This coordinated graphics assertion is reproducible by clicking the video conference button on https://talkgadget.google.com in Epiphany. Both the original browser tab and the new tab created when clicking the button display the crash error page, but it's just one crash because the new webview is related (sharing the original web process): ASSERTION FAILED: !source || is<Target>(*source) ../../Source/WTF/wtf/TypeCasts.h(89) : typename WTF::match_constness<Source, Target>::type* WTF::downcast(Source*) [with Target = WebCore::CoordinatedGraphicsLayer; Source = WebCore::GraphicsLayer; typename WTF::match_constness<Source, Target>::type = WebCore::CoordinatedGraphicsLayer] 1 0x7fffe935ff82 /home/mcatanzaro/src/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x1e) [0x7fffe935ff82] 2 0x7fffe935ff98 /home/mcatanzaro/src/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(+0x2498f98) [0x7fffe935ff98] 3 0x7ffff30f9520 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF8downcastIN7WebCore24CoordinatedGraphicsLayerENS1_13GraphicsLayerEEEPNS_15match_constnessIT0_T_E4typeEPS5_+0x4a) [0x7ffff30f9520] 4 0x7ffff30fa106 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore24CoordinatedGraphicsLayer16removeFromParentEv+0x20) [0x7ffff30fa106] 5 0x7ffff2990634 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore13GraphicsLayer15willBeDestroyedEv+0xc6) [0x7ffff2990634] 6 0x7ffff30f9e7a /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore24CoordinatedGraphicsLayerD1Ev+0x134) [0x7ffff30f9e7a] 7 0x7ffff30f9f50 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore24CoordinatedGraphicsLayerD0Ev+0x18) [0x7ffff30f9f50] 8 0x7ffff164dd5c /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNKSt14default_deleteIN7WebCore13GraphicsLayerEEclEPS1_+0x2e) [0x7ffff164dd5c] 9 0x7ffff1957c4d /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNSt10unique_ptrIN7WebCore13GraphicsLayerESt14default_deleteIS1_EE5resetEPS1_+0x53) [0x7ffff1957c4d] 10 0x7ffff1955beb /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNSt10unique_ptrIN7WebCore13GraphicsLayerESt14default_deleteIS1_EEaSEDn+0x21) [0x7ffff1955beb] 11 0x7ffff2c277b6 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18RenderLayerBacking27updateChildClippingStrategyEb+0x3a0) [0x7ffff2c277b6] 12 0x7ffff2c216cc /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18RenderLayerBacking19updateConfigurationEv+0x2b2) [0x7ffff2c216cc] 13 0x7ffff2c34df6 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore21RenderLayerCompositor27rebuildCompositingLayerTreeERNS_11RenderLayerERN3WTF6VectorIPNS_13GraphicsLayerELm0ENS3_15CrashOnOverflowELm16EEEi+0xb8) [0x7ffff2c34df6] 14 0x7ffff2c3514d /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore21RenderLayerCompositor27rebuildCompositingLayerTreeERNS_11RenderLayerERN3WTF6VectorIPNS_13GraphicsLayerELm0ENS3_15CrashOnOverflowELm16EEEi+0x40f) [0x7ffff2c3514d] 15 0x7ffff2c3514d /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore21RenderLayerCompositor27rebuildCompositingLayerTreeERNS_11RenderLayerERN3WTF6VectorIPNS_13GraphicsLayerELm0ENS3_15CrashOnOverflowELm16EEEi+0x40f) [0x7ffff2c3514d] 16 0x7ffff2c31af1 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore21RenderLayerCompositor23updateCompositingLayersENS_21CompositingUpdateTypeEPNS_11RenderLayerE+0x5bf) [0x7ffff2c31af1] 17 0x7ffff27b2551 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore9FrameView34updateCompositingLayersAfterLayoutEv+0x55) [0x7ffff27b2551] 18 0x7ffff27b4580 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore9FrameView6layoutEb+0x115e) [0x7ffff27b4580] 19 0x7ffff27c0385 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore9FrameView37updateLayoutAndStyleIfNeededRecursiveEv+0x85) [0x7ffff27c0385] 20 0x7ffff1952e84 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit22CompositingCoordinator16syncDisplayStateEv+0x2c) [0x7ffff1952e84] 21 0x7ffff195f7c3 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit24CoordinatedLayerTreeHost20layerFlushTimerFiredEv+0x3f) [0x7ffff195f7c3] 22 0x7ffff195fd58 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF7RunLoop5TimerIN6WebKit24CoordinatedLayerTreeHostEE5firedEv+0x66) [0x7ffff195fd58] 23 0x7fffe93c7731 /home/mcatanzaro/src/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(+0x2500731) [0x7fffe93c7731] 24 0x7fffe93c776d /home/mcatanzaro/src/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(+0x250076d) [0x7fffe93c776d] 25 0x7fffe93c6d94 /home/mcatanzaro/src/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(+0x24ffd94) [0x7fffe93c6d94] 26 0x7fffe93c6dc3 /home/mcatanzaro/src/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(+0x24ffdc3) [0x7fffe93c6dc3] 27 0x7fffe16b12de /home/mcatanzaro/src/jhbuild/install/lib/libglib-2.0.so.0(+0x542de) [0x7fffe16b12de] 28 0x7fffe16b2160 /home/mcatanzaro/src/jhbuild/install/lib/libglib-2.0.so.0(g_main_context_dispatch+0x33) [0x7fffe16b2160] 29 0x7fffe16b2344 /home/mcatanzaro/src/jhbuild/install/lib/libglib-2.0.so.0(+0x55344) [0x7fffe16b2344] 30 0x7fffe16b276a /home/mcatanzaro/src/jhbuild/install/lib/libglib-2.0.so.0(g_main_loop_run+0x1d5) [0x7fffe16b276a] 31 0x7fffe93c7374 /home/mcatanzaro/src/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF7RunLoop3runEv+0xac) [0x7fffe93c7374]
This is 100% reproducible by playing any YouTube video and clicking on the settings button. ASSERTION FAILED: !source || is<Target>(*source) ../../Source/WTF/wtf/TypeCasts.h(89) : typename WTF::match_constness<Source, Target>::type* WTF::downcast(Source*) [with Target = WebCore::CoordinatedGraphicsLayer; Source = WebCore::GraphicsLayer; typename WTF::match_constness<Source, Target>::type = WebCore::CoordinatedGraphicsLayer] #0 0x00007f2a7fd59e87 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:273 No locals. #1 0x00007f2a7fd59e98 in WTFCrashWithSecurityImplication () at ../../Source/WTF/wtf/Assertions.cpp:294 No locals. #2 0x00007f2a89845859 in WTF::downcast<WebCore::CoordinatedGraphicsLayer, WebCore::GraphicsLayer> (source=0x7f2a10478900) at ../../Source/WTF/wtf/TypeCasts.h:89 __PRETTY_FUNCTION__ = "typename WTF::match_constness<Source, Target>::type* WTF::downcast(Source*) [with Target = WebCore::CoordinatedGraphicsLayer; Source = WebCore::GraphicsLayer; typename WTF::match_constness<Source, Tar"... #3 0x00007f2a89840250 in WebCore::CoordinatedGraphicsLayer::removeFromParent ( this=0x7f29f41e7000) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:206 parentLayer = 0x7f29f4f33840 #4 0x00007f2a8afb099a in WebCore::GraphicsLayer::willBeDestroyed ( this=0x7f29f41e7000) at ../../Source/WebCore/platform/graphics/GraphicsLayer.cpp:170 No locals. #5 0x00007f2a8983ffc5 in WebCore::CoordinatedGraphicsLayer::~CoordinatedGraphicsLayer (this=0x7f29f41e7000, __in_chrg=<optimized out>) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:159 No locals. #6 0x00007f2a8984009a in WebCore::CoordinatedGraphicsLayer::~CoordinatedGraphicsLayer (this=0x7f29f41e7000, __in_chrg=<optimized out>) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:160 No locals. #7 0x00007f2a8943b2b6 in std::default_delete<WebCore::GraphicsLayer>::operator() (this=0x7f29f4f33888, __ptr=0x7f29f41e7000) at /usr/include/c++/7/bits/unique_ptr.h:78 No locals. #8 0x00007f2a8970f823 in std::unique_ptr<WebCore::GraphicsLayer, std::default_delete<WebCore::GraphicsLayer> >::reset (this=0x7f29f4f33888, __p=0x7f29f41e7000) at /usr/include/c++/7/bits/unique_ptr.h:376 No locals. #9 0x00007f2a8970daeb in std::unique_ptr<WebCore::GraphicsLayer, std::default_delete<WebCore::GraphicsLayer> >::operator=(decltype(nullptr)) ( this=0x7f29f4f33888) at /usr/include/c++/7/bits/unique_ptr.h:312 No locals. #10 0x00007f2a8b2a479c in WebCore::RenderLayerBacking::updateChildClippingStrategy (this=0x7f29f4f33840, needsDescendantsClippingLayer=false) at ../../Source/WebCore/rendering/RenderLayerBacking.cpp:1704 No locals. #11 0x00007f2a8b29e958 in WebCore::RenderLayerBacking::updateConfiguration ( this=0x7f29f4f33840) at ../../Source/WebCore/rendering/RenderLayerBacking.cpp:708 layerConfigChanged = true needsDescendantsClippingLayer = false contentsInfo = {m_backing = @0x7ffee4fa8810, m_boxDecorations = -1960043926, m_content = 32554, m_subpixelAntialiasedText = 1828332384, m_contentsType = 32554} #12 0x00007f2a8b2aeaa4 in WebCore::RenderLayerCompositor::rebuildCompositingLayerTree (this=0x7f2a6cfa44f8, layer=..., childLayersOfEnclosingLayer=..., depth=2) at ../../Source/WebCore/rendering/RenderLayerCompositor.cpp:1538 layerBacking = 0x7f29f4f33840 layerChildren = {<WTF::VectorBuffer<WebCore::GraphicsLayer*, 0, WTF::FastMalloc>> = {<WTF::VectorBufferBase<WebCore::GraphicsLayer*, WTF::FastMalloc>> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>} childList = @0x7ffee4fa8890: {<WTF::VectorBuffer<WebCore::GraphicsLayer*, 0, WTF::FastMalloc>> = {<WTF::VectorBufferBase<WebCore::GraphicsLayer*, WTF::FastMalloc>> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>} mutationChecker = {m_layer = 0x7f2a0fed8120, m_previousMutationAllowedState = true} #13 0x00007f2a8b2aed64 in WebCore::RenderLayerCompositor::rebuildCompositingLayerTree (this=0x7f2a6cfa44f8, layer=..., childLayersOfEnclosingLayer=..., depth=1) at ../../Source/WebCore/rendering/RenderLayerCompositor.cpp:1580 renderLayer = 0x7f29dd93e7e0 __for_range = @0x7f2a113ea420: {<WTF::VectorBuffer<WebCore::RenderLayer*, 0, WTF::FastMalloc>> = {<WTF::VectorBufferBase<WebCore::RenderLayer*, WTF::FastMalloc>> = {m_buffer = 0x7f29ea271000, m_capacity = 214, m_size = 188}, <No data fields>}, <No data fields>} __for_begin = 0x7f29ea271548 __for_end = 0x7f29ea2715e0 posZOrderList = 0x7f2a113ea420 layerBacking = 0x0 layerChildren = {<WTF::VectorBuffer<WebCore::GraphicsLayer*, 0, WTF::FastMalloc>> = {<WTF::VectorBufferBase<WebCore::GraphicsLayer*, WTF::FastMalloc>> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>} childList = @0x7ffee4fa8ad0: {<WTF::VectorBuffer<WebCore::GraphicsLayer*, 0, WTF::FastMalloc>> = {<WTF::VectorBufferBase<WebCore::GraphicsLayer*, WTF::FastMalloc>> = {m_buffer = 0x7f2a0f481680, m_capacity = 16, m_size = 11}, <No data fields>}, <No data fields>} mutationChecker = {m_layer = 0x7f2a6cfa2b40, m_previousMutationAllowedState = true} #14 0x00007f2a8b2aed64 in WebCore::RenderLayerCompositor::rebuildCompositingLayerTree (this=0x7f2a6cfa44f8, layer=..., childLayersOfEnclosingLayer=..., depth=0) at ../../Source/WebCore/rendering/RenderLayerCompositor.cpp:1580 renderLayer = 0x7f2a6cfa2b40 __for_range = @0x7f2a1b2965e0: {<WTF::VectorBuffer<WebCore::RenderLayer*, 0, WTF::FastMalloc>> = {<WTF::VectorBufferBase<WebCore::RenderLayer*, WTF::FastMalloc>> = {m_buffer = 0x7f2a1b26d980, m_capacity = 16, m_size = 1}, <No data fields>}, <No data fields>} __for_begin = 0x7f2a1b26d980 __for_end = 0x7f2a1b26d988 posZOrderList = 0x7f2a1b2965e0 layerBacking = 0x7f2a0f40e8f0 layerChildren = {<WTF::VectorBuffer<WebCore::GraphicsLayer*, 0, WTF::FastMalloc>> = {<WTF::VectorBufferBase<WebCore::GraphicsLayer*, WTF::FastMalloc>> = {m_buffer = 0x7f2a0f481680, m_capacity = 16, m_size = 11}, <No data fields>}, <No data fields>} childList = @0x7ffee4fa8ad0: {<WTF::VectorBuffer<WebCore::GraphicsLayer*, 0, WTF::FastMalloc>> = {<WTF::VectorBufferBase<WebCore::GraphicsLayer*, WTF::FastMalloc>> = {m_buffer = 0x7f2a0f481680, m_capacity = 16, m_size = 11}, <No data fields>}, <No data fields>} mutationChecker = {m_layer = 0x7f2a6cfa2360, m_previousMutationAllowedState = true} #15 0x00007f2a8b2abc5b in WebCore::RenderLayerCompositor::updateCompositingLayers (this=0x7f2a6cfa44f8, updateType=WebCore::CompositingUpdateType::AfterLayout, updateRoot=0x7f2a6cfa2360) at ../../Source/WebCore/rendering/RenderLayerCompositor.cpp:735 childList = {<WTF::VectorBuffer<WebCore::GraphicsLayer*, 0, WTF::FastMalloc>> = {<WTF::VectorBufferBase<WebCore::GraphicsLayer*, WTF::FastMalloc>> = { m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>} __PRETTY_FUNCTION__ = "bool WebCore::RenderLayerCompositor::updateCompositingLayers(WebCore::CompositingUpdateType, WebCore::RenderLayer*)" animationUpdateBlock = {m_animationController = 0x7f2a6cfff938} postLayoutChange = {m_scopedVariable = @0x7f2a6cfa4567, m_originalValue = false} checkForHierarchyUpdate = true needGeometryUpdate = false needHierarchyUpdate = true isFullUpdate = true startTime = {static clockType = WTF::ClockType::Monotonic, m_value = 0} #16 0x00007f2a8ada47ad in WebCore::FrameView::updateCompositingLayersAfterLayout (this=0x7f2a228f4900) at ../../Source/WebCore/page/FrameView.cpp:802 renderView = 0x7f2a1c2004f0 #17 0x00007f2a8ada5d24 in WebCore::FrameView::didLayout (this=0x7f2a228f4900, layoutRoot=...) at ../../Source/WebCore/page/FrameView.cpp:1270 layoutRootEnclosingLayer = 0x7f2a6cfa2360 #18 0x00007f2a8adb59fa in WebCore::LayoutContext::layout (this=0x7f2a228f4c80) at ../../Source/WebCore/page/LayoutContext.cpp:206 layoutPhase = {m_scopedVariable = @0x7f2a228f4d10, m_originalValue = WebCore::LayoutContext::LayoutPhase::OutsideLayout} __PRETTY_FUNCTION__ = "void WebCore::LayoutContext::layout()" protectView = {static isRef = <optimized out>, m_ptr = 0x7f2a228f4900} layoutScope = {m_view = @0x7f2a228f4900, m_nestedState = { m_scopedVariable = @0x7f2a228f4d14, m_originalValue = WebCore::LayoutContext::LayoutNestedState::NotInLayout}, m_schedulingIsEnabled = {m_scopedVariable = @0x7f2a228f4d08, m_originalValue = true}, m_inProgrammaticScroll = false} tracingScope = {m_exitCode = LayoutEnd} inspectorLayoutScope = {m_instrumentingAgents = { static isRefPtr = <optimized out>, m_ptr = 0x0}, m_timelineAgentId = 0} animationUpdateBlock = {m_animationController = 0x7f2a6cfff938} layoutRoot = {m_ref = {static isRefPtr = <optimized out>, m_ptr = 0x7f2a1b2a3dc0}} #19 0x00007f2a8a725e45 in WebCore::Document::updateLayout (this=0x7f2a6cf8a000) at ../../Source/WebCore/dom/Document.cpp:1985 __PRETTY_FUNCTION__ = "void WebCore::Document::updateLayout()" frameView = {static isRefPtr = <optimized out>, m_ptr = 0x7f2a228f4900} repaintRegionAccumulator = {m_rootView = {m_ref = { static isRefPtr = <optimized out>, m_ptr = 0x7f2a1b2a3dc0}}, m_wasAccumulatingRepaintRegion = false} layoutCheckPoint = {<No data fields>} #20 0x00007f2a8a725ec2 in WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0x7f2a6cf8a000, runPostLayoutTasks=WebCore::Document::RunPostLayoutTasks::Asynchronously) at ../../Source/WebCore/dom/Document.cpp:1999 oldIgnore = false #21 0x00007f2a8a79e093 in WebCore::Element::boundingClientRect ( this=0x7f2a1b2f9f70) at ../../Source/WebCore/dom/Element.cpp:1222 renderer = 0x7f2a89310c40 <WebCore::JSDOMWrapper<WebCore::EventTarget>::wrapped() const+28> quads = {<WTF::VectorBuffer<WebCore::FloatQuad, 0, WTF::FastMalloc>> = {<WTF::VectorBufferBase<WebCore::FloatQuad, WTF::FastMalloc>> = { m_buffer = 0x7ffee4fa93c0, m_capacity = 2301712372, m_size = 32554}, <No data fields>}, <No data fields>} result = {m_location = {m_x = -3.69786963e+22, m_y = 4.64544454e-41}, m_size = {m_width = 1.27056962e-21, m_height = 4.56178702e-41}} #22 0x00007f2a8a79e422 in WebCore::Element::getBoundingClientRect ( this=0x7f2a1b2f9f70) at ../../Source/WebCore/dom/Element.cpp:1251 No locals. #23 0x00007f2a8996d57d in WebCore::jsElementPrototypeFunctionGetBoundingClientRectBody (state=0x7ffee4fa95e0, castedThis=0x7f29eda89ca0, throwScope=...) at DerivedSources/WebCore/JSElement.cpp:2251 impl = @0x7f2a1b2f9f70: {<WebCore::ContainerNode> = {<WebCore::Node> = {<No data fields>}, m_firstChild = 0x7f29ed643cd0, m_lastChild = 0x7f29ef9c9b40}, m_tagName = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f29f3785e70}}, m_elementData = { static isRefPtr = <optimized out>, m_ptr = 0x7f29efe16100}} #24 0x00007f2a8997bac7 in WebCore::IDLOperation<WebCore::JSElement>::call<WebCore::jsElementPrototypeFunctionGetBoundingClientRectBody> (state=..., operationName=0x7f2a8c216088 "getBoundingClientRect") at ../../Source/WebCore/bindings/js/JSDOMOperation.h:53 __PRETTY_FUNCTION__ = "static JSC::EncodedJSValue WebCore::IDLOperation<JSClass>::call(JSC::ExecState&, const char*) [with JSC::EncodedJSValue (* operation)(JSC::ExecState*, WebCore::IDLOperation<JSClass>::ClassParameter, J"... __FUNCTION__ = "call" throwScope = {<JSC::ExceptionScope> = {m_vm = @0x7f2a1cc00000, m_previousScope = 0x7ffee4fa9b50, m_location = { functionName = 0x7f2a8c225abc <long WebCore::IDLOperation<WebCore::JSElement>::call<&WebCore::jsElementPrototypeFunctionGetBoundingClientRectBody, (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState&, char const*)::__FUNCTION__> "call", file = 0x7f2a8c216ba0 "../../Source/WebCore/bindings/js/JSDOMOperation.h", line = 43}, m_recursionDepth = 4}, m_isReleased = false} thisObject = 0x7f29eda89ca0 #25 0x00007f2a8996d5df in WebCore::jsElementPrototypeFunctionGetBoundingClientRect (state=0x7ffee4fa95e0) at DerivedSources/WebCore/JSElement.cpp:2256 No locals. #26 0x00007f2a2490a168 in ?? () No symbol table info available. #27 0x00007ffee4fa9790 in ?? () No symbol table info available. #28 0x00007f2a249c0fe2 in ?? () No symbol table info available. #29 0x0000000000000000 in ?? () No symbol table info available.
(In reply to Michael Catanzaro from comment #1) > This is 100% reproducible by playing any YouTube video and clicking on the > settings button. You might have to additionally click on the button to show the video resolution selector.
(In reply to Michael Catanzaro from comment #0) > This coordinated graphics assertion is reproducible by clicking the video > conference button on https://talkgadget.google.com in Epiphany. Both the > original browser tab and the new tab created when clicking the button > display the crash error page, but it's just one crash because the new > webview is related (sharing the original web process) That crash is no longer happening. Use YouTube to reproduce.
The problem is the parent layer has already been destroyed. But, from code inspection, it looks like that should be impossible. I'm missing something.
(In reply to Michael Catanzaro from comment #4) > The problem is the parent layer has already been destroyed. But, from code > inspection, it looks like that should be impossible. I'm missing something. More specifically, the problem is that, at the time the parent layer was destroyed, it had no children, i.e. its m_children.size() was 0, so it did not unparent the child layer when destroyed, because it did not know about the child layer. But the child layer still holds a dangling pointer to the parent layer. Remaining question is why.
Created attachment 328106 [details] Patch
(In reply to Michael Catanzaro from comment #6) > Created attachment 328106 [details] > Patch This really ought to have a layout test. Figuring out how to do that seems a lot harder than fixing the crash, though.
Any reviewers interested in this one?
Comment on attachment 328106 [details] Patch Clearing flags on attachment: 328106 Committed r226368: <https://trac.webkit.org/changeset/226368>
All reviewed patches have been landed. Closing bug.