99350 2012-10-15 12:27:10 -0700 REGRESSION (r131238): Repro crash in WebCore::ScrollingStateTree::removeNode(WebCore::ScrollingStateNode*) opening pdf page 2012-10-15 12:40:20 -0700 1 1 1 Unclassified WebKit Layout and Rendering 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar, Regression P2 Normal --- 1 bdakin bdakin bdakin oldest_to_newest 742275 0 bdakin 2012-10-15 12:27:10 -0700 <rdar://problem/12499839> Correction to steps: 1. on google.com look for a PDF 2. click first pdf link. I don't seem to reproduce when opening pdf link from history list. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00007fffba6b2f3c WebCore::ScrollingStateTree::removeNode(WebCore::ScrollingStateNode*) + 28 1 com.apple.WebCore 0x00007fffba52334f WebCore::ScrollingCoordinatorMac::detachFromStateTree(unsigned long long) + 63 2 com.apple.WebCore 0x00007fffba486dda WebCore::RenderLayerBacking::~RenderLayerBacking() + 410 3 com.apple.WebCore 0x00007fffb9a8c91e WebCore::RenderLayerBacking::~RenderLayerBacking() + 14 4 com.apple.WebCore 0x00007fffba4795f4 WebCore::RenderLayer::~RenderLayer() + 724 5 com.apple.WebCore 0x00007fffb99e71fe WebCore::RenderLayer::~RenderLayer() + 14 6 com.apple.WebCore 0x00007fffb99e71de WebCore::RenderLayer::destroy(WebCore::RenderArena*) + 30 7 com.apple.WebCore 0x00007fffba4f8651 WebCore::RenderLayerModelObject::destroyLayer() + 33 8 com.apple.WebCore 0x00007fffba49ee84 WebCore::RenderObject::willBeDestroyed() + 260 9 com.apple.WebCore 0x00007fffba44e9d4 WebCore::RenderBoxModelObject::willBeDestroyed() + 132 10 com.apple.WebCore 0x00007fffba4407ee WebCore::RenderBox::willBeDestroyed() + 78 11 com.apple.WebCore 0x00007fffba41c15e WebCore::RenderBlock::willBeDestroyed() + 382 12 com.apple.WebCore 0x00007fffb99e5cf2 WebCore::RenderObject::destroy() + 18 13 com.apple.WebCore 0x00007fffb99e5932 WebCore::Document::detach() + 706 14 com.apple.WebCore 0x00007fffb9d1d989 WebCore::CachedFrame::destroy() + 201 15 com.apple.WebCore 0x00007fffb9d1d878 WebCore::CachedPage::destroy() + 24 16 com.apple.WebCore 0x00007fffb9ac454f WebCore::PageCache::releaseAutoreleasedPagesNow() + 159 17 com.apple.WebCore 0x00007fffb997463f WebCore::ThreadTimers::sharedTimerFiredInternal() + 159 18 com.apple.WebCore 0x00007fffba53f83a WebCore::timerFired(__CFRunLoopTimer*, void*) + 58 19 com.apple.CoreFoundation 0x00007fffb9052974 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 20 com.apple.CoreFoundation 0x00007fffb9052485 __CFRunLoopDoTimer + 1045 21 com.apple.CoreFoundation 0x00007fffb90384ae __CFRunLoopRun + 1390 22 com.apple.CoreFoundation 0x00007fffb9037b39 CFRunLoopRunSpecific + 297 23 com.apple.HIToolbox 0x00007fffb93c48f2 RunCurrentEventLoopInMode + 231 24 com.apple.HIToolbox 0x00007fffb93c46a2 ReceiveNextEventCommon + 420 25 com.apple.HIToolbox 0x00007fffb94d5cdc _BlockUntilNextEventMatchingListInModeWithFilter + 65 26 com.apple.AppKit 0x00007fffbfe8ce54 _DPSNextEvent + 1452 27 com.apple.AppKit 0x00007fffbfe8c431 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 119 28 com.apple.AppKit 0x00007fffbfe845ca -[NSApplication run] + 542 29 com.apple.AppKit 0x00007fffbfe2d356 NSApplicationMain + 911 30 com.apple.XPCService 0x00007fffbd60b059 _xpc_main + 385 31 libxpc.dylib 0x00007fffc0eaefdd xpc_main + 299 32 com.apple.WebKit2 0x00007fffc0ff7614 WebProcessServiceMain + 35 33 libdyld.dylib 0x00007fffb7ffb76d start + 1 742279 1 168754 bdakin 2012-10-15 12:34:47 -0700 Created attachment 168754 Patch 742292 2 bdakin 2012-10-15 12:40:20 -0700 Thanks, Simon! http://trac.webkit.org/changeset/131336 168754 2012-10-15 12:34:47 -0700 2012-10-15 12:37:44 -0700 Patch crash-fix.txt text/plain 2003 bdakin SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDEzMTMzMykKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE5IEBACisyMDEyLTEwLTE1ICBCZXRoIERh a2luICA8YmRha2luQGFwcGxlLmNvbT4KKworICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9y Zy9zaG93X2J1Zy5jZ2k/aWQ9OTkzNTAKKyAgICAgICAgUkVHUkVTU0lPTiAocjEzMTIzOCk6IFJl cHJvIGNyYXNoIGluIAorICAgICAgIFdlYkNvcmU6OlNjcm9sbGluZ1N0YXRlVHJlZTo6cmVtb3Zl Tm9kZShXZWJDb3JlOjpTY3JvbGxpbmdTdGF0ZU5vZGUqKSAKKyAgICAgICAgb3BlbmluZyBwZGYg cGFnZQorICAgICAgICAtYW5kIGNvcnJlc3BvbmRpbmctCisgICAgICAgIDxyZGFyOi8vcHJvYmxl bS8xMjQ5OTgzOT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAg ICAgICBXZSBoYXZlIHRvIG51bGwtY2hlY2sgbm9kZSBoZXJlLiBJdCB3b24ndCBiZSBmb3VuZCBp ZiAgCisgICAgICAgIGNsZWFyU3RhdGVUcmVlKCkgd2FzIHJlY2VudGx5IGNhbGxlZC4KKyAgICAg ICAgKiBwYWdlL3Njcm9sbGluZy9tYWMvU2Nyb2xsaW5nQ29vcmRpbmF0b3JNYWMubW06CisgICAg ICAgIChXZWJDb3JlOjpTY3JvbGxpbmdDb29yZGluYXRvck1hYzo6ZGV0YWNoRnJvbVN0YXRlVHJl ZSk6CisKIDIwMTItMTAtMTUgIENocmlzdG9waGUgRHVtZXogIDxjaHJpc3RvcGhlLmR1bWV6QGlu dGVsLmNvbT4KIAogICAgICAgICBbRUZMXSBQcm92aWRlIGxvZ2dpbmcgZm9yIE9ubGluZVN0YXRl IGRldGVjdGlvbiBjb2RlCkluZGV4OiBTb3VyY2UvV2ViQ29yZS9wYWdlL3Njcm9sbGluZy9tYWMv U2Nyb2xsaW5nQ29vcmRpbmF0b3JNYWMubW0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL1dlYkNvcmUv cGFnZS9zY3JvbGxpbmcvbWFjL1Njcm9sbGluZ0Nvb3JkaW5hdG9yTWFjLm1tCShyZXZpc2lvbiAx MzEzMjQpCisrKyBTb3VyY2UvV2ViQ29yZS9wYWdlL3Njcm9sbGluZy9tYWMvU2Nyb2xsaW5nQ29v cmRpbmF0b3JNYWMubW0JKHdvcmtpbmcgY29weSkKQEAgLTI1NywxMiArMjU3LDE2IEBAIHZvaWQg U2Nyb2xsaW5nQ29vcmRpbmF0b3JNYWM6OmRldGFjaEZyb20KICAgICBpZiAoIXNjcm9sbExheWVy SUQpCiAgICAgICAgIHJldHVybjsKIAorICAgIC8vIFRoZSBub2RlIG1heSBub3QgYmUgZm91bmQg aWYgY2xlYXJTdGF0ZVRyZWUoKSB3YXMgcmVjZW50bHkgY2FsbGVkLgogICAgIFNjcm9sbGluZ1N0 YXRlTm9kZSogbm9kZSA9IG1fc3RhdGVOb2RlTWFwLnRha2Uoc2Nyb2xsTGF5ZXJJRCk7CisgICAg aWYgKCFub2RlKQorICAgICAgICByZXR1cm47CisKICAgICBtX3Njcm9sbGluZ1N0YXRlVHJlZS0+ cmVtb3ZlTm9kZShub2RlKTsKIAogICAgIC8vIFNjcm9sbGluZ1N0YXRlVHJlZTo6cmVtb3ZlTm9k ZSgpIHdpbGwgZGVzdHJveSBjaGlsZHJlbiwgc28gd2UgaGF2ZSB0byBtYWtlIHN1cmUgd2UgcmVt b3ZlIHRob3NlIGNoaWxkcmVuCiAgICAgLy8gZnJvbSB0aGUgSGFzaE1hcC4KLSAgIGNvbnN0IFZl Y3RvcjxTY3JvbGxpbmdOb2RlSUQ+JiByZW1vdmVkTm9kZXMgPSBtX3Njcm9sbGluZ1N0YXRlVHJl ZS0+cmVtb3ZlZE5vZGVzKCk7CisgICAgY29uc3QgVmVjdG9yPFNjcm9sbGluZ05vZGVJRD4mIHJl bW92ZWROb2RlcyA9IG1fc2Nyb2xsaW5nU3RhdGVUcmVlLT5yZW1vdmVkTm9kZXMoKTsKICAgICBz aXplX3Qgc2l6ZSA9IHJlbW92ZWROb2Rlcy5zaXplKCk7CiAgICAgZm9yIChzaXplX3QgaSA9IDA7 IGkgPCBzaXplOyArK2kpCiAgICAgICAgIG1fc3RhdGVOb2RlTWFwLnJlbW92ZShyZW1vdmVkTm9k ZXNbaV0pOwo=