Bug 206915 - Add logging to detect cause of rare crash at RenderLayer::calculateLayerBounds const
Summary: Add logging to detect cause of rare crash at RenderLayer::calculateLayerBound...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Compositing (show other bugs)
Version: Safari Technology Preview
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Simon Fraser (smfr)
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-01-28 16:36 PST by Simon Fraser (smfr)
Modified: 2023-06-25 11:24 PDT (History)
10 users (show)

See Also:

Attachments
Patch (8.65 KB, patch)
2020-01-28 17:20 PST, Simon Fraser (smfr) 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Simon Fraser (smfr) 2020-01-28 16:36:17 PST 
We see a rare crash with this backtrace:

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000038
Exception Note:        EXC_CORPSE_NOTIFY


Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x00007fff44232405 WebCore::RenderLayer::calculateLayerBounds(WebCore::RenderLayer const*, WebCore::LayoutSize const&, WTF::OptionSet<WebCore::RenderLayer::CalculateLayerBoundsFlag>) const + 21
1   com.apple.WebCore             	0x00007fff42e0e3cf WebCore::RenderLayerBacking::updateCompositedBounds() + 47
2   com.apple.WebCore             	0x00007fff442283e7 WebCore::RenderLayerBacking::updateAfterLayout(bool, bool) + 23
3   com.apple.WebCore             	0x00007fff442275d2 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 1586
4   com.apple.WebCore             	0x00007fff4422741e WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 1150
5   com.apple.WebCore             	0x00007fff4422741e WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 1150
6   com.apple.WebCore             	0x00007fff44226f7b WebCore::RenderLayer::updateLayerPositionsAfterLayout(WebCore::RenderLayer const*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>) + 91
7   com.apple.WebCore             	0x00007fff43f74142 WebCore::FrameView::didLayout(WTF::WeakPtr<WebCore::RenderElement>) + 338
8   com.apple.WebCore             	0x00007fff43f80b02 WebCore::FrameViewLayoutContext::layout() + 1458
9   com.apple.WebCore             	0x00007fff42df7307 WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() + 1399
10  com.apple.WebKit              	0x00007fff44c51bd6 WebKit::TiledCoreAnimationDrawingArea::scaleViewToFitDocumentIfNeeded() + 38
11  com.apple.WebKit              	0x00007fff4494f85c WebKit::TiledCoreAnimationDrawingArea::flushLayers() + 50

0x0000000000000038 is the offset of the bitset including m_isSelfPaintingLayer so it seems to be crashing here:

    -> 376 	    bool isSelfPaintingLayer() const { return m_isSelfPaintingLayer; }

where |this| is null.
Comment 1 Simon Fraser (smfr) 2020-01-28 16:36:41 PST 
rdar://problem/55699292
Comment 2 Simon Fraser (smfr) 2020-01-28 17:20:03 PST 
Created attachment 389091 [details]
Patch
Comment 3 Simon Fraser (smfr) 2020-01-28 17:22:39 PST 
rdar://problem/58976579
Comment 4 Tim Horton 2020-01-28 17:36:29 PST 
Comment on attachment 389091 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=389091&action=review

> Source/WebCore/rendering/RenderLayerBacking.h:46
> +#if __WORDSIZE == 64

I'm sure we have some WebKitty macro for this?
Comment 5 WebKit Commit Bot 2020-01-28 19:09:20 PST 
Comment on attachment 389091 [details]
Patch

Clearing flags on attachment: 389091

Committed r255335: <https://trac.webkit.org/changeset/255335>
Comment 6 WebKit Commit Bot 2020-01-28 19:09:21 PST 
All reviewed patches have been landed.  Closing bug.