Bug 235572 - ASSERTION FAILED: layoutState->renderer() == this ../../Source/WebCore/rendering/RenderBlock.cpp(2866)
Summary: ASSERTION FAILED: layoutState->renderer() == this ../../Source/WebCore/render...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2022-01-25 04:22 PST by A
Modified: 2022-02-01 04:23 PST (History)
3 users (show)

See Also:

Attachments
html that trigger crash (206.37 KB, application/zip)
2022-01-25 04:22 PST, A 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description A 2022-01-25 04:22:59 PST 
Created attachment 449913 [details]
html that trigger crash

1. build a debug webkit
2. open html
3. crash

ASSERTION FAILED: layoutState->renderer() == this
../../Source/WebCore/rendering/RenderBlock.cpp(2866) : virtual WebCore::LayoutUnit WebCore::RenderBlock::offsetFromLogicalTopOfFirstPage() const
1   0x7f235dcd7964 WTFReportBacktrace
2   0x7f235dcd7c01 WTFCrash
3   0x7f23777ceba1 WTF::CrashOnOverflow::overflowed()
4   0x7f2380f2a522 WebCore::RenderBlock::offsetFromLogicalTopOfFirstPage() const
5   0x7f2380f2ae62 WebCore::RenderBlock::computeFragmentRangeForBoxChild(WebCore::RenderBox const&) const
6   0x7f2380f2b2ca WebCore::RenderBlock::estimateFragmentRangeForBoxChild(WebCore::RenderBox const&) const
7   0x7f2380f0d18f WebCore::RenderBlock::layoutPositionedObject(WebCore::RenderBox&, bool, bool)
8   0x7f2380f0db11 WebCore::RenderBlock::layoutPositionedObjects(bool, bool)
9   0x7f2380fdfaa6 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
10  0x7f2380f088ab WebCore::RenderBlock::layout()
11  0x7f2380fe1a40 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
12  0x7f2380fe0c96 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
13  0x7f2380fdefa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
14  0x7f2380f088ab WebCore::RenderBlock::layout()
15  0x7f2380e4be9e WebCore::RenderElement::layoutIfNeeded()
16  0x7f2380ff97af WebCore::RenderBlockFlow::positionNewFloats()
17  0x7f2380fe3c54 WebCore::RenderBlockFlow::adjustFloatingBlock(WebCore::RenderBlockFlow::MarginInfo const&)
18  0x7f2380fe0c6c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
19  0x7f2380fdefa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
20  0x7f2380f088ab WebCore::RenderBlock::layout()
21  0x7f2380fe1a40 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
22  0x7f2380fe0c96 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
23  0x7f2380fdefa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
24  0x7f2380f088ab WebCore::RenderBlock::layout()
25  0x7f2380fe1a40 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
26  0x7f2380fe0c96 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
27  0x7f2380fdefa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
28  0x7f2380f088ab WebCore::RenderBlock::layout()
29  0x7f2380fe1a40 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
30  0x7f2380fe0c96 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
31  0x7f2380fdefa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
Comment 1 Radar WebKit Bug Importer 2022-02-01 04:23:15 PST 
<rdar://problem/88322109>