[Webkit-unassigned] [Bug 272127] New: REGRESSION(277009 at main) fast/text/remove-renderer-and-select-crash.html makes a subsequent test crash: RELEASE_ASSERT(index != notFound) in LayoutIntegration::BoxTree::rendererForLayoutBox

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Apr 3 16:59:38 PDT 2024


https://bugs.webkit.org/show_bug.cgi?id=272127

            Bug ID: 272127
           Summary: REGRESSION(277009 at main)
                    fast/text/remove-renderer-and-select-crash.html makes
                    a subsequent test crash: RELEASE_ASSERT(index !=
                    notFound) in
                    LayoutIntegration::BoxTree::rendererForLayoutBox
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Hironori.Fujii at sony.com
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    zalan at apple.com

After 277009 at main added fast/text/remove-renderer-and-select-crash.html, the subsequent test fast/text/remove-text-node-linebox-not-dirty-crash.html is crashing.

Buildbot: builder WinCairo-64-bit-Release-Tests build 4098 : 277016 at main
https://build.webkit.org/#/builders/728/builds/4098

Regressions: Unexpected crashes (1)
  fast/text/remove-text-node-linebox-not-dirty-crash.html [ Crash ]

STACK_TEXT:  
000000e1`0612d7c0 00007ff9`8e52ac6d : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : WTF!WTFCrash+0xe
000000e1`0612d7f0 00007ff9`8f8e7e83 : 00000000`3c800000 00000000`00000000 000000e1`0612d950 0000027f`6682e0d0 : WebCore!WTFCrashWithInfo+0x1d
000000e1`0612d830 00007ff9`8fd60d85 : 000000e1`0612ddf0 000000e1`0612d920 000000e1`0612dcd0 000000e1`0612de18 : WebCore!WebCore::LayoutIntegration::BoxTree::rendererForLayoutBox+0x133
000000e1`0612d8b0 00007ff9`8fd4089c : 000000e1`0612ddf0 000000e1`0612de18 000000e1`0612dcd0 000000e1`0612de18 : WebCore!WebCore::RenderBlockFlow::positionForPointWithInlineChildren+0xa75
000000e1`0612da30 00007ff9`8fd618b6 : 00000000`00000000 0000fe29`3810c0f5 0000027f`6682d3d0 00000000`00000000 : WebCore!WebCore::RenderBlock::positionForPoint+0x1ac
000000e1`0612dac0 00007ff9`8fd40420 : 000000e1`00000002 0000027f`66954de0 0000027f`669be8a0 00007ff9`8fd4198b : WebCore!WebCore::RenderBlockFlow::positionForPoint+0x16
000000e1`0612db00 00007ff9`8fd40ac9 : 0000027f`44480000 0000027f`228f0000 00000000`00000000 44160000`44480000 : WebCore!WebCore::positionForPointRespectingEditingBoundaries+0x1a0
000000e1`0612db80 00007ff9`8fd618b6 : 00000000`00000000 000000e1`0612de18 000000e1`0612de18 0000027f`667b5eb0 : WebCore!WebCore::RenderBlock::positionForPoint+0x3d9
000000e1`0612dc10 00007ff9`8fd40420 : 000000e1`0612dcc0 00007ff9`8fea433d 000000e1`0612ddf0 00007ff9`8fd4198b : WebCore!WebCore::RenderBlockFlow::positionForPoint+0x16
000000e1`0612dc50 00007ff9`8fd40ac9 : 00000000`00000000 000000e1`0612e3a0 0000027f`667c7120 0000027f`667b5eb0 : WebCore!WebCore::positionForPointRespectingEditingBoundaries+0x1a0
000000e1`0612dcd0 00007ff9`8fd618b6 : 000000e1`0612de18 00000000`00000000 000000e1`0612e3a0 0000027f`667c7120 : WebCore!WebCore::RenderBlock::positionForPoint+0x3d9
000000e1`0612dd60 00007ff9`8f5968d9 : 00000000`00000000 00000000`00000000 000000e1`0612de88 00007ff9`8fb35cfc : WebCore!WebCore::RenderBlockFlow::positionForPoint+0x16
000000e1`0612dda0 00007ff9`8e043b9a : 00000000`00000001 00007ff9`8e28ad3a 0000027f`667b6f60 0000027f`66884920 : WebCore!WebCore::FrameSelection::contains+0x1f9
000000e1`0612df30 00007ff9`8e2dee7d : 0000027f`667b5eb0 00000000`00000001 000000e1`0612e058 0000027f`6a74f5d0 : WebKit2!WebKit::WebHitTestResultData::WebHitTestResultData+0x1aa
000000e1`0612dfb0 00007ff9`8f9e19c8 : 00000000`00000000 00000000`3f800000 3f800000`3f800000 3f800000`00000000 : WebKit2!WebKit::WebChromeClient::mouseDidMoveOverElement+0x9d
000000e1`0612e2b0 00007ff9`8fa1473a : 00000000`00000000 00007ff9`8e043323 00000000`00000000 00000001`8de4ae00 : WebCore!WebCore::Chrome::mouseDidMoveOverElement+0x1a8
000000e1`0612e370 00007ff9`8e346f70 : 00000000`00000000 00000000`00000002 00000000`00000000 000000e1`0612e549 : WebCore!WebCore::EventHandler::mouseMoved+0x11a
000000e1`0612e480 00007ff9`8e3204fb : 00000000`00000000 00007ff9`8e490e00 00000000`00000001 0000027f`6a754d01 : WebKit2!WebKit::WebFrame::handleMouseEvent+0x130
000000e1`0612e550 00007ff9`8dd5bbad : 00000000`00000000 00000000`00000000 00007ff9`8e376230 0000027f`6a754dc0 : WebKit2!WebKit::WebPage::mouseEvent+0x18b
000000e1`0612e610 00007ff9`8dd59595 : 00000000`00000000 00000000`00000000 0000027f`22936aa0 00000000`00000000 : WebKit2!IPC::handleMessageAsync<Messages::WebPage::MouseEvent,WebKit::WebPage,WebKit::WebPage,void (WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >, const WebKit::WebMouseEvent &, std::optional<WTF::Vector<WebKit::SandboxExtensionHandle,0,WTF::CrashOnOverflow,16,WTF::FastMalloc> > &&, WTF::CompletionHandler<void (std::optional<WebKit::WebEventType>, bool, std::optional<WebCore::RemoteUserInputEventData>)> &&)>+0xed
000000e1`0612e760 00007ff9`8e037355 : 0000027f`229453c0 00007ffa`4d4d37eb 0000027f`6a75544f 0000027f`0000003d : WebKit2!WebKit::WebPage::didReceiveWebPageMessage+0x1475
000000e1`0612f390 00007ff9`8e19fd79 : 00000000`00000092 00000000`0000000a 0000fe0d`54ba65c8 00000000`00000000 : WebKit2!IPC::MessageReceiverMap::dispatchMessage+0x185
000000e1`0612f410 00007ff9`8e032205 : 0000027f`66a51450 0000027f`228f0000 00000000`00000000 00000000`00000401 : WebKit2!WebKit::WebProcess::didReceiveMessage+0x19
000000e1`0612f450 00007ff9`8e03238c : 00000000`00000401 00000000`00000000 00000000`00000000 00007ffa`4f8b8603 : WebKit2!IPC::Connection::dispatchMessage+0xf5
000000e1`0612f4a0 00007ff9`b87e069e : 0000027f`2515f940 00007ffa`00000000 00000000`00000000 00000000`000a12e4 : WebKit2!IPC::Connection::dispatchOneIncomingMessage+0xec
000000e1`0612f500 00007ff9`b884a088 : 00000000`000a12e4 00000000`00000000 0000027f`22916630 00007ff9`8e59d873 : WTF!WTF::RunLoop::performWork+0x19e
000000e1`0612f550 00007ffa`4f548241 : 000000e1`0612f6d8 00000000`00000000 00000000`00000000 00000000`80000022 : WTF!WTF::RunLoop::RunLoopWndProc+0x38
000000e1`0612f5a0 00007ffa`4f547d01 : 00000000`00000000 00007ff9`b884a050 00000000`000a12e4 000000e1`0612f7a0 : USER32!UserCallWinProcCheckWow+0x2d1
000000e1`0612f700 00007ff9`b884a1ff : 000000e1`0612f7a0 00000000`00000000 00007ffa`4f54a130 000000e1`0612f7a0 : USER32!DispatchMessageWorker+0x1f1
000000e1`0612f780 00007ff9`8dc317bd : 0000027f`00000000 00000000`00000000 0000027f`229010f0 00000000`00000000 : WTF!WTF::RunLoop::run+0x5f
000000e1`0612f800 00007ff6`cd0c100a : 00000000`00000007 00000000`00000001 00000000`00000000 00007ffa`4f8bce70 : WebKit2!WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainWin>+0xad
000000e1`0612f890 00007ff6`cd0c13bc : 00000000`00000000 00007ff6`cd0c1435 0000027f`228a0000 00000000`00000000 : WebKitWebProcess!main+0xa
000000e1`0612f8c0 00007ffa`4d72257d : 00000000`00000000 00000000`00000000 000000e1`063d4000 00000000`00000000 : WebKitWebProcess!__scrt_common_main_seh+0x10c
000000e1`0612f900 00007ffa`4f8eaa58 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1d
000000e1`0612f930 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x28

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240403/b63299b8/attachment-0001.htm>


More information about the webkit-unassigned mailing list