[Webkit-unassigned] [Bug 178865] New: ASSERTION FAILED: !renderer->needsLayout() in WebCore::RenderBlock::checkPositionedObjectsNeedLayout
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 26 06:44:24 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=178865
Bug ID: 178865
Summary: ASSERTION FAILED: !renderer->needsLayout() in
WebCore::RenderBlock::checkPositionedObjectsNeedLayout
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Layout and Rendering
Assignee: webkit-unassigned at lists.webkit.org
Reporter: hodovan at inf.u-szeged.hu
CC: bfulgham at webkit.org, simon.fraser at apple.com,
zalan at apple.com
Created attachment 325005
--> https://bugs.webkit.org/attachment.cgi?id=325005&action=review
Test
Load the attached test with debug WebKitTestRunner:
<math style="transform: matrix(266, 638, -645, 889, 768, 735)">
<mi>
<a>
<a style="position: absolute;"></a>
</a>
</mi>
</math>
Checked version: 9e82982
OS: macOS Sierra (10.12.5)
Backtrace:
ASSERTION FAILED: !renderer->needsLayout()
WebKit/Source/WebCore/rendering/RenderBlock.cpp(3625) : void WebCore::RenderBlock::checkPositionedObjectsNeedLayout()
1 0x12d2ad321 WTFCrash
2 0x10c1194f7 WebCore::RenderBlock::checkPositionedObjectsNeedLayout()
3 0x10c79e49f WebCore::RenderObject::checkBlockPositionedObjectsNeedLayout()
4 0x10c79e411 WebCore::RenderObject::clearNeedsLayout()
5 0x10c733372 WebCore::RenderMathMLRow::layoutBlock(bool, WebCore::LayoutUnit)
6 0x10c0cd603 WebCore::RenderBlock::layout()
7 0x10b04e4ac WebCore::RenderElement::layoutIfNeeded()
8 0x10c22235d WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
9 0x10c195306 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
10 0x10c1919dc WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
11 0x10c0cd603 WebCore::RenderBlock::layout()
12 0x10c19f7fb WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
13 0x10c195b2b WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
14 0x10c191a53 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
15 0x10c0cd603 WebCore::RenderBlock::layout()
16 0x10c19f7fb WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
17 0x10c195b2b WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
18 0x10c191a53 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
19 0x10c0cd603 WebCore::RenderBlock::layout()
20 0x10cb8d3d6 WebCore::RenderView::layoutContent(WebCore::LayoutState const&)
21 0x10cb8efea WebCore::RenderView::layout()
22 0x10ad86a1f WebCore::FrameView::layout()
23 0x1112c03a9 WebCore::Document::implicitClose()
24 0x111d82fc5 WebCore::FrameLoader::checkCallImplicitClose()
25 0x111d82706 WebCore::FrameLoader::checkCompleted()
26 0x111d7e4ea WebCore::FrameLoader::finishedParsing()
27 0x1112f46b2 WebCore::Document::finishedParsing()
28 0x10b18e236 WebCore::HTMLConstructionSite::finishedParsing()
29 0x10b55a2c9 WebCore::HTMLTreeBuilder::finished()
30 0x10b216ead WebCore::HTMLDocumentParser::end()
31 0x10b210fe9 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd()
ASAN:DEADLYSIGNAL
=================================================================
==84587==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00012d2ad359 bp 0x7fff5f2b5890 sp 0x7fff5f2b5880 T0)
==84587==The signal is caused by a WRITE memory access.
==84587==WARNING: invalid path to external symbolizer!
==84587==WARNING: Failed to use and restart external symbolizer!
#0 0x12d2ad358 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358)
#1 0x10c1194f6 in WebCore::RenderBlock::checkPositionedObjectsNeedLayout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x212d4f6)
#2 0x10c79e49e in WebCore::RenderObject::checkBlockPositionedObjectsNeedLayout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x27b249e)
#3 0x10c79e410 in WebCore::RenderObject::clearNeedsLayout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x27b2410)
#4 0x10c733371 in WebCore::RenderMathMLRow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2747371)
#5 0x10c0cd602 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x20e1602)
#6 0x10b04e4ab in WebCore::RenderElement::layoutIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x10624ab)
#7 0x10c22235c in WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x223635c)
#8 0x10c195305 in WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x21a9305)
#9 0x10c1919db in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x21a59db)
#10 0x10c0cd602 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x20e1602)
#11 0x10c19f7fa in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x21b37fa)
#12 0x10c195b2a in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x21a9b2a)
#13 0x10c191a52 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x21a5a52)
#14 0x10c0cd602 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x20e1602)
#15 0x10c19f7fa in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x21b37fa)
#16 0x10c195b2a in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x21a9b2a)
#17 0x10c191a52 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x21a5a52)
#18 0x10c0cd602 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x20e1602)
#19 0x10cb8d3d5 in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2ba13d5)
#20 0x10cb8efe9 in WebCore::RenderView::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2ba2fe9)
#21 0x10ad86a1e in WebCore::FrameView::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0xd9aa1e)
#22 0x1112c03a8 in WebCore::Document::implicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72d43a8)
#23 0x111d82fc4 in WebCore::FrameLoader::checkCallImplicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7d96fc4)
#24 0x111d82705 in WebCore::FrameLoader::checkCompleted() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7d96705)
#25 0x111d7e4e9 in WebCore::FrameLoader::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7d924e9)
#26 0x1112f46b1 in WebCore::Document::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x73086b1)
#27 0x10b18e235 in WebCore::HTMLConstructionSite::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x11a2235)
#28 0x10b55a2c8 in WebCore::HTMLTreeBuilder::finished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x156e2c8)
#29 0x10b216eac in WebCore::HTMLDocumentParser::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x122aeac)
#30 0x10b210fe8 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1224fe8)
#31 0x10b210b09 in WebCore::HTMLDocumentParser::prepareToStopParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1224b09)
#32 0x10b216fcc in WebCore::HTMLDocumentParser::attemptToEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x122afcc)
#33 0x10b217107 in WebCore::HTMLDocumentParser::finish() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x122b107)
#34 0x111cd32d7 in WebCore::DocumentWriter::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ce72d7)
#35 0x111cd1793 in WebCore::DocumentLoader::finishedLoading() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ce5793)
#36 0x111cd1163 in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ce5163)
#37 0x111cd1a8b in non-virtual thunk to WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ce5a8b)
#38 0x111f61ee8 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f75ee8)
#39 0x111f5a003 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f6e003)
#40 0x111f5bf92 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f6ff92)
#41 0x111e8cf9f in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ea0f9f)
#42 0x102d00f59 in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23a6f59)
#43 0x102d0d9df in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b39df)
#44 0x102d0d5f8 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebCore::NetworkLoadMetrics>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b35f8)
#45 0x102d0a81f in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b081f)
#46 0x102d0884a in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23ae84a)
#47 0x101301571 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x9a7571)
#48 0x100c7c88a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x32288a)
#49 0x100c60198 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x306198)
#50 0x100c7d5b7 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3235b7)
#51 0x100cbc4bc in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3624bc)
#52 0x100cbc3e8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3623e8)
#53 0x12d3477e2 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3a987e2)
#54 0x12d39ee1e in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3aefe1e)
#55 0x12d39fd78 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3af0d78)
#56 0x7fffa6c5e320 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0xa7320)
#57 0x7fffa6c3f21c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8821c)
#58 0x7fffa6c3e715 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87715)
#59 0x7fffa6c3e113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113)
#60 0x7fffa619eebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb)
#61 0x7fffa619ecf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0)
#62 0x7fffa619eb25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25)
#63 0x7fffa4737a53 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x46a53)
#64 0x7fffa4eb37ed in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7c27ed)
#65 0x7fffa472c3da in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x3b3da)
#66 0x7fffa46f6e0d in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5e0d)
#67 0x7fffbc61f8c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x108c6)
#68 0x7fffbc61e2e3 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf2e3)
#69 0x100940dc0 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x100001dc0)
#70 0x7fffbc3c6234 in start (/usr/lib/system/libdyld.dylib:x86_64+0x5234)
==84587==Register values:
rax = 0x00000000bbadbeef rbx = 0x00007fff5f2b5900 rcx = 0x00000000bbadbeef rdx = 0x0000000000000000
rdi = 0x00001fffebe56ac8 rsi = 0x0000000000000000 rbp = 0x00007fff5f2b5890 rsp = 0x00007fff5f2b5880
r8 = 0x0000000000000041 r9 = 0x0000200000000000 r10 = 0x0000000000000000 r11 = 0xffffffffffffffff
r12 = 0xf204f201f1f1f104 r13 = 0x0000100000000000 r14 = 0x00007fff5f2b5a90 r15 = 0x00007fff5f2b5aa0
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358) in WTFCrash
==84587==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 84587)
LEAK: 1 WebProcessPool
LEAK: 1 WebPageProxy
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171026/73a841d9/attachment-0001.html>
More information about the webkit-unassigned
mailing list