[Webkit-unassigned] [Bug 193955] New: REGRESSION (r240553): Crash in WebCore::ScrollingTree::updateTreeFromStateNode
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 28 21:52:20 PST 2019
https://bugs.webkit.org/show_bug.cgi?id=193955
Bug ID: 193955
Summary: REGRESSION (r240553): Crash in
WebCore::ScrollingTree::updateTreeFromStateNode
Product: WebKit
Version: Other
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: New Bugs
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ryanhaddad at apple.com
Created attachment 360440
--> https://bugs.webkit.org/attachment.cgi?id=360440&action=review
Crash log
After https://trac.webkit.org/changeset/240553/webkit, layout test compositing/iframes/remove-reinsert-webview-with-iframe.html is consistently crashing on iOS simulator bots.
https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=compositing%2Fiframes%2Fremove-reinsert-webview-with-iframe.html
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_kernel.dylib 0x000000010a546b66 __pthread_kill + 10
1 libsystem_pthread.dylib 0x000000010a580080 pthread_kill + 333
2 libsystem_c.dylib 0x000000010a2f3c45 abort + 127
3 libc++abi.dylib 0x000000010728e5b1 abort_message + 231
4 libc++abi.dylib 0x000000010729b7a2 __cxa_pure_virtual + 18
5 com.apple.WebCore 0x000000010bc19aa2 WebCore::ScrollingTree::updateTreeFromStateNode(WebCore::ScrollingStateNode const*, WTF::HashMap<unsigned long long, WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> >, WTF::IntHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> > > >&) + 1026 (ScrollingTree.cpp:184)
6 com.apple.WebCore 0x000000010bc19bde WebCore::ScrollingTree::updateTreeFromStateNode(WebCore::ScrollingStateNode const*, WTF::HashMap<unsigned long long, WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> >, WTF::IntHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> > > >&) + 1342 (ScrollingTree.cpp:197)
7 com.apple.WebCore 0x000000010bc19bde WebCore::ScrollingTree::updateTreeFromStateNode(WebCore::ScrollingStateNode const*, WTF::HashMap<unsigned long long, WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> >, WTF::IntHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WTF::RefPtr<WebCore::ScrollingTreeNode, WTF::DumbPtrTraits<WebCore::ScrollingTreeNode> > > >&) + 1342 (ScrollingTree.cpp:197)
8 com.apple.WebCore 0x000000010bc194dc WebCore::ScrollingTree::commitTreeState(std::__1::unique_ptr<WebCore::ScrollingStateTree, std::__1::default_delete<WebCore::ScrollingStateTree> >) + 444 (ScrollingTree.cpp:145)
9 com.apple.WebKit 0x0000000104d90927 WebKit::RemoteScrollingCoordinatorProxy::commitScrollingTreeState(WebKit::RemoteScrollingCoordinatorTransaction const&, WebKit::RemoteScrollingCoordinatorProxy::RequestedScrollInfo&) + 111 (RemoteScrollingCoordinatorProxy.cpp:92)
10 com.apple.WebKit 0x0000000104c9dedf WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree(WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&) + 239 (RemoteLayerTreeDrawingAreaProxy.mm:217)
11 com.apple.WebKit 0x0000000104b31645 void IPC::handleMessage<Messages::RemoteLayerTreeDrawingAreaProxy::CommitLayerTree, WebKit::RemoteLayerTreeDrawingAreaProxy, void (WebKit::RemoteLayerTreeDrawingAreaProxy::*)(WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&)>(IPC::Decoder&, WebKit::RemoteLayerTreeDrawingAreaProxy*, void (WebKit::RemoteLayerTreeDrawingAreaProxy::*)(WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&)) + 126 (HandleMessage.h:134)
12 com.apple.WebKit 0x0000000104b104c3 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 127 (MessageReceiverMap.cpp:123)
13 com.apple.WebKit 0x0000000104ceea70 WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 24 (WebProcessProxy.cpp:532)
14 com.apple.WebKit 0x0000000104c9ef1b bool IPC::Connection::waitForAndDispatchImmediately<Messages::RemoteLayerTreeDrawingAreaProxy::CommitLayerTree>(unsigned long long, WTF::Seconds, WTF::OptionSet<IPC::WaitForOption>) + 83 (Connection.h:490)
15 com.apple.WebKit 0x0000000104c9ee4b WebKit::RemoteLayerTreeDrawingAreaProxy::waitForDidUpdateActivityState(unsigned long long) + 117 (RemoteLayerTreeDrawingAreaProxy.mm:461)
16 com.apple.WebKit 0x0000000104cafdd0 WebKit::WebPageProxy::dispatchActivityStateChange() + 590 (WebPageProxy.cpp:1769)
17 com.apple.UIKitCore 0x0000000113999e05 -[UIView(Internal) _didMoveFromWindow:toWindow:] + 1820
18 com.apple.UIKitCore 0x000000011398c091 __45-[UIView(Hierarchy) _postMovedFromSuperview:]_block_invoke + 151
19 com.apple.UIKitCore 0x000000011398bf70 -[UIView(Hierarchy) _postMovedFromSuperview:] + 804
20 com.apple.UIKitCore 0x000000011399c9a5 -[UIView(Internal) _addSubview:positioned:relativeTo:] + 1951
21 org.webkit.WebKitTestRunnerApp 0x0000000102515abd WTR::JSUIScriptController::addViewToWindow(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) + 65
22 JavaScriptCore 0x0000000102a06f2f long long JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::ExecState*) + 495 (APICallbackFunction.h:63)
23 ??? 0x0000073a3253c02d 0 + 7946533847085
24 JavaScriptCore 0x00000001029dc271 llint_entry + 61758
25 JavaScriptCore 0x00000001029dc271 llint_entry + 61758
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190129/e72f2c1c/attachment-0001.html>
More information about the webkit-unassigned
mailing list