[Webkit-unassigned] [Bug 190804] New: REGRESSION: [iOS] Crashes in com.apple.WebKit: WebKit::RemoteScrollingCoordinator::scheduleTreeStateCommit

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Oct 22 13:56:09 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=190804

            Bug ID: 190804
           Summary: REGRESSION: [iOS] Crashes in com.apple.WebKit:
                    WebKit::RemoteScrollingCoordinator::scheduleTreeStateC
                    ommit
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ryanhaddad at apple.com

Created attachment 352907

  --> https://bugs.webkit.org/attachment.cgi?id=352907&action=review

Crash log

The following crash is seen multiple times in the "Other crashes" section on iOS Simulator layout test results:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebKit                    0x000000010462d9af WebKit::RemoteScrollingCoordinator::scheduleTreeStateCommit() + 15 (RemoteScrollingCoordinator.mm:64)
1   com.apple.WebCore                   0x00000006812cd139 WebCore::ScrollingStateTree::recursiveNodeWillBeRemoved(WebCore::ScrollingStateNode*, WebCore::ScrollingStateTree::SubframeNodeRemoval) + 169 (ScrollingStateTree.cpp:233)
2   com.apple.WebCore                   0x00000006812cc8f9 WebCore::ScrollingStateTree::removeNodeAndAllDescendants(WebCore::ScrollingStateNode*, WebCore::ScrollingStateTree::SubframeNodeRemoval) + 25 (ScrollingStateTree.cpp:210)
3   com.apple.WebCore                   0x00000006812ccc74 WebCore::ScrollingStateTree::detachNode(unsigned long long) + 52 (ScrollingStateTree.cpp:158)
4   com.apple.WebCore                   0x00000006815bad03 WebCore::RenderLayerBacking::~RenderLayerBacking() + 467 (RenderLayerBacking.cpp:247)
5   com.apple.WebCore                   0x00000006815bd4ce WebCore::RenderLayerBacking::~RenderLayerBacking() + 14 (RenderLayerBacking.cpp:238)
6   com.apple.WebCore                   0x000000068159b6ab WebCore::RenderLayer::~RenderLayer() + 859 (RenderLayer.cpp:374)
7   com.apple.WebCore                   0x000000068159ba8e WebCore::RenderLayer::~RenderLayer() + 14 (RenderLayer.cpp:339)
8   com.apple.WebCore                   0x00000006815d16c7 WebCore::RenderLayerModelObject::willBeDestroyed() + 167 (RenderLayerModelObject.cpp:80)
9   com.apple.WebCore                   0x0000000681519bc3 WebCore::RenderBoxModelObject::willBeDestroyed() + 115 (RenderBoxModelObject.cpp:248)
10  com.apple.WebCore                   0x0000000681519896 WebCore::RenderBox::willBeDestroyed() + 662 (RenderBox.cpp:169)
11  com.apple.WebCore                   0x00000006815f27a8 WebCore::RenderObject::destroy() + 88 (RenderObject.cpp:1510)
12  com.apple.WebCore                   0x0000000680d802fd WebCore::Document::destroyRenderTree() + 301 (Document.cpp:2405)
13  com.apple.WebCore                   0x0000000680d80658 WebCore::Document::prepareForDestruction() + 680 (Document.cpp:2465)
14  com.apple.WebCore                   0x000000068122c0f9 WebCore::Frame::setView(WTF::RefPtr<WebCore::FrameView, WTF::DumbPtrTraits<WebCore::FrameView> >&&) + 249 (RefPtr.h:87)
15  com.apple.WebCore                   0x0000000681165e02 WebCore::FrameLoader::detachFromParent() + 498 (RefPtr.h:69)
16  com.apple.WebKit                    0x000000010471a24a WebKit::WebPage::close() + 902 (WebPage.cpp:1245)
17  com.apple.WebKit                    0x00000001043bca79 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 127 (MessageReceiverMap.cpp:123)
18  com.apple.WebKit                    0x000000010466f672 WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 28 (WebProcess.cpp:656)
19  com.apple.WebKit                    0x00000001043afa92 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 108 (Connection.cpp:1007)
20  com.apple.WebKit                    0x00000001043b2ef4 IPC::Connection::dispatchOneIncomingMessage() + 180 (Connection.cpp:1074)
21  JavaScriptCore                      0x000000010a5f3667 WTF::RunLoop::performWork() + 231 (RunLoop.cpp:106)
22  JavaScriptCore                      0x000000010a5f38f2 WTF::RunLoop::performWork(void*) + 34 (RunLoopCF.cpp:39)
23  com.apple.CoreFoundation            0x0000000105d43b31 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
24  com.apple.CoreFoundation            0x0000000105d433a3 __CFRunLoopDoSources0 + 243
25  com.apple.CoreFoundation            0x0000000105d3da4f __CFRunLoopRun + 1263
26  com.apple.CoreFoundation            0x0000000105d3d221 CFRunLoopRunSpecific + 625
27  com.apple.Foundation                0x0000000103e2a522 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 277
28  com.apple.Foundation                0x0000000103e2a692 -[NSRunLoop(NSRunLoop) run] + 76
29  libxpc.dylib                        0x00000001079ee812 _xpc_objc_main + 460
30  libxpc.dylib                        0x00000001079f0cbd xpc_main + 143
31  com.apple.WebKit.WebContent         0x0000000103d72248 WebKit::XPCServiceMain(int, char const**) + 403
32  com.apple.WebKit.WebContent         0x0000000103d723e9 main + 9
33  libdyld.dylib                       0x00000001076de551 start + 1

https://build.webkit.org/results/Apple%20iOS%2012%20Simulator%20Release%20WK2%20(Tests)/r237326%20(487)/results.html

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181022/444e442e/attachment-0001.html>

More information about the webkit-unassigned mailing list