WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
REOPENED
150242
[GTK] ASSERTION FAILED: m_invalidRegionList.contains(&renderNamedFlowFragment) in WebCore::RenderNamedFlowThread::removeRegionFromThread
https://bugs.webkit.org/show_bug.cgi?id=150242
Summary
[GTK] ASSERTION FAILED: m_invalidRegionList.contains(&renderNamedFlowFragment...
Renata Hodovan
Reported
2015-10-16 11:14:11 PDT
Created
attachment 263295
[details]
Test Load this with debug WebKit: <!DOCTYPE html> <style> *{ -webkit-flow-into:flow1; -webkit-flow-from:flow1; }</style> <body onpagehide=""> <style> * { -webkit-columns:5EX auto; } </style> Backtrace: ASSERTION FAILED: m_invalidRegionList.contains(&renderNamedFlowFragment) ../../Source/WebCore/rendering/RenderNamedFlowThread.cpp(256) : virtual void WebCore::RenderNamedFlowThread::removeRegionFromThread(WebCore::RenderRegion*) Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f31a790feda in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007f31a790feda in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007f31ae88ca54 in WebCore::RenderNamedFlowThread::removeRegionFromThread (this=0x7f3190eef378, renderRegion=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderNamedFlowThread.cpp:256 #2 0x00007f31ae8a66f6 in WebCore::RenderRegion::detachRegion (this=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderRegion.cpp:309 #3 0x00007f31ae888e1f in WebCore::RenderNamedFlowFragment::detachRegion (this=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderNamedFlowFragment.cpp:525 #4 0x00007f31ae8a6a89 in WebCore::RenderRegion::willBeRemovedFromTree (this=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderRegion.cpp:366 #5 0x00007f31ae7a28bb in WebCore::RenderElement::removeChildInternal (this=0x7f3190fbf2e0, oldChild=..., notifyChildren=WebCore::RenderElement::NotifyChildren) at ../../Source/WebCore/rendering/RenderElement.cpp:650 #6 0x00007f31ae7a221c in WebCore::RenderElement::removeChild (this=0x7f3190fbf2e0, oldChild=...) at ../../Source/WebCore/rendering/RenderElement.cpp:547 #7 0x00007f31ae6effda in WebCore::RenderBlock::removeChild (this=0x7f3190fbf2e0, oldChild=...) at ../../Source/WebCore/rendering/RenderBlock.cpp:746 #8 0x00007f31ae72de87 in WebCore::RenderBlockFlow::removeChild (this=0x7f3190fbf2e0, oldChild=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:3801 #9 0x00007f31ae8992e9 in WebCore::RenderObject::removeFromParent (this=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderObject.cpp:192 #10 0x00007f31ae89d8b1 in WebCore::RenderObject::willBeDestroyed (this=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderObject.cpp:1520 #11 0x00007f31ae7a444d in WebCore::RenderElement::willBeDestroyed (this=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderElement.cpp:1114 #12 0x00007f31ae776589 in WebCore::RenderBoxModelObject::willBeDestroyed (this=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderBoxModelObject.cpp:198 #13 0x00007f31ae71b8c1 in WebCore::RenderBlockFlow::willBeDestroyed (this=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:178 #14 0x00007f31ae89dffa in WebCore::RenderObject::destroy (this=0x7f3190ebc000) at ../../Source/WebCore/rendering/RenderObject.cpp:1695 #15 0x00007f31ae72b903 in WebCore::RenderBlockFlow::setRenderNamedFlowFragment (this=0x7f3190fbf2e0, flowFragment=0x0) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:3197 #16 0x00007f31ae71b793 in WebCore::RenderBlockFlow::willBeDestroyed (this=0x7f3190fbf2e0) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:147 #17 0x00007f31ae89dffa in WebCore::RenderObject::destroy (this=0x7f3190fbf2e0) at ../../Source/WebCore/rendering/RenderObject.cpp:1695 #18 0x00007f31ae89dfbd in WebCore::RenderObject::destroyAndCleanupAnonymousWrappers (this=0x7f3190fbf2e0) at ../../Source/WebCore/rendering/RenderObject.cpp:1682 #19 0x00007f31aea1933c in WebCore::Style::detachRenderTree (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:574 #20 0x00007f31aea19836 in WebCore::Style::resolveLocal (current=..., inheritedStyle=..., renderTreePosition=..., inheritedChange=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:628 #21 0x00007f31aea1a446 in WebCore::Style::resolveTree (current=..., inheritedStyle=..., renderTreePosition=..., change=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:850 #22 0x00007f31aea1a808 in WebCore::Style::resolveTree (document=..., change=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:910 #23 0x00007f31add4b7b0 in WebCore::Document::recalcStyle (this=0x7f3190c1ea00, change=WebCore::Style::NoChange) at ../../Source/WebCore/dom/Document.cpp:1841 #24 0x00007f31add4baf1 in WebCore::Document::updateStyleIfNeeded (this=0x7f3190c1ea00) at ../../Source/WebCore/dom/Document.cpp:1892 #25 0x00007f31add58a0e in WebCore::Document::finishedParsing (this=0x7f3190c1ea00) at ../../Source/WebCore/dom/Document.cpp:4895 #26 0x00007f31ae108211 in WebCore::HTMLConstructionSite::finishedParsing (this=0x7f3190ef7920) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:403 #27 0x00007f31ae147af8 in WebCore::HTMLTreeBuilder::finished (this=0x7f3190ef7900) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2937 #28 0x00007f31ae11136e in WebCore::HTMLDocumentParser::end (this=0x7f3190c1b440) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:402 #29 0x00007f31ae11143c in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7f3190c1b440) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:411 #30 0x00007f31ae110059 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7f3190c1b440) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:132 #31 0x00007f31ae111473 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7f3190c1b440) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:423 #32 0x00007f31ae111521 in WebCore::HTMLDocumentParser::finish (this=0x7f3190c1b440) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:451 #33 0x00007f31ae2a0342 in WebCore::DocumentWriter::end (this=0x7f3190c030a0) at ../../Source/WebCore/loader/DocumentWriter.cpp:247 #34 0x00007f31ae289e3a in WebCore::DocumentLoader::finishedLoading (this=0x7f3190c03000, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:437 #35 0x00007f31ae289b98 in WebCore::DocumentLoader::notifyFinished (this=0x7f3190c03000, resource=0x7f3190c0b980) at ../../Source/WebCore/loader/DocumentLoader.cpp:384 #36 0x00007f31ae348183 in WebCore::CachedResource::checkNotify (this=0x7f3190c0b980) at ../../Source/WebCore/loader/cache/CachedResource.cpp:297 #37 0x00007f31ae348292 in WebCore::CachedResource::finishLoading (this=0x7f3190c0b980) at ../../Source/WebCore/loader/cache/CachedResource.cpp:313 #38 0x00007f31ae344490 in WebCore::CachedRawResource::finishLoading (this=0x7f3190c0b980, data=0x7f3190ffdf00) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:103 #39 0x00007f31ae2f4ece in WebCore::SubresourceLoader::didFinishLoading (this=0x7f3190c2f800, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:372 #40 0x00007f31ae2efad3 in WebCore::ResourceLoader::didFinishLoading (this=0x7f3190c2f800, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:631 #41 0x00007f31aed27082 in WebCore::readCallback (asyncResult=0x289f9b0, data=0x7f3190fc26c0) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1340 #42 0x00007f31a465b95a in async_ready_callback_wrapper (source_object=0x290adb0, res=0x289f9b0, user_data=0x7f3190fc26c0) at ginputstream.c:529 #43 0x00007f31a4681433 in g_task_return_now (task=0x289f9b0) at gtask.c:1088 #44 0x00007f31a4681469 in complete_in_idle_cb (task=0x289f9b0) at gtask.c:1102 #45 0x00007f31a40bbd9d in g_main_dispatch (context=0x23198d0) at gmain.c:3122 #46 g_main_context_dispatch (context=context@entry=0x23198d0) at gmain.c:3737 #47 0x00007f31a40bc170 in g_main_context_iterate (context=0x23198d0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3808 #48 0x00007f31a40bc492 in g_main_loop_run (loop=0x2431500) at gmain.c:4002 #49 0x00007f31a796ada3 in WTF::RunLoop::run () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:67 #50 0x00007f31ad6eb00d in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7ffcfb5bb588) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #51 0x00007f31ad6eae6a in WebKit::WebProcessMainUnix (argc=2, argv=0x7ffcfb5bb588) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:77 #52 0x00000000004008fa in main (argc=2, argv=0x7ffcfb5bb588) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44
Attachments
Test
(168 bytes, text/html)
2015-10-16 11:14 PDT
,
Renata Hodovan
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Brent Fulgham
Comment 1
2016-08-04 17:27:29 PDT
This problem does not reproduce under
r204037
. If you believe there is still a problem, please reopen this bug and provide a revised test case.
Renata Hodovan
Comment 2
2016-08-05 10:10:34 PDT
Using the attached test case the issue still seems valid in
r204165
with debug EFL and GTK builds.
Darin Adler
Comment 3
2016-08-05 23:02:00 PDT
Seems peculiar that this would be platform dependent. When someone finds a fix I would like to understand why the platform difference exists.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug