RESOLVED FIXED264710
[Win] ASSERTION FAILED: document().settings().layerBasedSVGEngineEnabled() in a subsequent test of fast/svg/svg_should_not_crash.html 
https://bugs.webkit.org/show_bug.cgi?id=264710
Summary [Win] ASSERTION FAILED: document().settings().layerBasedSVGEngineEnabled() in...
Fujii Hironori
Reported 2023-11-12 12:24:33 PST
Buildbot: builder WinCairo-64-bit-Debug-Tests build 21291 (270497@main) https://build.webkit.org/#/builders/727/builds/21291 fast/text-indicator/text-indicator-empty-link.html [ Crash ] ASSERTION FAILED: document().settings().layerBasedSVGEngineEnabled() C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\rendering/svg/RenderSVGText.cpp(472) : nodeAtPoint 1 00007FF9078C1B99 WTFCrash 2 00007FF8D88C730D WTFCrashWithInfo 3 00007FF8DCC1DA60 WebCore::RenderSVGText::nodeAtPoint 4 00007FF8DC865339 WebCore::RenderBlock::hitTestContents 5 00007FF8DC86425A WebCore::RenderBlock::hitTestChildren 6 00007FF8DC86484A WebCore::RenderBlock::nodeAtPoint 7 00007FF8DCA4B3B6 WebCore::RenderObject::hitTest 8 00007FF8DC99D398 WebCore::RenderLayer::hitTestContents 9 00007FF8DC99D14D WebCore::RenderLayer::hitTestContentsForFragments 10 00007FF8DC99B4BF WebCore::RenderLayer::hitTestLayer 11 00007FF8DC99A2CD WebCore::RenderLayer::hitTest 12 00007FF8DB3CA177 WebCore::Document::hitTest 13 00007FF8DB3B07E8 WebCore::Document::hitTest 14 00007FF8DB3B0583 WebCore::Document::prepareMouseEvent 15 00007FF8DC14A4AE WebCore::EventHandler::prepareMouseEvent 16 00007FF8DC14AD5E WebCore::EventHandler::handleMouseMoveEvent 17 00007FF8DC14A8A0 WebCore::EventHandler::mouseMoved 18 00007FF8FABACE32 WebKit::WebFrame::handleMouseEvent 19 00007FF8FAB4BBA5 WebKit::WebPage::mouseEvent 20 00007FF8F98797C3 IPC::callMemberFunction<WebKit::WebPage,WebKit::WebPage,void (WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >, const WebKit::WebMouseEvent &, std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > &&, WTF::CompletionHandler<void (std::optional<WebKit::WebEventType>, bool, std::optional<WebCore::RemoteMouseEventData>)> &&),std::tuple<WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >,WebKit::WebMouseEvent,std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > >,void (std::optional<WebKit::WebEventType>, bool, std::optional<WebCore::RemoteMouseEventData>)>::<lambda_1>::operator()<WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >,WebKit::WebMouseEvent,std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > > 21 00007FF8F9879701 std::invoke<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\HandleMessage.h:146:9',WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >,WebKit::WebMouseEvent,std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > > 22 00007FF8F98796C2 std::_Apply_impl<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\HandleMessage.h:146:9',std::tuple<WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >,WebKit::WebMouseEvent,std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > >,0,1,2> 23 00007FF8F9879662 std::apply<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\HandleMessage.h:146:9',std::tuple<WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >,WebKit::WebMouseEvent,std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > > > 24 00007FF8F98772FE IPC::callMemberFunction<WebKit::WebPage,WebKit::WebPage,void (WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >, const WebKit::WebMouseEvent &, std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > &&, WTF::CompletionHandler<void (std::optional<WebKit::WebEventType>, bool, std::optional<WebCore::RemoteMouseEventData>)> &&),std::tuple<WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >,WebKit::WebMouseEvent,std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > >,void (std::optional<WebKit::WebEventType>, bool, std::optional<WebCore::RemoteMouseEventData>)> 25 00007FF8F9858E2E IPC::handleMessageAsync<Messages::WebPage::MouseEvent,WebKit::WebPage,WebKit::WebPage,void (WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >, const WebKit::WebMouseEvent &, std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > &&, WTF::CompletionHandler<void (std::optional<WebKit::WebEventType>, bool, std::optional<WebCore::RemoteMouseEventData>)> &&)> 26 00007FF8F9850E84 WebKit::WebPage::didReceiveWebPageMessage 27 00007FF8FAB53694 WebKit::WebPage::didReceiveMessage 28 00007FF8FA1BA466 IPC::MessageReceiverMap::dispatchMessage 29 00007FF8FA6BA04D WebKit::WebProcess::didReceiveMessage 30 00007FF8FA190ECA IPC::Connection::dispatchMessage 31 00007FF8FA191133 IPC::Connection::dispatchMessage ERROR: 000001E5FA3F7780 - [PID=11872] WebProcessProxy::didClose (web process crash) C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebProcessProxy.cpp(1095) : didClose ERROR: 000001E5FA3F7780 - [PID=11872] WebProcessProxy::processDidTerminateOrFailedToLaunch: reason=Crash C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebProcessProxy.cpp(1103) : processDidTerminateOrFailedToLaunch ERROR: 000001E5FA2DD140 - [pageProxyID=323, webPageID=324, PID=11872] WebPageProxy::processDidTerminate: (pid 11872), reason=Crash C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebPageProxy.cpp(9134) : resetStateAfterProcessTermination ERROR: 000001E5FA2DD140 - [pageProxyID=323, webPageID=324, PID=11872] WebPageProxy::dispatchProcessDidTerminate: reason=Crash C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebPageProxy.cpp(9192) : dispatchProcessDidTerminate WebProcess terminated (pid 11872) for reason: crash History: https://results.webkit.org/?suite=layout-tests&test=fast%2Ftext-indicator%2Ftext-indicator-empty-link.html&platform=wincairo Regression revision range: 270481@main: good 270497@main: bad
Attachments
Add attachment proposed patch, testcase, etc.
Fujii Hironori
Comment 1 2023-11-12 12:40:08 PST
This is not reproducible on my PC and an internal Windows tester buildbot even thouth this is a constant crash on public WinCairo-64-bit-Debug-Tests.
Fujii Hironori
Comment 2 2023-11-12 12:53:23 PST
270487@main added a new test fast/svg/svg_should_not_crash.html. It reproduces this crash on my PC. > python .\Tools\Scripts\run-webkit-tests --debug --no-retry --iter=2 fast/svg/svg_should_not_crash.html
Radar WebKit Bug Importer
Comment 3 2023-11-19 12:25:15 PST
<rdar://problem/118627547>
Nikolas Zimmermann
Comment 4 2023-11-21 02:51:26 PST
Pull request: https://github.com/WebKit/WebKit/pull/20780
EWS
Comment 5 2023-12-06 12:23:49 PST
Committed 271625@main (41bc442b9864): <https://commits.webkit.org/271625@main> Reviewed commits have been landed. Closing PR #20780 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.