271903 2024-03-29 12:40:11 -0700 ASAN_TRAP | WebCore::RenderObject::destroy; WebCore::Document::destroyRenderTree; WebCore::Document::willBeRemovedFromFrame 2024-05-20 07:35:49 -0700 1 1 1 Unclassified WebKit Layout and Rendering WebKit Nightly Build Unspecified Unspecified RESOLVED DUPLICATE 268770 https://bugs.webkit.org/show_bug.cgi?id=268770 InRadar P2 Normal --- 1 wilander webkit-unassigned abifox bfulgham cgarcia csaavedra fred.wang gpoo koivisto mikhail msaboff pgriffis rbuis simon.fraser webkit-bug-importer xan.lopez zalan zdobersek oldest_to_newest 2024793 0 470668 wilander 2024-03-29 12:40:11 -0700 Created attachment 470668 Repro case <rdar://125184036> See attached repro case. 2025330 1 fred.wang 2024-04-02 01:45:06 -0700 TL;DR: This is similar to what is described in bug 268770 (I remember finding the same backtrace when trying to reduce testcase from bug 268770), but with a RenderInline ruby split into multiple continuations because of forced line breaks caused by block descendants. RELEASE_ASSERT(!m_previous) fails in WebCore::RenderObject::destroy, with a misparented m_previous. It was badly attached in RenderTreeBuilder::Ruby::attachForStyleBasedRuby with the following bad configuration: RenderView at (0,0) size 800x600 renderer (0x7f75960007a0) layout box ((nil)) layout->[normal child] HTML RenderBlock at (0,0) size 800x600 renderer (0x7f75960015e0) layout box ((nil)) node (0x7f75960010e0) layout->[normal child] BODY RenderBody at (8,8) size 784x584 renderer (0x7f75960017f0) layout box ((nil)) node (0x7f7596001230) layout->[self][normal child] RenderBlock at (0,0) size 0x0 renderer (0x7f7596005820) layout box ((nil)) layout->[self][normal child] #text RenderText renderer (0x7f7596005ae0) layout box ((nil)) node (0x7f75960050e0) length->(3) "\n\n\n" layout->[self] [parent]------------->RUBY RenderInline renderer (0x7f7596006f10) layout box ((nil)) node (0x7f7596005140) continuation->(0x7f7596005e00) layout->[self][normal child] RenderInline renderer (0x7f7596007130) layout box ((nil)) layout->[self][normal child] RenderInline renderer (0x7f7596005420) layout box ((nil)) layout->[self][normal child] #text RenderText renderer (0x7f7596007df0) layout box ((nil)) node (0x7f75960044d0) length->(1) "\n" layout->[self] OUTPUT RenderInline renderer (0x7f75960054c0) layout box ((nil)) node (0x7f7596004650) continuation->(0x7f7596005730) layout->[self][normal child] #text RenderText renderer (0x7f7596005560) layout box ((nil)) node (0x7f7596004710) length->(1) "\n" layout->[self] RenderInline renderer (0x7f7596005ea0) layout box ((nil)) layout->[self][normal child] #text RenderText renderer (0x7f75960055d0) layout box ((nil)) node (0x7f7596004e90) length->(1) "\n" layout->[self] OBJECT RenderEmbeddedObject at (0,0) size 0x0 renderer (0x7f7596005b50) layout box ((nil)) node (0x7f7596004f50) layout->[self] RenderBlock at (0,0) size 0x0 renderer (0x7f7596005730) layout box ((nil)) continuation->(0x7f7596005c80) layout->[self][normal child] DETAILS RenderBlock at (0,0) size 0x0 renderer (0x7f7596005640) layout box ((nil)) node (0x7f7596004830) layout->[self][normal child] SUMMARY RenderBlock at (0,0) size 0x0 renderer (0x7f7596007270) layout box ((nil)) node (0x7f7596004a50) layout->[self][normal child] DIV RenderDetailsMarker at (0,0) size 0x0 renderer (0x7f7596005910) layout box ((nil)) node (0x7f7596004c30) layout->[self] RenderBlock at (0,0) size 0x0 renderer (0x7f7596005f40) layout box ((nil)) layout->[self][normal child] RUBY RenderInline renderer (0x7f7596005e00) layout box ((nil)) node (0x7f7596005140) continuation->(0x7f75960076d0) layout->[self][normal child] OUTPUT RenderInline renderer (0x7f7596005c80) layout box ((nil)) node (0x7f7596004650) layout->[self] RUBY RenderInline renderer (0x7f75960076d0) layout box ((nil)) node (0x7f7596005140) layout->[self][normal child] RenderInline renderer (0x7f7596007f50) layout box ((nil)) [beforeChild]------------>#text RenderText renderer (0x7f7596007d80) layout box ((nil)) node (0x7f75960052e0) length->(1) "\n" In debug mode, this would cause ASSERT(!beforeChild || beforeChild->parent() == &parent); to be hit in RenderTreeBuilder::attachToRenderElementInternal. More debugging details below. ******************************************************************************* The backtrace with the original assert is Thread 1 received signal SIGSEGV, Segmentation fault. 0x00007f761e25fe44 in WTFCrash () at /home/fred/src-obj/WebKit/Source/WTF/wtf/Assertions.cpp:333 333 *(int *)(uintptr_t)0xbbadbeef = 0; (rr) bt 0 0x00007f761e25fe44 in WTFCrash() () at /home/fred/src-obj/WebKit/Source/WTF/wtf/Assertions.cpp:333 #1 0x00007f7621bceb8c in WTFCrashWithInfo(int, char const*, char const*, int) () at /home/fred/src-obj/WebKit/WebKitBuild/RelWithDebInfo/WTF/Headers/wtf/Assertions.h:778 #2 WebCore::RenderObject::destroy() (this=0x7f75960007a0) at /home/fred/src-obj/WebKit/Source/WebCore/rendering/RenderObject.cpp:1834 #3 0x00007f7620e39003 in WebCore::Document::destroyRenderTree() (this=this@entry=0x7f75ae141c00) at /home/fred/src-obj/WebKit/Source/WebCore/dom/Document.cpp:3116 #4 0x00007f7620e63265 in WebCore::Document::willBeRemovedFromFrame() (this=this@entry=0x7f75ae141c00) at /home/fred/src-obj/WebKit/Source/WebCore/dom/Document.cpp:3171 #5 0x00007f76215a45a6 in WebCore::LocalFrame::setView(WTF::RefPtr<WebCore::LocalFrameView, WTF::RawPtrTraits<WebCore::LocalFrameView>, WTF::DefaultRefDerefTraits<WebCore::LocalFrameView> >&&) (this=this@entry=0x7f75fe0bc240, view=...) at /home/fred/src-obj/WebKit/Source/WebCore/page/LocalFrame.cpp:264 #6 0x00007f76215c1ceb in WebCore::LocalFrame::createView(WebCore::IntSize const&, std::optional<WebCore::Color> const&, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool) (this=this@entry=0x7f75fe0bc240, viewportSize=..., backgroundColor=std::optional<WebCore::Color> [no contained value], fixedLayoutSize=..., fixedVisibleContentRect=..., useFixedLayout=useFixedLayout@entry=false, horizontalScrollbarMode=WebCore::ScrollbarMode::Auto, horizontalLock=false, verticalScrollbarMode=WebCore::ScrollbarMode::Auto, verticalLock=false) at /home/fred/src-obj/WebKit/Source/WebCore/page/LocalFrame.cpp:928 #7 0x00007f761fb97f1f in WebKit::WebLocalFrameLoaderClient::transitionToCommittedForNewPage() (this=0x7f75fe035710) at /home/fred/src-obj/WebKit/Source/WebKit/WebProcess/WebPage/WebPage.h:442 #8 0x00007f7621473382 in WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) (this=this@entry=0x7f75fe0ec1a0, cachedPage=cachedPage@entry=0x0) at /home/fred/src-obj/WebKit/Source/WebCore/loader/FrameLoader.cpp:2395 #9 0x00007f762147353f in WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) (cachedPage=0x0, this=0x7f75fe0ec1a0) at /home/fred/src-obj/WebKit/Source/WebCore/loader/FrameLoader.cpp:2314 #10 WebCore::FrameLoader::commitProvisionalLoad() (this=0x7f75fe0ec1a0) at /home/fred/src-obj/WebKit/Source/WebCore/loader/FrameLoader.cpp:2199 #11 0x00007f7621448747 in WebCore::DocumentLoader::commitIfReady() (this=0x7f75ae0b2c00) at /home/fred/src-obj/WebKit/Source/WebCore/loader/DocumentLoader.cpp:417 #12 WebCore::DocumentLoader::commitIfReady() (this=0x7f75ae0b2c00) at /home/fred/src-obj/WebKit/Source/WebCore/loader/DocumentLoader.cpp:413 #13 WebCore::DocumentLoader::finishedLoading() (this=0x7f75ae0b2c00) at /home/fred/src-obj/WebKit/Source/WebCore/loader/DocumentLoader.cpp:488 #14 0x00007f7621448cc8 in WebCore::DocumentLoader::maybeLoadEmpty() (this=this@entry=0x7f75ae0b2c00) at /home/fred/src-obj/WebKit/Source/WebCore/loader/DocumentLoader.cpp:2071 #15 0x00007f762144c0c0 in WebCore::DocumentLoader::startLoadingMainResource() (this=0x7f75ae0b2c00) at /home/fred/src-obj/WebKit/Source/WebCore/loader/DocumentLoader.cpp:2132 #16 0x00007f7621464036 in operator() (__closure=<optimized out>) at /home/fred/src-obj/WebKit/Source/WebCore/loader/FrameLoader.cpp:3883 #17 WTF::Detail::CallableWrapper<WebCore::FrameLoader::continueLoadAfterNavigationPolicy(const WebCore::ResourceRequest&, WebCore::FormState*, WebCore::NavigationPolicyDecision, WebCore::AllowNavigationToInvalidURL)::<lambda()>, void>::call(void) (this=<optimized out>) at /home/fred/src-obj/WebKit/WebKitBuild/RelWithDebInfo/WTF/Headers/wtf/Function.h:53 #18 0x00007f761f667e99 in WTF::Function<void ()>::operator()() const (this=<optimized out>) at /home/fred/src-obj/WebKit/WebKitBuild/RelWithDebInfo/WTF/Headers/wtf/Function.h:82 #19 WTF::CompletionHandler<void ()>::operator()() (this=<optimized out>) at /home/fred/src-obj/WebKit/WebKitBuild/RelWithDebInfo/WTF/Headers/wtf/CompletionHandler.h:75 #20 0x00007f7621474d6b in WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WebCore::FormState*, WebCore::NavigationPolicyDecision, WebCore::AllowNavigationToInvalidURL) (this=0x7f75fe0ec1a0, request=<optimized out>, formState=0x0, navigationPolicyDecision=<optimized out>, allowNavigationToInvalidURL=<optimized out>) at /home/fred/src-obj/WebKit/Source/WebCore/loader/FrameLoader.cpp:3887 #21 0x00007f762147c9a7 in operator() (navigationPolicyDecision=<optimized out>, formState=<optimized out>, request=<optimized out>, __closure=0x7f75fe0e49f8) at /home/fred/src-obj/WebKit/Source/WebCore/loader/FrameLoader.cpp:1773 #22 WTF::Detail::CallableWrapper<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::RefPtr<WebCore::FormState>&&, WebCore::AllowNavigationToInvalidURL, WTF::CompletionHandler<void()>&&)::<lambda(const WebCore::ResourceRequest&, WTF::WeakPtr<WebCore::FormState, WTF::DefaultWeakPtrImpl, WTF::RawPtrTraits<WTF::DefaultWeakPtrImpl> >&&, WebCore::NavigationPolicyDecision)>, void, WebCore::ResourceRequest&&, WTF::WeakPtr<WebCore::FormState, WTF::DefaultWeakPtrImpl, WTF::RawPtrTraits<WTF::DefaultWeakPtrImpl> >&&, WebCore::NavigationPolicyDecision>::call(WebCore::ResourceRequest &&, WTF::WeakPtr<WebCore::FormState, WTF::DefaultWeakPtrImpl, WTF::RawPtrTraits<WTF::DefaultWeakPtrImpl> > &&, WebCore::NavigationPolicyDecision) (this=0x7f75fe0e49f0, in#0=<optimized out>, in#1=<optimized out>, in#2=<optimized out>) at /home/fred/src-obj/WebKit/WebKitBuild/RelWithDebInfo/WTF/Headers/wtf/Function.h:53 #23 0x00007f76214a9b3c in WTF::Function<void (WebCore::ResourceRequest&&, WTF::WeakPtr<WebCore::FormState, WTF::DefaultWeakPtrImpl, WTF::RawPtrTraits<WTF::DefaultWeakPtrImpl> >&&, WebCore::NavigationPolicyDecision)>::operator()(WebCore::ResourceRequest&&, WTF::WeakPtr<WebCore::FormState, WTF::DefaultWeakPtrImpl, WTF::RawPtrTraits<WTF::DefaultWeakPtrImpl> >&&, WebCore::NavigationPolicyDecision) const (in#2=WebCore::NavigationPolicyDecision::ContinueLoad, in#1=..., in#0=..., this=<optimized out>) at /home/fred/src-obj/WebKit/WebKitBuild/RelWithDebInfo/WTF/Headers/wtf/Function.h:79 #24 WTF::CompletionHandler<void (WebCore::ResourceRequest&&, WTF::WeakPtr<WebCore::FormState, WTF::DefaultWeakPtrImpl, WTF::RawPtrTraits<WTF::DefaultWeakPtrImpl> >&&, WebCore::NavigationPolicyDecision)>::operator()(WebCore::ResourceRequest&&, WTF::WeakPtr<WebCore::FormState, WTF::DefaultWeakPtrImpl, WTF::RawPtrTraits<WTF::DefaultWeakPtrImpl> >&&, WebCore::NavigationPolicyDecision) (in#2=WebCore::NavigationPolicyDecision::ContinueLoad, in#1=..., in#0=..., this=0x7f75fe137a98) at /home/fred/src-obj/WebKit/WebKitBuild/RelWithDebInfo/WTF/Headers/wtf/CompletionHandler.h:75 #25 operator()(WebCore::PolicyAction) (__closure=0x7f75fe137a88, policyAction=<optimized out>) at /home/fred/src-obj/WebKit/Source/WebCore/loader/PolicyChecker.cpp:246 #26 0x00007f761fbccc65 in WTF::Function<void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction) const (in#0=<optimized out>, this=<optimized out>) at /home/fred/src-obj/WebKit/WebKitBuild/RelWithDebInfo/WTF/Headers/wtf/Function.h:79 #27 WTF::CompletionHandler<void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction) (in#0=<optimized out>, this=0x7ffc1f0472f8) at /home/fred/src-obj/WebKit/WebKitBuild/RelWithDebInfo/WTF/Headers/wtf/CompletionHandler.h:75 #28 WebKit::WebFrame::didReceivePolicyDecision(unsigned long, WebKit::PolicyDecision&&) (this=<optimized out>, listenerID=<optimized out>, policyDecision=...) at /home/fred/src-obj/WebKit/Source/WebKit/WebProcess/WebPage/WebFrame.cpp:518 #29 0x00007f761fb88ddb in std::__invoke_impl<void, WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(const WebCore::NavigationAction&, const WebCore::ResourceRequest&, const WebCore::ResourceResponse&, WebCore::FormState*, const WTF::String&, uint64_t, std::optional<WebCore::HitTestResult>&&, bool, WebCore::SandboxFlags, WebCore::PolicyDecisionMode, WebCore::FramePolicyFunction&&)::<lambda(WebKit::PolicyDecision&&)>, WebKit::PolicyDecision> (__f=...) at /usr/include/c++/11/bits/invoke.h:60 #30 std::__invoke<WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(const WebCore::NavigationAction&, const WebCore::ResourceRequest&, const WebCore::ResourceResponse&, WebCore::FormState*, const WTF::String&, uint64_t, std::optional<WebCore::HitTestResult>&&, bool, WebCore::SandboxFlags, WebCore::PolicyDecisionMode, WebCore::FramePolicyFunction&&)::<lambda(WebKit::PolicyDecision&&)>, WebKit::PolicyDecision> (__fn=...) at /usr/include/c++/11/bits/invoke.h:96 #31 std::__apply_impl<WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(const WebCore::NavigationAction&, const WebCore::ResourceRequest&, const WebCore::ResourceResponse&, WebCore::FormState*, const WTF::String&, uint64_t, std::optional<WebCore::HitTestResult>&&, bool, WebCore::SandboxFlags, WebCore::PolicyDecisionMode, WebCore::FramePolicyFunction&&)::<lambda(WebKit::PolicyDecision&&)>, std::tuple<WebKit::PolicyDecision>, 0> (__t=..., __f=...) at /usr/include/c++/11/tuple:1854 #32 std::apply<WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(const WebCore::NavigationAction&, const WebCore::ResourceRequest&, const WebCore::ResourceResponse&, WebCore::FormState*, const WTF::String&, uint64_t, std::optional<WebCore::HitTestResult>&&, bool, WebCore::SandboxFlags, WebCore::PolicyDecisionMode, WebCore::FramePolicyFunction&&)::<lambda(WebKit::PolicyDecision&&)>, std::tuple<WebKit::PolicyDecision> > (__t=..., __f=...) at /usr/include/c++/11/tuple:1865 #33 IPC::Connection::callReply<Messages::WebPageProxy::DecidePolicyForNavigationActionAsync, WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(const WebCore::NavigationAction&, const WebCore::ResourceRequest&, const WebCore::ResourceResponse&, WebCore::FormState*, const WTF::String&, uint64_t, std::optional<WebCore::HitTestResult>&&, bool, WebCore::SandboxFlags, WebCore::PolicyDecisionMode, WebCore::FramePolicyFunction&&)::<lambda(WebKit::PolicyDecision&&)> > (completionHandler=..., decoder=<optimized out>) at /home/fred/src-obj/WebKit/Source/WebKit/Platform/IPC/Connection.h:761 #34 operator() (decoder=<optimized out>, __closure=0x7f75fe1980c8) at /home/fred/src-obj/WebKit/Source/WebKit/Platform/IPC/Connection.h:744 #35 WTF::Detail::CallableWrapper<IPC::Connection::makeAsyncReplyHandler<Messages::WebPageProxy::DecidePolicyForNavigationActionAsync, WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(const WebCore::NavigationAction&, const WebCore::ResourceRequest&, const WebCore::ResourceResponse&, WebCore::FormState*, const WTF::String&, uint64_t, std::optional<WebCore::HitTestResult>&&, bool, WebCore::SandboxFlags, WebCore::PolicyDecisionMode, WebCore::FramePolicyFunction&&)::<lambda(WebKit::PolicyDecision&&)> >(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(const WebCore::NavigationAction&, const WebCore::ResourceRequest&, const WebCore::ResourceResponse&, WebCore::FormState*, const WTF::String&, uint64_t, std::optional<WebCore::HitTestResult>&&, bool, WebCore::SandboxFlags, WebCore::PolicyDecisionMode, WebCore::FramePolicyFunction&&)::<lambda(WebKit::PolicyDecision&&)>&&, WTF::ThreadLikeAssertion)::<lambda(IPC::Decoder*)>, void, IPC::Decoder*>::call(IPC::Decoder *) (this=0x7f75fe1980c0, in#0=<optimized out>) at /home/fred/src-obj/WebKit/WebKitBuild/RelWithDebInfo/WTF/Headers/wtf/Function.h:53 #36 0x00007f761f8041d1 in WTF::Function<void (IPC::Decoder*)>::operator()(IPC::Decoder*) const (in#0=0x7f75fe18c180, this=<optimized out>) at /home/fred/src-obj/WebKit/WebKitBuild/RelWithDebInfo/WTF/Headers/wtf/Function.h:79 #37 WTF::CompletionHandler<void (IPC::Decoder*)>::operator()(IPC::Decoder*) (in#0=0x7f75fe18c180, this=0x7ffc1f0474f0) at /home/fred/src-obj/WebKit/WebKitBuild/RelWithDebInfo/WTF/Headers/wtf/CompletionHandler.h:75 #38 IPC::Connection::dispatchMessage(IPC::Decoder&) (this=0x7f75fe02c340, decoder=...) at /home/fred/src-obj/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1226 #39 0x00007f761f804375 in IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>) (this=0x7f75fe02c340, message=...) at /home/fred/src-obj/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1292 #40 0x00007f761f806190 in IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>) (message=..., this=0x7f75fe02c340) at /home/fred/src-obj/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1249 #41 IPC::Connection::dispatchOneIncomingMessage() (this=0x7f75fe02c340) at /home/fred/src-obj/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1357 #42 0x00007f761e2914a2 in WTF::Function<void ()>::operator()() const (this=<synthetic pointer>) at /home/fred/src-obj/WebKit/Source/WTF/wtf/Function.h:79 #43 WTF::RunLoop::performWork() (this=0x7f75fe0140e0) at /home/fred/src-obj/WebKit/Source/WTF/wtf/RunLoop.cpp:147 #44 0x00007f761e2f156d in operator() (userData=<optimized out>, __closure=0x0) at /home/fred/src-obj/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:80 #45 _FUN(gpointer) () at /home/fred/src-obj/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:82 #46 0x00007f761e2f1ec3 in operator() (__closure=0x0, userData=0x7f75fe0140e0, callback=0x7f761e2f1560 <_FUN(gpointer)>, source=0x55ab05cc7450) at /home/fred/src-obj/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:53 #47 _FUN(GSource*, GSourceFunc, gpointer) () at /home/fred/src-obj/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:56 #48 0x00007f761ab38c44 in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #49 0x00007f761ab8e258 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #50 0x00007f761ab382b3 in g_main_loop_run () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #51 0x00007f761e2f2010 in WTF::RunLoop::run() () at /home/fred/src-obj/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:108 #52 0x00007f761fc21a68 in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (argc=4, argv=0x7ffc1f0478c8, this=0x7ffc1f047740) at /home/fred/src-obj/WebKit/Source/WebKit/Shared/AuxiliaryProcessMain.h:72 #53 WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (argv=0x7ffc1f0478c8, argc=4, this=0x7ffc1f047740) at /home/fred/src-obj/WebKit/Source/WebKit/Shared/AuxiliaryProcessMain.h:59 #54 WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk>(int, char**) (argc=4, argv=0x7ffc1f0478c8) at /home/fred/src-obj/WebKit/Source/WebKit/Shared/AuxiliaryProcessMain.h:98 #55 0x00007f761e946d90 in __libc_start_call_main (main=main@entry=0x55ab03cf1060 <main(int, char**)>, argc=argc@entry=4, argv=argv@entry=0x7ffc1f0478c8) at ../sysdeps/nptl/libc_start_call_main.h:58 #56 0x00007f761e946e40 in __libc_start_main_impl (main=0x55ab03cf1060 <main(int, char**)>, argc=4, argv=0x7ffc1f0478c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffc1f0478b8) at ../csu/libc-start.c:392 #57 0x000055ab03cf1095 in _start () It happens with a misparented m_previous: (rr) reverse-finish ... 1836 RELEASE_ASSERT(!m_previous); (rr) p m_previous.get() $1 = (WebCore::RenderObject *) 0x7f7596006fb0 (rr) p showRenderTree($1) (B)lock/(I)nline/I(N)line-block, (A)bsolute/Fi(X)ed/(R)elative/Stic(K)y, (F)loating, (O)verflow clip, Anon(Y)mous, (G)enerated, has(L)ayer, hasLayer(S)crollableArea, (C)omposited, Content-visibility:(H)idden/(A)uto, (S)kipped content, (+)Dirty style, (+)Dirty layout I---YG----- -+* RenderInline renderer (0x7f7596006fb0) layout box ((nil)) layout->[self] The parent of m_previous was initially set via the following backtrace: (rr) watch -l $1->m_parent (rr) rc Thread 1 hit Hardware watchpoint 1: -location $1->m_parent New value = {m_impl = {m_ptr = 0x7f75fe1b6070}} Old value = {m_impl = {m_ptr = 0x0}} (rr) bt #0 0x00007f7621bc95f7 in std::swap<WTF::SingleThreadWeakPtrImpl*>(WTF::SingleThreadWeakPtrImpl*&, WTF::SingleThreadWeakPtrImpl*&) (__b=<synthetic pointer>: <optimized out>, __a=@0x7f7596006fd0: 0x0) at /usr/include/c++/11/bits/move.h:205 #1 WTF::RawPtrTraits<WTF::SingleThreadWeakPtrImpl>::swap(WTF::SingleThreadWeakPtrImpl*&, WTF::SingleThreadWeakPtrImpl*&) (b=<synthetic pointer>: <optimized out>, a=@0x7f7596006fd0: 0x0) at /home/fred/src-obj/WebKit/WebKitBuild/RelWithDebInfo/WTF/Headers/wtf/RawPtrTraits.h:43 #2 WTF::RefPtr<WTF::SingleThreadWeakPtrImpl, WTF::RawPtrTraits<WTF::SingleThreadWeakPtrImpl>, WTF::DefaultRefDerefTraits<WTF::SingleThreadWeakPtrImpl> >::swap<WTF::SingleThreadWeakPtrImpl, WTF::RawPtrTraits<WTF::SingleThreadWeakPtrImpl>, WTF::DefaultRefDerefTraits<WTF::SingleThreadWeakPtrImpl> >(WTF::RefPtr<WTF::SingleThreadWeakPtrImpl, WTF::RawPtrTraits<WTF::SingleThreadWeakPtrImpl>, WTF::DefaultRefDerefTraits<WTF::SingleThreadWeakPtrImpl> >&) (o=<synthetic pointer>..., this=0x7f7596006fd0) at /home/fred/src-obj/WebKit/WebKitBuild/RelWithDebInfo/WTF/Headers/wtf/RefPtr.h:189 #3 WTF::RefPtr<WTF::SingleThreadWeakPtrImpl, WTF::RawPtrTraits<WTF::SingleThreadWeakPtrImpl>, WTF::DefaultRefDerefTraits<WTF::SingleThreadWeakPtrImpl> >::operator=(WTF::RefPtr<WTF::SingleThreadWeakPtrImpl, WTF::RawPtrTraits<WTF::SingleThreadWeakPtrImpl>, WTF::DefaultRefDerefTraits<WTF::SingleThreadWeakPtrImpl> >&&) (o=<optimized out>, this=0x7f7596006fd0) at /home/fred/src-obj/WebKit/WebKitBuild/RelWithDebInfo/WTF/Headers/wtf/RefPtr.h:163 #4 WTF::WeakPtr<WebCore::RenderElement, WTF::SingleThreadWeakPtrImpl, WTF::RawPtrTraits<WTF::SingleThreadWeakPtrImpl> >::operator=(WTF::WeakPtr<WebCore::RenderElement, WTF::SingleThreadWeakPtrImpl, WTF::RawPtrTraits<WTF::SingleThreadWeakPtrImpl> >&&) (this=0x7f7596006fd0) at /home/fred/src-obj/WebKit/WebKitBuild/RelWithDebInfo/WTF/Headers/wtf/WeakPtr.h:41 #5 WebCore::RenderObject::setParent(WebCore::RenderElement*) (this=0x7f7596006fb0, parent=<optimized out>) at /home/fred/src-obj/WebKit/Source/WebCore/rendering/RenderObject.cpp:332 #6 0x00007f7621b0daef in WebCore::RenderElement::attachRendererInternal(std::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) (this=this@entry=0x7f7596006f10, child=std::unique_ptr<WebCore::RenderObject> = {...}, beforeChild=0x7f75960007a0) at /usr/include/c++/11/bits/unique_ptr.h:173 #7 0x00007f7621d46d6c in WebCore::RenderTreeBuilder::attachToRenderElementInternal(WebCore::RenderElement&, std::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*, WebCore::RenderObject::IsInternalMove) (this=0x7ffc1f046f50, parent=..., child=std::unique_ptr<WebCore::RenderObject> = {...}, beforeChild=<optimized out>, beforeChild@entry=0x7f75960007a0, isInternalMove=WebCore::RenderObject::IsInternalMove::No) at /usr/include/c++/11/bits/unique_ptr.h:172 #8 0x00007f7621d47427 in WebCore::RenderTreeBuilder::attachToRenderElementInternal(WebCore::RenderElement&, std::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*, WebCore::RenderObject::IsInternalMove) (this=<optimized out>, parent=..., child=std::unique_ptr<WebCore::RenderObject> = {...}, beforeChild=beforeChild@entry=0x7f75960007a0, isInternalMove=isInternalMove@entry=WebCore::RenderObject::IsInternalMove::No) at /home/fred/src-obj/WebKit/Source/WebCore/rendering/updating/RenderTreeBuilder.cpp:465 #9 0x00007f7621d55c18 in WebCore::RenderTreeBuilder::Ruby::attachForStyleBasedRuby(WebCore::RenderElement&, std::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) (this=0x7f75fe1b6600, parent=..., child=std::unique_ptr<WebCore::RenderObject> = {...}, beforeChild=0x7f75960007a0) at /home/fred/src-obj/WebKit/Source/WebCore/rendering/updating/RenderTreeBuilderRuby.cpp:326 #10 0x00007f7621d4ae4f in WebCore::RenderTreeBuilder::attachInternal(WebCore::RenderElement&, std::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) (this=this@entry=0x7ffc1f046f50, parent=..., child=std::unique_ptr<WebCore::RenderObject> = {...}, beforeChild=<optimized out>, beforeChild@entry=0x7f7596007d80) at /usr/include/c++/11/bits/unique_ptr.h:172 #11 0x00007f7621d4af16 in WebCore::RenderTreeBuilder::attach(WebCore::RenderElement&, std::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) (this=0x7ffc1f046f50, parent=..., child=std::unique_ptr<WebCore::RenderObject> = {...}, beforeChild=0x7f7596007d80) at /usr/include/c++/11/bits/unique_ptr.h:172 #12 0x00007f7621d59d2d in WebCore::RenderTreeUpdater::createRenderer(WebCore::Element&, WebCore::RenderStyle&&) (this=this@entry=0x7ffc1f046f20, element=..., style=...) at /home/fred/src-obj/WebKit/Source/WebCore/rendering/updating/RenderTreePosition.h:45 #13 0x00007f7621d5a259 in WebCore::RenderTreeUpdater::updateElementRenderer(WebCore::Element&, WebCore::Style::ElementUpdate const&) (this=this@entry=0x7ffc1f046f20, element=..., elementUpdate=...) at /home/fred/src-obj/WebKit/Source/WebCore/rendering/updating/RenderTreeUpdater.cpp:458 #14 0x00007f7621d5b171 in WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&) (this=this@entry=0x7ffc1f046f20, root=<optimized out>) at /home/fred/src-obj/WebKit/Source/WebCore/rendering/updating/RenderTreeUpdater.cpp:262 #15 0x00007f7621d5b583 in WebCore::RenderTreeUpdater::commit(std::unique_ptr<WebCore::Style::Update, std::default_delete<WebCore::Style::Update> >) (this=0x7ffc1f046f20, styleUpdate=std::unique_ptr<WebCore::Style::Update> = {...}) at /home/fred/src-obj/WebKit/Source/WebCore/rendering/updating/RenderTreeUpdater.cpp:127 #16 0x00007f7620e38da1 in WebCore::Document::updateRenderTree(std::unique_ptr<WebCore::Style::Update, std::default_delete<WebCore::Style::Update> >) (this=this@entry=0x7f75ae141c00, styleUpdate=std::unique_ptr<WebCore::Style::Update> = {...}) at /usr/include/c++/11/bits/unique_ptr.h:172 #17 0x00007f7620e5a79e in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (this=this@entry=0x7f75ae141c00, type=<optimized out>, type@entry=WebCore::Document::ResolveStyleType::Normal) at /usr/include/c++/11/bits/unique_ptr.h:172 #18 0x00007f7620e5ac45 in WebCore::Document::updateStyleIfNeeded() (this=this@entry=0x7f75ae141c00) at /home/fred/src-obj/WebKit/Source/WebCore/dom/Document.cpp:2668 #19 0x00007f7620e63ac4 in WebCore::Document::implicitClose() (this=this@entry=0x7f75ae141c00) at /home/fred/src-obj/WebKit/Source/WebCore/dom/Document.cpp:3788 #20 0x00007f762145ffcd in WebCore::FrameLoader::checkCallImplicitClose() (this=0x7f75fe0ec1a0) at /home/fred/src-obj/WebKit/Source/WebCore/loader/FrameLoader.cpp:1046 #21 WebCore::FrameLoader::checkCallImplicitClose() (this=0x7f75fe0ec1a0) at /home/fred/src-obj/WebKit/Source/WebCore/loader/FrameLoader.cpp:1036 #22 0x00007f762147109b in WebCore::FrameLoader::checkCompleted() (this=0x7f75fe0ec1a0) at /home/fred/src-obj/WebKit/Source/WebCore/loader/FrameLoader.cpp:987 #23 WebCore::FrameLoader::checkCompleted() (this=0x7f75fe0ec1a0) at /home/fred/src-obj/WebKit/Source/WebCore/loader/FrameLoader.cpp:941 #24 0x00007f7620e2cf7a in WebCore::Document::checkCompleted() (this=this@entry=0x7f75ae141c00) at /home/fred/src-obj/WebKit/WebKitBuild/RelWithDebInfo/WTF/Headers/wtf/RawPtrTraits.h:44 #25 0x00007f7620e2d028 in WebCore::Document::loadEventDelayTimerFired() (this=0x7f75ae141c00) at /home/fred/src-obj/WebKit/Source/WebCore/dom/Document.cpp:7942 #26 0x00007f76216f9ebf in WebCore::ThreadTimers::sharedTimerFiredInternal() (this=0x7f75fe0e4fc0) at /home/fred/src-obj/WebKit/Source/WebCore/platform/ThreadTimers.cpp:125 #27 0x00007f761e2f16b2 in operator() (__closure=0x0, userData=0x7f76237057b0 <WebCore::MainThreadSharedTimer::singleton()::instance+16>) at /home/fred/src-obj/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:177 #28 _FUN(gpointer) () at /home/fred/src-obj/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:181 #29 0x00007f761e2f1ec3 in operator() (__closure=0x0, userData=0x7f76237057b0 <WebCore::MainThreadSharedTimer::singleton()::instance+16>, callback=0x7f761e2f1690 <_FUN(gpointer)>, source=0x55ab05ddee80) at /home/fred/src-obj/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:53 #30 _FUN(GSource*, GSourceFunc, gpointer) () at /home/fred/src-obj/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:56 #31 0x00007f761ab38c44 in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #32 0x00007f761ab8e258 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #33 0x00007f761ab382b3 in g_main_loop_run () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #34 0x00007f761e2f2010 in WTF::RunLoop::run() () at /home/fred/src-obj/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:108 #35 0x00007f761fc21a68 in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (argc=4, argv=0x7ffc1f0478c8, this=0x7ffc1f047740) at /home/fred/src-obj/WebKit/Source/WebKit/Shared/AuxiliaryProcessMain.h:72 #36 WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (argv=0x7ffc1f0478c8, argc=4, this=0x7ffc1f047740) at /home/fred/src-obj/WebKit/Source/WebKit/Shared/AuxiliaryProcessMain.h:59 #37 WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk>(int, char**) (argc=4, argv=0x7ffc1f0478c8) at /home/fred/src-obj/WebKit/Source/WebKit/Shared/AuxiliaryProcessMain.h:98 #38 0x00007f761e946d90 in __libc_start_call_main (main=main@entry=0x55ab03cf1060 <main(int, char**)>, argc=argc@entry=4, argv=argv@entry=0x7ffc1f0478c8) at ../sysdeps/nptl/libc_start_call_main.h:58 #39 0x00007f761e946e40 in __libc_start_main_impl (main=0x55ab03cf1060 <main(int, char**)>, argc=4, argv=0x7ffc1f0478c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffc1f0478b8) at ../csu/libc-start.c:392 #40 0x000055ab03cf1095 in _start () Going further up, WebCore::RenderTreeBuilder::attachToRenderElementInternal is performed with the following bad configuration: (rr) reverse-finish ... [beforeChild]-->RenderView at (0,0) size 800x600 renderer (0x7f75960007a0) layout box ((nil)) layout->[normal child] HTML RenderBlock at (0,0) size 800x600 renderer (0x7f75960015e0) layout box ((nil)) node (0x7f75960010e0) layout->[normal child] BODY RenderBody at (8,8) size 784x584 renderer (0x7f75960017f0) layout box ((nil)) node (0x7f7596001230) layout->[self][normal child] RenderBlock at (0,0) size 0x0 renderer (0x7f7596005820) layout box ((nil)) layout->[self][normal child] #text RenderText renderer (0x7f7596005ae0) layout box ((nil)) node (0x7f75960050e0) length->(3) "\n\n\n" layout->[self] [parent]------------->RUBY RenderInline renderer (0x7f7596006f10) layout box ((nil)) node (0x7f7596005140) continuation->(0x7f7596005e00) layout->[self][normal child] RenderInline renderer (0x7f7596007130) layout box ((nil)) layout->[self][normal child] RenderInline renderer (0x7f7596005420) layout box ((nil)) layout->[self][normal child] #text RenderText renderer (0x7f7596007df0) layout box ((nil)) node (0x7f75960044d0) length->(1) "\n" layout->[self] OUTPUT RenderInline renderer (0x7f75960054c0) layout box ((nil)) node (0x7f7596004650) continuation->(0x7f7596005730) layout->[self][normal child] #text RenderText renderer (0x7f7596005560) layout box ((nil)) node (0x7f7596004710) length->(1) "\n" layout->[self] RenderInline renderer (0x7f7596005ea0) layout box ((nil)) layout->[self][normal child] #text RenderText renderer (0x7f75960055d0) layout box ((nil)) node (0x7f7596004e90) length->(1) "\n" layout->[self] OBJECT RenderEmbeddedObject at (0,0) size 0x0 renderer (0x7f7596005b50) layout box ((nil)) node (0x7f7596004f50) layout->[self] RenderBlock at (0,0) size 0x0 renderer (0x7f7596005730) layout box ((nil)) continuation->(0x7f7596005c80) layout->[self][normal child] DETAILS RenderBlock at (0,0) size 0x0 renderer (0x7f7596005640) layout box ((nil)) node (0x7f7596004830) layout->[self][normal child] SUMMARY RenderBlock at (0,0) size 0x0 renderer (0x7f7596007270) layout box ((nil)) node (0x7f7596004a50) layout->[self][normal child] DIV RenderDetailsMarker at (0,0) size 0x0 renderer (0x7f7596005910) layout box ((nil)) node (0x7f7596004c30) layout->[self] RenderBlock at (0,0) size 0x0 renderer (0x7f7596005f40) layout box ((nil)) layout->[self][normal child] RUBY RenderInline renderer (0x7f7596005e00) layout box ((nil)) node (0x7f7596005140) continuation->(0x7f75960076d0) layout->[self][normal child] OUTPUT RenderInline renderer (0x7f7596005c80) layout box ((nil)) node (0x7f7596004650) layout->[self] RUBY RenderInline renderer (0x7f75960076d0) layout box ((nil)) node (0x7f7596005140) layout->[self][normal child] RenderInline renderer (0x7f7596007f50) layout box ((nil)) Going even further up, RenderTreeBuilder::Ruby::attachForStyleBasedRuby is called with the following bad configuration: RenderView at (0,0) size 800x600 renderer (0x7f75960007a0) layout box ((nil)) layout->[normal child] HTML RenderBlock at (0,0) size 800x600 renderer (0x7f75960015e0) layout box ((nil)) node (0x7f75960010e0) layout->[normal child] BODY RenderBody at (8,8) size 784x584 renderer (0x7f75960017f0) layout box ((nil)) node (0x7f7596001230) layout->[self][normal child] RenderBlock at (0,0) size 0x0 renderer (0x7f7596005820) layout box ((nil)) layout->[self][normal child] #text RenderText renderer (0x7f7596005ae0) layout box ((nil)) node (0x7f75960050e0) length->(3) "\n\n\n" layout->[self] [parent]------------->RUBY RenderInline renderer (0x7f7596006f10) layout box ((nil)) node (0x7f7596005140) continuation->(0x7f7596005e00) layout->[self][normal child] RenderInline renderer (0x7f7596007130) layout box ((nil)) layout->[self][normal child] RenderInline renderer (0x7f7596005420) layout box ((nil)) layout->[self][normal child] #text RenderText renderer (0x7f7596007df0) layout box ((nil)) node (0x7f75960044d0) length->(1) "\n" layout->[self] OUTPUT RenderInline renderer (0x7f75960054c0) layout box ((nil)) node (0x7f7596004650) continuation->(0x7f7596005730) layout->[self][normal child] #text RenderText renderer (0x7f7596005560) layout box ((nil)) node (0x7f7596004710) length->(1) "\n" layout->[self] RenderInline renderer (0x7f7596005ea0) layout box ((nil)) layout->[self][normal child] #text RenderText renderer (0x7f75960055d0) layout box ((nil)) node (0x7f7596004e90) length->(1) "\n" layout->[self] OBJECT RenderEmbeddedObject at (0,0) size 0x0 renderer (0x7f7596005b50) layout box ((nil)) node (0x7f7596004f50) layout->[self] RenderBlock at (0,0) size 0x0 renderer (0x7f7596005730) layout box ((nil)) continuation->(0x7f7596005c80) layout->[self][normal child] DETAILS RenderBlock at (0,0) size 0x0 renderer (0x7f7596005640) layout box ((nil)) node (0x7f7596004830) layout->[self][normal child] SUMMARY RenderBlock at (0,0) size 0x0 renderer (0x7f7596007270) layout box ((nil)) node (0x7f7596004a50) layout->[self][normal child] DIV RenderDetailsMarker at (0,0) size 0x0 renderer (0x7f7596005910) layout box ((nil)) node (0x7f7596004c30) layout->[self] RenderBlock at (0,0) size 0x0 renderer (0x7f7596005f40) layout box ((nil)) layout->[self][normal child] RUBY RenderInline renderer (0x7f7596005e00) layout box ((nil)) node (0x7f7596005140) continuation->(0x7f75960076d0) layout->[self][normal child] OUTPUT RenderInline renderer (0x7f7596005c80) layout box ((nil)) node (0x7f7596004650) layout->[self] RUBY RenderInline renderer (0x7f75960076d0) layout box ((nil)) node (0x7f7596005140) layout->[self][normal child] RenderInline renderer (0x7f7596007f50) layout box ((nil)) [beforeChild]------------>#text RenderText renderer (0x7f7596007d80) layout box ((nil)) node (0x7f75960052e0) length->(1) "\n" ``` For completeness, the DOM tree is as follows: (rr) p showTree((const WebCore::Node*)0x7f7596005140) BODY 0x7f7596001230 (renderer 0x7f75960017f0) #text 0x7f7596004470 "\n" #text 0x7f75960050e0 "\n\n\n" RUBY 0x7f7596005140 (renderer 0x7f7596006f10) SLOT 0x7f7596004530 (renderer (nil)) #text 0x7f75960044d0 "\n" OUTPUT 0x7f7596004650 (renderer 0x7f75960054c0) CLASS=class4 #text 0x7f7596004710 "\n" DETAILS 0x7f7596004830 (renderer 0x7f7596005640) #document-fragment 0x7f7596004950 (renderer (nil)) (needs style recalc) (child needs style recalc) SLOT 0x7f75960045c0 (renderer (nil)) SUMMARY 0x7f7596004a50 (renderer 0x7f7596007270) #document-fragment 0x7f7596004b30 (renderer (nil)) (needs style recalc) (child needs style recalc) DIV 0x7f7596004c30 (renderer 0x7f7596005910) SLOT 0x7f7596004d10 (renderer (nil)) #text 0x7f7596004770 "Détails" #text 0x7f75960047d0 "\n" #text 0x7f7596004e30 "\n" #text 0x7f7596004e90 "\n" OBJECT 0x7f7596004f50 (renderer 0x7f7596005b50) #text 0x7f7596004ef0 "\n" #text 0x7f7596005080 "\n" #text 0x7f7596005220 "\n" RT 0x7f7596005340 (renderer 0x7f7596007360) #text 0x7f7596005280 "\n" #text 0x7f75960052e0 "\n" RenderTreeBuilder::Ruby::attachForStyleBasedRuby is called when creating the renderer for the rt element (DisplayType::RubyAnnotation). Contrary to what happens in bug 268770, we don't enter the DisplayType::RubyBlock case, since the ruby element is inline. The while loop set beforeChild to the document's root and we go ahead in attachToRenderElementInternal with the bad configuration previously mentioned. 2027398 2 fred.wang 2024-04-10 04:19:19 -0700 *** This bug has been marked as a duplicate of bug 268770 *** 470668 2024-03-29 12:40:11 -0700 2024-03-29 12:40:11 -0700 Repro case reduced-1-171060384858.html text/html 412 wilander PHNjcmlwdD4KZnVuY3Rpb24gZ2MoKSB7CiB7CiB9Cn0KZnVuY3Rpb24gbWFpbigpIHsKdHJ5IHsg eDcucHJlcGVuZCh4Mik7IH0gY2F0Y2ggeyB9CnRyeSB7IHg0OC5hbGlnbiA9ICJyaWdodCI7IH0g Y2F0Y2ggeyB9Cn0KPC9zY3JpcHQ+Cjxib2R5IG9ubG9hZD0ibWFpbigpIj4KPHNsb3QgaWQ9Ingy IiBkaXI9Imx0ciI+CjxvdXRwdXQgY2xhc3M9ImNsYXNzNCI+CjxkZXRhaWxzIHBhcnQ9InBhcnQx Ij4KPC9kZXRhaWxzPgo8L291dHB1dD4KPG9iamVjdCBpZD0ieDQ4IiB1c2VtYXA9IiNmb28iPgo8 L29iamVjdD4KPC9zbG90Pgo8L3Nsb3Q+CjwvdmlkZW8+CjxydWJ5IGlkPSJ4NyIgaXRlbXR5cGU9 IkFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUEiPgo8cnQgb25jbGljaz0i ZjAoKSI+CjwvcnQ+Cg==