RESOLVED FIXED 206915
Add logging to detect cause of rare crash at RenderLayer::calculateLayerBounds const 
https://bugs.webkit.org/show_bug.cgi?id=206915
Summary Add logging to detect cause of rare crash at RenderLayer::calculateLayerBound...
Simon Fraser (smfr)
Reported 2020-01-28 16:36:17 PST
We see a rare crash with this backtrace: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000038 Exception Note: EXC_CORPSE_NOTIFY Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00007fff44232405 WebCore::RenderLayer::calculateLayerBounds(WebCore::RenderLayer const*, WebCore::LayoutSize const&, WTF::OptionSet<WebCore::RenderLayer::CalculateLayerBoundsFlag>) const + 21 1 com.apple.WebCore 0x00007fff42e0e3cf WebCore::RenderLayerBacking::updateCompositedBounds() + 47 2 com.apple.WebCore 0x00007fff442283e7 WebCore::RenderLayerBacking::updateAfterLayout(bool, bool) + 23 3 com.apple.WebCore 0x00007fff442275d2 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 1586 4 com.apple.WebCore 0x00007fff4422741e WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 1150 5 com.apple.WebCore 0x00007fff4422741e WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 1150 6 com.apple.WebCore 0x00007fff44226f7b WebCore::RenderLayer::updateLayerPositionsAfterLayout(WebCore::RenderLayer const*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 91 7 com.apple.WebCore 0x00007fff43f74142 WebCore::FrameView::didLayout(WTF::WeakPtr<WebCore::RenderElement>) + 338 8 com.apple.WebCore 0x00007fff43f80b02 WebCore::FrameViewLayoutContext::layout() + 1458 9 com.apple.WebCore 0x00007fff42df7307 WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() + 1399 10 com.apple.WebKit 0x00007fff44c51bd6 WebKit::TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded() + 38 11 com.apple.WebKit 0x00007fff4494f85c WebKit::TiledCoreAnimationDrawingArea::flushLayers() + 50 0x0000000000000038 is the offset of the bitset including m_isSelfPaintingLayer so it seems to be crashing here: -> 376 bool isSelfPaintingLayer() const { return m_isSelfPaintingLayer; } where |this| is null.
Attachments
Patch (8.65 KB, patch)
2020-01-28 17:20 PST, Simon Fraser (smfr) 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Simon Fraser (smfr)
Comment 1 2020-01-28 16:36:41 PST
rdar://problem/55699292
Simon Fraser (smfr)
Comment 2 2020-01-28 17:20:03 PST
Created attachment 389091 [details] Patch
Simon Fraser (smfr)
Comment 3 2020-01-28 17:22:39 PST
rdar://problem/58976579
Tim Horton
Comment 4 2020-01-28 17:36:29 PST
Comment on attachment 389091 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=389091&action=review > Source/WebCore/rendering/RenderLayerBacking.h:46 > +#if __WORDSIZE == 64 I'm sure we have some WebKitty macro for this?
WebKit Commit Bot
Comment 5 2020-01-28 19:09:20 PST
Comment on attachment 389091 [details] Patch Clearing flags on attachment: 389091 Committed r255335: <https://trac.webkit.org/changeset/255335>
WebKit Commit Bot
Comment 6 2020-01-28 19:09:21 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.