Bug 246880 - STP Regression: Crash in rendererForLayoutBox
Summary: STP Regression: Crash in rendererForLayoutBox
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: Safari Technology Preview
Hardware: Mac (Apple Silicon) macOS 12
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2022-10-21 13:07 PDT by Jon
Modified: 2022-11-07 15:12 PST (History)
4 users (show)

See Also:

Attachments
Crash log (5.96 KB, application/zip)
2022-10-21 13:07 PDT, Jon 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jon 2022-10-21 13:07:41 PDT 
Created attachment 463159 [details]
Crash log

I don't know when it started, but STP 156 currently crashes on a private GitHub Enterprise org page (https://github.com/someorg). This doesn't occur with normal orgs, just a private Enterprise org I was just added to. Regular Safari 16 works fine. Here's the full crashing stack, I'm attaching the full report.

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   WebCore                       	       0x1100f9e08 WTFCrashWithInfo(int, char const*, char const*, int) + 20
1   WebCore                       	       0x11184f110 WebCore::LayoutIntegration::BoxTree::rendererForLayoutBox(WebCore::Layout::Box const&) + 124
2   WebCore                       	       0x111e8b8e8 WebCore::TextBoxPainter<WebCore::InlineIterator::BoxModernPath>::TextBoxPainter(WebCore::InlineIterator::BoxModernPath&&, WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 96
3   WebCore                       	       0x111e98e34 WebCore::ModernTextBoxPainter::ModernTextBoxPainter(WebCore::LayoutIntegration::InlineContent const&, WebCore::InlineDisplay::Box const&, WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 140
4   WebCore                       	       0x111865024 WebCore::LayoutIntegration::InlineContentPainter::paintDisplayBox(WebCore::InlineDisplay::Box const&) + 668
5   WebCore                       	       0x111865400 WebCore::LayoutIntegration::InlineContentPainter::paint() + 372
6   WebCore                       	       0x111d66360 WebCore::RenderBlockFlow::paintInlineChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 180
7   WebCore                       	       0x10ff56ec0 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 416
8   WebCore                       	       0x10ff59fec WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 412
9   WebCore                       	       0x111d9a57c WebCore::RenderElement::paintAsInlineBlock(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 372
10  WebCore                       	       0x1118650cc WebCore::LayoutIntegration::InlineContentPainter::paintDisplayBox(WebCore::InlineDisplay::Box const&) + 836
11  WebCore                       	       0x111865400 WebCore::LayoutIntegration::InlineContentPainter::paint() + 372
12  WebCore                       	       0x111d66360 WebCore::RenderBlockFlow::paintInlineChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 180
13  WebCore                       	       0x10ff56ec0 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 416
14  WebCore                       	       0x10ff59fec WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 412
15  WebCore                       	       0x111d3cdf8 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) + 224
16  WebCore                       	       0x10ff58dfc WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 112
17  WebCore                       	       0x10ff5730c WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1516
18  WebCore                       	       0x10ff59fec WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 412
19  WebCore                       	       0x111d3cdf8 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) + 224
20  WebCore                       	       0x10ff58dfc WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 112
21  WebCore                       	       0x10ff5730c WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1516
22  WebCore                       	       0x10ff59fec WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 412
23  WebCore                       	       0x111d3cdf8 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) + 224
24  WebCore                       	       0x10ff58dfc WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 112
25  WebCore                       	       0x10ff5730c WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1516
26  WebCore                       	       0x10ff59fec WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 412
27  WebCore                       	       0x111d3cdf8 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) + 224
28  WebCore                       	       0x10ff58dfc WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 112
29  WebCore                       	       0x10ff5730c WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1516
30  WebCore                       	       0x10ff59fec WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 412
31  WebCore                       	       0x111d9a57c WebCore::RenderElement::paintAsInlineBlock(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 372
32  WebCore                       	       0x111d3ce78 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) + 352
33  WebCore                       	       0x110018b2c WebCore::RenderFlexibleBox::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 112
34  WebCore                       	       0x10ff5730c WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1516
35  WebCore                       	       0x10ff59fec WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 412
36  WebCore                       	       0x111d3cdf8 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) + 224
37  WebCore                       	       0x10ff58dfc WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 112
38  WebCore                       	       0x10ff5730c WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1516
39  WebCore                       	       0x10ff59fec WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 412
40  WebCore                       	       0x111d3cdf8 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) + 224
41  WebCore                       	       0x10ff58dfc WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 112
42  WebCore                       	       0x10ff5730c WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1516
43  WebCore                       	       0x10ff59fec WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 412
44  WebCore                       	       0x111d3cdf8 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) + 224
45  WebCore                       	       0x10ff58dfc WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 112
46  WebCore                       	       0x10ff5730c WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1516
47  WebCore                       	       0x10ff59fec WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 412
48  WebCore                       	       0x111d3cdf8 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) + 224
49  WebCore                       	       0x10ff58dfc WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 112
50  WebCore                       	       0x10ff5730c WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1516
51  WebCore                       	       0x10ff59fec WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 412
52  WebCore                       	       0x111d3cdf8 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) + 224
53  WebCore                       	       0x10ff58dfc WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 112
54  WebCore                       	       0x10ff5730c WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1516
55  WebCore                       	       0x10ff59fec WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 412
56  WebCore                       	       0x111d3cdf8 WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) + 224
57  WebCore                       	       0x10ff58dfc WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 112
58  WebCore                       	       0x10ff5730c WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1516
59  WebCore                       	       0x10ff59fec WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 412
60  WebCore                       	       0x111dec6ec WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*) + 436
61  WebCore                       	       0x111de4394 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 2192
62  WebCore                       	       0x111de4618 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 2836
63  WebCore                       	       0x111de1434 WebCore::RenderLayer::paint(WebCore::GraphicsContext&, WebCore::LayoutRect const&, WebCore::LayoutSize const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>, WebCore::RenderLayer::SecurityOriginPaintPolicy, WebCore::EventRegionContext*) + 336
64  WebCore                       	       0x1119a35e4 WebCore::FrameView::paintContents(WebCore::GraphicsContext&, WebCore::IntRect const&, WebCore::Widget::SecurityOriginPaintPolicy, WebCore::EventRegionContext*) + 376
65  WebCore                       	       0x111a8b73c WebCore::ScrollView::paint(WebCore::GraphicsContext&, WebCore::IntRect const&, WebCore::Widget::SecurityOriginPaintPolicy, WebCore::EventRegionContext*) + 1064
66  WebCore                       	       0x111ce6670 WebCore::ContentfulPaintChecker::qualifiesForContentfulPaint(WebCore::FrameView&) + 232
67  WebCore                       	       0x1112fee88 WebCore::Document::enqueuePaintTimingEntryIfNeeded() + 176
68  WebCore                       	       0x1119cdd64 WebCore::Page::forEachDocumentFromMainFrame(WebCore::Frame const&, WTF::Function<void (WebCore::Document&)> const&) + 304
69  WebCore                       	       0x1119c87b4 WebCore::Page::updateRendering() + 2024
70  WebKit                        	       0x107cae784 WebKit::TiledCoreAnimationDrawingArea::updateRendering(WebKit::TiledCoreAnimationDrawingArea::UpdateRenderingType) + 112
71  CoreFoundation                	       0x19d5241a4 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 36
72  CoreFoundation                	       0x19d523ff4 __CFRunLoopDoObservers + 592
73  CoreFoundation                	       0x19d522ad8 CFRunLoopRunSpecific + 684
74  Foundation                    	       0x19e4080c0 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 236
75  Foundation                    	       0x19e498464 -[NSRunLoop(NSRunLoop) run] + 92
76  libxpc.dylib                  	       0x19d1978b4 _xpc_objc_main + 876
77  libxpc.dylib                  	       0x19d1971d0 xpc_main + 108
78  WebKit                        	       0x10792e8e0 WebKit::XPCServiceMain(int, char const**) + 296
79  dyld                          	       0x10495d08c start + 520
Comment 1 Radar WebKit Bug Importer 2022-10-21 13:53:15 PDT 
<rdar://problem/101440194>
Comment 2 zalan 2022-10-21 14:50:50 PDT 
Thank you for filing this crash. Unfortunately I can't repo it with STP 156. -also this may have already been fixed by bug 246771.
Comment 3 Jon 2022-10-21 16:04:20 PDT 
Yes, this won't reproduce on normal GitHub org pages. It only started when I got access to a private Enterprise org on GitHub. All other orgs work fine and project pages within the org work fine as well.

I'll keep an eye on future STPs and see if it's resolved when an STP with the fix mentioned is released.

By the way, it would be great if the STP release notes put out included not just changes, enhancements, and new features, but any bug fixes that are part of the release as well.
Comment 4 Jon 2022-11-07 14:15:29 PST 
This seems fixed on STP 157, or the alert on the org page requiring me to update my email routing was the cause, which I've also fixed.
Comment 5 zalan 2022-11-07 15:12:03 PST 
(In reply to Jon from comment #4)
> This seems fixed on STP 157, or the alert on the org page requiring me to
> update my email routing was the cause, which I've also fixed.
Thanks for confirming it! (I believe it has progressed.)