Created attachment 242806 [details] Test case run this test with debug WK: <!DOCTYPE html> <dt><details open> <style> * { -webkit-flow-into:foo; } </style> Note: If you put any of the required closing tags of <dt> or <details> element then we don't crash. Backtrace: ASSERTION FAILED: !m_mapNamedFlowContentElement.contains(&contentElement) ../../Source/WebCore/rendering/FlowThreadController.cpp(98) : void WebCore::FlowThreadController::registerNamedFlowContentElement(WebCore::Element&, WebCore::RenderNamedFlowThread&) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff98927700 (LWP 24528)] 0x00007fffedbca36f in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; #0 0x00007fffedbca36f in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007ffff38ff2bd in WebCore::FlowThreadController::registerNamedFlowContentElement (this=0x7cfc50, contentElement=..., namedFlow=...) at ../../Source/WebCore/rendering/FlowThreadController.cpp:98 #2 0x00007ffff3c382c0 in WebCore::Style::moveToFlowThreadIfNeeded (element=..., style=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:273 #3 0x00007ffff3c383f2 in WebCore::Style::createRendererIfNeeded (element=..., inheritedStyle=..., renderTreePosition=..., resolvedStyle=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:292 #4 0x00007ffff3c39a57 in WebCore::Style::attachRenderTree (current=..., inheritedStyle=..., renderTreePosition=..., resolvedStyle=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:615 #5 0x00007ffff3c390d1 in WebCore::Style::attachChildren (current=..., inheritedStyle=..., renderTreePosition=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:484 #6 0x00007ffff3c39b2e in WebCore::Style::attachRenderTree (current=..., inheritedStyle=..., renderTreePosition=..., resolvedStyle=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:629 #7 0x00007ffff3c390d1 in WebCore::Style::attachChildren (current=..., inheritedStyle=..., renderTreePosition=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:484 #8 0x00007ffff3c39b2e in WebCore::Style::attachRenderTree (current=..., inheritedStyle=..., renderTreePosition=..., resolvedStyle=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:629 #9 0x00007ffff3c390d1 in WebCore::Style::attachChildren (current=..., inheritedStyle=..., renderTreePosition=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:484 #10 0x00007ffff3c39b2e in WebCore::Style::attachRenderTree (current=..., inheritedStyle=..., renderTreePosition=..., resolvedStyle=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:629 #11 0x00007ffff3c390d1 in WebCore::Style::attachChildren (current=..., inheritedStyle=..., renderTreePosition=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:484 #12 0x00007ffff3c39b2e in WebCore::Style::attachRenderTree (current=..., inheritedStyle=..., renderTreePosition=..., resolvedStyle=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:629 #13 0x00007ffff3c3a378 in WebCore::Style::resolveLocal (current=..., inheritedStyle=..., renderTreePosition=..., inheritedChange=WebCore::Style::Force) at ../../Source/WebCore/style/StyleResolveTree.cpp:756 #14 0x00007ffff3c3ab2f in WebCore::Style::resolveTree (current=..., inheritedStyle=..., renderTreePosition=..., change=WebCore::Style::Force) at ../../Source/WebCore/style/StyleResolveTree.cpp:918 #15 0x00007ffff3c3b099 in WebCore::Style::resolveTree (document=..., change=WebCore::Style::Force) at ../../Source/WebCore/style/StyleResolveTree.cpp:997 #16 0x00007ffff30657ff in WebCore::Document::recalcStyle (this=0x655fc0, change=WebCore::Style::Force) at ../../Source/WebCore/dom/Document.cpp:1796 #17 0x00007ffff3065b0a in WebCore::Document::updateStyleIfNeeded (this=0x655fc0) at ../../Source/WebCore/dom/Document.cpp:1841 #18 0x00007ffff3070c7d in WebCore::Document::finishedParsing (this=0x655fc0) at ../../Source/WebCore/dom/Document.cpp:4613 #19 0x00007ffff33c6039 in WebCore::HTMLConstructionSite::finishedParsing (this=0x7cfd98) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:395 #20 0x00007ffff3403a33 in WebCore::HTMLTreeBuilder::finished (this=0x7cfd80) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:3009 #21 0x00007ffff33ced4e in WebCore::HTMLDocumentParser::end (this=0x81df20) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:439 #22 0x00007ffff33cee39 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x81df20) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:450 #23 0x00007ffff33cd8e7 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x81df20) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:165 #24 0x00007ffff33cee7c in WebCore::HTMLDocumentParser::attemptToEnd (this=0x81df20) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:462 #25 0x00007ffff33cef33 in WebCore::HTMLDocumentParser::finish (this=0x81df20) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:490 #26 0x00007ffff3538b7f in WebCore::DocumentWriter::end (this=0x73c1a0) at ../../Source/WebCore/loader/DocumentWriter.cpp:246 #27 0x00007ffff35248db in WebCore::DocumentLoader::finishedLoading (this=0x73c100, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:440 #28 0x00007ffff3524644 in WebCore::DocumentLoader::notifyFinished (this=0x73c100, resource=0x8d3650) at ../../Source/WebCore/loader/DocumentLoader.cpp:374 #29 0x00007ffff35d5370 in WebCore::CachedResource::checkNotify (this=0x8d3650) at ../../Source/WebCore/loader/cache/CachedResource.cpp:293 #30 0x00007ffff35d546e in WebCore::CachedResource::finishLoading (this=0x8d3650) at ../../Source/WebCore/loader/cache/CachedResource.cpp:309 #31 0x00007ffff35d1b63 in WebCore::CachedRawResource::finishLoading (this=0x8d3650, data=0x7a0840) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:104 #32 0x00007ffff358594c in WebCore::SubresourceLoader::didFinishLoading (this=0x8d3d20, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:306 #33 0x00007ffff35816e1 in WebCore::ResourceLoader::didFinishLoading (this=0x8d3d20, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:508 #34 0x00007ffff3f303e1 in WebCore::readCallback (asyncResult=0x68b1d0, data=0x8d5000) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1300 #35 0x00007fffeb7ab7d6 in async_ready_callback_wrapper (source_object=0x7c66d0, res=0x68b1d0, user_data=user_data@entry=0x8d5000) at ginputstream.c:523 #36 0x00007fffeb7d10d5 in g_task_return_now (task=0x68b1d0) at gtask.c:1077 #37 0x00007fffeb7d10f9 in complete_in_idle_cb (task=0x68b1d0) at gtask.c:1086 #38 0x00007fffeaa10a1d in g_main_dispatch (context=0x4780a0) at gmain.c:3064 #39 g_main_context_dispatch (context=context@entry=0x4780a0) at gmain.c:3663 #40 0x00007fffeaa10d88 in g_main_context_iterate (context=0x4780a0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3734 #41 0x00007fffeaa1104a in g_main_loop_run (loop=0x8eb810) at gmain.c:3928 #42 0x00007ffff45df9dc in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59 #43 0x00007ffff2b44f82 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd978) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #44 0x00007ffff2b44de7 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd978) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:73 #45 0x0000000000400891 in main (argc=2, argv=0x7fffffffd978) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44