[Webkit-unassigned] [Bug 253993] New: REGRESSION (261597 at main): [UI-side compositing] Many layout tests crash in RemoteScrollingCoordinatorProxy::topContentInset()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Mar 15 17:10:47 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=253993

            Bug ID: 253993
           Summary: REGRESSION (261597 at main): [UI-side compositing] Many
                    layout tests crash in
                    RemoteScrollingCoordinatorProxy::topContentInset()
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Scrolling
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: simon.fraser at apple.com
                CC: simon.fraser at apple.com

Tests that have `[ useThreadedScrolling=false ]` crash at:

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000168
Exception Codes:       0x0000000000000001, 0x0000000000000168

Termination Reason:    Namespace SIGNAL, Code 11 Segmentation fault: 11
Terminating Process:   exc handler [1769]

VM Region Info: 0x168 is not in any region.  Bytes before following region: 140737487199896
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      shared memory            7fffffee6000-7fffffee7000 [    4K] r-x/r-x SM=SHM  

Application Specific Information:
dyld config: DYLD_LIBRARY_PATH=/Volumes/Data/Development/system/webkit/OpenSource/WebKitBuild/Debug DYLD_FRAMEWORK_PATH=/Volumes/Data/Development/system/webkit/OpenSource/WebKitBuild/Debug
CRASHING TEST: compositing/overflow/do-not-paint-outline-into-composited-scrolling-contents.html


Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   WebCore                                    0x1686bdeec WebCore::ScrollingTreeFrameScrollingNode::topContentInset() const + 12 (ScrollingTreeFrameScrollingNode.h:56)
1   WebCore                                    0x16b4c7569 WebCore::ScrollingTree::mainFrameTopContentInset() const + 57 (ScrollingTree.cpp:530)
2   WebKit                                     0x136419dc1 WebKit::RemoteScrollingCoordinatorProxy::topContentInset() const + 33 (RemoteScrollingCoordinatorProxy.cpp:289)
3   WebKit                                     0x135cef480 WebKit::RemoteLayerTreeDrawingAreaProxyMac::layoutBannerLayers(WebKit::RemoteLayerTreeTransaction const&) + 96 (RemoteLayerTreeDrawingAreaProxyMac.mm:145)
4   WebKit                                     0x135cefa37 WebKit::RemoteLayerTreeDrawingAreaProxyMac::didCommitLayerTree(IPC::Connection&, WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&) + 263 (RemoteLayerTreeDrawingAreaProxyMac.mm:174)
5   WebKit                                     0x135c9b8ad WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree(IPC::Connection&, WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&) + 1661 (RemoteLayerTreeDrawingAreaProxy.mm:175)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230316/90d3bc44/attachment-0001.htm>

More information about the webkit-unassigned mailing list