There is no EFL specific code in crash trace, have you confirmed that this is a EFL only issue?

No other port has reported this assertion.

(In reply to comment #2) > No other port has reported this assertion. Because all of them are skipping the test: $ grep http/tests/inspector/network/network-xhr-replay.html LayoutTests/platform/* -R LayoutTests/platform/chromium/TestExpectations:webkit.org/b/96953 [ Win ] http/tests/inspector/network/network-xhr-replay.html [ Timeout ] LayoutTests/platform/mac/TestExpectations:http/tests/inspector/network/network-xhr-replay.html LayoutTests/platform/qt/TestExpectations:http/tests/inspector/network/network-xhr-replay.html LayoutTests/platform/win/TestExpectations:http/tests/inspector/network/network-xhr-replay.html LayoutTests/platform/wincairo/TestExpectations:http/tests/inspector/network/network-xhr-replay.html

I was able to reproduce this assertion by loading <http://philosophically.com/why-were-pivoting-from-mobile-first-to-web-first> in a fairly narrow window.

This crash is showing up on the WK-2 bots sometimes when running http/tests/inspector/resource-har-pages.html I have not been able to repro the crash on my own machine though.

*** Bug 105932 has been marked as a duplicate of this bug. ***

This goes away if I remove the && !m_canSkipRepaintRectsUpdateOnScroll test added by Julien.

*** Bug 105096 has been marked as a duplicate of this bug. ***

Created attachment 185363 [details] Patch

Comment on attachment 185363 [details] Patch Looks good to me, but it would be nice if the tests it affects were mentioned in the Changelog.

It would be good to fix it for Qt 5.0.2. Any update on this?

(In reply to comment #11) > It would be good to fix it for Qt 5.0.2. Any update on this? Ping.

Comment on attachment 185363 [details] Patch Rejecting attachment 185363 [details] from commit-queue. Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=webkit-commit-queue.appspot.com', '--bot-id=gce-cq-01', 'apply-attachment', '--no-update', '--non-interactive', 185363, '--port=chromium-xvfb']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue Last 500 characters of output: ce/WebCore/rendering/RenderLayer.h Hunk #1 succeeded at 1200 (offset 111 lines). patching file LayoutTests/ChangeLog Hunk #1 succeeded at 1 with fuzz 3. patching file LayoutTests/platform/mac/TestExpectations Hunk #1 FAILED at 1240. 1 out of 1 hunk FAILED -- saving rejects to file LayoutTests/platform/mac/TestExpectations.rej Failed to run "[u'/mnt/git/webkit-commit-queue/Tools/Scripts/svn-apply', '--force', '--reviewer', 'Allan Sandfeld Jensen']" exit_code: 1 cwd: /mnt/git/webkit-commit-queue Full output: http://webkit-commit-queue.appspot.com/results/17293401

Seems the test expectations were already updated by http://trac.webkit.org/changeset/141661/trunk/LayoutTests/platform/mac/TestExpectations

Created attachment 196611 [details] Patch Rebased patch on top of r141661.

Comment on attachment 196611 [details] Patch Thanks for updating this patch!

Comment on attachment 196611 [details] Patch Clearing flags on attachment: 196611 Committed r147759: <http://trac.webkit.org/changeset/147759>

All reviewed patches have been landed. Closing bug.

I don't think this is fixed yet, I just got this scrolling down this page with the webkitgtk WK1 test browser (I'm using r151992): ASSERTION FAILED: m_repaintRect == renderer()->clippedOverflowRectForRepaint(renderer()->containerForRepaint()) ../../Source/WebCore/rendering/RenderLayer.cpp(809) : void WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, WebCore::RenderLayer::UpdateLayerPositionsAfterScrollFlags) 1 0x7ffff30954eb ../WebKit/WebKitBuild/Debug/.libs/libjavascriptcoregtk-3.0.so.0(WTFCrash+0x1e) [0x7ffff30954eb] 2 0x7ffff46c725b ../WebKit/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x110c25b) [0x7ffff46c725b] 3 0x7ffff46c731f ../WebKit/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x110c31f) [0x7ffff46c731f] Program received signal SIGSEGV, Segmentation fault. 0x00007ffff30954f0 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:339 339 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff30954f0 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:339 #1 0x00007ffff46c725b in WebCore::RenderLayer::updateLayerPositionsAfterScroll (this=0x147dcb8, geometryMap=0x7fffffffba10, flags=4) at ../../Source/WebCore/rendering/RenderLayer.cpp:809 #2 0x00007ffff46c731f in WebCore::RenderLayer::updateLayerPositionsAfterScroll (this=0x147f8e8, geometryMap=0x7fffffffba10, flags=4) at ../../Source/WebCore/rendering/RenderLayer.cpp:814 #3 0x00007ffff46c731f in WebCore::RenderLayer::updateLayerPositionsAfterScroll (this=0x147afc8, geometryMap=0x7fffffffba10, flags=4) at ../../Source/WebCore/rendering/RenderLayer.cpp:814 #4 0x00007ffff46c731f in WebCore::RenderLayer::updateLayerPositionsAfterScroll (this=0x820068, geometryMap=0x7fffffffba10, flags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:814 #5 0x00007ffff46c731f in WebCore::RenderLayer::updateLayerPositionsAfterScroll (this=0x73d308, geometryMap=0x7fffffffba10, flags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:814 #6 0x00007ffff46c6faa in WebCore::RenderLayer::updateLayerPositionsAfterDocumentScroll (this=0x73d308) at ../../Source/WebCore/rendering/RenderLayer.cpp:760 #7 0x00007ffff45202a6 in WebCore::FrameView::repaintFixedElementsAfterScrolling (this=0x683060) at ../../Source/WebCore/page/FrameView.cpp:2017 #8 0x00007ffff4cedd62 in WebCore::ScrollView::scrollTo (this=0x683060, newOffset=...) at ../../Source/WebCore/platform/ScrollView.cpp:392 #9 0x00007ffff4523ed4 in WebCore::FrameView::scrollTo (this=0x683060, newOffset=...) at ../../Source/WebCore/page/FrameView.cpp:3055 #10 0x00007ffff4cedcc6 in WebCore::ScrollView::setScrollOffset (this=0x683060, offset=...) at ../../Source/WebCore/platform/ScrollView.cpp:373 #11 0x00007ffff4ce959c in WebCore::ScrollableArea::scrollPositionChanged (this=0x683098, position=...) at ../../Source/WebCore/platform/ScrollableArea.cpp:145 #12 0x00007ffff4ce98b9 in WebCore::ScrollableArea::setScrollOffsetFromAnimation (this=0x683098, offset=...) at ../../Source/WebCore/platform/ScrollableArea.cpp:190 #13 0x00007ffff4cfa767 in WebCore::ScrollAnimator::notifyPositionChanged (this=0xb01c60, delta=...) at ../../Source/WebCore/platform/ScrollAnimator.cpp:142 #14 0x00007ffff4cfa131 in WebCore::ScrollAnimator::scrollToOffsetWithoutAnimation (this=0xb01c60, offset=...) at ../../Source/WebCore/platform/ScrollAnimator.cpp:81 #15 0x00007ffff4ce93f2 in WebCore::ScrollableArea::scrollToOffsetWithoutAnimation (this=0x683098, offset=...) at ../../Source/WebCore/platform/ScrollableArea.cpp:124 #16 0x00007ffff4ce94de in WebCore::ScrollableArea::scrollToOffsetWithoutAnimation (this=0x683098, orientation=WebCore::VerticalScrollbar, offset=2675) at ../../Source/WebCore/platform/ScrollableArea.cpp:132 #17 0x00007ffff3b0ae28 in WebKit::GtkAdjustmentWatcher::adjustmentValueChanged (this=0x642750, adjustment=0x713d90) at ../../Source/WebKit/gtk/WebCoreSupport/GtkAdjustmentWatcher.cpp:131 #18 0x00007ffff3b0ac1a in WebKit::adjustmentValueChangedCallback (adjustment=0x713d90, watcher=0x642750) at ../../Source/WebKit/gtk/WebCoreSupport/GtkAdjustmentWatcher.cpp:95

(In reply to comment #19) > I don't think this is fixed yet, I just got this scrolling down this page with the webkitgtk WK1 test browser (I'm using r151992): I meant this page: http://praza.com/movementos-sociais/4872/o-pp-rexeita-abolir-as-touradas-porque-non-hai-risco-de-que-proliferen-en-galicia/

(In reply to comment #20) > (In reply to comment #19) > > I don't think this is fixed yet, I just got this scrolling down this page with the webkitgtk WK1 test browser (I'm using r151992): > > I meant this page: > http://praza.com/movementos-sociais/4872/o-pp-rexeita-abolir-as-touradas-porque-non-hai-risco-de-que-proliferen-en-galicia/ It's important to note that the crash happens only when scrolling while the page is not fully loaded yet.

I can not reproduce that assert. Would it be possible for you to provide more backtrace info, such as the what the different between the cached and calculated repaint rect is?

100% repro case of the same assertion failure (probably related to rtl) here: https://bugs.webkit.org/show_bug.cgi?id=118269

See my comment in bug 118269 for how I can reproduce this assertion when scrolling a RenderBox that was highlighted by clicking in it. You may have to scroll down to the bottom after highlighting in order to trigger the assertion. My investigation showed that the RenderObject in question was a RenderBox, and that the difference between the cached and the repainted rect is produced by "r.inflate(v->maximalOutlineSize());" in RenderBox::clippedOverflowRectForRepaint(). Maybe the inflation to the outline size should just be ignored while scrolling? That would mean the assertion is wrong - and I don't see any rendering artifacts in release builds.

(In reply to comment #23) > 100% repro case of the same assertion failure (probably related to rtl) here: https://bugs.webkit.org/show_bug.cgi?id=118269 Maybe they're different issues because I hit the assertion quite easily in a lot of webpages but your test works fine for me.

(In reply to comment #25) > (In reply to comment #23) > > 100% repro case of the same assertion failure (probably related to rtl) here: https://bugs.webkit.org/show_bug.cgi?id=118269 > > Maybe they're different issues because I hit the assertion quite easily in a lot of webpages but your test works fine for me. As an example: 1- go to http://www.0d.be/debian/debian-gnome-3.8-status.html 2- click onto the "Display arch details" checkbox 3- scroll down 100% assertion failed

> 1- go to http://www.0d.be/debian/debian-gnome-3.8-status.html > 2- click onto the "Display arch details" checkbox > 3- scroll down > > 100% assertion failed This in turn doesn't assert for me. However it does have something in common with my case: the render tree is changed by user interaction (mouse click events in our cases), and after that the assertion is hit upon scrolling. Would be helpful to know what's the difference between the expected and acrual rectangles.

I can hit this on http://www.theguardian.com/ pretty quickly by going to articles and scrolling around while the page is loading. ASSERTION FAILED: m_repaintRect == renderer().clippedOverflowRectForRepaint(renderer().containerForRepaint()) /Users/antti/webkit/OpenSource/Source/WebCore/rendering/RenderLayer.cpp(787) : void WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap *, UpdateLayerPositionsAfterScrollFlags) 1 0x11406e780 WTFCrash 2 0x1162be01b WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int) 3 0x1162be0f9 WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, unsigned int) 4 0x1162bdda1 WebCore::RenderLayer::updateLayerPositionsAfterDocumentScroll() 5 0x1155cb71f WebCore::FrameView::repaintFixedElementsAfterScrolling() 6 0x11654bda5 WebCore::ScrollView::scrollTo(WebCore::IntSize const&) 7 0x1155ce1ae WebCore::FrameView::scrollTo(WebCore::IntSize const&) 8 0x11654bcaf WebCore::ScrollView::setScrollOffset(WebCore::IntPoint const&) 9 0x11654bcef non-virtual thunk to WebCore::ScrollView::setScrollOffset(WebCore::IntPoint const&) 10 0x116511020 WebCore::ScrollableArea::scrollPositionChanged(WebCore::IntPoint const&) 11 0x116510f8f WebCore::ScrollableArea::notifyScrollPositionChanged(WebCore::IntPoint const&) 12 0x11652a42f WebCore::ScrollingCoordinator::updateMainFrameScrollPosition(WebCore::IntPoint const&, bool, WebCore::SetOrSyncScrollingLayerPosition) 13 0x11652cc23 WebCore::ScrollingCoordinatorMac::requestScrollPositionUpdate(WebCore::FrameView*, WebCore::IntPoint const&) 14 0x1155cbbb1 WebCore::FrameView::requestScrollPositionUpdate(WebCore::IntPoint const&) 15 0x1155cbc0f non-virtual thunk to WebCore::FrameView::requestScrollPositionUpdate(WebCore::IntPoint const&) 16 0x116511382 WebCore::ScrollableArea::setScrollOffsetFromAnimation(WebCore::IntPoint const&) 17 0x116513a21 WebCore::ScrollAnimator::notifyPositionChanged(WebCore::FloatSize const&) 18 0x1165181d6 WebCore::ScrollAnimatorMac::notifyPositionChanged(WebCore::FloatSize const&) 19 0x116517d1a WebCore::ScrollAnimatorMac::immediateScrollTo(WebCore::FloatPoint const&) 20 0x116517bf3 WebCore::ScrollAnimatorMac::scrollToOffsetWithoutAnimation(WebCore::FloatPoint const&) 21 0x116510e6c WebCore::ScrollableArea::scrollToOffsetWithoutAnimation(WebCore::FloatPoint const&) 22 0x11654a6fd WebCore::ScrollView::updateScrollbars(WebCore::IntSize const&) 23 0x11654b230 WebCore::ScrollView::setContentsSize(WebCore::IntSize const&) 24 0x1155c3711 WebCore::FrameView::setContentsSize(WebCore::IntSize const&) 25 0x1155c4b83 WebCore::FrameView::adjustViewSize() 26 0x1155c7284 WebCore::FrameView::layout(bool) 27 0x1155d01f9 WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() 28 0x1125a3b7b WebKit::WebPage::layoutIfNeeded() 29 0x11245db4a WebKit::TiledCoreAnimationDrawingArea::flushLayers() 30 0x11245de9c non-virtual thunk to WebKit::TiledCoreAnimationDrawingArea::flushLayers() 31 0x115f9efcc WebCore::LayerFlushScheduler::runLoopObserverCallback()

*** Bug 123486 has been marked as a duplicate of this bug. ***

<rdar://problem/15348150>

Created attachment 216824 [details] Patch

Comment on attachment 216824 [details] Patch r=me. Eww.