There is a crash in ScrollingTree::isRubberBandInProgress() that seems to indicate that the ScrollingNode's ScrollingTree pointer is null. This seems to be a race condition that can occur when tearing down a page. 3 libsystem_pthread.dylib: _pthread_mutex_check_init + 17 3 libsystem_pthread.dylib: _pthread_mutex_lock + 28 ==> 3 com.apple.WebCore: WebCore::ScrollingTree::isRubberBandInProgress + 22 <== 3 com.apple.WebCore: WebCore::ScrollingTreeScrollingNode::updateBeforeChildren + 58 3 com.apple.WebCore: WebCore::ScrollingTreeScrollingNodeMac::updateBeforeChildren + 24 3 com.apple.WebCore: WebCore::ScrollingTree::updateTreeFromStateNode + 541 3 com.apple.WebCore: WebCore::ScrollingTree::commitNewTreeState + 295 3 com.apple.WebCore: WebCore::ThreadedScrollingTree::commitNewTreeState + 29 3 com.apple.WebCore: WTF::FunctionWrapper<void + 57 3 com.apple.WebCore: WTF::BoundFunctionImpl<WTF::FunctionWrapper<void + 44 3 com.apple.WebCore: WebCore::ScrollingThread::dispatchFunctionsFromScrollingThread + 121 3 com.apple.WebCore: WebCore::ScrollingThread::threadRunLoopSourceCallback + 65 3 com.apple.CoreFoundation: <rdar://problem/16247911>
Created attachment 233853 [details] Patch
Comment on attachment 233853 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=233853&action=review Am I allowed to review this? Maybe I am. > Source/WebCore/ChangeLog:13 > + believe that the ScrollingCoordinatorâs ScrollingTree pointer had been null-ed out Squiggly apostrophe. > Source/WebCore/ChangeLog:16 > + creation back to the scrolling thread and to use the this pointer to create new For clarity, I think "scrolling thread" should be "scrolling tree" here. Node creation was always happening on the scrolling thread -- but it was using data from the scrolling coordinator, which was not thread-safe. > Source/WebCore/ChangeLog:17 > + nodes rather than the ScrollingCoordinatorâs pointer. Squiggles.
Thank you! Fixed the thingies. http://trac.webkit.org/changeset/170451