[Webkit-unassigned] [Bug 208850] beta.music.apple.com hits RenderTreeNeedsLayoutChecker "post-layout: dirty renderer(s)" assert

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 20 15:06:14 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=208850

--- Comment #3 from Tyler Wilcock <twilco.o at protonmail.com> ---
Hello!

Starting from a snapshot of https://beta.music.apple.com/us/playlist/top-100-global/pl.d25f5d1181894928af76c85c967f8f31, I used Lithium[1] to get this minimal reproduction of a crash.

<html>
<head>
  <style>
    .visuallyhidden {
      position: absolute;
      width: 1px;
    }
    .product-page {
      display: flex;
    }
    .product-lockup__artwork {
      position: relative;
    }
    .shelf-grid__list {
      display: grid;
      overflow-x: auto;
      min-height: 140px;
    }
  </style>
</head>
<body>
  <div class="product-page">
    <div class="product-lockup__artwork">
      <span class="visuallyhidden">
        <ul class="shelf-grid__list">
          <button type="button"></button>
        </ul>
      </span>
    </div>
  </div>
</body>
</html>

ERROR: post-layout: dirty renderer(s)
../../Source/WebCore/page/FrameViewLayoutContext.cpp(129) : WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::<lambda(const WebCore::RenderObject&)>

(B)lock/(I)nline/I(N)line-block, (A)bsolute/Fi(X)ed/(R)elative/Stic(K)y, (F)loating, (O)verflow clip, Anon(Y)mous, (G)enerated, has(L)ayer, (C)omposited, (+)Dirty style, (+)Dirty layout
B---YGL- --  RenderView at (0,0) size 800x558 renderer->(0x7fe3e40591c0)
B-----L- --    HTML RenderBlock at (0,0) size 800x558 renderer->(0x7fe3e4059620) node->(0x7fe3e4059470)
B------- --      BODY RenderBody at (8,8) size 784x542 renderer->(0x7fe3e4059740) node->(0x7fe3e4059590)
B------- --        DIV RenderFlexibleBox at (0,0) size 784x0 renderer->(0x7fe3e405aeb0) node->(0x7fe3e405aa80)
BR----L- -+*         DIV RenderBlock at (0,0) size 0x0 renderer->(0x7fe3e405b060) node->(0x7fe3e405ab70) layout->[positioned child]
BA----L- -+            SPAN RenderBlock at (0,0) size 1x172 renderer->(0x7fe3e405b180) node->(0x7fe3e405ac60) layout->[normal child]
B--O--L- --              UL RenderGrid at (0,16) size 40x140 renderer->(0x7fe3e405b2a0) node->(0x7fe3e405ad50)
B------- --                BUTTON RenderButton at (42,2) size 16x136 renderer->(0x7fe3e405b5d0) node->(0x7fe3e405ade0)

SHOULD NEVER BE REACHED
../../Source/WebCore/page/FrameViewLayoutContext.cpp(131) : WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()::<lambda(const WebCore::RenderObject&)>
1   0x7fe3ef115d79 WTFCrash
2   0x7fe3fc1cf8f7 WTF::CrashOnOverflow::overflowed()
3   0x7fe3ff437273 /app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0xe9f3273) [0x7fe3ff437273]
4   0x7fe3ff4372fd WebCore::RenderTreeNeedsLayoutChecker::~RenderTreeNeedsLayoutChecker()
5   0x7fe3ff42d45b WebCore::FrameViewLayoutContext::layout()
6   0x7fe3fe9b488b WebCore::Document::implicitClose()
7   0x7fe3ff23f85d WebCore::FrameLoader::checkCallImplicitClose()
8   0x7fe3ff23f59d WebCore::FrameLoader::checkCompleted()
9   0x7fe3ff23f232 WebCore::FrameLoader::finishedParsing()
10  0x7fe3fe9c1bf0 WebCore::Document::finishedParsing()
11  0x7fe3fef703a3 WebCore::HTMLConstructionSite::finishedParsing()
12  0x7fe3fefac832 WebCore::HTMLTreeBuilder::finished()
13  0x7fe3fef7482a WebCore::HTMLDocumentParser::end()
14  0x7fe3fef74902 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd()
15  0x7fe3fef7337c WebCore::HTMLDocumentParser::prepareToStopParsing()
16  0x7fe3fef7493d WebCore::HTMLDocumentParser::attemptToEnd()
17  0x7fe3fef749ed WebCore::HTMLDocumentParser::finish()
18  0x7fe3ff22fe4e WebCore::DocumentWriter::end()
19  0x7fe3ff1faf67 WebCore::DocumentLoader::finishedLoading()
20  0x7fe3ff1fa9cb WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&)
21  0x7fe3ff312003 WebCore::CachedResource::checkNotify()
22  0x7fe3ff31210a WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*)
23  0x7fe3ff30dbf8 WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*)
24  0x7fe3ff2bc59b WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&)
25  0x7fe3fd13f153 WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&)
26  0x7fe3fc5f2ce2 void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::tuple<WebCore::NetworkLoadMetrics>&&, std::integer_sequence<unsigned long, 0ul>)
27  0x7fe3fc5f23cc void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::tuple<WebCore::NetworkLoadMetrics>, std::integer_sequence<unsigned long, 0ul> >(std::tuple<WebCore::NetworkLoadMetrics>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&))
28  0x7fe3fc5f194a void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&))
29  0x7fe3fc5f0c1e WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&)
30  0x7fe3fd0fd019 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
31  0x7fe3fc969da7 IPC::Connection::dispatchMessage(IPC::Decoder&)

[1]: https://github.com/MozillaSecurity/lithium/

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200420/b0415f73/attachment.htm>

More information about the webkit-unassigned mailing list