[Webkit-unassigned] [Bug 215489] New: REGRESSION(r265630) [GTK] fast/forms/search-abs-pos-cancel-button.html is crashing

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Aug 13 21:11:55 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=215489

            Bug ID: 215489
           Summary: REGRESSION(r265630) [GTK]
                    fast/forms/search-abs-pos-cancel-button.html is
                    crashing
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: lmoura at igalia.com
                CC: bugs-noreply at webkitgtk.org

Created attachment 406569

  --> https://bugs.webkit.org/attachment.cgi?id=406569&action=review

Release test run trace

r265630 introduced an assert to avoid destroying RenderObjects inside RenderLayer::enclosingScrollableLayer.

Main trace from the release test run (debug still running):

Thread 1 (Thread 0x7f1a72a192c0 (LWP 77113)):
#0  0x00007f1a790c47ee in WTFCrash () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#1  0x00007f1a7d7f4e05 in WebCore::RenderTreeBuilder::destroy(WebCore::RenderObject&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#2  0x00007f1a7d7f4f4b in WebCore::RenderTreeBuilder::destroyAndCleanUpAnonymousWrappers(WebCore::RenderObject&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#3  0x00007f1a7d7fed50 in WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&, WebCore::RenderTreeUpdater::TeardownType, WebCore::RenderTreeBuilder&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007f1a7d8005c6 in WebCore::RenderTreeUpdater::updateElementRenderer(WebCore::Element&, WebCore::Style::ElementUpdate const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#5  0x00007f1a7d801c6f in WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#6  0x00007f1a7d802393 in WebCore::RenderTreeUpdater::commit(std::unique_ptr<WebCore::Style::Update const, std::default_delete<WebCore::Style::Update const> >) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#7  0x00007f1a7cb9d8fc in WebCore::Document::updateRenderTree(std::unique_ptr<WebCore::Style::Update const, std::default_delete<WebCore::Style::Update const> >) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#8  0x00007f1a7cbb12be in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#9  0x00007f1a7cbb1a3a in WebCore::Document::updateStyleIfNeeded() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#10 0x00007f1a7cbb37a3 in WebCore::Document::updateLayoutIfDimensionsOutOfDate(WebCore::Element&, WebCore::DimensionsCheck) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#11 0x00007f1a7cbee2be in WebCore::Element::scrollWidth() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#12 0x00007f1a7d6d7de1 in WebCore::RenderTextControlSingleLine::scrollWidth() const () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#13 0x00007f1a7d5590fc in WebCore::RenderBox::canBeScrolledAndHasScrollableArea() const () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#14 0x00007f1a7d61a6ad in WebCore::RenderLayer::enclosingScrollableLayer(WebCore::IncludeSelfOrNot, WebCore::CrossFrameBoundaries) const () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#15 0x00007f1a7d1de0d5 in WebCore::EventHandler::enclosingScrollableArea(WebCore::Node*) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#16 0x00007f1a7d1de2af in WebCore::EventHandler::notifyScrollableAreasOfMouseEvents(WTF::AtomString const&, WebCore::Element*, WebCore::Element*) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#17 0x00007f1a7d1fe169 in WebCore::EventHandler::updateMouseEventTargetNode(WTF::AtomString const&, WebCore::Node*, WebCore::PlatformMouseEvent const&, WebCore::EventHandler::FireMouseOverOut) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#18 0x00007f1a7d1fe960 in WebCore::EventHandler::dispatchMouseEvent(WTF::AtomString const&, WebCore::Node*, int, WebCore::PlatformMouseEvent const&, WebCore::EventHandler::FireMouseOverOut) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#19 0x00007f1a7d20619d in WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&, WebCore::HitTestResult*, bool) [clone .part.0] () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#20 0x00007f1a7d2065d6 in WebCore::EventHandler::mouseMoved(WebCore::PlatformMouseEvent const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#21 0x00007f1a7bd9fa82 in WebKit::WebPage::mouseEvent(WebKit::WebMouseEvent const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#22 0x00007f1a7b75ca73 in void IPC::handleMessage<Messages::WebPage::MouseEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)>(IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#23 0x00007f1a7b7598ac in WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#24 0x00007f1a7b8fea80 in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#25 0x00007f1a7bbd3057 in WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#26 0x00007f1a7b8f76b8 in IPC::Connection::dispatchMessage(IPC::Decoder&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#27 0x00007f1a7b8f91bd in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#28 0x00007f1a7b8f9d8b in IPC::Connection::SyncMessageState::dispatchMessages() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#29 0x00007f1a7b8f9059 in IPC::Connection::dispatchSyncMessage(IPC::Decoder&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#30 0x00007f1a7b8f9156 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#31 0x00007f1a7b8f9d8b in IPC::Connection::SyncMessageState::dispatchMessages() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#32 0x00007f1a7b8fa675 in IPC::Connection::waitForSyncReply(unsigned long, IPC::MessageName, WTF::Seconds, WTF::OptionSet<IPC::SendSyncOption>) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#33 0x00007f1a7b8faa1b in IPC::Connection::sendSyncMessage(unsigned long, std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >, WTF::Seconds, WTF::OptionSet<IPC::SendSyncOption>) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#34 0x00007f1a7bdaf48f in bool IPC::Connection::sendSync<Messages::WebPageProxy::HandleSynchronousMessage>(Messages::WebPageProxy::HandleSynchronousMessage&&, Messages::WebPageProxy::HandleSynchronousMessage::Reply&&, unsigned long, WTF::Seconds, WTF::OptionSet<IPC::SendSyncOption>) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#35 0x00007f1a7bda14fc in WebKit::WebPage::postSynchronousMessageForTesting(WTF::String const&, API::Object*, WTF::RefPtr<API::Object, WTF::DumbPtrTraits<API::Object> >&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#36 0x00007f1a7bc20cc3 in WKBundlePagePostSynchronousMessageForTesting () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#37 0x00007f1a22e66c75 in WTR::EventSendingController::mouseMoveTo(int, int) () at /app/webkit/WebKitBuild/Release/lib/libTestRunnerInjectedBundle.so
#38 0x00007f1a22e97d8a in WTR::JSEventSendingController::mouseMoveTo(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) () at /app/webkit/WebKitBuild/Release/lib/libTestRunnerInjectedBundle.so
#39 0x00007f1a7815ce6a in long JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::JSGlobalObject*, JSC::CallFrame*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#40 0x00007f1a31cff027 in  ()
#41 0x00007ffe6ec1d550 in  ()
#42 0x00007f1a780d8bfa in llint_op_call () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#43 0x0000000000000000 in  ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200814/045b3f10/attachment-0001.htm>

More information about the webkit-unassigned mailing list