WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
215489
REGRESSION(
r265630
) [GTK] fast/forms/search-abs-pos-cancel-button.html is crashing
https://bugs.webkit.org/show_bug.cgi?id=215489
Summary
REGRESSION(r265630) [GTK] fast/forms/search-abs-pos-cancel-button.html is cra...
Lauro Moura
Reported
2020-08-13 21:11:55 PDT
Created
attachment 406569
[details]
Release test run trace
r265630
introduced an assert to avoid destroying RenderObjects inside RenderLayer::enclosingScrollableLayer. Main trace from the release test run (debug still running): Thread 1 (Thread 0x7f1a72a192c0 (LWP 77113)): #0 0x00007f1a790c47ee in WTFCrash () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #1 0x00007f1a7d7f4e05 in WebCore::RenderTreeBuilder::destroy(WebCore::RenderObject&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #2 0x00007f1a7d7f4f4b in WebCore::RenderTreeBuilder::destroyAndCleanUpAnonymousWrappers(WebCore::RenderObject&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #3 0x00007f1a7d7fed50 in WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&, WebCore::RenderTreeUpdater::TeardownType, WebCore::RenderTreeBuilder&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #4 0x00007f1a7d8005c6 in WebCore::RenderTreeUpdater::updateElementRenderer(WebCore::Element&, WebCore::Style::ElementUpdate const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #5 0x00007f1a7d801c6f in WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #6 0x00007f1a7d802393 in WebCore::RenderTreeUpdater::commit(std::unique_ptr<WebCore::Style::Update const, std::default_delete<WebCore::Style::Update const> >) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #7 0x00007f1a7cb9d8fc in WebCore::Document::updateRenderTree(std::unique_ptr<WebCore::Style::Update const, std::default_delete<WebCore::Style::Update const> >) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #8 0x00007f1a7cbb12be in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #9 0x00007f1a7cbb1a3a in WebCore::Document::updateStyleIfNeeded() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #10 0x00007f1a7cbb37a3 in WebCore::Document::updateLayoutIfDimensionsOutOfDate(WebCore::Element&, WebCore::DimensionsCheck) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #11 0x00007f1a7cbee2be in WebCore::Element::scrollWidth() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #12 0x00007f1a7d6d7de1 in WebCore::RenderTextControlSingleLine::scrollWidth() const () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #13 0x00007f1a7d5590fc in WebCore::RenderBox::canBeScrolledAndHasScrollableArea() const () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #14 0x00007f1a7d61a6ad in WebCore::RenderLayer::enclosingScrollableLayer(WebCore::IncludeSelfOrNot, WebCore::CrossFrameBoundaries) const () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #15 0x00007f1a7d1de0d5 in WebCore::EventHandler::enclosingScrollableArea(WebCore::Node*) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #16 0x00007f1a7d1de2af in WebCore::EventHandler::notifyScrollableAreasOfMouseEvents(WTF::AtomString const&, WebCore::Element*, WebCore::Element*) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #17 0x00007f1a7d1fe169 in WebCore::EventHandler::updateMouseEventTargetNode(WTF::AtomString const&, WebCore::Node*, WebCore::PlatformMouseEvent const&, WebCore::EventHandler::FireMouseOverOut) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #18 0x00007f1a7d1fe960 in WebCore::EventHandler::dispatchMouseEvent(WTF::AtomString const&, WebCore::Node*, int, WebCore::PlatformMouseEvent const&, WebCore::EventHandler::FireMouseOverOut) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #19 0x00007f1a7d20619d in WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&, WebCore::HitTestResult*, bool) [clone .part.0] () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #20 0x00007f1a7d2065d6 in WebCore::EventHandler::mouseMoved(WebCore::PlatformMouseEvent const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #21 0x00007f1a7bd9fa82 in WebKit::WebPage::mouseEvent(WebKit::WebMouseEvent const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #22 0x00007f1a7b75ca73 in void IPC::handleMessage<Messages::WebPage::MouseEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)>(IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #23 0x00007f1a7b7598ac in WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #24 0x00007f1a7b8fea80 in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #25 0x00007f1a7bbd3057 in WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #26 0x00007f1a7b8f76b8 in IPC::Connection::dispatchMessage(IPC::Decoder&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #27 0x00007f1a7b8f91bd in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #28 0x00007f1a7b8f9d8b in IPC::Connection::SyncMessageState::dispatchMessages() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #29 0x00007f1a7b8f9059 in IPC::Connection::dispatchSyncMessage(IPC::Decoder&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #30 0x00007f1a7b8f9156 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #31 0x00007f1a7b8f9d8b in IPC::Connection::SyncMessageState::dispatchMessages() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #32 0x00007f1a7b8fa675 in IPC::Connection::waitForSyncReply(unsigned long, IPC::MessageName, WTF::Seconds, WTF::OptionSet<IPC::SendSyncOption>) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #33 0x00007f1a7b8faa1b in IPC::Connection::sendSyncMessage(unsigned long, std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >, WTF::Seconds, WTF::OptionSet<IPC::SendSyncOption>) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #34 0x00007f1a7bdaf48f in bool IPC::Connection::sendSync<Messages::WebPageProxy::HandleSynchronousMessage>(Messages::WebPageProxy::HandleSynchronousMessage&&, Messages::WebPageProxy::HandleSynchronousMessage::Reply&&, unsigned long, WTF::Seconds, WTF::OptionSet<IPC::SendSyncOption>) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #35 0x00007f1a7bda14fc in WebKit::WebPage::postSynchronousMessageForTesting(WTF::String const&, API::Object*, WTF::RefPtr<API::Object, WTF::DumbPtrTraits<API::Object> >&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #36 0x00007f1a7bc20cc3 in WKBundlePagePostSynchronousMessageForTesting () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #37 0x00007f1a22e66c75 in WTR::EventSendingController::mouseMoveTo(int, int) () at /app/webkit/WebKitBuild/Release/lib/libTestRunnerInjectedBundle.so #38 0x00007f1a22e97d8a in WTR::JSEventSendingController::mouseMoveTo(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) () at /app/webkit/WebKitBuild/Release/lib/libTestRunnerInjectedBundle.so #39 0x00007f1a7815ce6a in long JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::JSGlobalObject*, JSC::CallFrame*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #40 0x00007f1a31cff027 in () #41 0x00007ffe6ec1d550 in () #42 0x00007f1a780d8bfa in llint_op_call () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #43 0x0000000000000000 in ()
Attachments
Release test run trace
(23.42 KB, text/plain)
2020-08-13 21:11 PDT
,
Lauro Moura
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
zalan
Comment 1
2020-08-14 04:27:04 PDT
wow, this is so cool! -the crash is not really, but the fact that we have the proper stack trace for this mutation now!
zalan
Comment 2
2020-08-14 17:32:34 PDT
I should be fixed now by
r265722
(should have used this bug for committing the change)
zalan
Comment 3
2020-08-14 17:32:53 PDT
(In reply to zalan from
comment #2
)
> I should be fixed now by
r265722
(should have used this bug for committing > the change)
It should be even.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug