawPtrTraits<JSC::Microtask> >&&)::$_40, void>::call(this=0x00007f999bf83550) at Function.h:53:39
frame #80: 0x000000079bec6592 WebCore`WTF::Function<void ()>::operator(this=0x00007f999bf83590)() const at Function.h:82:35
frame #81: 0x000000079ecf2a39 WebCore`WebCore::EventLoopFunctionDispatchTask::execute(this=0x00007f999bf83570) at EventLoop.cpp:159:28
frame #82: 0x000000079ed2f0c1 WebCore`WebCore::MicrotaskQueue::performMicrotaskCheckpoint(this=0x00007f9a1ce74810) at Microtasks.cpp:64:23
frame #83: 0x000000079ece8c7e WebCore`WebCore::EventLoop::performMicrotaskCheckpoint(this=0x00007f9a1ce74940) at EventLoop.cpp:51:22
frame #84: 0x000000079ecea13f WebCore`WebCore::EventLoopTaskGroup::performMicrotaskCheckpoint(this=0x00007f9a1ce4b570) at EventLoop.cpp:180:22
frame #85: 0x000000079e5a909b WebCore`WebCore::JSExecState::didLeaveScriptContext(lexicalGlobalObject=0x00007f99ee00a868) at JSExecState.cpp:42:26
frame #86: 0x000000079e5b2eaa WebCore`WebCore::JSExecState::~JSExecState(this=0x00007ff7b408ccb8) at JSExecState.h:143:13
frame #87: 0x000000079e5b2ce5 WebCore`WebCore::JSExecState::~JSExecState(this=0x00007ff7b408ccb8) at JSExecState.h:132:5
frame #88: 0x000000079e5881a9 WebCore`WebCore::JSExecState::profiledCall(lexicalGlobalObject=0x00007f99ee00a868, reason=Other, functionObject=JSValue @ 0x00007ff7b408ccf0, callData=0x00007ff7b408cea0, thisValue=JSValue @ 0x00007ff7b408cce8, args=0x00007ff7b408cd78, returnedException=0x00007ff7b408cd98) at JSExecState.h:74:5
frame #89: 0x000000079e63f5c8 WebCore`WebCore::ScheduledAction::executeFunctionInContext(this=0x00007f9a1cbae9e0, globalObject=0x00007f99ee00a868, thisValue=JSValue @ 0x00007ff7b408cf38, context=0x00007f99ee009000) at ScheduledAction.cpp:121:5
frame #90: 0x000000079e63f038 WebCore`WebCore::ScheduledAction::execute(this=0x00007f9a1cbae9e0, document=0x00007f99ee009000) at ScheduledAction.cpp:141:9
frame #91: 0x000000079e63ef03 WebCore`WebCore::ScheduledAction::execute(this=0x00007f9a1cbae9e0, context=0x00007f99ee009000) at ScheduledAction.cpp:86:9
frame #92: 0x000000079f90fa8b WebCore`WebCore::DOMTimer::fired(this=0x00007f9a1cbb55c0) at DOMTimer.cpp:337:15
frame #93: 0x000000079fbeaf2f WebCore`WebCore::ThreadTimers::sharedTimerFiredInternal(this=0x00007f9a1cb06280) at ThreadTimers.cpp:127:23
frame #94: 0x000000079fbf38a1 WebCore`WebCore::ThreadTimers::setSharedTimer(this=0x00007f9a1cb062b8)::$_0::operator()() const at ThreadTimers.cpp:67:80
frame #95: 0x000000079fbf3839 WebCore`WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call(this=0x00007f9a1cb062b0) at Function.h:53:39
frame #96: 0x000000079bec6592 WebCore`WTF::Function<void ()>::operator(this=0x00000007a29ddbb8)() const at Function.h:82:35
frame #97: 0x000000079fba81f1 WebCore`WebCore::MainThreadSharedTimer::fired(this=0x00000007a29ddbb0) at MainThreadSharedTimer.cpp:83:5
frame #98: 0x000000079fc69056 WebCore`WebCore::timerFired((null)=0x0000600001cd4240, (null)=0x0000000000000000) at MainThreadSharedTimerCF.cpp:85:40
frame #99: 0x00007ff8105dc7df CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
frame #100: 0x00007ff8105dc2ce CoreFoundation`__CFRunLoopDoTimer + 927
frame #101: 0x00007ff8105dbe2d CoreFoundation`__CFRunLoopDoTimers + 307
frame #102: 0x00007ff8105c246f CoreFoundation`__CFRunLoopRun + 1985
frame #103: 0x00007ff8105c15ed CoreFoundation`CFRunLoopRunSpecific + 563
frame #104: 0x00007ff81142253e Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 216
frame #105: 0x00007ff8114ac753 Foundation`-[NSRunLoop(NSRunLoop) run] + 76
frame #106: 0x00007ff810250233 libxpc.dylib`_xpc_objc_main + 825
frame #107: 0x00007ff81024fc22 libxpc.dylib`xpc_main + 99
frame #108: 0x000000077274f3df WebKit`WebKit::XPCServiceMain(argc=1, argv=0x00007ff7b408f508) at XPCServiceMain.mm:243:5
frame #109: 0x0000000773e1914b WebKit`WKXPCServiceMain(argc=1, argv=0x00007ff7b408f508) at WKMain.mm:33:12
frame #110: 0x000000010be73ea2 com.apple.WebKit.WebContent.Development`main(argc=1, argv=0x00007ff7b408f508) at AuxiliaryProcessMain.cpp:30:12
frame #111: 0x00000001112df4d5 dyld`start + 421
(lldb)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210811/1104b4ec/attachment-0001.htm>
More information about the webkit-unassigned
mailing list