[Webkit-unassigned] [Bug 244580] ASSERTION FAILED: isPlaced() : WebCore::LayoutUnit WebCore::FloatingObject::maxY() const

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed May 31 09:26:32 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=244580

--- Comment #23 from Claudio Saavedra <csaavedra at igalia.com> ---
I've checked asan and not asan builds, as well as Debug builds in Mac and GTK. The only crashes I found were both in Debug builds, in Mac and GTK. There are no crashes with the original large test in Release builds, asan or not.

Here is the trace for Debug GTK:

#0  WTFCrash() () at /app/webkit/Source/WTF/wtf/Assertions.cpp:327
#1  0x00007ff15e2b7636 in WebCore::RenderLayer::recursiveUpdateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsAfterScrollFlag>)
    (this=0x7ff0b6048b50, geometryMap=0x7ffc449b40b0, flags=...) at /app/webkit/Source/WebCore/rendering/RenderLayer.cpp:1245
#2  0x00007ff15e2b7661 in WebCore::RenderLayer::recursiveUpdateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsAfterScrollFlag>)
    (this=0x7ff0b6038660, geometryMap=0x7ffc449b40b0, flags=...) at /app/webkit/Source/WebCore/rendering/RenderLayer.cpp:1249
#3  0x00007ff15e2b7661 in WebCore::RenderLayer::recursiveUpdateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsAfterScrollFlag>)
    (this=0x7ff0b6002c70, geometryMap=0x7ffc449b40b0, flags=...) at /app/webkit/Source/WebCore/rendering/RenderLayer.cpp:1249
#4  0x00007ff15e2b7661 in WebCore::RenderLayer::recursiveUpdateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsAfterScrollFlag>)
    (this=0x7ff0b6000c80, geometryMap=0x7ffc449b40b0, flags=...) at /app/webkit/Source/WebCore/rendering/RenderLayer.cpp:1249
#5  0x00007ff15e2b7193 in WebCore::RenderLayer::updateLayerPositionsAfterDocumentScroll() (this=0x7ff0b6000c80) at /app/webkit/Source/WebCore/rendering/RenderLayer.cpp:1200
#6  0x00007ff15d90e31f in WebCore::LocalFrameView::updateLayerPositionsAfterScrolling() (this=0x7ff0b60000b0) at /app/webkit/Source/WebCore/page/LocalFrameView.cpp:2982
#7  0x00007ff15db819a5 in WebCore::ScrollView::completeUpdatesAfterScrollTo(WebCore::IntSize const&) (this=0x7ff0b60000b0, scrollDelta=...) at /app/webkit/Source/WebCore/platform/ScrollView.cpp:524
#8  0x00007ff15db815b5 in WebCore::ScrollView::handleDeferredScrollUpdateAfterContentSizeChange() (this=0x7ff0b60000b0) at /app/webkit/Source/WebCore/platform/ScrollView.cpp:479
#9  0x00007ff15d9059ae in WebCore::LocalFrameView::didLayout(WTF::WeakPtr<WebCore::RenderElement, WTF::DefaultWeakPtrImpl>) (this=0x7ff0b60000b0, layoutRoot=...)
    at /app/webkit/Source/WebCore/page/LocalFrameView.cpp:1371
#10 0x00007ff15d91e24e in WebCore::LocalFrameViewLayoutContext::performLayout() (this=0x7ff0b6000210) at /app/webkit/Source/WebCore/page/LocalFrameViewLayoutContext.cpp:281
#11 0x00007ff15d91d6e7 in WebCore::LocalFrameViewLayoutContext::layout() (this=0x7ff0b6000210) at /app/webkit/Source/WebCore/page/LocalFrameViewLayoutContext.cpp:173
#12 0x00007ff15d91f2d3 in WebCore::LocalFrameViewLayoutContext::layoutTimerFired() (this=0x7ff0b6000210) at /app/webkit/Source/WebCore/page/LocalFrameViewLayoutContext.cpp:483
#13 0x00007ff15d956694 in std::__invoke_impl<void, void (WebCore::LocalFrameViewLayoutContext::*&)(), WebCore::LocalFrameViewLayoutContext*&>(std::__invoke_memfun_deref, void (WebCore::LocalFrameViewLayoutContext::*&)(), WebCore::LocalFrameViewLayoutContext*&)
    (__f=@0x7ff139204388: (void (WebCore::LocalFrameViewLayoutContext::*)(WebCore::LocalFrameViewLayoutContext * const)) 0x7ff15d91f130 <WebCore::LocalFrameViewLayoutContext::layoutTimerFired()>, __t=@0x7ff139204398: 0x7ff0b6000210) at /usr/include/c++/12.2.0/bits/invoke.h:74
#14 0x00007ff15d956585 in std::__invoke<void (WebCore::LocalFrameViewLayoutContext::*&)(), WebCore::LocalFrameViewLayoutContext*&>(void (WebCore::LocalFrameViewLayoutContext::*&)(), WebCore::LocalFrameViewLayoutContext*&) (__fn=@0x7ff139204388: (void (WebCore::LocalFrameViewLayoutContext::*)(WebCore::LocalFrameViewLayoutContext * const)) 0x7ff15d91f130 <WebCore::LocalFrameViewLayoutContext::layoutTimerFired()>)
    at /usr/include/c++/12.2.0/bits/invoke.h:96
#15 0x00007ff15d95648d in std::_Bind<void (WebCore::LocalFrameViewLayoutContext::*(WebCore::LocalFrameViewLayoutContext*))()>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>)
    (this=0x7ff139204388, __args=...) at /usr/include/c++/12.2.0/functional:484
#16 0x00007ff15d9563d5 in std::_Bind<void (WebCore::LocalFrameViewLayoutContext::*(WebCore::LocalFrameViewLayoutContext*))()>::operator()<, void>() (this=0x7ff139204388)
    at /usr/include/c++/12.2.0/functional:567
#17 0x00007ff15d95637e in WTF::Detail::CallableWrapper<std::_Bind<void (WebCore::LocalFrameViewLayoutContext::*(WebCore::LocalFrameViewLayoutContext*))()>, void>::call() (this=0x7ff139204380)
    at /app/webkit/WebKitBuild/Debug/WTF/Headers/wtf/Function.h:53
#18 0x00007ff1588bbfa9 in WTF::Function<void ()>::operator()() const (this=0x7ff0b6000240) at /app/webkit/WebKitBuild/Debug/WTF/Headers/wtf/Function.h:82
#19 0x00007ff1589c0992 in WebCore::Timer::fired() (this=0x7ff0b6000218) at /app/webkit/WebKitBuild/Debug/WebCore/PrivateHeaders/WebCore/Timer.h:135
#20 0x00007ff15dbb92b2 in WebCore::ThreadTimers::sharedTimerFiredInternal() (this=0x7ff1390f3a50) at /app/webkit/Source/WebCore/platform/ThreadTimers.cpp:127
#21 0x00007ff15dbb8ba3 in operator()() const (__closure=0x7ff139000228) at /app/webkit/Source/WebCore/platform/ThreadTimers.cpp:67
#22 0x00007ff15dbbc068 in WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::<lambda()>, void>::call(void) (this=0x7ff139000220)
    at /app/webkit/WebKitBuild/Debug/WTF/Headers/wtf/Function.h:53
#23 0x00007ff1588bbfa9 in WTF::Function<void ()>::operator()() const (this=0x7ff15f95b1c8 <WebCore::MainThreadSharedTimer::singleton()::instance+8>)
    at /app/webkit/WebKitBuild/Debug/WTF/Headers/wtf/Function.h:82
#24 0x00007ff15db60dd4 in WebCore::MainThreadSharedTimer::fired() (this=0x7ff15f95b1c0 <WebCore::MainThreadSharedTimer::singleton()::instance>)
    at /app/webkit/Source/WebCore/platform/MainThreadSharedTimer.cpp:83
#25 0x00007ff15db66d84 in std::__invoke_impl<void, void (WebCore::MainThreadSharedTimer::*&)(), WebCore::MainThreadSharedTimer*&>(std::__invoke_memfun_deref, void (WebCore::MainThreadSharedTimer::*&)(), WebCore::MainThreadSharedTimer*&)
    (__f=@0x7ff1390f5648: (void (WebCore::MainThreadSharedTimer::*)(WebCore::MainThreadSharedTimer * const)) 0x7ff15db60d4c <WebCore::MainThreadSharedTimer::fired()>, __t=@0x7ff1390f5658: 0x7ff15f95b1c0 <WebCore--Type <RET> for more, q to quit, c to continue without paging--
::MainThreadSharedTimer::singleton()::instance>) at /usr/include/c++/12.2.0/bits/invoke.h:74
#26 0x00007ff15db66cfd in std::__invoke<void (WebCore::MainThreadSharedTimer::*&)(), WebCore::MainThreadSharedTimer*&>(void (WebCore::MainThreadSharedTimer::*&)(), WebCore::MainThreadSharedTimer*&)
    (__fn=@0x7ff1390f5648: (void (WebCore::MainThreadSharedTimer::*)(WebCore::MainThreadSharedTimer * const)) 0x7ff15db60d4c <WebCore::MainThreadSharedTimer::fired()>)
    at /usr/include/c++/12.2.0/bits/invoke.h:96
#27 0x00007ff15db66c73 in std::_Bind<void (WebCore::MainThreadSharedTimer::*(WebCore::MainThreadSharedTimer*))()>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) (this=0x7ff1390f5648, __args=...)
    at /usr/include/c++/12.2.0/functional:484
#28 0x00007ff15db66c05 in std::_Bind<void (WebCore::MainThreadSharedTimer::*(WebCore::MainThreadSharedTimer*))()>::operator()<, void>() (this=0x7ff1390f5648) at /usr/include/c++/12.2.0/functional:567
#29 0x00007ff15db66bce in WTF::Detail::CallableWrapper<std::_Bind<void (WebCore::MainThreadSharedTimer::*(WebCore::MainThreadSharedTimer*))()>, void>::call() (this=0x7ff1390f5640)
    at /app/webkit/WebKitBuild/Debug/WTF/Headers/wtf/Function.h:53
#30 0x00007ff1588bbfa9 in WTF::Function<void ()>::operator()() const (this=0x7ff15f95b1f8 <WebCore::MainThreadSharedTimer::singleton()::instance+56>)
    at /app/webkit/WebKitBuild/Debug/WTF/Headers/wtf/Function.h:82
#31 0x00007ff1589c0aa2 in WTF::RunLoop::Timer::fired() (this=0x7ff15f95b1d0 <WebCore::MainThreadSharedTimer::singleton()::instance+16>) at /app/webkit/WebKitBuild/Debug/WTF/Headers/wtf/RunLoop.h:195
#32 0x00007ff14e1e627d in operator()(gpointer) const (__closure=0x0, userData=0x7ff15f95b1d0 <WebCore::MainThreadSharedTimer::singleton()::instance+16>) at /app/webkit/Source/WTF/wtf/glib/RunLoopGLib.cpp:177
#33 0x00007ff14e1e62bd in _FUN(gpointer) () at /app/webkit/Source/WTF/wtf/glib/RunLoopGLib.cpp:181
#34 0x00007ff14e1e57cf in operator()(GSource*, GSourceFunc, gpointer) const
    (__closure=0x0, source=0x555fa16facf0, callback=0x7ff14e1e62a0 <_FUN(gpointer)>, userData=0x7ff15f95b1d0 <WebCore::MainThreadSharedTimer::singleton()::instance+16>)
    at /app/webkit/Source/WTF/wtf/glib/RunLoopGLib.cpp:53
#35 0x00007ff14e1e581d in _FUN(GSource*, GSourceFunc, gpointer) () at /app/webkit/Source/WTF/wtf/glib/RunLoopGLib.cpp:56
#36 0x00007ff147520c37 in g_main_dispatch (context=0x555fa12132d0) at ../glib/gmain.c:3419
#37 g_main_context_dispatch (context=0x555fa12132d0) at ../glib/gmain.c:4137
#38 0x00007ff147577028 in g_main_context_iterate.constprop.0 (context=0x555fa12132d0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/gmain.c:4213
#39 0x00007ff1475202af in g_main_loop_run (loop=0x555fa1351c70) at ../glib/gmain.c:4413
#40 0x00007ff14e1e5e88 in WTF::RunLoop::run() () at /app/webkit/Source/WTF/wtf/glib/RunLoopGLib.cpp:108
#41 0x00007ff159a45863 in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (this=0x7ffc449b4d40, argc=4, argv=0x7ffc449b4f08)
    at /app/webkit/Source/WebKit/Shared/AuxiliaryProcessMain.h:72
#42 0x00007ff159a45692 in WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk>(int, char**) (argc=4, argv=0x7ffc449b4f08) at /app/webkit/Source/WebKit/Shared/AuxiliaryProcessMain.h:98
#43 0x00007ff159a454c4 in WebKit::WebProcessMain(int, char**) (argc=4, argv=0x7ffc449b4f08) at /app/webkit/Source/WebKit/WebProcess/gtk/WebProcessMainGtk.cpp:98
#44 0x0000555fa0824979 in main(int, char**) (argc=4, argv=0x7ffc449b4f08) at /app/webkit/Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp:31
(gdb) f 0
#0  WTFCrash () at /app/webkit/Source/WTF/wtf/Assertions.cpp:327

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230531/37f8f458/attachment-0001.htm>

More information about the webkit-unassigned mailing list