RESOLVED FIXED219079
Web process assert when loading slack 
https://bugs.webkit.org/show_bug.cgi?id=219079
Summary Web process assert when loading slack
Carlos Garcia Campos
Reported 2020-11-18 04:59:49 PST
Since a few days ago I'm unable to use slack because my web process crashes: 1 0x7f63279098d9 WTFCrash 2 0x7f632c0f9154 WebCore::LayoutIntegration::LineLayout::contentLogicalHeight() const 3 0x7f632c5af081 WebCore::RenderBlockFlow::layoutModernLines(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 4 0x7f632c5f36f8 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 5 0x7f632c5c3c2a WebCore::RenderBlock::layout() 6 0x7f632c5e822f WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 7 0x7f632c5f32cd WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 8 0x7f632c5f3add WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 9 0x7f632c5c3c2a WebCore::RenderBlock::layout() 10 0x7f632c64046c WebCore::RenderFlexibleBox::layoutAndPlaceChildren(WebCore::LayoutUnit&, WTF::Vector<WebCore::FlexItem, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, WebCore::LayoutUnit, bool, WTF::Vector<WebCore::RenderFlexibleBox::LineContext, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, WebCore::LayoutUnit) 11 0x7f632c643ac3 WebCore::RenderFlexibleBox::layoutFlexItems(bool) 12 0x7f632c644286 WebCore::RenderFlexibleBox::layoutBlock(bool, WebCore::LayoutUnit) 13 0x7f632c5c3c2a WebCore::RenderBlock::layout() 14 0x7f632c5e822f WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 15 0x7f632c5f32cd WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 16 0x7f632c5f3add WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 17 0x7f632c5c3c2a WebCore::RenderBlock::layout() 18 0x7f632c5e822f WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 19 0x7f632c5f32cd WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 20 0x7f632c5f3add WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 21 0x7f632c5c3c2a WebCore::RenderBlock::layout() 22 0x7f632c5e822f WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 23 0x7f632c5f32cd WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 24 0x7f632c5f3add WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 25 0x7f632c5c3c2a WebCore::RenderBlock::layout() 26 0x7f632c5e822f WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 27 0x7f632c5f32cd WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 28 0x7f632c5f3add WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 29 0x7f632c5c3c2a WebCore::RenderBlock::layout() 30 0x7f632c64046c WebCore::RenderFlexibleBox::layoutAndPlaceChildren(WebCore::LayoutUnit&, WTF::Vector<WebCore::FlexItem, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, WebCore::LayoutUnit, bool, WTF::Vector<WebCore::RenderFlexibleBox::LineContext, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, WebCore::LayoutUnit) 31 0x7f632c643ac3 WebCore::RenderFlexibleBox::layoutFlexItems(bool)
Attachments
Patch (1.36 KB, patch)
2020-11-24 01:17 PST, Carlos Garcia Campos 		no flags
DetailsFormatted DiffDiff
Patch (3.41 KB, patch)
2020-12-04 03:47 PST, alan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Sergio Villar Senin
Comment 1 2020-11-18 07:09:45 PST
I'm getting a crash but due to ASSERTs failing ASSERTION FAILED: !m_impl || Thread::mayBeGCThread() || m_impl->wasConstructedOnMainThread() == isMainThread() DerivedSources/ForwardingHeaders/wtf/WeakPtr.h(94) : T* WTF::WeakPtr< <template-parameter-1-1>, <template-parameter-1-2> >::get() const [with T = WebCore::Frame; Counter = WTF::EmptyCounter] ASSERTION FAILED: !m_impl || Thread::mayBeGCThread() || m_impl->wasConstructedOnMainThread() == isMainThread() DerivedSources/ForwardingHeaders/wtf/WeakPtr.h(94) : T* WTF::WeakPtr< <template-parameter-1-1>, <template-parameter-1-2> >::get() const [with T = WebCore::Frame; Counter = WTF::EmptyCounter] ASSERTION FAILED: !m_impl || Thread::mayBeGCThread() || m_impl->wasConstructedOnMainThread() == isMainThread() DerivedSources/ForwardingHeaders/wtf/WeakPtr.h(94) : T* WTF::WeakPtr< <template-parameter-1-1>, <template-parameter-1-2> >::get() const [with T = WebCore::Frame; Counter = WTF::EmptyCounter] ASSERTION FAILED: !m_impl || Thread::mayBeGCThread() || m_impl->wasConstructedOnMainThread() == isMainThread() DerivedSources/ForwardingHeaders/wtf/WeakPtr.h(94) : T* WTF::WeakPtr< <template-parameter-1-1>, <template-parameter-1-2> >::get() const [with T = WebCore::Frame; Counter = WTF::EmptyCounter] 1 0x7f81b193878b WTFCrash 2 0x7f81abdebf0e WTF::CrashOnOverflow::overflowed() 1 0x7f81b193878b WTFCrash 3 0x7f81acc360de WTF::WeakPtr<WebCore::Frame, WTF::EmptyCounter>::get() const 1 0x7f81b193878b WTFCrash 2 0x7f81abdebf0e WTF::CrashOnOverflow::overflowed() 2 0x7f81abdebf0e WTF::CrashOnOverflow::overflowed() 3 0x7f81acc360de WTF::WeakPtr<WebCore::Frame, WTF::EmptyCounter>::get() const 4 0x7f81aef98daa WebCore::FrameDestructionObserver::frame() const 3 0x7f81acc360de WTF::WeakPtr<WebCore::Frame, WTF::EmptyCounter>::get() const 4 0x7f81aef98daa WebCore::FrameDestructionObserver::frame() const 1 0x7f81b193878b WTFCrash 5 0x7f81ae961233 WebCore::HTMLMediaElement::mediaPlayerReferrer() const 4 0x7f81aef98daa WebCore::FrameDestructionObserver::frame() const 5 0x7f81ae961233 WebCore::HTMLMediaElement::mediaPlayerReferrer() const 2 0x7f81abdebf0e WTF::CrashOnOverflow::overflowed() 6 0x7f81af2b0c5d WebCore::MediaPlayer::referrer() const 5 0x7f81ae961233 WebCore::HTMLMediaElement::mediaPlayerReferrer() const 6 0x7f81af2b0c5d WebCore::MediaPlayer::referrer() const 7 0x7f81acf5e02f ~/checkout/WebKit/WebKitBuild/Debug/lib/libWPEWebKit-1.0.so.3(+0xe2b102f) [0x7f81acf5e02f] 8 0x7f81acf5cc7e ~/checkout/WebKit/WebKitBuild/Debug/lib/libWPEWebKit-1.0.so.3(+0xe2afc7e) [0x7f81acf5cc7e] 6 0x7f81af2b0c5d WebCore::MediaPlayer::referrer() const 3 0x7f81acc360de WTF::WeakPtr<WebCore::Frame, WTF::EmptyCounter>::get() const 7 0x7f81acf5e02f ~/checkout/WebKit/WebKitBuild/Debug/lib/libWPEWebKit-1.0.so.3(+0xe2b102f) [0x7f81acf5e02f] 9 0x7f819d8fd13d ~/checkout/WebKit/WebKitBuild/DependenciesWPE/Root/lib/libgstbase-1.0.so.0(+0x3c13d) [0x7f819d8fd13d] 8 0x7f81acf5cc7e ~/checkout/WebKit/WebKitBuild/Debug/lib/libWPEWebKit-1.0.so.3(+0xe2afc7e) [0x7f81acf5cc7e] 4 0x7f81aef98daa WebCore::FrameDestructionObserver::frame() const 10 0x7f819d8ff346 ~/checkout/WebKit/WebKitBuild/DependenciesWPE/Root/lib/libgstbase-1.0.so.0(+0x3e346) [0x7f819d8ff346] 7 0x7f81acf5e02f ~/checkout/WebKit/WebKitBuild/Debug/lib/libWPEWebKit-1.0.so.3(+0xe2b102f) [0x7f81acf5e02f] 9 0x7f819d8fd13d ~/checkout/WebKit/WebKitBuild/DependenciesWPE/Root/lib/libgstbase-1.0.so.0(+0x3c13d) [0x7f819d8fd13d] 8 0x7f81acf5cc7e ~/checkout/WebKit/WebKitBuild/Debug/lib/libWPEWebKit-1.0.so.3(+0xe2afc7e) [0x7f81acf5cc7e] 11 0x7f819e3d969f ~/checkout/WebKit/WebKitBuild/DependenciesWPE/Root/lib/libgstreamer-1.0.so.0(+0xb669f) [0x7f819e3d969f] 12 0x7f819e601ee4 ~/checkout/WebKit/WebKitBuild/DependenciesWPE/Root/lib/libglib-2.0.so.0(+0x74ee4) [0x7f819e601ee4] 5 0x7f81ae961233 WebCore::HTMLMediaElement::mediaPlayerReferrer() const 9 0x7f819d8fd13d ~/checkout/WebKit/WebKitBuild/DependenciesWPE/Root/lib/libgstbase-1.0.so.0(+0x3c13d) [0x7f819d8fd13d] 6 0x7f81af2b0c5d WebCore::MediaPlayer::referrer() const 13 0x7f819e6017c5 ~/checkout/WebKit/WebKitBuild/DependenciesWPE/Root/lib/libglib-2.0.so.0(+0x747c5) [0x7f819e6017c5] 7 0x7f81acf5e02f ~/checkout/WebKit/WebKitBuild/Debug/lib/libWPEWebKit-1.0.so.3(+0xe2b102f) [0x7f81acf5e02f] 10 0x7f819d8ff346 ~/checkout/WebKit/WebKitBuild/DependenciesWPE/Root/lib/libgstbase-1.0.so.0(+0x3e346) [0x7f819d8ff346] 8 0x7f81acf5cc7e ~/checkout/WebKit/WebKitBuild/Debug/lib/libWPEWebKit-1.0.so.3(+0xe2afc7e) [0x7f81acf5cc7e] 14 0x7f819daa6ea7 /lib/x86_64-linux-gnu/libpthread.so.0(+0x8ea7) [0x7f819daa6ea7] 10 0x7f819d8ff346 ~/checkout/WebKit/WebKitBuild/DependenciesWPE/Root/lib/libgstbase-1.0.so.0(+0x3e346) [0x7f819d8ff346] 11 0x7f819e3d969f ~/checkout/WebKit/WebKitBuild/DependenciesWPE/Root/lib/libgstreamer-1.0.so.0(+0xb669f) [0x7f819e3d969f] 9 0x7f819d8fd13d ~/checkout/WebKit/WebKitBuild/DependenciesWPE/Root/lib/libgstbase-1.0.so.0(+0x3c13d) [0x7f819d8fd13d] 15 0x7f819ea8eeaf clone 11 0x7f819e3d969f ~/checkout/WebKit/WebKitBuild/DependenciesWPE/Root/lib/libgstreamer-1.0.so.0(+0xb669f) [0x7f819e3d969f] 12 0x7f819e601ee4 ~/checkout/WebKit/WebKitBuild/DependenciesWPE/Root/lib/libglib-2.0.so.0(+0x74ee4) [0x7f819e601ee4] 10 0x7f819d8ff346 ~/checkout/WebKit/WebKitBuild/DependenciesWPE/Root/lib/libgstbase-1.0.so.0(+0x3e346) [0x7f819d8ff346] 12 0x7f819e601ee4 ~/checkout/WebKit/WebKitBuild/DependenciesWPE/Root/lib/libglib-2.0.so.0(+0x74ee4) [0x7f819e601ee4] 13 0x7f819e6017c5 ~/checkout/WebKit/WebKitBuild/DependenciesWPE/Root/lib/libglib-2.0.so.0(+0x747c5) [0x7f819e6017c5] 11 0x7f819e3d969f ~/checkout/WebKit/WebKitBuild/DependenciesWPE/Root/lib/libgstreamer-1.0.so.0(+0xb669f) [0x7f819e3d969f]
alan
Comment 2 2020-11-18 13:14:34 PST
Do you have repro steps or a test reduction? (my ToT WebKit debug build works fine with the slack channels I am in).
Carlos Garcia Campos
Comment 3 2020-11-19 00:41:05 PST
It started to happen even with the same WebKit version, so I guess something changed in the current room or something like that, that revealed the bug. The only step to reproduce it for me is opening webkit slack in my browser. I don't have a test case, so I'll try to debug it.
Carlos Garcia Campos
Comment 4 2020-11-24 01:15:10 PST
I found some time to debug the issue. The problem is that in LineLayout::contentLogicalHeight() we have a m_inlineContent, but lines is empty. I don't have time right now to figure out why, or whether that's expected or not, but checking also lines is not empty fixes the issue.
Carlos Garcia Campos
Comment 5 2020-11-24 01:17:31 PST
Created attachment 414825 [details] Patch
alan
Comment 6 2020-11-24 07:19:55 PST
Comment on attachment 414825 [details] Patch Please upload a test reduction (or some kind of test content with repro steps). While the patch certainly fixes the crash, it'd be great to understand under what circumstances it happens (to check if it needs additional changes) and also it'd be nice to regression test it.
Radar WebKit Bug Importer
Comment 7 2020-11-26 03:24:02 PST
<rdar://problem/71747792>
alan
Comment 8 2020-12-04 03:41:52 PST
<rdar://problem/71814675>
alan
Comment 9 2020-12-04 03:47:52 PST
Created attachment 415401 [details] Patch
alan
Comment 10 2020-12-04 03:51:49 PST
(In reply to zalan from comment #6) > Comment on attachment 414825 [details] > Patch > > Please upload a test reduction (or some kind of test content with repro > steps). While the patch certainly fixes the crash, it'd be great to > understand under what circumstances it happens (to check if it needs > additional changes) and also it'd be nice to regression test it. The patch was just papering over the actual issue of missing additional inline types.
EWS
Comment 11 2020-12-04 05:35:49 PST
Committed r270428: <https://trac.webkit.org/changeset/270428> All reviewed patches have been landed. Closing bug and clearing flags on attachment 415401 [details].
Note You need to log in before you can comment on or make changes to this bug.