RESOLVED FIXED 151605
ASSERTION FAILED: !newRelayoutRoot.container() || !newRelayoutRoot.container()->needsLayout() in WebCore::FrameView::scheduleRelayoutOfSubtree 
https://bugs.webkit.org/show_bug.cgi?id=151605
Summary ASSERTION FAILED: !newRelayoutRoot.container() || !newRelayoutRoot.container(...
Renata Hodovan
Reported 2015-11-25 07:55:31 PST
Created attachment 266164 [details] Test Load the attached test with debug MiniBrowser: <script> window.onload = function() { window.scrollTo(0,document.body.scrollHeight); v_0 = document.getElementById('id_0'); v_0.removeChild(v_0.childNodes[0]); location.reload(); } </script> <style> *{ -webkit-columns: 55px 87; overflow-y: scroll; -webkit-background-composite: source-out; width: 0% } *|* { display: inline-flex; } </style> <summary id="id_0"> aa <progress></progress> </summary> OS: Ubuntu 15.10 x86_64 Checked build: debug EFL Checked version: 79922a5 Backtrace: ASSERTION FAILED: !newRelayoutRoot.container() || !newRelayoutRoot.container()->needsLayout() ../../Source/WebCore/page/FrameView.cpp(2660) : void WebCore::FrameView::scheduleRelayoutOfSubtree(WebCore::RenderElement&) 1 0x7f12d1d6982c WTFCrash 2 0x7f12d089fc42 WebCore::FrameView::scheduleRelayoutOfSubtree(WebCore::RenderElement&) 3 0x7f12d0c61f9c 4 0x7f12d0c6235c WebCore::RenderObject::markContainingBlocksForLayout(WebCore::ScheduleRelayout, WebCore::RenderElement*) 5 0x7f12d0209076 WebCore::RenderObject::setNeedsLayout(WebCore::MarkingBehavior) 6 0x7f12d030249f WebCore::RenderObject::setNeedsLayoutAndPrefWidthsRecalc() 7 0x7f12d0b6d1ca WebCore::RenderElement::removeChildInternal(WebCore::RenderObject&, WebCore::RenderElement::NotifyChildrenType) 8 0x7f12d0b6cc34 WebCore::RenderElement::removeChild(WebCore::RenderObject&) 9 0x7f12d0abda12 WebCore::RenderBlock::removeChild(WebCore::RenderObject&) 10 0x7f12d0afd091 WebCore::RenderBlockFlow::removeChild(WebCore::RenderObject&) 11 0x7f12d0c61755 WebCore::RenderObject::removeFromParent() 12 0x7f12d0c65d51 WebCore::RenderObject::willBeDestroyed() 13 0x7f12d0b6ee77 WebCore::RenderElement::willBeDestroyed() 14 0x7f12d0b495f9 WebCore::RenderBoxModelObject::willBeDestroyed() 15 0x7f12d0aeab0d WebCore::RenderBlockFlow::willBeDestroyed() 16 0x7f12d0c664ac WebCore::RenderObject::destroy() 17 0x7f12d0c6646f WebCore::RenderObject::destroyAndCleanupAnonymousWrappers() 18 0x7f12d0da1817 19 0x7f12d0da15af 20 0x7f12d0da17ed 21 0x7f12d0da15af 22 0x7f12d0da17ed 23 0x7f12d0da15af 24 0x7f12d0da15f0 25 0x7f12d0da17dc 26 0x7f12d0da16e1 27 0x7f12d0da17b2 28 0x7f12d0da15af 29 0x7f12d0da15f0 30 0x7f12d0da17dc 31 0x7f12d0da1d12 Aborted (core dumped) Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f12d1d69831 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; [Current thread is 1 (Thread 0x7f12d58b6a80 (LWP 10734))] #0 0x00007f12d1d69831 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007f12d089fc42 in WebCore::FrameView::scheduleRelayoutOfSubtree (this=0x7f12b140c000, newRelayoutRoot=...) at ../../Source/WebCore/page/FrameView.cpp:2660 #2 0x00007f12d0c61f9c in WebCore::scheduleRelayoutForSubtree (renderer=...) at ../../Source/WebCore/rendering/RenderObject.cpp:588 #3 0x00007f12d0c6235c in WebCore::RenderObject::markContainingBlocksForLayout (this=0x7f12b17b7a10, scheduleRelayout=WebCore::ScheduleRelayout::Yes, newRoot=0x0) at ../../Source/WebCore/rendering/RenderObject.cpp:645 #4 0x00007f12d0209076 in WebCore::RenderObject::setNeedsLayout (this=0x7f12b17b7a10, markParents=WebCore::MarkContainingBlockChain) at ../../Source/WebCore/rendering/RenderObject.h:1082 #5 0x00007f12d030249f in WebCore::RenderObject::setNeedsLayoutAndPrefWidthsRecalc (this=0x7f12b17b7a10) at ../../Source/WebCore/rendering/RenderObject.h:585 #6 0x00007f12d0b6d1ca in WebCore::RenderElement::removeChildInternal (this=0x7f12b17b7958, oldChild=..., notifyChildren=WebCore::RenderElement::NotifyChildren) at ../../Source/WebCore/rendering/RenderElement.cpp:630 #7 0x00007f12d0b6cc34 in WebCore::RenderElement::removeChild (this=0x7f12b17b7958, oldChild=...) at ../../Source/WebCore/rendering/RenderElement.cpp:547 #8 0x00007f12d0abda12 in WebCore::RenderBlock::removeChild (this=0x7f12b17b7958, oldChild=...) at ../../Source/WebCore/rendering/RenderBlock.cpp:745 #9 0x00007f12d0afd091 in WebCore::RenderBlockFlow::removeChild (this=0x7f12b17b7958, oldChild=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:3806 #10 0x00007f12d0c61755 in WebCore::RenderObject::removeFromParent (this=0x7f12b17b7a10) at ../../Source/WebCore/rendering/RenderObject.cpp:199 #11 0x00007f12d0c65d51 in WebCore::RenderObject::willBeDestroyed (this=0x7f12b17b7a10) at ../../Source/WebCore/rendering/RenderObject.cpp:1527 #12 0x00007f12d0b6ee77 in WebCore::RenderElement::willBeDestroyed (this=0x7f12b17b7a10) at ../../Source/WebCore/rendering/RenderElement.cpp:1114 #13 0x00007f12d0b495f9 in WebCore::RenderBoxModelObject::willBeDestroyed (this=0x7f12b17b7a10) at ../../Source/WebCore/rendering/RenderBoxModelObject.cpp:198 #14 0x00007f12d0aeab0d in WebCore::RenderBlockFlow::willBeDestroyed (this=0x7f12b17b7a10) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:178 #15 0x00007f12d0c664ac in WebCore::RenderObject::destroy (this=0x7f12b17b7a10) at ../../Source/WebCore/rendering/RenderObject.cpp:1702 #16 0x00007f12d0c6646f in WebCore::RenderObject::destroyAndCleanupAnonymousWrappers (this=0x7f12b17b7a10) at ../../Source/WebCore/rendering/RenderObject.cpp:1689 #17 0x00007f12d0da1817 in WebCore::Style::detachRenderTree (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:574 #18 0x00007f12d0da15af in WebCore::Style::detachChildren (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:521 #19 0x00007f12d0da17ed in WebCore::Style::detachRenderTree (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:571 #20 0x00007f12d0da15af in WebCore::Style::detachChildren (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:521 #21 0x00007f12d0da17ed in WebCore::Style::detachRenderTree (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:571 #22 0x00007f12d0da15af in WebCore::Style::detachChildren (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:521 #23 0x00007f12d0da15f0 in WebCore::Style::detachShadowRoot (shadowRoot=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:528 #24 0x00007f12d0da17dc in WebCore::Style::detachRenderTree (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:569 #25 0x00007f12d0da16e1 in WebCore::Style::detachSlotAssignees (slot=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:540 #26 0x00007f12d0da17b2 in WebCore::Style::detachRenderTree (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:566 #27 0x00007f12d0da15af in WebCore::Style::detachChildren (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:521 #28 0x00007f12d0da15f0 in WebCore::Style::detachShadowRoot (shadowRoot=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:528 #29 0x00007f12d0da17dc in WebCore::Style::detachRenderTree (current=..., detachType=WebCore::Style::ReattachDetach) at ../../Source/WebCore/style/StyleResolveTree.cpp:569 #30 0x00007f12d0da1d12 in WebCore::Style::resolveLocal (current=..., inheritedStyle=..., renderTreePosition=..., inheritedChange=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:628 #31 0x00007f12d0da2832 in WebCore::Style::resolveTree (current=..., inheritedStyle=..., renderTreePosition=..., change=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:843 #32 0x00007f12d0da25e9 in WebCore::Style::resolveChildren (current=..., inheritedStyle=..., change=WebCore::Style::NoChange, childRenderTreePosition=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:800 #33 0x00007f12d0da2925 in WebCore::Style::resolveTree (current=..., inheritedStyle=..., renderTreePosition=..., change=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:857 #34 0x00007f12d0da25e9 in WebCore::Style::resolveChildren (current=..., inheritedStyle=..., change=WebCore::Style::NoChange, childRenderTreePosition=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:800 #35 0x00007f12d0da2925 in WebCore::Style::resolveTree (current=..., inheritedStyle=..., renderTreePosition=..., change=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:857 #36 0x00007f12d0da25e9 in WebCore::Style::resolveChildren (current=..., inheritedStyle=..., change=WebCore::Style::NoChange, childRenderTreePosition=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:800 #37 0x00007f12d0da2925 in WebCore::Style::resolveTree (current=..., inheritedStyle=..., renderTreePosition=..., change=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:857 #38 0x00007f12d0da2bf5 in WebCore::Style::resolveTree (document=..., change=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:903 #39 0x00007f12d02ea87b in WebCore::Document::recalcStyle (this=0x7f12b141d900, change=WebCore::Style::NoChange) at ../../Source/WebCore/dom/Document.cpp:1841 #40 0x00007f12d02eabb7 in WebCore::Document::updateStyleIfNeeded (this=0x7f12b141d900) at ../../Source/WebCore/dom/Document.cpp:1892 #41 0x00007f12d02eda07 in WebCore::Document::implicitClose (this=0x7f12b141d900) at ../../Source/WebCore/dom/Document.cpp:2700 #42 0x00007f12d075be91 in WebCore::FrameLoader::checkCallImplicitClose (this=0x7f12b16e4098) at ../../Source/WebCore/loader/FrameLoader.cpp:861 #43 0x00007f12d075bbc1 in WebCore::FrameLoader::checkCompleted (this=0x7f12b16e4098) at ../../Source/WebCore/loader/FrameLoader.cpp:807 #44 0x00007f12d075b937 in WebCore::FrameLoader::finishedParsing (this=0x7f12b16e4098) at ../../Source/WebCore/loader/FrameLoader.cpp:728 #45 0x00007f12d02f7bb4 in WebCore::Document::finishedParsing (this=0x7f12b141d900) at ../../Source/WebCore/dom/Document.cpp:4897 #46 0x00007f12d16917ab in WebCore::HTMLConstructionSite::finishedParsing (this=0x7f12b16fe6e0) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:403 #47 0x00007f12d0651db2 in WebCore::HTMLTreeBuilder::finished (this=0x7f12b16fe6c0) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2937 #48 0x00007f12d06220a8 in WebCore::HTMLDocumentParser::end (this=0x7f12b1448cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:393 #49 0x00007f12d0622176 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7f12b1448cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:402 #50 0x00007f12d0620e6b in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7f12b1448cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:132 #51 0x00007f12d06221b1 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7f12b1448cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:414 #52 0x00007f12d0622261 in WebCore::HTMLDocumentParser::finish (this=0x7f12b1448cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:442 #53 0x00007f12d0747166 in WebCore::DocumentWriter::end (this=0x7f12b142ef20) at ../../Source/WebCore/loader/DocumentWriter.cpp:247 #54 0x00007f12d073060a in WebCore::DocumentLoader::finishedLoading (this=0x7f12b142ee80, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:437 #55 0x00007f12d0730364 in WebCore::DocumentLoader::notifyFinished (this=0x7f12b142ee80, resource=0x7f12b14261c0) at ../../Source/WebCore/loader/DocumentLoader.cpp:384 #56 0x00007f12d07dcd0d in WebCore::CachedResource::checkNotify (this=0x7f12b14261c0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:297 #57 0x00007f12d07dce22 in WebCore::CachedResource::finishLoading (this=0x7f12b14261c0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:313 #58 0x00007f12d07d9044 in WebCore::CachedRawResource::finishLoading (this=0x7f12b14261c0, data=0x7f12b17bf900) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:103 #59 0x00007f12d07a11a1 in WebCore::SubresourceLoader::didFinishLoading (this=0x7f12b142fa80, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:372 #60 0x00007f12d079bbe7 in WebCore::ResourceLoader::didFinishLoading (this=0x7f12b142fa80, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:638 #61 0x00007f12d0fa5b45 in WebCore::readCallback (asyncResult=0xb681a0, data=0x7f12b17be740) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1341 #62 0x00007f12c8b684e6 in async_ready_callback_wrapper (source_object=0xa7c5b0, res=0xb681a0, user_data=0x7f12b17be740) at ginputstream.c:523 #63 0x00007f12c8b8ea04 in g_task_return_now (task=0xb681a0) at gtask.c:1077 #64 0x00007f12c8b8ea29 in complete_in_idle_cb (task=0xb681a0) at gtask.c:1086 #65 0x00007f12c85c472a in g_main_dispatch (context=0xa766a0) at gmain.c:3064 #66 g_main_context_dispatch (context=context@entry=0xa766a0) at gmain.c:3663 #67 0x00007f12c9f1bb50 in _ecore_glib_select__locked (ecore_timeout=<optimized out>, efds=0x7ffcdbb51070, wfds=0x7ffcdbb50ff0, rfds=0x7ffcdbb50f70, ecore_fds=<optimized out>, ctx=<optimized out>) at lib/ecore/ecore_glib.c:175 #68 _ecore_glib_select (ecore_fds=<optimized out>, rfds=0x7ffcdbb50f70, wfds=0x7ffcdbb50ff0, efds=0x7ffcdbb51070, ecore_timeout=<optimized out>) at lib/ecore/ecore_glib.c:208 #69 0x00007f12c9f1eb8c in _ecore_main_select (timeout=<optimized out>) at lib/ecore/ecore_main.c:1481 #70 0x00007f12c9f1f665 in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:1913 #71 0x00007f12c9f1f827 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:988 #72 0x00007f12d1dc7ebb in WTF::RunLoop::run () at ../../Source/WTF/wtf/efl/RunLoopEfl.cpp:49 #73 0x00007f12d0068f7a in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7ffcdbb514d8) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #74 0x00007f12d0068b88 in WebKit::WebProcessMainUnix (argc=2, argv=0x7ffcdbb514d8) at ../../Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:161 #75 0x000000000040089a in main (argc=2, argv=0x7ffcdbb514d8) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44
Attachments
Test (440 bytes, text/html)
2015-11-25 07:55 PST, Renata Hodovan 		no flags
Details
Patch (7.33 KB, patch)
2016-01-14 12:04 PST, zalan 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
zalan
Comment 1 2016-01-13 21:19:07 PST
B--AG-L- --* RenderView (0.00, 0.00) (1323.00, 720.00) renderer->(0x11ad6c2c0) B-----L- -- HTML RenderFlexibleBox (0.00, 0.00) (0.00, 736.00) renderer->(0x11adf7578) node->(0x11adf1410) B-O---L- -- HEAD RenderFlexibleBox (0.00, 0.00) (0.00, 736.00) renderer->(0x11adf7640) node->(0x11adf1478) B-O---L- -- STYLE RenderFlexibleBox (0.00, 0.00) (0.00, 736.00) renderer->(0x11adf7708) node->(0x11adec7b8) B--AG--- -- RenderBlock (0.00, 0.00) (80.86, 736.00) renderer->(0x11adee450) I------- -- #text RenderText renderer->(0x11ad955a0) node->(0x11adf2500) length->(153) "\n* {\n -webkit-columns: 55px 87;\n overflow-y: scroll;\n -webkit-backg"... B-O---L- DN- BODY RenderFlexibleBox (8.00, 8.00) (0.00, 704.00) renderer->(0x11adf77d0) node->(0x11adf1548) B-O---L- -- SUMMARY RenderBlock (0.00, 0.00) (0.00, 704.00) renderer->(0x11adee508) node->(0x11adf15b0) B--AG-L- -- RenderMultiColumnFlowThread (0.00, 0.00) (0.00, 16.00) renderer->(0x11ad29000) [Rs:0x11ad25640 Re:0x11ad25640] B-O---L- -- PROGRESS RenderFlexibleBox (0.00, 0.00) (0.00, 16.00) renderer->(0x11adf7898) node->(0x11adf0620) [Rs:0x11ad25640 Re:0x11ad25640] B------- -- DIV RenderProgress (0.00, 0.00) (0.00, 16.00) renderer->(0x11ad1b000) node->(0x11adf16e8) [Rs:0x11ad25640 Re:0x11ad25640] B------- -- DIV RenderBlock (0.00, 0.00) (0.00, 16.00) renderer->(0x11adee5c0) node->(0x11adf1750) [Rs:0x11ad25640 Re:0x11ad25640] B------- -- DIV RenderBlock (0.00, 0.00) (0.00, 16.00) renderer->(0x11adee678) node->(0x11adf17b8) [Rs:0x11ad25640 Re:0x11ad25640] B--AG--- -- RenderMultiColumnSet (0.00, 0.00) (0.00, 16.00) renderer->(0x11ad25640) B-O---L- -- SCRIPT RenderFlexibleBox (0.00, 0.00) (0.00, 704.00) renderer->(0x11adf7960) node->(0x11adecb48) B--AG--- -- RenderBlock (0.00, 0.00) (314.97, 704.00) renderer->(0x11adee730) I------- -- #text RenderText renderer->(0x11ad95e40) node->(0x11adf25f0) length->(192) "\nsetTimeout(function() {\n window.scrollTo(0,document.body.scrollHeight);\n "... BODY is stuck with dirty layout flag. When a descendant renderer is being removed, we try to ensures it is no longer a layoutroot by marking its ancestors dirty (and ofc the ancestor tree needs to know about this change in order to layout/repaint properly). However since BODY is already dirty, we end up not scheduling a new layout (and we don't change the layout root either) -> ASSERT. BODY is marked dirty while finishing up the layout on HTML. During post layout, we start updating the scrollbars for overflow content. SUMMARY is a candidate and while we try to contain the layout by marking only the current renderer (MarkThisOnly) before calling current.layoutBlock(), the RenderMultiColumnSet child ends up setting the dirty flag on the ancestors (including BODY). However no one issues layout on the BODY at this point.
zalan
Comment 2 2016-01-14 12:04:45 PST
Created attachment 268984 [details] Patch
Dave Hyatt
Comment 3 2016-01-14 12:06:51 PST
Comment on attachment 268984 [details] Patch r=me
zalan
Comment 4 2016-01-14 12:10:04 PST
Committed r195069: <http://trac.webkit.org/changeset/195069>
Note You need to log in before you can comment on or make changes to this bug.