Bug 150242

Summary:

[GTK] ASSERTION FAILED: m_invalidRegionList.contains(&renderNamedFlowFragment) in WebCore::RenderNamedFlowThread::removeRegionFromThread

Product:

WebKit

Reporter:

Renata Hodovan <rhodovan.u-szeged>

Component:

Layout and Rendering

Assignee:

Nobody <webkit-unassigned>

Status:

REOPENED

Severity:

Normal

CC:

bfulgham, cdumez, darin, mcatanzaro

Priority:

Version:

WebKit Local Build

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

Bug Blocks:

116980

Attachments:

Description	Flags
Test	none

Renata Hodovan

Reported 2015-10-16 11:14:11 PDT

Created attachment 263295 [details] Test Load this with debug WebKit: <!DOCTYPE html> <style> *{ -webkit-flow-into:flow1; -webkit-flow-from:flow1; }</style> <body onpagehide=""> <style> * { -webkit-columns:5EX auto; } </style> Backtrace: ASSERTION FAILED: m_invalidRegionList.contains(&renderNamedFlowFragment) ../../Source/WebCore/rendering/RenderNamedFlowThread.cpp(256) : virtual void WebCore::RenderNamedFlowThread::removeRegionFromThread(WebCore::RenderRegion*) Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f31a790feda in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007f31a790feda in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007f31ae88ca54 in WebCore::RenderNamedFlowThread::removeRegionFromThread (this=0x7f3190eef378, renderRegion=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderNamedFlowThread.cpp:256 #2 0x00007f31ae8a66f6 in WebCore::RenderRegion::detachRegion (this=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderRegion.cpp:309 #3 0x00007f31ae888e1f in WebCore::RenderNamedFlowFragment::detachRegion (this=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderNamedFlowFragment.cpp:525 #4 0x00007f31ae8a6a89 in WebCore::RenderRegion::willBeRemovedFromTree (this=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderRegion.cpp:366 #5 0x00007f31ae7a28bb in WebCore::RenderElement::removeChildInternal (this=0x7f3190fbf2e0, oldChild=..., notifyChildren=WebCore::RenderElement::NotifyChildren) at ../../Source/WebCore/rendering/RenderElement.cpp:650 #6 0x00007f31ae7a221c in WebCore::RenderElement::removeChild (this=0x7f3190fbf2e0, oldChild=...) at ../../Source/WebCore/rendering/RenderElement.cpp:547 #7 0x00007f31ae6effda in WebCore::RenderBlock::removeChild (this=0x7f3190fbf2e0, oldChild=...) at ../../Source/WebCore/rendering/RenderBlock.cpp:746 #8 0x00007f31ae72de87 in WebCore::RenderBlockFlow::removeChild (this=0x7f3190fbf2e0, oldChild=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:3801 #9 0x00007f31ae8992e9 in WebCore::RenderObject::removeFromParent (this=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderObject.cpp:192 #10 0x00007f31ae89d8b1 in WebCore::RenderObject::willBeDestroyed (this=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderObject.cpp:1520 #11 0x00007f31ae7a444d in WebCore::RenderElement::willBeDestroyed (this=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderElement.cpp:1114 #12 0x00007f31ae776589 in WebCore::RenderBoxModelObject::willBeDestroyed (this=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderBoxModelObject.cpp:198 #13 0x00007f31ae71b8c1 in WebCore::RenderBlockFlow::willBeDestroyed (this=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:178 #14 0x00007f31ae89dffa in WebCore::RenderObject::destroy (this=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderObject.cpp:1695 #15 0x00007f31ae72b903 in WebCore::RenderBlockFlow::setRenderNamedFlowFragment (this=0x7f3190fbf2e0, flowFragment=0x0) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:3197 #16 0x00007f31ae71b793 in WebCore::RenderBlockFlow::willBeDestroyed (this=0x7f3190fbf2e0) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:147 #17 0x00007f31ae89dffa in WebCore::RenderObject::destroy (this=0x7f3190fbf2e0) at ../../Source/WebCore/rendering/RenderObject.cpp:1695 #18 0x00007f31ae89dfbd in WebCore::RenderObject::destroyAndCleanupAnonymousWrappers (this=0x7f3190fbf2e0) at ../../Source/WebCore/rendering/RenderObject.cpp:1682 #19 0x00007f31aea1933c in WebCore::Style::detachRenderTree (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:574 #20 0x00007f31aea19836 in WebCore::Style::resolveLocal (current=..., inheritedStyle=..., renderTreePosition=..., inheritedChange=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:628 #21 0x00007f31aea1a446 in WebCore::Style::resolveTree (current=..., inheritedStyle=..., renderTreePosition=..., change=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:850 #22 0x00007f31aea1a808 in WebCore::Style::resolveTree (document=..., change=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:910 #23 0x00007f31add4b7b0 in WebCore::Document::recalcStyle (this=0x7f3190c1ea00, change=WebCore::Style::NoChange) at ../../Source/WebCore/dom/Document.cpp:1841 #24 0x00007f31add4baf1 in WebCore::Document::updateStyleIfNeeded (this=0x7f3190c1ea00) at ../../Source/WebCore/dom/Document.cpp:1892 #25 0x00007f31add58a0e in WebCore::Document::finishedParsing (this=0x7f3190c1ea00) at ../../Source/WebCore/dom/Document.cpp:4895 #26 0x00007f31ae108211 in WebCore::HTMLConstructionSite::finishedParsing (this=0x7f3190ef7920) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:403 #27 0x00007f31ae147af8 in WebCore::HTMLTreeBuilder::finished (this=0x7f3190ef7900) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2937 #28 0x00007f31ae11136e in WebCore::HTMLDocumentParser::end (this=0x7f3190c1b440) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:402 #29 0x00007f31ae11143c in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7f3190c1b440) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:411 #30 0x00007f31ae110059 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7f3190c1b440) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:132 #31 0x00007f31ae111473 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7f3190c1b440) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:423 #32 0x00007f31ae111521 in WebCore::HTMLDocumentParser::finish (this=0x7f3190c1b440) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:451 #33 0x00007f31ae2a0342 in WebCore::DocumentWriter::end (this=0x7f3190c030a0) at ../../Source/WebCore/loader/DocumentWriter.cpp:247 #34 0x00007f31ae289e3a in WebCore::DocumentLoader::finishedLoading (this=0x7f3190c03000, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:437 #35 0x00007f31ae289b98 in WebCore::DocumentLoader::notifyFinished (this=0x7f3190c03000, resource=0x7f3190c0b980) at ../../Source/WebCore/loader/DocumentLoader.cpp:384 #36 0x00007f31ae348183 in WebCore::CachedResource::checkNotify (this=0x7f3190c0b980) at ../../Source/WebCore/loader/cache/CachedResource.cpp:297 #37 0x00007f31ae348292 in WebCore::CachedResource::finishLoading (this=0x7f3190c0b980) at ../../Source/WebCore/loader/cache/CachedResource.cpp:313 #38 0x00007f31ae344490 in WebCore::CachedRawResource::finishLoading (this=0x7f3190c0b980, data=0x7f3190ffdf00) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:103 #39 0x00007f31ae2f4ece in WebCore::SubresourceLoader::didFinishLoading (this=0x7f3190c2f800, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:372 #40 0x00007f31ae2efad3 in WebCore::ResourceLoader::didFinishLoading (this=0x7f3190c2f800, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:631 #41 0x00007f31aed27082 in WebCore::readCallback (asyncResult=0x289f9b0, data=0x7f3190fc26c0) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1340 #42 0x00007f31a465b95a in async_ready_callback_wrapper (source_object=0x290adb0, res=0x289f9b0, user_data=0x7f3190fc26c0) at ginputstream.c:529 #43 0x00007f31a4681433 in g_task_return_now (task=0x289f9b0) at gtask.c:1088 #44 0x00007f31a4681469 in complete_in_idle_cb (task=0x289f9b0) at gtask.c:1102 #45 0x00007f31a40bbd9d in g_main_dispatch (context=0x23198d0) at gmain.c:3122 #46 g_main_context_dispatch (context=context@entry=0x23198d0) at gmain.c:3737 #47 0x00007f31a40bc170 in g_main_context_iterate (context=0x23198d0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3808 #48 0x00007f31a40bc492 in g_main_loop_run (loop=0x2431500) at gmain.c:4002 #49 0x00007f31a796ada3 in WTF::RunLoop::run () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:67 #50 0x00007f31ad6eb00d in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7ffcfb5bb588) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #51 0x00007f31ad6eae6a in WebKit::WebProcessMainUnix (argc=2, argv=0x7ffcfb5bb588) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:77 #52 0x00000000004008fa in main (argc=2, argv=0x7ffcfb5bb588) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44

Attachments
Test (168 bytes, text/html) 2015-10-16 11:14 PDT, Renata Hodovan	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2016-08-04 17:27:29 PDT

This problem does not reproduce under r204037. If you believe there is still a problem, please reopen this bug and provide a revised test case.

Renata Hodovan

Comment 2 2016-08-05 10:10:34 PDT

Using the attached test case the issue still seems valid in r204165 with debug EFL and GTK builds.

Darin Adler

Comment 3 2016-08-05 23:02:00 PDT

Seems peculiar that this would be platform dependent. When someone finds a fix I would like to understand why the platform difference exists.

Note You need to log in before you can comment on or make changes to this bug.