[Webkit-unassigned] [Bug 195844] New: Scrolling state nodes should hold references to GraphicsLayers

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Mar 15 22:03:19 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=195844

            Bug ID: 195844
           Summary: Scrolling state nodes should hold references to
                    GraphicsLayers
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Scrolling
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: simon.fraser at apple.com

I'm seeing crashes with bad GraphicsLayers in the scrolling state tree. For example:
1. Enable async overflow scrolling on MiniBrowser on macOS
2. Load https://palace-games.com/
3. Click "Reserve Your Room Today"
4. Scroll the overlay
Crash:

  * frame #0: 0x000000011b468ec9 WebCore`WebCore::LayerRepresentation::toRepresentation(this=0x000000014e6b9e48, representation=PlatformLayerRepresentation) const at ScrollingStateNode.h:166:55
    frame #1: 0x000000011b474b18 WebCore`WebCore::ScrollingStateNode::ScrollingStateNode(this=0x000000014fe08618, stateNode=0x000000014e6b9e10, adoptiveTree=0x000000013b922d68) at ScrollingStateNode.cpp:55:36
    frame #2: 0x000000011b4772ba WebCore`WebCore::ScrollingStatePositionedNode::ScrollingStatePositionedNode(this=0x000000014fe08618, node=0x000000014e6b9e10, adoptiveTree=0x000000013b922d68) at ScrollingStatePositionedNode.cpp:49:7
    frame #3: 0x000000011b477395 WebCore`WebCore::ScrollingStatePositionedNode::ScrollingStatePositionedNode(this=0x000000014fe08618, node=0x000000014e6b9e10, adoptiveTree=0x000000013b922d68) at ScrollingStatePositionedNode.cpp:52:1
    frame #4: 0x000000011b477487 WebCore`WebCore::ScrollingStatePositionedNode::clone(this=0x000000014e6b9e10, adoptiveTree=0x000000013b922d68) at ScrollingStatePositionedNode.cpp:59:26
    frame #5: 0x000000011b474eaf WebCore`WebCore::ScrollingStateNode::cloneAndReset(this=0x000000014e6b9e10, adoptiveTree=0x000000013b922d68) at ScrollingStateNode.cpp:79:24
    frame #6: 0x000000011b474fc0 WebCore`WebCore::ScrollingStateNode::cloneAndResetChildren(this=0x000000016ad7f000, clone=0x000000016dfa0500, adoptiveTree=0x000000013b922d68) at ScrollingStateNode.cpp:95:34
    frame #7: 0x000000011b474ed1 WebCore`WebCore::ScrollingStateNode::cloneAndReset(this=0x000000016ad7f000, adoptiveTree=0x000000013b922d68) at ScrollingStateNode.cpp:84:5
    frame #8: 0x000000011b474fc0 WebCore`WebCore::ScrollingStateNode::cloneAndResetChildren(this=0x00000001437da960, clone=0x0000000151bd1840, adoptiveTree=0x000000013b922d68) at ScrollingStateNode.cpp:95:34
    frame #9: 0x000000011b474ed1 WebCore`WebCore::ScrollingStateNode::cloneAndReset(this=0x00000001437da960, adoptiveTree=0x000000013b922d68) at ScrollingStateNode.cpp:84:5
    frame #10: 0x000000011b474fc0 WebCore`WebCore::ScrollingStateNode::cloneAndResetChildren(this=0x000000014170de00, clone=0x0000000161bfd480, adoptiveTree=0x000000013b922d68) at ScrollingStateNode.cpp:95:34
    frame #11: 0x000000011b474ed1 WebCore`WebCore::ScrollingStateNode::cloneAndReset(this=0x000000014170de00, adoptiveTree=0x000000013b922d68) at ScrollingStateNode.cpp:84:5
    frame #12: 0x000000011b474fc0 WebCore`WebCore::ScrollingStateNode::cloneAndResetChildren(this=0x000000014366f000, clone=0x000000016dfa0280, adoptiveTree=0x000000013b922d68) at ScrollingStateNode.cpp:95:34
    frame #13: 0x000000011b474ed1 WebCore`WebCore::ScrollingStateNode::cloneAndReset(this=0x000000014366f000, adoptiveTree=0x000000013b922d68) at ScrollingStateNode.cpp:84:5
    frame #14: 0x000000011b47beb5 WebCore`WebCore::ScrollingStateTree::commit(this=0x00000001384bd3a8, preferredLayerRepresentation=PlatformLayerRepresentation) at ScrollingStateTree.cpp:296:115
    frame #15: 0x0000000118a11cfb WebCore`WebCore::ScrollingCoordinatorMac::commitTreeState(this=0x00000001384f0900) at ScrollingCoordinatorMac.mm:123:70
    frame #16: 0x0000000118a12339 WebCore`WebCore::ScrollingCoordinatorMac::commitTreeStateIfNeeded(this=0x00000001384f0900) at ScrollingCoordinatorMac.mm:81:5
    frame #17: 0x0000000110dba8ce WebKit`WebKit::TiledCoreAnimationDrawingArea::flushLayers(this=0x000000013847b000) at TiledCoreAnimationDrawingArea.mm:498:35
    frame #18: 0x0000000110dbec15 WebKit`WebKit::TiledCoreAnimationDrawingArea::layerFlushRunLoopCallback(this=0x000000013847b000) at TiledCoreAnimationDrawingArea.mm:946:5

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190316/0ff8484c/attachment-0001.html>

More information about the webkit-unassigned mailing list