Bug 241007

Created attachment 459804 [details] Repro case With the attached testcase at https://commits.webkit.org/250833@main I'm getting this debug assertion: #0 WTFCrash() () at /app/webkit/Source/WTF/wtf/Assertions.cpp:322 #1 0x00007ff517ff1cf6 in WTFCrashWithInfo(int, char const*, char const*, int) () at /app/webkit/WebKitBuild/Debug/WTF/Headers/wtf/Assertions.h:748 #2 0x00007ff51dd26f06 in WebCore::SVGLengthContext::resolveRectangle(WebCore::SVGElement const*, WebCore::SVGUnitTypes::SVGUnitType, WebCore::FloatRect const&, WebCore::SVGLengthValue const&, WebCore::SVGLengthValue const&, WebCore::SVGLengthValue const&, WebCore::SVGLengthValue const&) (context=0x7ff50534b580, type=WebCore::SVGUnitTypes::SVG_UNIT_TYPE_UNKNOWN, viewport=..., x=..., y=..., width=..., height=...) at /app/webkit/Source/WebCore/svg/SVGLengthContext.cpp:53 #3 0x00007ff51d5a30b5 in WebCore::SVGLengthContext::resolveRectangle<WebCore::SVGFilterElement>(WebCore::SVGFilterElement const*, WebCore::SVGUnitTypes::SVGUnitType, WebCore::FloatRect const&) (context= 0x7ff50534b580, type=WebCore::SVGUnitTypes::SVG_UNIT_TYPE_UNKNOWN, viewport=...) at /app/webkit/Source/WebCore/svg/SVGLengthContext.h:41 #4 0x00007ff51d9d81f9 in WebCore::RenderSVGResourceFilter::resourceBoundingBox(WebCore::RenderObject const&) (this=0x7ff50530c610, object=...) at /app/webkit/Source/WebCore/rendering/svg/RenderSVGResourceFilter.cpp:225 #5 0x00007ff51da21638 in WebCore::SVGRenderSupport::intersectRepaintRectWithResources(WebCore::RenderElement const&, WebCore::FloatRect&) (renderer=..., repaintRect=...) at /app/webkit/Source/WebCore/rendering/svg/SVGRenderSupport.cpp:323 #6 0x00007ff51d9b6be7 in WebCore::LegacyRenderSVGShape::updateRepaintBoundingBox() (this=0x7ff50530c780) at /app/webkit/Source/WebCore/rendering/svg/LegacyRenderSVGShape.cpp:448 #7 0x00007ff51d9b508e in WebCore::LegacyRenderSVGShape::layout() (this=0x7ff50530c780) at /app/webkit/Source/WebCore/rendering/svg/LegacyRenderSVGShape.cpp:154 #8 0x00007ff51da212b5 in WebCore::SVGRenderSupport::layoutChildren(WebCore::RenderElement&, bool) (start=..., selfNeedsLayout=false) at /app/webkit/Source/WebCore/rendering/svg/SVGRenderSupport.cpp:285 #9 0x00007ff51d9b28d3 in WebCore::LegacyRenderSVGRoot::layout() (this=0x7ff50530c430) at /app/webkit/Source/WebCore/rendering/svg/LegacyRenderSVGRoot.cpp:185 #10 0x00007ff51d5dda61 in WebCore::RenderElement::layoutIfNeeded() (this=0x7ff50530c430) at /app/webkit/Source/WebCore/rendering/RenderElement.h:147 #11 0x00007ff51d61e483 in WebCore::LegacyLineLayout::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (this=0x7ff4a4cd9a50, relayoutChildren=false, repaintLogicalTop=..., repaintLogicalBottom=...) at /app/webkit/Source/WebCore/rendering/LegacyLineLayout.cpp:1792 #12 0x00007ff51d67766d in WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (this=0x7ff505349e30, relayoutChildren=false, repaintLogicalTop=..., repaintLogicalBottom=...) at /app/webkit/Source/WebCore/rendering/RenderBlockFlow.cpp:722 #13 0x00007ff51d67692a in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7ff505349e30, relayoutChildren=false, pageLogicalHeight=...) at /app/webkit/Source/WebCore/rendering/RenderBlockFlow.cpp:533 #14 0x00007ff51d664c57 in WebCore::RenderBlock::layout() (this=0x7ff505349e30) at /app/webkit/Source/WebCore/rendering/RenderBlock.cpp:616 #15 0x00007ff51d677a0c in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (this=0x7ff505349cf0, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /app/webkit/Source/WebCore/rendering/RenderBlockFlow.cpp:780 #16 0x00007ff51d6774bf in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (this=0x7ff505349cf0, relayoutChildren=false, maxFloatLogicalBottom=...) at /app/webkit/Source/WebCore/rendering/RenderBlockFlow.cpp:684 #17 0x00007ff51d67694e in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7ff505349cf0, relayoutChildren=false, pageLogicalHeight=...) at /app/webkit/Source/WebCore/rendering/RenderBlockFlow.cpp:535 #18 0x00007ff51d664c57 in WebCore::RenderBlock::layout() (this=0x7ff505349cf0) at /app/webkit/Source/WebCore/rendering/RenderBlock.cpp:616 #19 0x00007ff51d677a0c in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (this=0x7ff5053493f0, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /app/webkit/Source/WebCore/rendering/RenderBlockFlow.cpp:780 #20 0x00007ff51d6774bf in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (this=0x7ff5053493f0, relayoutChildren=false, maxFloatLogicalBottom=...) at /app/webkit/Source/WebCore/rendering/RenderBlockFlow.cpp:684 #21 0x00007ff51d67694e in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7ff5053493f0, relayoutChildren=false, pageLogicalHeight=...) at /app/webkit/Source/WebCore/rendering/RenderBlockFlow.cpp:535 #22 0x00007ff51d664c57 in WebCore::RenderBlock::layout() (this=0x7ff5053493f0) at /app/webkit/Source/WebCore/rendering/RenderBlock.cpp:616 #23 0x00007ff51d8e458e in WebCore::RenderView::layout() (this=0x7ff5053493f0) at /app/webkit/Source/WebCore/rendering/RenderView.cpp:186 #24 0x00007ff51cd917a0 in WebCore::FrameViewLayoutContext::layout() (this=0x7ff505348160) at /app/webkit/Source/WebCore/page/FrameViewLayoutContext.cpp:235 #25 0x00007ff51cd306c3 in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() (this=0x7ff505348010) at /app/webkit/Source/WebCore/page/FrameView.cpp:4565 #26 0x00007ff51cdce547 in WebCore::Page::layoutIfNeeded() (this=0x7ff4becf0600) at /app/webkit/Source/WebCore/page/Page.cpp:1543 #27 0x00007ff51cdcede1 in WebCore::Page::updateRendering() (this=0x7ff4becf0600) at /app/webkit/Source/WebCore/page/Page.cpp:1621 #28 0x00007ff5197a867c in WebKit::WebPage::updateRendering() (this=0x7ff4bdcf9680) at /app/webkit/Source/WebKit/WebProcess/WebPage/WebPage.cpp:4408 #29 0x00007ff51983cbcc in WebKit::DrawingAreaCoordinatedGraphics::display(WebKit::UpdateInfo&) (this=0x7ff50528e140, updateInfo=...) at /app/webkit/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp:811 #30 0x00007ff51983c818 in WebKit::DrawingAreaCoordinatedGraphics::display() (this=0x7ff50528e140) at /app/webkit/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp:765 #31 0x00007ff51983a547 in WebKit::DrawingAreaCoordinatedGraphics::forceRepaint() (this=0x7ff50528e140) at /app/webkit/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp:182 #32 0x00007ff5197a7ed1 in WebKit::WebPage::forceRepaintWithoutCallback() (this=0x7ff4bdcf9680) at /app/webkit/Source/WebKit/WebProcess/WebPage/WebPage.cpp:4074 #33 0x00007ff5194de2c8 in WKBundlePageForceRepaint(WKBundlePageRef) (page=0x7ff4bdcf9680) at /app/webkit/Source/WebKit/WebProcess/InjectedBundle/API/c/WKBundlePage.cpp:549 #34 0x00007ff4aad0a8b3 in WTR::InjectedBundlePage::dump() (this=0x7ff505244678) at /app/webkit/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:798 #35 0x00007ff4aad0f8da in WTR::dumpAfterWaitAttributeIsRemoved(WKBundlePageRef) (page=0x7ff4bdcf9680) at /app/webkit/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:1788 #36 0x00007ff4aad0fa24 in WTR::InjectedBundlePage::frameDidChangeLocation(OpaqueWKBundleFrame const*) (this=0x7ff505244678, frame=0x7ff5052fcbd0) at /app/webkit/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:1821 #37 0x00007ff4aad0af37 in WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundleFrame const*) (this=0x7ff505244678, frame=0x7ff5052fcbd0) at /app/webkit/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:874 #38 0x00007ff4aad098c1 in WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundlePage const*, OpaqueWKBundleFrame const*, void const**, void const*) (page=0x7ff4bdcf9680, frame=0x7ff5052fcbd0, clientInfo=0x7ff505244678) at /app/webkit/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:507 #39 0x00007ff51949f4c5 in WebKit::InjectedBundlePageLoaderClient::didFinishLoadForFrame(WebKit::WebPage&, WebKit::WebFrame&, WTF::RefPtr<API::Object, WTF::RawPtrTraits<API::Object>, WTF::DefaultRefDerefTraits<API::Object> >&) (this=0x7ff50525b000, page=..., frame=..., userData=...) at /app/webkit/Source/WebKit/WebProcess/InjectedBundle/InjectedBundlePageLoaderClient.cpp:139 #40 0x00007ff5196fdb96 in WebKit::WebFrameLoaderClient::dispatchDidFinishLoad() (this=0x7ff5052e7d20) at /app/webkit/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:684 #41 0x00007ff51cb44ff5 in WebCore::FrameLoader::checkLoadCompleteForThisFrame() (this=0x7ff50528d000) at /app/webkit/Source/WebCore/loader/FrameLoader.cpp:2612 #42 0x00007ff51cb45b84 in WebCore::FrameLoader::checkLoadComplete() (this=0x7ff50528d000) at /app/webkit/Source/WebCore/loader/FrameLoader.cpp:2767 #43 0x00007ff51cae6430 in WebCore::DocumentLoader::finishedLoading() (this=0x7ff4a4ce0000) at /app/webkit/Source/WebCore/loader/DocumentLoader.cpp:508 --Type <RET> for more, q to quit, c to continue without paging-- #44 0x00007ff51cae5ddf in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&, WebCore::NetworkLoadMetrics const&) (this=0x7ff4a4ce0000, resource=..., metrics=...) at /app/webkit/Source/WebCore/loader/DocumentLoader.cpp:446 #45 0x00007ff51cc2d431 in WebCore::CachedResource::checkNotify(WebCore::NetworkLoadMetrics const&) (this=0x7ff4becfa000, metrics=...) at /app/webkit/Source/WebCore/loader/cache/CachedResource.cpp:336 #46 0x00007ff51cc2d599 in WebCore::CachedResource::finishLoading(WebCore::FragmentedSharedBuffer const*, WebCore::NetworkLoadMetrics const&) (this=0x7ff4becfa000, metrics=...) at /app/webkit/Source/WebCore/loader/cache/CachedResource.cpp:352 #47 0x00007ff51cc28e3f in WebCore::CachedRawResource::finishLoading(WebCore::FragmentedSharedBuffer const*, WebCore::NetworkLoadMetrics const&) (this=0x7ff4becfa000, data=0x7ff4a4cfa770, metrics=...) at /app/webkit/Source/WebCore/loader/cache/CachedRawResource.cpp:129 #48 0x00007ff51cbbeefb in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) (this=0x7ff4a4cdd000, networkLoadMetrics=...) at /app/webkit/Source/WebCore/loader/SubresourceLoader.cpp:735 #49 0x00007ff5195ed437 in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) (this=0x7ff50520e8a0, networkLoadMetrics=...) at /app/webkit/Source/WebKit/WebProcess/Network/WebResourceLoader.cpp:258 #50 0x00007ff5185f3b0b in IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::tuple<WebCore::NetworkLoadMetrics>&&, std::integer_sequence<unsigned long, 0ul>) (object=0x7ff50520e8a0, function= (void (WebKit::WebResourceLoader::*)(WebKit::WebResourceLoader * const, const WebCore::NetworkLoadMetrics &)) 0x7ff5195ed13a <WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&)>, args=...) at /app/webkit/Source/WebKit/Platform/IPC/HandleMessage.h:131 #51 0x00007ff5185f2b12 in IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::tuple<WebCore::NetworkLoadMetrics>, std::integer_sequence<unsigned long, 0ul> >(std::tuple<WebCore::NetworkLoadMetrics>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (args=..., object=0x7ff50520e8a0, function= (void (WebKit::WebResourceLoader::*)(WebKit::WebResourceLoader * const, const WebCore::NetworkLoadMetrics &)) 0x7ff5195ed13a <WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&)>) at /app/webkit/Source/WebKit/Platform/IPC/HandleMessage.h:137 #52 0x00007ff5185f1f16 in IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Connection&, IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (connection=..., decoder=..., object=0x7ff50520e8a0, function= (void (WebKit::WebResourceLoader::*)(WebKit::WebResourceLoader * const, const WebCore::NetworkLoadMetrics &)) 0x7ff5195ed13a <WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&)>) at /app/webkit/Source/WebKit/Platform/IPC/HandleMessage.h:259 #53 0x00007ff5185f1542 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (this=0x7ff50520e8a0, connection=..., decoder=...) at /app/webkit/WebKitBuild/Debug/DerivedSources/WebKit/WebResourceLoaderMessageReceiver.cpp:75 #54 0x00007ff5195e3b1d in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (this=0x7ff5052ee190, connection=..., decoder=...) at /app/webkit/Source/WebKit/WebProcess/Network/NetworkProcessConnection.cpp:102 #55 0x00007ff518c794ac in IPC::Connection::dispatchMessage(IPC::Decoder&) (this=0x7ff5052df1c8, decoder=...) at /app/webkit/Source/WebKit/Platform/IPC/Connection.cpp:1108 #56 0x00007ff518c79742 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >)Traceback (most recent call last): #57 0x00007ff518c79cea in IPC::Connection::dispatchOneIncomingMessage() (this=0x7ff5052df1c8) at /app/webkit/Source/WebKit/Platform/IPC/Connection.cpp:1222 #58 0x00007ff518c791bc in operator()() (__closure=0x7ff5052cf0f8) at /app/webkit/Source/WebKit/Platform/IPC/Connection.cpp:1072 #59 0x00007ff518c802a0 in WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder>)::<lambda()>, void>::call(void) (this=0x7ff5052cf0f0) at /app/webkit/WebKitBuild/Debug/WTF/Headers/wtf/Function.h:53 #60 0x00007ff50df766cb in WTF::Function<void ()>::operator()() const (this=0x7ffcc4a2af60) at /app/webkit/WebKitBuild/Debug/WTF/Headers/wtf/Function.h:82 #61 0x00007ff50f283e61 in WTF::RunLoop::performWork() (this=0x7ff5052f8000) at /app/webkit/Source/WTF/wtf/RunLoop.cpp:133 #62 0x00007ff50f3379a6 in operator()(gpointer) const (__closure=0x0, userData=0x7ff5052f8000) at /app/webkit/Source/WTF/wtf/glib/RunLoopGLib.cpp:80 #63 0x00007ff50f3379ca in _FUN(gpointer) () at /app/webkit/Source/WTF/wtf/glib/RunLoopGLib.cpp:82 #64 0x00007ff50f337939 in operator()(GSource*, GSourceFunc, gpointer) const (__closure=0x0, source=0x55da2cc59e50, callback=0x7ff50f3379ad <_FUN(gpointer)>, userData=0x7ff5052f8000) at /app/webkit/Source/WTF/wtf/glib/RunLoopGLib.cpp:53 #65 0x00007ff50f337987 in _FUN(GSource*, GSourceFunc, gpointer) () at /app/webkit/Source/WTF/wtf/glib/RunLoopGLib.cpp:56 #66 0x00007ff509084294 in g_main_dispatch (context=0x55da2cc84d80) at ../glib/gmain.c:3381 #67 g_main_context_dispatch (context=0x55da2cc84d80) at ../glib/gmain.c:4099 #68 0x00007ff509084638 in g_main_context_iterate (context=0x55da2cc84d80, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4175 #69 0x00007ff509084943 in g_main_loop_run (loop=0x55da2cd4f310) at ../glib/gmain.c:4373 #70 0x00007ff50f337ff2 in WTF::RunLoop::run() () at /app/webkit/Source/WTF/wtf/glib/RunLoopGLib.cpp:108 #71 0x00007ff51986bed3 in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (this=0x7ffcc4a2b210, argc=4, argv=0x7ffcc4a2b3b8) at /app/webkit/Source/WebKit/Shared/AuxiliaryProcessMain.h:70 #72 0x00007ff51986bd2a in WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk>(int, char**) (argc=4, argv=0x7ffcc4a2b3b8) at /app/webkit/Source/WebKit/Shared/AuxiliaryProcessMain.h:96 #73 0x00007ff51986bc0a in WebKit::WebProcessMain(int, char**) (argc=4, argv=0x7ffcc4a2b3b8) at /app/webkit/Source/WebKit/WebProcess/gtk/WebProcessMainGtk.cpp:98 #74 0x000055da2caa89d9 in main(int, char**) (argc=4, argv=0x7ffcc4a2b3b8) at /app/webkit/Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp:31