[Webkit-unassigned] [Bug 250133] New: REGRESSION (258031 at main): Occasional crashes under WTF::Detail::CallableWrapper<WebCore::ThreadedScrollingTree::deferWheelEventTestCompletionForReason()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jan 5 10:00:36 PST 2023 

https://bugs.webkit.org/show_bug.cgi?id=250133

            Bug ID: 250133
           Summary: REGRESSION (258031 at main): Occasional crashes under
                    WTF::Detail::CallableWrapper<WebCore::ThreadedScrollin
                    gTree::deferWheelEventTestCompletionForReason()
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Scrolling
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: simon.fraser at apple.com
                CC: simon.fraser at apple.com

Running a recent build with 258031 at main, I see rare crashes when closing tabs:

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000380
Exception Codes:       0x0000000000000001, 0x0000000000000380

Termination Reason:    Namespace SIGNAL, Code 11 Segmentation fault: 11
Terminating Process:   exc handler [40921]

VM Region Info: 0x380 is not in any region.  Bytes before following region: 140737487592576
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      shared memory            7ffffff46000-7ffffff47000 [    4K] r-x/r-x SM=SHM  

Application Specific Information:
Bundle controller class:
BrowserBundleController


Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   WebCore                                    0x66db1572e WTF::Detail::CallableWrapper<WebCore::ThreadedScrollingTree::deferWheelEventTestCompletionForReason(unsigned long long, WebCore::WheelEventTestMonitor::DeferReason)::$_20, void>::call() + 14
1   JavaScriptCore                             0x660c83f3f WTF::RunLoop::performWork() + 431
2   JavaScriptCore                             0x660c84a1a WTF::RunLoop::performWork(void*) + 26
3   CoreFoundation                          0x7ff81aa52b78 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
4   CoreFoundation                          0x7ff81aa52b27 __CFRunLoopDoSource0 + 157
5   CoreFoundation                          0x7ff81aa52901 __CFRunLoopDoSources0 + 212
6   CoreFoundation                          0x7ff81aa5157b __CFRunLoopRun + 929
7   CoreFoundation                          0x7ff81aa50b60 CFRunLoopRunSpecific + 560
8   Foundation                              0x7ff81b8ad02a -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 216
9   Foundation                              0x7ff81b92fc3c -[NSRunLoop(NSRunLoop) run] + 76
10  libxpc.dylib                            0x7ff81a6ecf4b _xpc_objc_main + 773
11  libxpc.dylib                            0x7ff81a6ec963 xpc_main + 96
12  WebKit                                     0x6630fdd26 WebKit::XPCServiceMain(int, char const**) + 276
13  dyld                                    0x7ff81a644310 start + 2432

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230105/416629e0/attachment-0001.htm>

More information about the webkit-unassigned mailing list