123549 2013-10-30 19:28:09 -0700 Repro scrolling crash with scrollbars that use setPresentationValue on the scrolling thread 2013-10-31 14:02:45 -0700 1 1 1 Unclassified WebKit Layout and Rendering 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 bdakin bdakin andersca bdakin cmarcelo commit-queue ggaren jamesr luiz simon.fraser thorton tonikitoo oldest_to_newest 945310 0 bdakin 2013-10-30 19:28:09 -0700 We're crashing in ScrollingTreeScrollingNodeMac::setScrollLayerPosition() with what appears to be a bad ScrollbarPainter. <rdar://problem/15246606> 945313 1 215600 bdakin 2013-10-30 19:32:29 -0700 Created attachment 215600 Patch Here's a speculative fix. Unfortunately I have not been able to repro this in my own build, but it is probably timing-dependent, so that might make sense. 945564 2 simon.fraser 2013-10-31 10:19:04 -0700 Beth, I think it would be good to get someone who sees the crash (e.g. Tim) to test this patch. He said it was really easy to hit. 945589 3 bdakin 2013-10-31 11:03:17 -0700 (In reply to comment #2) > Beth, I think it would be good to get someone who sees the crash (e.g. Tim) to test this patch. He said it was really easy to hit. I can repro the crash easily too! But not in a debug or release build. 945598 4 bdakin 2013-10-31 11:24:49 -0700 Committed change with http://trac.webkit.org/changeset/158375 945672 5 bdakin 2013-10-31 13:52:27 -0700 This bug still reproduces. Attempting another speculative fix. 945675 6 215674 bdakin 2013-10-31 13:56:00 -0700 Created attachment 215674 Pacth Here's another speculative fix. 945680 7 bdakin 2013-10-31 14:02:45 -0700 http://trac.webkit.org/changeset/158391 215600 2013-10-30 19:32:29 -0700 2013-10-31 13:56:00 -0700 Patch for-review.txt text/plain 1629 bdakin SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDE1ODMzNykKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE4IEBACisyMDEzLTEwLTMwICBCZXRoIERh a2luICA8YmRha2luQGFwcGxlLmNvbT4KKworICAgICAgICBSZXBybyBzY3JvbGxpbmcgY3Jhc2gg d2l0aCBzY3JvbGxiYXJzIHRoYXQgdXNlIHNldFByZXNlbnRhdGlvblZhbHVlIG9uIHRoZSAKKyAg ICAgICAgc2Nyb2xsaW5nIHRocmVhZAorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9z aG93X2J1Zy5jZ2k/aWQ9MTIzNTQ5CisgICAgICAgIC1hbmQgY29ycmVzcG9uZGluZy0KKyAgICAg ICAgPHJkYXI6Ly9wcm9ibGVtLzE1MjQ2NjA2PgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9E WSAoT09QUyEpLgorCisgICAgICAgIFNwZWN1bGF0aXZlIGZpeC4gSSB0aGluayBpZiB3ZSByZXRh aW4gdGhlIFNjcm9sbGJhclBhaW50ZXJzLCB3ZSBzaG91bGQgYXZvaWQgdGhpcyAKKyAgICAgICAg Y3Jhc2guCisKKyAgICAgICAgKiBwYWdlL3Njcm9sbGluZy9tYWMvU2Nyb2xsaW5nVHJlZVNjcm9s bGluZ05vZGVNYWMuaDoKKwogMjAxMy0xMC0zMCAgVGhpYWdvIGRlIEJhcnJvcyBMYWNlcmRhICA8 dGhpYWdvLmxhY2VyZGFAb3BlbmJvc3NhLm9yZz4KIAogICAgICAgICBTaW1wbGlmeWluZyBNZWRp YVN0cmVhbSBhbmQgTWVkaVN0cmVhbURlc2NyaXB0b3IgY3JlYXRpb24KSW5kZXg6IFNvdXJjZS9X ZWJDb3JlL3BhZ2Uvc2Nyb2xsaW5nL21hYy9TY3JvbGxpbmdUcmVlU2Nyb2xsaW5nTm9kZU1hYy5o Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJDb3JlL3BhZ2Uvc2Nyb2xsaW5nL21hYy9TY3JvbGxp bmdUcmVlU2Nyb2xsaW5nTm9kZU1hYy5oCShyZXZpc2lvbiAxNTgyODUpCisrKyBTb3VyY2UvV2Vi Q29yZS9wYWdlL3Njcm9sbGluZy9tYWMvU2Nyb2xsaW5nVHJlZVNjcm9sbGluZ05vZGVNYWMuaAko d29ya2luZyBjb3B5KQpAQCAtODUsOCArODUsOCBAQCBwcml2YXRlOgogICAgIFJldGFpblB0cjxD QUxheWVyPiBtX2NvdW50ZXJTY3JvbGxpbmdMYXllcjsKICAgICBSZXRhaW5QdHI8Q0FMYXllcj4g bV9oZWFkZXJMYXllcjsKICAgICBSZXRhaW5QdHI8Q0FMYXllcj4gbV9mb290ZXJMYXllcjsKLSAg ICBTY3JvbGxiYXJQYWludGVyIG1fdmVydGljYWxTY3JvbGxiYXJQYWludGVyOwotICAgIFNjcm9s bGJhclBhaW50ZXIgbV9ob3Jpem9udGFsU2Nyb2xsYmFyUGFpbnRlcjsKKyAgICBSZXRhaW5QdHI8 U2Nyb2xsYmFyUGFpbnRlcj4gbV92ZXJ0aWNhbFNjcm9sbGJhclBhaW50ZXI7CisgICAgUmV0YWlu UHRyPFNjcm9sbGJhclBhaW50ZXI+IG1faG9yaXpvbnRhbFNjcm9sbGJhclBhaW50ZXI7CiAgICAg SW50UG9pbnQgbV9wcm9iYWJsZU1haW5UaHJlYWRTY3JvbGxQb3NpdGlvbjsKICAgICBib29sIG1f bGFzdFNjcm9sbEhhZFVuZmlsbGVkUGl4ZWxzOwogfTsK 215674 2013-10-31 13:56:00 -0700 2013-10-31 14:00:33 -0700 Pacth for-review-2.txt text/plain 3538 bdakin SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDE1ODM5MCkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDI0IEBACisyMDEzLTEwLTMxICBCZXRoIERh a2luICA8YmRha2luQGFwcGxlLmNvbT4KKworICAgICAgICBSZXBybyBzY3JvbGxpbmcgY3Jhc2gg d2l0aCBzY3JvbGxiYXJzIHRoYXQgdXNlIHNldFByZXNlbnRhdGlvblZhbHVlIG9uIHRoZSAKKyAg ICAgICAgc2Nyb2xsaW5nIHRocmVhZAorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9z aG93X2J1Zy5jZ2k/aWQ9MTIzNTQ5CisgICAgICAgIC1hbmQgY29ycmVzcG9uZGluZy0KKyAgICAg ICAgPHJkYXI6Ly9wcm9ibGVtLzE1MjQ2NjA2PgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9E WSAoT09QUyEpLgorCisgICAgICAgIEhlcmXigJlzIGFub3RoZXIgc3BlY3VsYXRpdmUgZml4LiBJ ZiBhIHNjcm9sbGJhciB3YXMgcmVtb3ZlZCwgd2Ugd291bGQgbm90IHByb3Blcmx5IAorICAgICAg ICBpbmZvcm0gdGhlIHNjcm9sbGluZyB0aHJlYWQuIEluc3RlYWQgb2YgY2hlY2tpbmcgc3VwcG9y dHNVcGRhdGVPblNlY29uZGFyeVRocmVhZCgpIAorICAgICAgICBiZWZvcmUgY2FsbGluZyBzZXRT Y3JvbGxiYXJQYWludGVyc0Zyb21TY3JvbGxiYXJzKCksIGNoZWNrIGl0IGZyb20gd2l0aGluIAor ICAgICAgICBzZXRTY3JvbGxiYXJQYWludGVyc0Zyb21TY3JvbGxiYXJzKCksIGFuZCB0aGlzIHdp bGwgYWxsb3cgdGhlIFNjcm9sbGJhclBhaW50ZXIgdG8gCisgICAgICAgIGJlIHByb3Blcmx5IHVw ZGF0ZWQuCisKKyAgICAgICAgKiBwYWdlL3Njcm9sbGluZy9tYWMvU2Nyb2xsaW5nQ29vcmRpbmF0 b3JNYWMubW06CisgICAgICAgIChXZWJDb3JlOjpTY3JvbGxpbmdDb29yZGluYXRvck1hYzo6ZnJh bWVWaWV3TGF5b3V0VXBkYXRlZCk6CisgICAgICAgICogcGFnZS9zY3JvbGxpbmcvbWFjL1Njcm9s bGluZ1N0YXRlU2Nyb2xsaW5nTm9kZU1hYy5tbToKKyAgICAgICAgKFdlYkNvcmU6OlNjcm9sbGlu Z1N0YXRlU2Nyb2xsaW5nTm9kZTo6c2V0U2Nyb2xsYmFyUGFpbnRlcnNGcm9tU2Nyb2xsYmFycyk6 CisKIDIwMTMtMTAtMzEgIENzYWJhIE9zenRyb2dvbsOhYyAgPG9zc3lAd2Via2l0Lm9yZz4KIAog ICAgICAgICBVbnJldmlld2VkIHR5cG8gZml4IGFmdGVyIDE1ODM4Ni4gKGJ1aWxkZml4IGFmdGVy IHIxNTgzNjUpCkluZGV4OiBTb3VyY2UvV2ViQ29yZS9wYWdlL3Njcm9sbGluZy9tYWMvU2Nyb2xs aW5nQ29vcmRpbmF0b3JNYWMubW0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL1dlYkNvcmUvcGFnZS9z Y3JvbGxpbmcvbWFjL1Njcm9sbGluZ0Nvb3JkaW5hdG9yTWFjLm1tCShyZXZpc2lvbiAxNTgzNzkp CisrKyBTb3VyY2UvV2ViQ29yZS9wYWdlL3Njcm9sbGluZy9tYWMvU2Nyb2xsaW5nQ29vcmRpbmF0 b3JNYWMubW0JKHdvcmtpbmcgY29weSkKQEAgLTEzMyw5ICsxMzMsNyBAQCB2b2lkIFNjcm9sbGlu Z0Nvb3JkaW5hdG9yTWFjOjpmcmFtZVZpZXdMCiAKICAgICBTY3JvbGxiYXIqIHZlcnRpY2FsU2Ny b2xsYmFyID0gZnJhbWVWaWV3LT52ZXJ0aWNhbFNjcm9sbGJhcigpOwogICAgIFNjcm9sbGJhciog aG9yaXpvbnRhbFNjcm9sbGJhciA9IGZyYW1lVmlldy0+aG9yaXpvbnRhbFNjcm9sbGJhcigpOwot ICAgIGlmICgodmVydGljYWxTY3JvbGxiYXIgJiYgdmVydGljYWxTY3JvbGxiYXItPnN1cHBvcnRz VXBkYXRlT25TZWNvbmRhcnlUaHJlYWQoKSkKLSAgICAgICAgfHwgKGhvcml6b250YWxTY3JvbGxi YXIgJiYgaG9yaXpvbnRhbFNjcm9sbGJhci0+c3VwcG9ydHNVcGRhdGVPblNlY29uZGFyeVRocmVh ZCgpKSkKLSAgICAgICAgc2V0U2Nyb2xsYmFyUGFpbnRlcnNGcm9tU2Nyb2xsYmFyc0Zvck5vZGUo dmVydGljYWxTY3JvbGxiYXIsIGhvcml6b250YWxTY3JvbGxiYXIsIG5vZGUpOworICAgIHNldFNj cm9sbGJhclBhaW50ZXJzRnJvbVNjcm9sbGJhcnNGb3JOb2RlKHZlcnRpY2FsU2Nyb2xsYmFyLCBo b3Jpem9udGFsU2Nyb2xsYmFyLCBub2RlKTsKIAogICAgIFNjcm9sbFBhcmFtZXRlcnMgc2Nyb2xs UGFyYW1ldGVyczsKICAgICBzY3JvbGxQYXJhbWV0ZXJzLmhvcml6b250YWxTY3JvbGxFbGFzdGlj aXR5ID0gZnJhbWVWaWV3LT5ob3Jpem9udGFsU2Nyb2xsRWxhc3RpY2l0eSgpOwpJbmRleDogU291 cmNlL1dlYkNvcmUvcGFnZS9zY3JvbGxpbmcvbWFjL1Njcm9sbGluZ1N0YXRlU2Nyb2xsaW5nTm9k ZU1hYy5tbQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViQ29yZS9wYWdlL3Njcm9sbGluZy9tYWMv U2Nyb2xsaW5nU3RhdGVTY3JvbGxpbmdOb2RlTWFjLm1tCShyZXZpc2lvbiAxNTgzNzkpCisrKyBT b3VyY2UvV2ViQ29yZS9wYWdlL3Njcm9sbGluZy9tYWMvU2Nyb2xsaW5nU3RhdGVTY3JvbGxpbmdO b2RlTWFjLm1tCSh3b3JraW5nIGNvcHkpCkBAIC05OSw4ICs5OSwxMCBAQCB2b2lkIFNjcm9sbGlu Z1N0YXRlU2Nyb2xsaW5nTm9kZTo6c2V0U2NyCiAgICAgICAgIHJldHVybjsKICAgICBTY3JvbGxi YXJUaGVtZU1hYyogbWFjVGhlbWUgPSBzdGF0aWNfY2FzdDxTY3JvbGxiYXJUaGVtZU1hYyo+KHNj cm9sbGJhclRoZW1lKTsKIAotICAgIFNjcm9sbGJhclBhaW50ZXIgdmVydGljYWxQYWludGVyID0g dmVydGljYWxTY3JvbGxiYXIgPyBtYWNUaGVtZS0+cGFpbnRlckZvclNjcm9sbGJhcih2ZXJ0aWNh bFNjcm9sbGJhcikgOiAwOwotICAgIFNjcm9sbGJhclBhaW50ZXIgaG9yaXpvbnRhbFBhaW50ZXIg PSBob3Jpem9udGFsU2Nyb2xsYmFyID8gbWFjVGhlbWUtPnBhaW50ZXJGb3JTY3JvbGxiYXIoaG9y aXpvbnRhbFNjcm9sbGJhcikgOiAwOworICAgIFNjcm9sbGJhclBhaW50ZXIgdmVydGljYWxQYWlu dGVyID0gdmVydGljYWxTY3JvbGxiYXIgJiYgdmVydGljYWxTY3JvbGxiYXItPnN1cHBvcnRzVXBk YXRlT25TZWNvbmRhcnlUaHJlYWQoKQorICAgICAgICA/IG1hY1RoZW1lLT5wYWludGVyRm9yU2Ny b2xsYmFyKHZlcnRpY2FsU2Nyb2xsYmFyKSA6IDA7CisgICAgU2Nyb2xsYmFyUGFpbnRlciBob3Jp em9udGFsUGFpbnRlciA9IGhvcml6b250YWxTY3JvbGxiYXIgJiYgaG9yaXpvbnRhbFNjcm9sbGJh ci0+c3VwcG9ydHNVcGRhdGVPblNlY29uZGFyeVRocmVhZCgpCisgICAgICAgID8gbWFjVGhlbWUt PnBhaW50ZXJGb3JTY3JvbGxiYXIoaG9yaXpvbnRhbFNjcm9sbGJhcikgOiAwOwogCiAgICAgaWYg KG1fdmVydGljYWxTY3JvbGxiYXJQYWludGVyID09IHZlcnRpY2FsUGFpbnRlciAmJiBtX2hvcml6 b250YWxTY3JvbGxiYXJQYWludGVyID09IGhvcml6b250YWxQYWludGVyKQogICAgICAgICByZXR1 cm47Cg==