RESOLVED WORKSFORME275103
REGRESSION(279667@main): ASSERTION FAILED: posChildNeedsLayout() || selfNeedsLayout() || !parent() in WebCore::RenderElement::setOutOfFlowChildNeedsStaticPositionLayout() 
https://bugs.webkit.org/show_bug.cgi?id=275103
Summary REGRESSION(279667@main): ASSERTION FAILED: posChildNeedsLayout() || selfNeeds...
Fujii Hironori
Reported 2024-06-04 04:25:44 PDT
After 279667@main (bug#274981), 1. Start Windows Debug MiniBrowser 2. Go to https://www.calc-age.com/calc_age 3. An assertion fail ASSERTION FAILED: posChildNeedsLayout() || selfNeedsLayout() || !parent() C:\webkit\wc\Source\WebCore\rendering/RenderElement.cpp(1214) : void WebCore::RenderElement::setOutOfFlowChildNeedsStaticPositionLayout() 1 00007FFB14D51CA9 WTFCrash 2 00007FFAE6422EFD WTFCrashWithInfo 3 00007FFAEA97547C WebCore::RenderElement::setOutOfFlowChildNeedsStaticPositionLayout 4 00007FFAEAD0388E WebCore::RenderTreeBuilder::attachToRenderElementInternal 5 00007FFAEAD01911 WebCore::RenderTreeBuilder::attachToRenderElement 6 00007FFAEAD01DCD WebCore::RenderTreeBuilder::Block::attachIgnoringContinuation 7 00007FFAEAD016F5 WebCore::RenderTreeBuilder::Block::attach 8 00007FFAEAD01507 WebCore::RenderTreeBuilder::BlockFlow::attach 9 00007FFAEAD0068E WebCore::RenderTreeBuilder::attachInternal 10 00007FFAEACFFF97 WebCore::RenderTreeBuilder::attach 11 00007FFAEAD26A91 WebCore::RenderTreeUpdater::createRenderer 12 00007FFAEAD24444 WebCore::RenderTreeUpdater::updateElementRenderer 13 00007FFAEAD237F4 WebCore::RenderTreeUpdater::updateRenderTree 14 00007FFAEAD23057 WebCore::RenderTreeUpdater::commit 15 00007FFAE927AA41 WebCore::Document::updateRenderTree 16 00007FFAE927B1ED WebCore::Document::resolveStyle 17 00007FFAE927BA31 WebCore::Document::updateStyleIfNeeded 18 00007FFAE927746C WebCore::Document::updateLayout 19 00007FFAE9278683 WebCore::Document::updateLayoutIgnorePendingStylesheets 20 00007FFAE9368968 WebCore::Element::boundingClientRect 21 00007FFAE9368AA9 WebCore::Element::getBoundingClientRect 22 00007FFAE6FCFFAE WebCore::jsElementPrototypeFunction_getBoundingClientRectBody 23 00007FFAE6FCFEC0 WebCore::IDLOperation<WebCore::JSElement>::call<&WebCore::jsElementPrototypeFunction_getBoundingClientRectBody,0> 24 00007FFAE6FC1254 WebCore::jsElementPrototypeFunction_getBoundingClientRect 25 00007FFB00EE815F llint_entry 26 000000DEA7AFDDF0 (null) Exception thrown at 0x00007FFB14D51CAE (WTF.dll) in WebKitWebProcess.exe: 0xC0000005: Access violation writing location 0x00000000BBADBEEF.
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2024-06-04 10:32:46 PDT
Somewhat surprisingly, I cannot reproduce this with MiniBrowser on macOS.
alan
Comment 2 2024-06-04 10:48:55 PDT
(In reply to Alexey Proskuryakov from comment #1) > Somewhat surprisingly, I cannot reproduce this with MiniBrowser on macOS. I can't reproduce it either.
Fujii Hironori
Comment 3 2024-06-04 15:13:15 PDT
I got another crash just by loading https://mainichi.jp/articles/20240603/k00/00m/040/221000c today with Windows port Debug 279717@main. ASSERTION FAILED: posChildNeedsLayout() || selfNeedsLayout() || !parent() C:\webkit\wb\Source\WebCore\rendering/RenderElement.cpp(1214) : void WebCore::RenderElement::setOutOfFlowChildNeedsStaticPositionLayout() 1 00007FFB18F11CA9 WTFCrash 2 00007FFAE6422EFD WTFCrashWithInfo 3 00007FFAEA97468C WebCore::RenderElement::setOutOfFlowChildNeedsStaticPositionLayout 4 00007FFAEAD02A9E WebCore::RenderTreeBuilder::attachToRenderElementInternal 5 00007FFAEAD00B21 WebCore::RenderTreeBuilder::attachToRenderElement 6 00007FFAEAD010B0 WebCore::RenderTreeBuilder::Block::attachIgnoringContinuation 7 00007FFAEAD00905 WebCore::RenderTreeBuilder::Block::attach 8 00007FFAEAD00717 WebCore::RenderTreeBuilder::BlockFlow::attach 9 00007FFAEACFF89E WebCore::RenderTreeBuilder::attachInternal 10 00007FFAEACFF1A7 WebCore::RenderTreeBuilder::attach 11 00007FFAEAD25CA1 WebCore::RenderTreeUpdater::createRenderer 12 00007FFAEAD23654 WebCore::RenderTreeUpdater::updateElementRenderer 13 00007FFAEAD22A04 WebCore::RenderTreeUpdater::updateRenderTree 14 00007FFAEAD22267 WebCore::RenderTreeUpdater::commit 15 00007FFAE927AA41 WebCore::Document::updateRenderTree 16 00007FFAE927B1ED WebCore::Document::resolveStyle 17 00007FFAE927BA31 WebCore::Document::updateStyleIfNeeded 18 00007FFAE927C5BC WebCore::Document::updateLayoutIfDimensionsOutOfDate 19 00007FFAE927C501 WebCore::Document::updateLayoutIfDimensionsOutOfDate 20 00007FFAE9366AB8 WebCore::Element::scrollHeight 21 00007FFAE6FE9C1A WebCore::jsElement_scrollHeightGetter 22 00007FFAE6FA8C55 WebCore::IDLAttribute<WebCore::JSElement>::get<&WebCore::jsElement_scrollHeightGetter,3> 23 00007FFAE6FA8B10 WebCore::jsElement_scrollHeight 24 00007FFB0992B729 WTF::FunctionPtr<57072,long long (JSC::JSGlobalObject *, long long, JSC::PropertyName),1>::operator() 25 00007FFB09C4B441 JSC::PropertySlot::customGetter 26 00007FFB08DDB748 JSC::PropertySlot::getValue 27 00007FFB08DDAF62 JSC::JSValue::get 28 00007FFB09470B23 JSC::LLInt::performLLIntGetByID 29 00007FFB09470850 llint_slow_path_get_by_id 30 00007FFB08D4C839 llint_entry 31 0000020BB95ECAE0 (null) Exception thrown at 0x00007FFB18F11CAE (WTF.dll) in WebKitWebProcess.exe: 0xC0000005: Access violation writing location 0x00000000BBADBEEF.
alan
Comment 4 2024-06-04 15:27:50 PDT
oddly I can't repro that either. This is getting mysterious.
Fujii Hironori
Comment 5 2024-06-10 01:00:56 PDT
*** This bug has been marked as a duplicate of bug 275264 ***
Fujii Hironori
Comment 6 2024-06-10 01:04:29 PDT
Oops. Still crashing with 279866@main. Reopened. ASSERTION FAILED: posChildNeedsLayout() || selfNeedsLayout() || needsSimplifiedNormalFlowLayout() || !parent() C:\webkit\Source\WebCore\rendering/RenderElement.cpp(1219) : void WebCore::RenderElement::setOutOfFlowChildNeedsStaticPositionLayout()
Radar WebKit Bug Importer
Comment 7 2024-06-11 04:26:14 PDT
<rdar://problem/129576895>
Fujii Hironori
Comment 8 2025-02-05 16:51:24 PST
I tested again today with Windows Debug MiniBrowser (289837@main). This issue no longer happens. Works for me.
Note You need to log in before you can comment on or make changes to this bug.