[Webkit-unassigned] [Bug 202805] New: Various test-cases from Gecko assert with ASSERTION FAILED: layoutState->renderer() == this.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 10 10:39:18 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=202805

            Bug ID: 202805
           Summary: Various test-cases from Gecko assert with ASSERTION
                    FAILED: layoutState->renderer() == this.
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: emilio at crisal.io
                CC: koivisto at iki.fi

On master (247b0314320d499ae788b6ea993aa1d98e2d607e / r250962), WebKitGTK build.

The following files when ran locally fail the assertion in:

 * https://webkit-search.igalia.com/webkit/rev/3994522544ee5be18e96c34640528f8a27462ee4/Source/WebCore/rendering/RenderBlock.cpp#2895

Note that you may need to download them and run locally, otherwise CSP won't execute scripts (if any).

 * https://hg.mozilla.org/mozilla-central/raw-file/tip/layout/generic/crashtests/691210.html
 * https://hg.mozilla.org/mozilla-central/raw-file/tip/layout/generic/crashtests/724978.xhtml
 * https://hg.mozilla.org/mozilla-central/raw-file/tip/layout/generic/crashtests/1015844.html

It looks rather harmless (wrong layout?), but worth filing.

ASSERTION FAILED: layoutState->renderer() == this
../../Source/WebCore/rendering/RenderBlock.cpp(2911) : virtual WebCore::LayoutUnit WebCore::RenderBlock::offsetFromLogicalTopOfFirstPage() const
1   0x7f84b4c693d3 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x9) [0x7f84b4c693d3]
2   0x7f84c09125f2 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF15CrashOnOverflow10overflowedEv+0) [0x7f84c09125f2]
3   0x7f84c3a883be /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNK7WebCore11RenderBlock31offsetFromLogicalTopOfFirstPageEv+0xf4) [0x7f84c3a883be]
4   0x7f84c3a888c2 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNK7WebCore11RenderBlock32estimateFragmentRangeForBoxChildERKNS_9RenderBoxE+0xca) [0x7f84c3a888c2]
5   0x7f84c3a7e80c /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore11RenderBlock22layoutPositionedObjectERNS_9RenderBoxEbb+0x2c) [0x7f84c3a7e80c]
6   0x7f84c3a7ebce /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore11RenderBlock23layoutPositionedObjectsEbb+0xae) [0x7f84c3a7ebce]
7   0x7f84c3a8d6a7 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore15RenderBlockFlow11layoutBlockEbNS_10LayoutUnitE+0x863) [0x7f84c3a8d6a7]
8   0x7f84c3a9b64d /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore15RenderBlockFlow21relayoutForPaginationEv+0x151) [0x7f84c3a9b64d]
9   0x7f84c3a8d2fa /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore15RenderBlockFlow11layoutBlockEbNS_10LayoutUnitE+0x4b6) [0x7f84c3a8d2fa]
10  0x7f84c3a7ce84 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore11RenderBlock6layoutEv+0x56) [0x7f84c3a7ce84]
11  0x7f84c3a8e228 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore15RenderBlockFlow16layoutBlockChildERNS_9RenderBoxERNS0_10MarginInfoERNS_10LayoutUnitES6_+0x39c) [0x7f84c3a8e228]
12  0x7f84c3a8dd45 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore15RenderBlockFlow19layoutBlockChildrenEbRNS_10LayoutUnitE+0x20b) [0x7f84c3a8dd45]
13  0x7f84c3a8d1cd /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore15RenderBlockFlow11layoutBlockEbNS_10LayoutUnitE+0x389) [0x7f84c3a8d1cd]
14  0x7f84c3a7ce84 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore11RenderBlock6layoutEv+0x56) [0x7f84c3a7ce84]
15  0x7f84c3a8e228 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore15RenderBlockFlow16layoutBlockChildERNS_9RenderBoxERNS0_10MarginInfoERNS_10LayoutUnitES6_+0x39c) [0x7f84c3a8e228]
16  0x7f84c3a8dd45 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore15RenderBlockFlow19layoutBlockChildrenEbRNS_10LayoutUnitE+0x20b) [0x7f84c3a8dd45]
17  0x7f84c3a8d1cd /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore15RenderBlockFlow11layoutBlockEbNS_10LayoutUnitE+0x389) [0x7f84c3a8d1cd]
18  0x7f84c3a7ce84 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore11RenderBlock6layoutEv+0x56) [0x7f84c3a7ce84]
19  0x7f84c3b3f948 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore20RenderFragmentedFlow6layoutEv+0x7e) [0x7f84c3b3f948]
20  0x7f84c3c02ffe /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore21RenderMultiColumnFlow6layoutEv+0xc2) [0x7f84c3c02ffe]
21  0x7f84c3a9c282 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore15RenderBlockFlow22layoutExcludedChildrenEb+0x114) [0x7f84c3a9c282]
22  0x7f84c3a8dc22 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore15RenderBlockFlow19layoutBlockChildrenEbRNS_10LayoutUnitE+0xe8) [0x7f84c3a8dc22]
23  0x7f84c3a8d1cd /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore15RenderBlockFlow11layoutBlockEbNS_10LayoutUnitE+0x389) [0x7f84c3a8d1cd]
24  0x7f84c3a7ce84 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore11RenderBlock6layoutEv+0x56) [0x7f84c3a7ce84]
25  0x7f84c3a8e228 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore15RenderBlockFlow16layoutBlockChildERNS_9RenderBoxERNS0_10MarginInfoERNS_10LayoutUnitES6_+0x39c) [0x7f84c3a8e228]
26  0x7f84c3a8dd45 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore15RenderBlockFlow19layoutBlockChildrenEbRNS_10LayoutUnitE+0x20b) [0x7f84c3a8dd45]
27  0x7f84c3a8d1cd /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore15RenderBlockFlow11layoutBlockEbNS_10LayoutUnitE+0x389) [0x7f84c3a8d1cd]
28  0x7f84c3a7ce84 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore11RenderBlock6layoutEv+0x56) [0x7f84c3a7ce84]
29  0x7f84c3ca9701 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore10RenderView6layoutEv+0x42d) [0x7f84c3ca9701]
30  0x7f84c3598a28 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore22FrameViewLayoutContext6layoutEv+0x7ce) [0x7f84c3598a28]
31  0x7f84c2cbdcf8 /home/emilio/src/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore8Document13implicitCloseEv+0x494) [0x7f84c2cbdcf8]

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191010/9d9313fd/attachment-0001.html>

More information about the webkit-unassigned mailing list