Bug 245900

Summary: REGRESSION(254969@main): [ GTK macOS Debug ] fast/inline/inline-box-adjust-position-crash2.html is a constant crash
Product: WebKit Reporter: Hercules Hjalmarsson <hhjalmarsson>
Component: New BugsAssignee: zalan <zalan>
Status: RESOLVED FIXED    
Severity: Normal CC: changseok, esprehn+autocc, ews-watchlist, glenn, koivisto, kondapallykalyan, pdr, webkit-bot-watchers-bugzilla, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
koivisto: review+, zalan: commit-queue-
Patch none

Description Hercules Hjalmarsson 2022-09-30 14:13:00 PDT 
fast/inline/inline-box-adjust-position-crash2.html

Is a constant crash on macOS & GTK ToT and since 254969@main.

HISTORY:
https://results.webkit.org/?suite=layout-tests&test=fast/inline/inline-box-adjust-position-crash2.html

DIFF:
ASSERTION FAILED: !renderer->needsLayout()
rendering/RenderBlock.cpp(3152) : void WebCore::RenderBlock::checkPositionedObjectsNeedLayout()
1   0x7ff7b2d9b580 (null)
2   0x20cf400f5 (null)
3   0x1f0aaf8745 (null)
4   0x7ff7b2d9b580 (null)
5   0x7ff7b2d9b538 (null)
6   0x7ff7b2d9b550 (null)
7   0x20aaf88df WTFPrintBacktrace
8   0x7ff7b2d9b550 (null)
9   0x20d926840 vtable for CrashLogPrintStream
10  0x1fb2d9b56c (null)
11  0x7ff7b2d9b580 (null)
12  0x7ff7b2d9b680 (null)
13  0x20aaf887f WTFReportBacktrace
14  0x7ff7b2d9b580 (null)
15  0x21e2350061 (null)
16  0x20abc3a9f WTFGetBacktrace
17  0x20aaf8866 WTFReportBacktrace
18  0x20aaf8969 WTFCrash
19  0x1bb198ebb WTFCrashWithInfo(int, char const*, char const*, int)
20  0x1bfe5bcf6 WebCore::RenderBlock::checkPositionedObjectsNeedLayout()
21  0x1c000aa1c WebCore::RenderObject::checkBlockPositionedObjectsNeedLayout()
22  0x1c000a96b WebCore::RenderObject::clearNeedsLayout()
23  0x1bfe637fc WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
24  0x1bfe47f48 WebCore::RenderBlock::layout()
25  0x1c008f2ee WebCore::RenderView::layout()
26  0x1bf4f4d25 WebCore::FrameViewLayoutContext::performLayout()
27  0x1bf4f4534 WebCore::FrameViewLayoutContext::layout()
28  0x1bf4c503d WebCore::FrameView::updateContentsSize()
29  0x1bf72f2b0 WebCore::ScrollView::updateScrollbars(WebCore::IntPoint const&)
30  0x1bf730caa WebCore::ScrollView::setContentsSize(WebCore::IntSize const&)
31  0x1bf4b58a6 WebCore::FrameView::setContentsSize(WebCore::IntSize const&)
com.apple.WebKit.WebContent.Development terminated (pid 46712) for reason: crash
Comment 1 Radar WebKit Bug Importer 2022-09-30 14:13:23 PDT 
<rdar://problem/100636927>
Comment 2 Hercules Hjalmarsson 2022-09-30 14:15:04 PDT 
This issue can be bisected to 254969@main using command:

run-webkit-tests --debug --iterations=2 fast/inline/inline-box-adjust-position-crash2.html
Comment 3 EWS 2022-09-30 14:30:42 PDT 
Test gardening commit 255048@main (44984d73a568): <https://commits.webkit.org/255048@main>

Reviewed commits have been landed. Closing PR #4881 and removing active labels.
Comment 4 Hercules Hjalmarsson 2022-09-30 14:37:11 PDT 
Worth mentioning incase missed:

This is only happening on macOS & GTK Debug queues.
Comment 5 zalan 2022-10-01 18:32:50 PDT 
Created attachment 462758 [details]
Patch
Comment 6 zalan 2022-10-02 10:40:58 PDT 
Created attachment 462764 [details]
Patch
Comment 7 EWS 2022-10-02 15:38:44 PDT 
Committed 255077@main (0e5e84c508f7): <https://commits.webkit.org/255077@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 462764 [details].