250133 – REGRESSION (258031@main): Occasional crashes under WTF::Detail::CallableWrapper<WebCore::ThreadedScrollingTree::deferWheelEventTestCompletionForReason()

Bug 250133 - REGRESSION (258031@main): Occasional crashes under WTF::Detail::CallableWrapper<WebCore::ThreadedScrollingTree::deferWheelEventTestCompletionForReason()

Summary: REGRESSION (258031@main): Occasional crashes under WTF::Detail::CallableWrapp...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Scrolling (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Simon Fraser (smfr)

URL:
Keywords:	InRadar

Duplicates (1):	250226 (view as bug list)
Depends on:
Blocks:

Reported:	2023-01-05 10:00 PST by Simon Fraser (smfr)
Modified:	2023-01-06 16:41 PST (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Simon Fraser (smfr) 2023-01-05 10:00:36 PST

Running a recent build with 258031@main, I see rare crashes when closing tabs:

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000380
Exception Codes:       0x0000000000000001, 0x0000000000000380

Termination Reason:    Namespace SIGNAL, Code 11 Segmentation fault: 11
Terminating Process:   exc handler [40921]

VM Region Info: 0x380 is not in any region.  Bytes before following region: 140737487592576
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      shared memory            7ffffff46000-7ffffff47000 [    4K] r-x/r-x SM=SHM  

Application Specific Information:
Bundle controller class:
BrowserBundleController


Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   WebCore                       	       0x66db1572e WTF::Detail::CallableWrapper<WebCore::ThreadedScrollingTree::deferWheelEventTestCompletionForReason(unsigned long long, WebCore::WheelEventTestMonitor::DeferReason)::$_20, void>::call() + 14
1   JavaScriptCore                	       0x660c83f3f WTF::RunLoop::performWork() + 431
2   JavaScriptCore                	       0x660c84a1a WTF::RunLoop::performWork(void*) + 26
3   CoreFoundation                	    0x7ff81aa52b78 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
4   CoreFoundation                	    0x7ff81aa52b27 __CFRunLoopDoSource0 + 157
5   CoreFoundation                	    0x7ff81aa52901 __CFRunLoopDoSources0 + 212
6   CoreFoundation                	    0x7ff81aa5157b __CFRunLoopRun + 929
7   CoreFoundation                	    0x7ff81aa50b60 CFRunLoopRunSpecific + 560
8   Foundation                    	    0x7ff81b8ad02a -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 216
9   Foundation                    	    0x7ff81b92fc3c -[NSRunLoop(NSRunLoop) run] + 76
10  libxpc.dylib                  	    0x7ff81a6ecf4b _xpc_objc_main + 773
11  libxpc.dylib                  	    0x7ff81a6ec963 xpc_main + 96
12  WebKit                        	       0x6630fdd26 WebKit::XPCServiceMain(int, char const**) + 276
13  dyld                          	    0x7ff81a644310 start + 2432

Comment 1 Radar WebKit Bug Importer 2023-01-05 10:00:57 PST

<rdar://problem/103918112>

Comment 2 Simon Fraser (smfr) 2023-01-05 10:03:00 PST

Pull request: https://github.com/WebKit/WebKit/pull/8238

Comment 3 Simon Fraser (smfr) 2023-01-06 13:50:53 PST

*** Bug 250226 has been marked as a duplicate of this bug. ***

Comment 4 EWS 2023-01-06 16:41:36 PST

Committed 258581@main (8f60a59627c6): <https://commits.webkit.org/258581@main>

Reviewed commits have been landed. Closing PR #8238 and removing active labels.