RESOLVED DUPLICATE of bug 98984 98985
REGRESSION (r130772-r130836): Crash in WebCore::ScrollingStateScrollingNode::setNonFastScrollableRegion 
https://bugs.webkit.org/show_bug.cgi?id=98985
Summary REGRESSION (r130772-r130836): Crash in WebCore::ScrollingStateScrollingNode::...
Kevin M. Dean
Reported 2012-10-10 20:34:39 PDT
I've triggered this bug in 2 different ways, but I've only been able to catch what I'm doing on one of them for repeatable testing. Unfortunately my test case is within my cPanel server's phpmyadmin interface, where I do a search within a table and as soon as the results appear, it crashes: Process: WebProcess [13558] Path: /Applications/WebKit.app/Contents/Frameworks/10.8/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Identifier: com.apple.WebProcess Version: 537+ (537.14+) Code Type: X86-64 (Native) Parent Process: ??? [1] User ID: 501 Date/Time: 2012-10-10 18:54:04.921 -0400 OS Version: Mac OS X 10.8.2 (12C60) Report Version: 10 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000050 VM Regions Near 0x50: --> __TEXT 0000000108d32000-0000000108d33000 [ 4K] r-x/rwx SM=COW /Applications/WebKit.app/Contents/Frameworks/10.8/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Application Specific Information: Bundle controller class: BrowserBundleController Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010a1f09fd WebCore::ScrollingStateScrollingNode::setNonFastScrollableRegion(WebCore::Region const&) + 13 1 com.apple.WebCore 0x0000000109f9c317 WebCore::ScrollingCoordinator::frameViewLayoutUpdated(WebCore::FrameView*) + 87 2 com.apple.WebCore 0x000000010985a683 WebCore::FrameView::performPostLayoutTasks() + 435 3 com.apple.WebCore 0x000000010985a0f9 WebCore::FrameView::layout(bool) + 2489 4 com.apple.WebCore 0x000000010969195b WebCore::Document::updateLayout() + 43 5 com.apple.WebCore 0x0000000109691a3f WebCore::Document::updateLayoutIgnorePendingStylesheets() + 127 6 com.apple.WebCore 0x000000010a155000 WebCore::VisiblePosition::canonicalPosition(WebCore::Position const&) + 144 7 com.apple.WebCore 0x000000010a154e52 WebCore::VisiblePosition::init(WebCore::Position const&, WebCore::EAffinity) + 34 8 com.apple.WebCore 0x00000001098541a9 WebCore::FrameSelection::localCaretRect() + 265 9 com.apple.WebCore 0x000000010985446b WebCore::FrameSelection::recomputeCaretRect() + 107 10 com.apple.WebCore 0x000000010984c4cd WebCore::FrameSelection::updateAppearance() + 29 11 com.apple.WebCore 0x000000010985a50f WebCore::FrameView::performPostLayoutTasks() + 63 12 com.apple.WebCore 0x000000010985a0f9 WebCore::FrameView::layout(bool) + 2489 13 com.apple.WebCore 0x000000010985f903 WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() + 131 14 com.apple.WebCore 0x000000010985faed WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() + 621 15 com.apple.WebKit2 0x0000000108e21cf4 WebKit::WebPage::layoutIfNeeded() + 34 16 com.apple.WebKit2 0x0000000108ddb1fd WebKit::TiledCoreAnimationDrawingArea::flushLayers() + 61 17 com.apple.WebKit2 0x0000000108ddb27d non-virtual thunk to WebKit::TiledCoreAnimationDrawingArea::flushLayers() + 13 18 com.apple.WebCore 0x0000000109d54b44 WebCore::LayerFlushScheduler::runLoopObserverCallback() + 36 19 com.apple.CoreFoundation 0x00007fff8ae139b7 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 23 20 com.apple.CoreFoundation 0x00007fff8ae13921 __CFRunLoopDoObservers + 369 21 com.apple.CoreFoundation 0x00007fff8adee6d4 CFRunLoopRunSpecific + 324 22 com.apple.HIToolbox 0x00007fff8966b0a4 RunCurrentEventLoopInMode + 209 23 com.apple.HIToolbox 0x00007fff8966ae42 ReceiveNextEventCommon + 356 24 com.apple.HIToolbox 0x00007fff8966acd3 BlockUntilNextEventMatchingListInMode + 62 25 com.apple.AppKit 0x00007fff8877a613 _DPSNextEvent + 685 26 com.apple.AppKit 0x00007fff88779ed2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 27 com.apple.AppKit 0x00007fff88771283 -[NSApplication run] + 517 28 com.apple.WebCore 0x0000000109f78203 WebCore::RunLoop::run() + 67 29 com.apple.WebKit2 0x0000000108e68ebe WebKit::WebProcessMain(WebKit::CommandLine const&) + 3772 30 com.apple.WebKit2 0x0000000108e16302 WebKitMain + 286 31 com.apple.WebProcess 0x0000000108d32e7b main + 214 32 libdyld.dylib 0x00007fff90ec57e1 start + 1 The other crash I had, shows a slightly different trace: Process: WebProcess [14587] Path: /Applications/WebKit.app/Contents/Frameworks/10.8/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Identifier: com.apple.WebProcess Version: 537+ (537.14+) Code Type: X86-64 (Native) Parent Process: ??? [1] User ID: 501 Date/Time: 2012-10-10 23:17:13.477 -0400 OS Version: Mac OS X 10.8.2 (12C60) Report Version: 10 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000050 VM Regions Near 0x50: --> __TEXT 0000000100611000-0000000100612000 [ 4K] r-x/rwx SM=COW /Applications/WebKit.app/Contents/Frameworks/10.8/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Application Specific Information: Bundle controller class: BrowserBundleController Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x0000000101acc81d WebCore::ScrollingStateScrollingNode::setNonFastScrollableRegion(WebCore::Region const&) + 13 1 com.apple.WebCore 0x0000000101878297 WebCore::ScrollingCoordinator::frameViewLayoutUpdated(WebCore::FrameView*) + 87 2 com.apple.WebCore 0x0000000101135f63 WebCore::FrameView::performPostLayoutTasks() + 435 3 com.apple.WebCore 0x00000001011359d9 WebCore::FrameView::layout(bool) + 2489 4 com.apple.WebCore 0x000000010113b1e3 WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() + 131 5 com.apple.WebCore 0x000000010113b3cd WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() + 621 6 com.apple.WebKit2 0x00000001006fc950 WebKit::WebPage::layoutIfNeeded() + 34 7 com.apple.WebKit2 0x00000001006b596d WebKit::TiledCoreAnimationDrawingArea::flushLayers() + 61 8 com.apple.WebKit2 0x00000001006b59ed non-virtual thunk to WebKit::TiledCoreAnimationDrawingArea::flushLayers() + 13 9 com.apple.WebCore 0x00000001016307c4 WebCore::LayerFlushScheduler::runLoopObserverCallback() + 36 10 com.apple.CoreFoundation 0x00007fff8ae139b7 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 23 11 com.apple.CoreFoundation 0x00007fff8ae13921 __CFRunLoopDoObservers + 369 12 com.apple.CoreFoundation 0x00007fff8adeee51 __CFRunLoopRun + 929 13 com.apple.CoreFoundation 0x00007fff8adee6b2 CFRunLoopRunSpecific + 290 14 com.apple.HIToolbox 0x00007fff8966b0a4 RunCurrentEventLoopInMode + 209 15 com.apple.HIToolbox 0x00007fff8966ae42 ReceiveNextEventCommon + 356 16 com.apple.HIToolbox 0x00007fff8966acd3 BlockUntilNextEventMatchingListInMode + 62 17 com.apple.AppKit 0x00007fff8877a613 _DPSNextEvent + 685 18 com.apple.AppKit 0x00007fff88779ed2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 19 com.apple.AppKit 0x00007fff88771283 -[NSApplication run] + 517 20 com.apple.WebCore 0x0000000101854183 WebCore::RunLoop::run() + 67 21 com.apple.WebKit2 0x0000000100743b1a WebKit::WebProcessMain(WebKit::CommandLine const&) + 3772 22 com.apple.WebKit2 0x00000001006f0e30 WebKitMain + 286 23 com.apple.WebProcess 0x0000000100611e7b main + 214 24 libdyld.dylib 0x00007fff90ec57e1 start + 1
Attachments
Add attachment proposed patch, testcase, etc.
Kevin M. Dean
Comment 1 2012-10-11 10:38:51 PDT
r131055 seems to work with crashing again.
Alexey Proskuryakov
Comment 2 2012-10-11 13:30:08 PDT
Probably duplicate of bug 98984 (which doesn't have a stack trace posted).
Beth Dakin
Comment 3 2012-10-11 13:49:01 PDT
Yes, this is the same stack trace as 98984. Sorry I failed to post one in that bug. *** This bug has been marked as a duplicate of bug 98984 ***
Note You need to log in before you can comment on or make changes to this bug.