RESOLVED FIXED 193897
Crash in WebKit::RemoteLayerTreePropertyApplier::updateChildren 
https://bugs.webkit.org/show_bug.cgi?id=193897
Summary Crash in WebKit::RemoteLayerTreePropertyApplier::updateChildren
Antti Koivisto
Reported 2019-01-28 01:23:32 PST
Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000000 VM Region Info: 0 is not in any region. Bytes before following region: 4335222784 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL UNUSED SPACE AT START ---> __TEXT 0000000102664000-000000010283c000 [ 1888K] r-x/r-x SM=COW .../MobileSafari Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [283] Triggered by Thread: 0 Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 WebKit 0x00000001bad2b4b0 WebKit::RemoteLayerTreePropertyApplier::applyProperties(WebKit::RemoteLayerTreeNode&, WebKit::RemoteLayerTreeHost*, WebKit::RemoteLayerTreeTransaction::LayerProperties const&, WTF::HashMap<unsigned long long, std::__1::unique_ptr<WebKit::RemoteLayerTreeNode, std::__1::default_delete<WebKit::RemoteLayerTreeNode> >, WTF::IntHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<std::__1::unique_ptr<WebKit::RemoteLayerTreeNode, std::__1::default_delete<WebKit::RemoteLayerTreeNode> > > > const&, WebKit::RemoteLayerBackingStore::LayerContentsType) + 28 (RetainPtr.h:90) 1 WebKit 0x00000001baddfda0 WebKit::RemoteLayerTreeHost::updateLayerTree(WebKit::RemoteLayerTreeTransaction const&, float) + 592 (RemoteLayerTreeHost.mm:108) 2 WebKit 0x00000001baddfda0 WebKit::RemoteLayerTreeHost::updateLayerTree(WebKit::RemoteLayerTreeTransaction const&, float) + 592 (RemoteLayerTreeHost.mm:108) 3 WebKit 0x00000001baddf84c WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree(WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&) + 120 (RemoteLayerTreeDrawingAreaProxy.mm:205) 4 WebKit 0x00000001bac8e198 void IPC::handleMessage<Messages::RemoteLayerTreeDrawingAreaProxy::CommitLayerTree, WebKit::RemoteLayerTreeDrawingAreaProxy, void (WebKit::RemoteLayerTreeDrawingAreaProxy::*)(WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&)>(IPC::Decoder&, WebKit::RemoteLayerTreeDrawingAreaProxy*, void (WebKit::RemoteLayerTreeDrawingAreaProxy::*)(WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&)) + 120 (HandleMessage.h:41) 5 WebKit 0x00000001bac71f44 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 120 (MessageReceiverMap.cpp:0) 6 WebKit 0x00000001bae2fbec WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 32 (WebProcessProxy.cpp:651)
Attachments
patch (2.65 KB, patch)
2019-01-28 01:38 PST, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
patch (3.06 KB, patch)
2019-01-28 01:43 PST, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Antti Koivisto
Comment 1 2019-01-28 01:23:54 PST
<rdar://problem/47427750>
Antti Koivisto
Comment 2 2019-01-28 01:38:06 PST
Created attachment 360326 [details] patch
Antti Koivisto
Comment 3 2019-01-28 01:43:09 PST
Created attachment 360327 [details] patch
Javier Fernandez
Comment 4 2019-01-28 05:37:51 PST
Comment on attachment 360327 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=360327&action=review > Source/WebKit/Shared/RemoteLayerTree/RemoteLayerTreePropertyApplier.mm:284 > + return childNode && childNode->uiView(); Does this 'childNode' check make sense after the ASSERT ?
Simon Fraser (smfr)
Comment 5 2019-01-28 11:28:46 PST
Comment on attachment 360327 [details] patch r=me but I would like to understand why this happens.
Tim Horton
Comment 6 2019-01-28 11:34:01 PST
+1 what smfr said, this is a papering over a pretty scary symptom that we should probably investigate the root cause of
WebKit Commit Bot
Comment 7 2019-01-30 10:44:30 PST
Comment on attachment 360327 [details] patch Clearing flags on attachment: 360327 Committed r240717: <https://trac.webkit.org/changeset/240717>
WebKit Commit Bot
Comment 8 2019-01-30 10:44:31 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.