[Webkit-unassigned] [Bug 151605] New: ASSERTION FAILED: !newRelayoutRoot.container() || !newRelayoutRoot.container()->needsLayout() in WebCore::FrameView::scheduleRelayoutOfSubtree

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Nov 25 07:55:31 PST 2015


https://bugs.webkit.org/show_bug.cgi?id=151605

            Bug ID: 151605
           Summary: ASSERTION FAILED: !newRelayoutRoot.container() ||
                    !newRelayoutRoot.container()->needsLayout() in
                    WebCore::FrameView::scheduleRelayoutOfSubtree
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rhodovan.u-szeged at partner.samsung.com
                CC: akling at apple.com, andersca at apple.com,
                    simon.fraser at apple.com
            Blocks: 116980

Created attachment 266164
  --> https://bugs.webkit.org/attachment.cgi?id=266164&action=review
Test

Load the attached test with debug MiniBrowser:

<script>
window.onload = function() {
    window.scrollTo(0,document.body.scrollHeight);
    v_0 = document.getElementById('id_0');
    v_0.removeChild(v_0.childNodes[0]);
    location.reload();
}
</script>
<style>
*{
    -webkit-columns: 55px 87;
    overflow-y: scroll;
    -webkit-background-composite: source-out;
    width: 0%
}
*|* {
    display: inline-flex;
}
</style>
<summary id="id_0">
    aa
    <progress></progress>
</summary>

OS: Ubuntu 15.10 x86_64
Checked build: debug EFL
Checked version: 79922a5


Backtrace:

ASSERTION FAILED: !newRelayoutRoot.container() || !newRelayoutRoot.container()->needsLayout()
../../Source/WebCore/page/FrameView.cpp(2660) : void WebCore::FrameView::scheduleRelayoutOfSubtree(WebCore::RenderElement&)
1   0x7f12d1d6982c WTFCrash
2   0x7f12d089fc42 WebCore::FrameView::scheduleRelayoutOfSubtree(WebCore::RenderElement&)
3   0x7f12d0c61f9c
4   0x7f12d0c6235c WebCore::RenderObject::markContainingBlocksForLayout(WebCore::ScheduleRelayout, WebCore::RenderElement*)
5   0x7f12d0209076 WebCore::RenderObject::setNeedsLayout(WebCore::MarkingBehavior)
6   0x7f12d030249f WebCore::RenderObject::setNeedsLayoutAndPrefWidthsRecalc()
7   0x7f12d0b6d1ca WebCore::RenderElement::removeChildInternal(WebCore::RenderObject&, WebCore::RenderElement::NotifyChildrenType)
8   0x7f12d0b6cc34 WebCore::RenderElement::removeChild(WebCore::RenderObject&)
9   0x7f12d0abda12 WebCore::RenderBlock::removeChild(WebCore::RenderObject&)
10  0x7f12d0afd091 WebCore::RenderBlockFlow::removeChild(WebCore::RenderObject&)
11  0x7f12d0c61755 WebCore::RenderObject::removeFromParent()
12  0x7f12d0c65d51 WebCore::RenderObject::willBeDestroyed()
13  0x7f12d0b6ee77 WebCore::RenderElement::willBeDestroyed()
14  0x7f12d0b495f9 WebCore::RenderBoxModelObject::willBeDestroyed()
15  0x7f12d0aeab0d WebCore::RenderBlockFlow::willBeDestroyed()
16  0x7f12d0c664ac WebCore::RenderObject::destroy()
17  0x7f12d0c6646f WebCore::RenderObject::destroyAndCleanupAnonymousWrappers()
18  0x7f12d0da1817
19  0x7f12d0da15af
20  0x7f12d0da17ed
21  0x7f12d0da15af
22  0x7f12d0da17ed
23  0x7f12d0da15af
24  0x7f12d0da15f0
25  0x7f12d0da17dc
26  0x7f12d0da16e1
27  0x7f12d0da17b2
28  0x7f12d0da15af
29  0x7f12d0da15f0
30  0x7f12d0da17dc
31  0x7f12d0da1d12
Aborted (core dumped)

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f12d1d69831 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321     *(int *)(uintptr_t)0xbbadbeef = 0;
[Current thread is 1 (Thread 0x7f12d58b6a80 (LWP 10734))]
#0  0x00007f12d1d69831 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007f12d089fc42 in WebCore::FrameView::scheduleRelayoutOfSubtree (this=0x7f12b140c000, newRelayoutRoot=...) at ../../Source/WebCore/page/FrameView.cpp:2660
#2  0x00007f12d0c61f9c in WebCore::scheduleRelayoutForSubtree (renderer=...) at ../../Source/WebCore/rendering/RenderObject.cpp:588
#3  0x00007f12d0c6235c in WebCore::RenderObject::markContainingBlocksForLayout (this=0x7f12b17b7a10, scheduleRelayout=WebCore::ScheduleRelayout::Yes, newRoot=0x0) at ../../Source/WebCore/rendering/RenderObject.cpp:645
#4  0x00007f12d0209076 in WebCore::RenderObject::setNeedsLayout (this=0x7f12b17b7a10, markParents=WebCore::MarkContainingBlockChain) at ../../Source/WebCore/rendering/RenderObject.h:1082
#5  0x00007f12d030249f in WebCore::RenderObject::setNeedsLayoutAndPrefWidthsRecalc (this=0x7f12b17b7a10) at ../../Source/WebCore/rendering/RenderObject.h:585
#6  0x00007f12d0b6d1ca in WebCore::RenderElement::removeChildInternal (this=0x7f12b17b7958, oldChild=..., notifyChildren=WebCore::RenderElement::NotifyChildren) at ../../Source/WebCore/rendering/RenderElement.cpp:630
#7  0x00007f12d0b6cc34 in WebCore::RenderElement::removeChild (this=0x7f12b17b7958, oldChild=...) at ../../Source/WebCore/rendering/RenderElement.cpp:547
#8  0x00007f12d0abda12 in WebCore::RenderBlock::removeChild (this=0x7f12b17b7958, oldChild=...) at ../../Source/WebCore/rendering/RenderBlock.cpp:745
#9  0x00007f12d0afd091 in WebCore::RenderBlockFlow::removeChild (this=0x7f12b17b7958, oldChild=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:3806
#10 0x00007f12d0c61755 in WebCore::RenderObject::removeFromParent (this=0x7f12b17b7a10) at ../../Source/WebCore/rendering/RenderObject.cpp:199
#11 0x00007f12d0c65d51 in WebCore::RenderObject::willBeDestroyed (this=0x7f12b17b7a10) at ../../Source/WebCore/rendering/RenderObject.cpp:1527
#12 0x00007f12d0b6ee77 in WebCore::RenderElement::willBeDestroyed (this=0x7f12b17b7a10) at ../../Source/WebCore/rendering/RenderElement.cpp:1114
#13 0x00007f12d0b495f9 in WebCore::RenderBoxModelObject::willBeDestroyed (this=0x7f12b17b7a10) at ../../Source/WebCore/rendering/RenderBoxModelObject.cpp:198
#14 0x00007f12d0aeab0d in WebCore::RenderBlockFlow::willBeDestroyed (this=0x7f12b17b7a10) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:178
#15 0x00007f12d0c664ac in WebCore::RenderObject::destroy (this=0x7f12b17b7a10) at ../../Source/WebCore/rendering/RenderObject.cpp:1702
#16 0x00007f12d0c6646f in WebCore::RenderObject::destroyAndCleanupAnonymousWrappers (this=0x7f12b17b7a10) at ../../Source/WebCore/rendering/RenderObject.cpp:1689
#17 0x00007f12d0da1817 in WebCore::Style::detachRenderTree (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:574
#18 0x00007f12d0da15af in WebCore::Style::detachChildren (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:521
#19 0x00007f12d0da17ed in WebCore::Style::detachRenderTree (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:571
#20 0x00007f12d0da15af in WebCore::Style::detachChildren (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:521
#21 0x00007f12d0da17ed in WebCore::Style::detachRenderTree (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:571
#22 0x00007f12d0da15af in WebCore::Style::detachChildren (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:521
#23 0x00007f12d0da15f0 in WebCore::Style::detachShadowRoot (shadowRoot=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:528
#24 0x00007f12d0da17dc in WebCore::Style::detachRenderTree (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:569
#25 0x00007f12d0da16e1 in WebCore::Style::detachSlotAssignees (slot=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:540
#26 0x00007f12d0da17b2 in WebCore::Style::detachRenderTree (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:566
#27 0x00007f12d0da15af in WebCore::Style::detachChildren (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:521
#28 0x00007f12d0da15f0 in WebCore::Style::detachShadowRoot (shadowRoot=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:528
#29 0x00007f12d0da17dc in WebCore::Style::detachRenderTree (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:569
#30 0x00007f12d0da1d12 in WebCore::Style::resolveLocal (current=..., inheritedStyle=..., renderTreePosition=..., inheritedChange=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:628
#31 0x00007f12d0da2832 in WebCore::Style::resolveTree (current=..., inheritedStyle=..., renderTreePosition=..., change=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:843
#32 0x00007f12d0da25e9 in WebCore::Style::resolveChildren (current=..., inheritedStyle=..., change=WebCore::Style::NoChange, childRenderTreePosition=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:800
#33 0x00007f12d0da2925 in WebCore::Style::resolveTree (current=..., inheritedStyle=..., renderTreePosition=..., change=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:857
#34 0x00007f12d0da25e9 in WebCore::Style::resolveChildren (current=..., inheritedStyle=..., change=WebCore::Style::NoChange, childRenderTreePosition=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:800
#35 0x00007f12d0da2925 in WebCore::Style::resolveTree (current=..., inheritedStyle=..., renderTreePosition=..., change=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:857
#36 0x00007f12d0da25e9 in WebCore::Style::resolveChildren (current=..., inheritedStyle=..., change=WebCore::Style::NoChange, childRenderTreePosition=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:800
#37 0x00007f12d0da2925 in WebCore::Style::resolveTree (current=..., inheritedStyle=..., renderTreePosition=..., change=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:857
#38 0x00007f12d0da2bf5 in WebCore::Style::resolveTree (document=..., change=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:903
#39 0x00007f12d02ea87b in WebCore::Document::recalcStyle (this=0x7f12b141d900, change=WebCore::Style::NoChange) at ../../Source/WebCore/dom/Document.cpp:1841
#40 0x00007f12d02eabb7 in WebCore::Document::updateStyleIfNeeded (this=0x7f12b141d900) at ../../Source/WebCore/dom/Document.cpp:1892
#41 0x00007f12d02eda07 in WebCore::Document::implicitClose (this=0x7f12b141d900) at ../../Source/WebCore/dom/Document.cpp:2700
#42 0x00007f12d075be91 in WebCore::FrameLoader::checkCallImplicitClose (this=0x7f12b16e4098) at ../../Source/WebCore/loader/FrameLoader.cpp:861
#43 0x00007f12d075bbc1 in WebCore::FrameLoader::checkCompleted (this=0x7f12b16e4098) at ../../Source/WebCore/loader/FrameLoader.cpp:807
#44 0x00007f12d075b937 in WebCore::FrameLoader::finishedParsing (this=0x7f12b16e4098) at ../../Source/WebCore/loader/FrameLoader.cpp:728
#45 0x00007f12d02f7bb4 in WebCore::Document::finishedParsing (this=0x7f12b141d900) at ../../Source/WebCore/dom/Document.cpp:4897
#46 0x00007f12d16917ab in WebCore::HTMLConstructionSite::finishedParsing (this=0x7f12b16fe6e0) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:403
#47 0x00007f12d0651db2 in WebCore::HTMLTreeBuilder::finished (this=0x7f12b16fe6c0) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2937
#48 0x00007f12d06220a8 in WebCore::HTMLDocumentParser::end (this=0x7f12b1448cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:393
#49 0x00007f12d0622176 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7f12b1448cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:402
#50 0x00007f12d0620e6b in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7f12b1448cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:132
#51 0x00007f12d06221b1 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7f12b1448cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:414
#52 0x00007f12d0622261 in WebCore::HTMLDocumentParser::finish (this=0x7f12b1448cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:442
#53 0x00007f12d0747166 in WebCore::DocumentWriter::end (this=0x7f12b142ef20) at ../../Source/WebCore/loader/DocumentWriter.cpp:247
#54 0x00007f12d073060a in WebCore::DocumentLoader::finishedLoading (this=0x7f12b142ee80, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:437
#55 0x00007f12d0730364 in WebCore::DocumentLoader::notifyFinished (this=0x7f12b142ee80, resource=0x7f12b14261c0) at ../../Source/WebCore/loader/DocumentLoader.cpp:384
#56 0x00007f12d07dcd0d in WebCore::CachedResource::checkNotify (this=0x7f12b14261c0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:297
#57 0x00007f12d07dce22 in WebCore::CachedResource::finishLoading (this=0x7f12b14261c0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:313
#58 0x00007f12d07d9044 in WebCore::CachedRawResource::finishLoading (this=0x7f12b14261c0, data=0x7f12b17bf900) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:103
#59 0x00007f12d07a11a1 in WebCore::SubresourceLoader::didFinishLoading (this=0x7f12b142fa80, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:372
#60 0x00007f12d079bbe7 in WebCore::ResourceLoader::didFinishLoading (this=0x7f12b142fa80, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:638
#61 0x00007f12d0fa5b45 in WebCore::readCallback (asyncResult=0xb681a0, data=0x7f12b17be740) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1341
#62 0x00007f12c8b684e6 in async_ready_callback_wrapper (source_object=0xa7c5b0, res=0xb681a0, user_data=0x7f12b17be740) at ginputstream.c:523
#63 0x00007f12c8b8ea04 in g_task_return_now (task=0xb681a0) at gtask.c:1077
#64 0x00007f12c8b8ea29 in complete_in_idle_cb (task=0xb681a0) at gtask.c:1086
#65 0x00007f12c85c472a in g_main_dispatch (context=0xa766a0) at gmain.c:3064
#66 g_main_context_dispatch (context=context at entry=0xa766a0) at gmain.c:3663
#67 0x00007f12c9f1bb50 in _ecore_glib_select__locked (ecore_timeout=<optimized out>, efds=0x7ffcdbb51070, wfds=0x7ffcdbb50ff0, rfds=0x7ffcdbb50f70, ecore_fds=<optimized out>, ctx=<optimized out>) at lib/ecore/ecore_glib.c:175
#68 _ecore_glib_select (ecore_fds=<optimized out>, rfds=0x7ffcdbb50f70, wfds=0x7ffcdbb50ff0, efds=0x7ffcdbb51070, ecore_timeout=<optimized out>) at lib/ecore/ecore_glib.c:208
#69 0x00007f12c9f1eb8c in _ecore_main_select (timeout=<optimized out>) at lib/ecore/ecore_main.c:1481
#70 0x00007f12c9f1f665 in _ecore_main_loop_iterate_internal (once_only=once_only at entry=0) at lib/ecore/ecore_main.c:1913
#71 0x00007f12c9f1f827 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:988
#72 0x00007f12d1dc7ebb in WTF::RunLoop::run () at ../../Source/WTF/wtf/efl/RunLoopEfl.cpp:49
#73 0x00007f12d0068f7a in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7ffcdbb514d8) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#74 0x00007f12d0068b88 in WebKit::WebProcessMainUnix (argc=2, argv=0x7ffcdbb514d8) at ../../Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:161
#75 0x000000000040089a in main (argc=2, argv=0x7ffcdbb514d8) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151125/10fa00ab/attachment-0001.html>


More information about the webkit-unassigned mailing list