Bug 253993

Summary: REGRESSION (261597@main): [UI-side compositing] Many layout tests crash in RemoteScrollingCoordinatorProxy::topContentInset()
Product: WebKit Reporter: Simon Fraser (smfr) <simon.fraser>
Component: ScrollingAssignee: Simon Fraser (smfr) <simon.fraser>
Status: RESOLVED FIXED    
Severity: Normal CC: simon.fraser, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Simon Fraser (smfr) 2023-03-15 17:10:47 PDT 
Tests that have `[ useThreadedScrolling=false ]` crash at:

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000168
Exception Codes:       0x0000000000000001, 0x0000000000000168

Termination Reason:    Namespace SIGNAL, Code 11 Segmentation fault: 11
Terminating Process:   exc handler [1769]

VM Region Info: 0x168 is not in any region.  Bytes before following region: 140737487199896
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      shared memory            7fffffee6000-7fffffee7000 [    4K] r-x/r-x SM=SHM  

Application Specific Information:
dyld config: DYLD_LIBRARY_PATH=/Volumes/Data/Development/system/webkit/OpenSource/WebKitBuild/Debug DYLD_FRAMEWORK_PATH=/Volumes/Data/Development/system/webkit/OpenSource/WebKitBuild/Debug
CRASHING TEST: compositing/overflow/do-not-paint-outline-into-composited-scrolling-contents.html


Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   WebCore                       	       0x1686bdeec WebCore::ScrollingTreeFrameScrollingNode::topContentInset() const + 12 (ScrollingTreeFrameScrollingNode.h:56)
1   WebCore                       	       0x16b4c7569 WebCore::ScrollingTree::mainFrameTopContentInset() const + 57 (ScrollingTree.cpp:530)
2   WebKit                        	       0x136419dc1 WebKit::RemoteScrollingCoordinatorProxy::topContentInset() const + 33 (RemoteScrollingCoordinatorProxy.cpp:289)
3   WebKit                        	       0x135cef480 WebKit::RemoteLayerTreeDrawingAreaProxyMac::layoutBannerLayers(WebKit::RemoteLayerTreeTransaction const&) + 96 (RemoteLayerTreeDrawingAreaProxyMac.mm:145)
4   WebKit                        	       0x135cefa37 WebKit::RemoteLayerTreeDrawingAreaProxyMac::didCommitLayerTree(IPC::Connection&, WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&) + 263 (RemoteLayerTreeDrawingAreaProxyMac.mm:174)
5   WebKit                        	       0x135c9b8ad WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree(IPC::Connection&, WebKit::RemoteLayerTreeTransaction const&, WebKit::RemoteScrollingCoordinatorTransaction const&) + 1661 (RemoteLayerTreeDrawingAreaProxy.mm:175)
Comment 1 Simon Fraser (smfr) 2023-03-15 17:11:01 PDT 
<rdar://106780096>
Comment 2 Simon Fraser (smfr) 2023-03-15 17:15:21 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/11582
Comment 3 EWS 2023-03-16 14:01:39 PDT 
Committed 261770@main (31e7627fb555): <https://commits.webkit.org/261770@main>

Reviewed commits have been landed. Closing PR #11582 and removing active labels.