264710 – [Win] ASSERTION FAILED: document().settings().layerBasedSVGEngineEnabled() in a subsequent test of fast/svg/svg_should_not_crash.html

Bug 264710 - [Win] ASSERTION FAILED: document().settings().layerBasedSVGEngineEnabled() in a subsequent test of fast/svg/svg_should_not_crash.html

Summary: [Win] ASSERTION FAILED: document().settings().layerBasedSVGEngineEnabled() in...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	SVG (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nikolas Zimmermann

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2023-11-12 12:24 PST by Fujii Hironori
Modified:	2023-12-06 12:23 PST (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Fujii Hironori 2023-11-12 12:24:33 PST

Buildbot: builder WinCairo-64-bit-Debug-Tests build 21291 (270497@main)
https://build.webkit.org/#/builders/727/builds/21291

  fast/text-indicator/text-indicator-empty-link.html [ Crash ]

ASSERTION FAILED: document().settings().layerBasedSVGEngineEnabled()
C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\rendering/svg/RenderSVGText.cpp(472) : nodeAtPoint
1   00007FF9078C1B99 WTFCrash
2   00007FF8D88C730D WTFCrashWithInfo
3   00007FF8DCC1DA60 WebCore::RenderSVGText::nodeAtPoint
4   00007FF8DC865339 WebCore::RenderBlock::hitTestContents
5   00007FF8DC86425A WebCore::RenderBlock::hitTestChildren
6   00007FF8DC86484A WebCore::RenderBlock::nodeAtPoint
7   00007FF8DCA4B3B6 WebCore::RenderObject::hitTest
8   00007FF8DC99D398 WebCore::RenderLayer::hitTestContents
9   00007FF8DC99D14D WebCore::RenderLayer::hitTestContentsForFragments
10  00007FF8DC99B4BF WebCore::RenderLayer::hitTestLayer
11  00007FF8DC99A2CD WebCore::RenderLayer::hitTest
12  00007FF8DB3CA177 WebCore::Document::hitTest
13  00007FF8DB3B07E8 WebCore::Document::hitTest
14  00007FF8DB3B0583 WebCore::Document::prepareMouseEvent
15  00007FF8DC14A4AE WebCore::EventHandler::prepareMouseEvent
16  00007FF8DC14AD5E WebCore::EventHandler::handleMouseMoveEvent
17  00007FF8DC14A8A0 WebCore::EventHandler::mouseMoved
18  00007FF8FABACE32 WebKit::WebFrame::handleMouseEvent
19  00007FF8FAB4BBA5 WebKit::WebPage::mouseEvent
20  00007FF8F98797C3 IPC::callMemberFunction<WebKit::WebPage,WebKit::WebPage,void (WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >, const WebKit::WebMouseEvent &, std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > &&, WTF::CompletionHandler<void (std::optional<WebKit::WebEventType>, bool, std::optional<WebCore::RemoteMouseEventData>)> &&),std::tuple<WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >,WebKit::WebMouseEvent,std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > >,void (std::optional<WebKit::WebEventType>, bool, std::optional<WebCore::RemoteMouseEventData>)>::<lambda_1>::operator()<WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >,WebKit::WebMouseEvent,std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > >
21  00007FF8F9879701 std::invoke<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\HandleMessage.h:146:9',WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >,WebKit::WebMouseEvent,std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > >
22  00007FF8F98796C2 std::_Apply_impl<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\HandleMessage.h:146:9',std::tuple<WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >,WebKit::WebMouseEvent,std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > >,0,1,2>
23  00007FF8F9879662 std::apply<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\HandleMessage.h:146:9',std::tuple<WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >,WebKit::WebMouseEvent,std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > > >
24  00007FF8F98772FE IPC::callMemberFunction<WebKit::WebPage,WebKit::WebPage,void (WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >, const WebKit::WebMouseEvent &, std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > &&, WTF::CompletionHandler<void (std::optional<WebKit::WebEventType>, bool, std::optional<WebCore::RemoteMouseEventData>)> &&),std::tuple<WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >,WebKit::WebMouseEvent,std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > >,void (std::optional<WebKit::WebEventType>, bool, std::optional<WebCore::RemoteMouseEventData>)>
25  00007FF8F9858E2E IPC::handleMessageAsync<Messages::WebPage::MouseEvent,WebKit::WebPage,WebKit::WebPage,void (WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >, const WebKit::WebMouseEvent &, std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > &&, WTF::CompletionHandler<void (std::optional<WebKit::WebEventType>, bool, std::optional<WebCore::RemoteMouseEventData>)> &&)>
26  00007FF8F9850E84 WebKit::WebPage::didReceiveWebPageMessage
27  00007FF8FAB53694 WebKit::WebPage::didReceiveMessage
28  00007FF8FA1BA466 IPC::MessageReceiverMap::dispatchMessage
29  00007FF8FA6BA04D WebKit::WebProcess::didReceiveMessage
30  00007FF8FA190ECA IPC::Connection::dispatchMessage
31  00007FF8FA191133 IPC::Connection::dispatchMessage
ERROR: 000001E5FA3F7780 - [PID=11872] WebProcessProxy::didClose (web process crash)
C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebProcessProxy.cpp(1095) : didClose
ERROR: 000001E5FA3F7780 - [PID=11872] WebProcessProxy::processDidTerminateOrFailedToLaunch: reason=Crash
C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebProcessProxy.cpp(1103) : processDidTerminateOrFailedToLaunch
ERROR: 000001E5FA2DD140 - [pageProxyID=323, webPageID=324, PID=11872] WebPageProxy::processDidTerminate: (pid 11872), reason=Crash
C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebPageProxy.cpp(9134) : resetStateAfterProcessTermination
ERROR: 000001E5FA2DD140 - [pageProxyID=323, webPageID=324, PID=11872] WebPageProxy::dispatchProcessDidTerminate: reason=Crash
C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebPageProxy.cpp(9192) : dispatchProcessDidTerminate
WebProcess terminated (pid 11872) for reason: crash

History:
https://results.webkit.org/?suite=layout-tests&test=fast%2Ftext-indicator%2Ftext-indicator-empty-link.html&platform=wincairo

Regression revision range:
270481@main: good
270497@main: bad

Comment 1 Fujii Hironori 2023-11-12 12:40:08 PST

This is not reproducible on my PC and an internal Windows tester buildbot even thouth this is a constant crash on public WinCairo-64-bit-Debug-Tests.

Comment 2 Fujii Hironori 2023-11-12 12:53:23 PST

270487@main added a new test fast/svg/svg_should_not_crash.html. It reproduces this crash on my PC.

> python .\Tools\Scripts\run-webkit-tests --debug  --no-retry --iter=2 fast/svg/svg_should_not_crash.html

Comment 3 Radar WebKit Bug Importer 2023-11-19 12:25:15 PST

<rdar://problem/118627547>

Comment 4 Nikolas Zimmermann 2023-11-21 02:51:26 PST

Pull request: https://github.com/WebKit/WebKit/pull/20780

Comment 5 EWS 2023-12-06 12:23:49 PST

Committed 271625@main (41bc442b9864): <https://commits.webkit.org/271625@main>

Reviewed commits have been landed. Closing PR #20780 and removing active labels.