ASSERTION FAILED: totalFlexGrow >= 0 && totalWeightedFlexShrink >= 0 ../../third_party/WebKit/Source/core/layout/LayoutFlexibleBox.cpp(892) : void blink::LayoutFlexibleBox::layoutFlexItems(bool, blink::SubtreeLayoutScope &) |
|||||||
Issue descriptionVersion: 54.0.2796.0 (Developer Build) (64-bit) with dcheck_always_on=1 OS: Linux What steps will reproduce the problem? (1) https://cloud.google.com/pubsub/overview (2) (3) What is the expected output? What do you see instead? ASSERTION FAILED: totalFlexGrow >= 0 && totalWeightedFlexShrink >= 0 ../../third_party/WebKit/Source/core/layout/LayoutFlexibleBox.cpp(892) : void blink::LayoutFlexibleBox::layoutFlexItems(bool, blink::SubtreeLayoutScope &) 1 0x7fffea9fd481 blink::LayoutFlexibleBox::layoutBlock(bool) 2 0x7fffea9ad895 blink::LayoutBlock::layout() 3 0x7fffea9ba9b4 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded(blink::LayoutBox&, blink::LayoutUnit, blink::BlockChildrenLayoutInfo&) 4 0x7fffea9bace0 blink::LayoutBlockFlow::layoutBlockChild(blink::LayoutBox&, blink::BlockChildrenLayoutInfo&) 5 0x7fffea9beb1e blink::LayoutBlockFlow::layoutBlockChildren(bool, blink::SubtreeLayoutScope&, blink::LayoutUnit, blink::LayoutUnit) 6 0x7fffea9b9898 7 0x7fffea9b9130 blink::LayoutBlockFlow::layoutBlock(bool) 8 0x7fffea9ad895 blink::LayoutBlock::layout() 9 0x7fffea9ba9b4 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded(blink::LayoutBox&, blink::LayoutUnit, blink::BlockChildrenLayoutInfo&) 10 0x7fffea9bace0 blink::LayoutBlockFlow::layoutBlockChild(blink::LayoutBox&, blink::BlockChildrenLayoutInfo&) 11 0x7fffea9beb1e blink::LayoutBlockFlow::layoutBlockChildren(bool, blink::SubtreeLayoutScope&, blink::LayoutUnit, blink::LayoutUnit) 12 0x7fffea9b9898 13 0x7fffea9b9130 blink::LayoutBlockFlow::layoutBlock(bool) 14 0x7fffea9ad895 blink::LayoutBlock::layout() 15 0x7fffea9af124 blink::LayoutBlock::layoutPositionedObjects(bool, blink::LayoutBlock::PositionedLayoutBehavior) 16 0x7fffea9b9c9f 17 0x7fffea9b9130 blink::LayoutBlockFlow::layoutBlock(bool) 18 0x7fffea9ad895 blink::LayoutBlock::layout() 19 0x7fffeaa9612c blink::LayoutView::layoutContent() 20 0x7fffeaa9677b blink::LayoutView::layout() 21 0x7fffea74a6ae blink::FrameView::performLayout(bool) 22 0x7fffea748511 blink::FrameView::layout() 23 0x7fffea7531aa blink::FrameView::updateStyleAndLayoutIfNeededRecursiveInternal() 24 0x7fffea751e51 blink::FrameView::updateStyleAndLayoutIfNeededRecursive() 25 0x7fffea7514a9 blink::FrameView::updateLifecyclePhasesInternal(blink::DocumentLifecycle::LifecycleState) 26 0x7fffea89f6fa blink::PageAnimator::updateAllLifecyclePhases(blink::LocalFrame&) 27 0x7ffff217907f blink::WebViewImpl::updateAllLifecyclePhases() 28 0x7ffff5b5d2c1 content::RenderWidgetCompositor::UpdateLayerTreeHost() 29 0x7ffff471a2e6 cc::ProxyMain::BeginMainFrame(std::unique_ptr<cc::BeginMainFrameAndCommitState, std::default_delete<cc::BeginMainFrameAndCommitState> >) 30 0x7ffff472ee3c 31 0x7ffff7a7e479 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&) Received signal 11 SEGV_MAPERR 0000fbadbeef #0 0x7ffff7a7ce27 base::debug::(anonymous namespace)::StackDumpSignalHandler() #1 0x7ffff7bcc330 <unknown> #2 0x7fffea9fdded blink::LayoutFlexibleBox::layoutFlexItems() #3 0x7fffea9fd481 blink::LayoutFlexibleBox::layoutBlock() #4 0x7fffea9ad895 blink::LayoutBlock::layout() #5 0x7fffea9ba9b4 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded() #6 0x7fffea9bace0 blink::LayoutBlockFlow::layoutBlockChild() #7 0x7fffea9beb1e blink::LayoutBlockFlow::layoutBlockChildren() #8 0x7fffea9b9898 blink::LayoutBlockFlow::layoutBlockFlow() #9 0x7fffea9b9130 blink::LayoutBlockFlow::layoutBlock() #10 0x7fffea9ad895 blink::LayoutBlock::layout() #11 0x7fffea9ba9b4 blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded() #12 0x7fffea9bace0 blink::LayoutBlockFlow::layoutBlockChild() #13 0x7fffea9beb1e blink::LayoutBlockFlow::layoutBlockChildren() #14 0x7fffea9b9898 blink::LayoutBlockFlow::layoutBlockFlow() #15 0x7fffea9b9130 blink::LayoutBlockFlow::layoutBlock() #16 0x7fffea9ad895 blink::LayoutBlock::layout() #17 0x7fffea9af124 blink::LayoutBlock::layoutPositionedObjects() #18 0x7fffea9b9c9f blink::LayoutBlockFlow::layoutBlockFlow() #19 0x7fffea9b9130 blink::LayoutBlockFlow::layoutBlock() #20 0x7fffea9ad895 blink::LayoutBlock::layout() #21 0x7fffeaa9612c blink::LayoutView::layoutContent() #22 0x7fffeaa9677b blink::LayoutView::layout() #23 0x7fffea74a6ae blink::FrameView::performLayout() #24 0x7fffea748511 blink::FrameView::layout() #25 0x7fffea7531aa blink::FrameView::updateStyleAndLayoutIfNeededRecursiveInternal() #26 0x7fffea751e51 blink::FrameView::updateStyleAndLayoutIfNeededRecursive() #27 0x7fffea7514a9 blink::FrameView::updateLifecyclePhasesInternal() #28 0x7fffea89f6fa blink::PageAnimator::updateAllLifecyclePhases() #29 0x7ffff217907f blink::WebViewImpl::updateAllLifecyclePhases() #30 0x7ffff5b5d2c1 content::RenderWidgetCompositor::UpdateLayerTreeHost() #31 0x7ffff471a2e6 cc::ProxyMain::BeginMainFrame() #32 0x7ffff472ee3c _ZN4base8internal7InvokerINS0_9BindStateIMN2cc9ProxyMainEFvSt10unique_ptrINS3_28BeginMainFrameAndCommitStateESt14default_deleteIS6_EEEJNS_7WeakPtrIS4_EENS0_13PassedWrapperIS9_EEEEEFvvEE7RunImplIRKSB_RKSt5tupleIJSD_SF_EEJLm0ELm1EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE #33 0x7ffff7a7e479 base::debug::TaskAnnotator::RunTask() #34 0x7fffeda3e297 scheduler::TaskQueueManager::ProcessTaskFromWorkQueue() #35 0x7fffeda3cf29 scheduler::TaskQueueManager::DoWork() #36 0x7fffeda3f1a9 _ZN4base8internal7InvokerINS0_9BindStateIMN9scheduler16TaskQueueManagerEFvNS_9TimeTicksEbEJNS_7WeakPtrIS4_EES5_bEEEFvvEE3RunEPNS0_13BindStateBaseE #37 0x7ffff7a7e479 base::debug::TaskAnnotator::RunTask() #38 0x7ffff7aa8d55 base::MessageLoop::RunTask() #39 0x7ffff7aa9088 base::MessageLoop::DeferOrRunPendingTask() #40 0x7ffff7aa943b base::MessageLoop::DoWork() #41 0x7ffff7aaabfe base::MessagePumpDefault::Run() #42 0x7ffff7aa8851 base::MessageLoop::RunHandler() #43 0x7ffff7ad7060 base::RunLoop::Run() #44 0x7ffff5c0f1aa content::RendererMain() #45 0x7ffff5d272cb content::RunZygote() #46 0x7ffff5d27b72 content::RunNamedProcessTypeMain() #47 0x7ffff5d285c3 content::ContentMainRunnerImpl::Run() #48 0x7ffff5d26e90 content::ContentMain() #49 0x555555a34ecb ChromeMain #50 0x7fffeeb09f45 __libc_start_main #51 0x555555a34da9 <unknown> r8: 00007fffe447ca00 r9: 503a3a6573616220 r10: 00007fffeeea4be0 r11: 0000000000000000 r12: 00007fffffff9e20 r13: 00007fffffff9df0 r14: 00000a0b80c74190 r15: 00007fffffff9e30 di: 000004d8139c30f8 si: 000004d813f2c480 bp: 0000000000000001 bx: 00000000ffffb4bc dx: 0000000000000f2c ax: 00000000fbadbeef cx: 0000000000000017 sp: 00007fffffff9dc0 ip: 00007fffea9fdded efl: 0000000000010246 cgf: 0000000000000033 erf: 0000000000000006 trp: 000000000000000e msk: 0000000000000000 cr2: 00000000fbadbeef [end of stack trace] Please use labels and text to provide additional information. https://chromium.googlesource.com/chromium/src/+/b96cbf4f3c999afb6bc1369cbf449b6b03ebb510
,
Jul 14 2016
Huh. (gdb) p totalFlexGrow $1 = -1 (gdb) p firstChild()->style()->flexGrow() $4 = 0 (gdb) p firstChild()->nextSibling()->style()->flexGrow() $5 = 1 (gdb) p firstChild()->nextSibling()->nextSibling() $6 = (blink::LayoutObject *) 0x0 Maybe a bug in freezeInflexibleItems...?
,
Jul 14 2016
freezeInflexibleItems needs to skip abspos items :(
,
Jul 14 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/fa759873d12635a75bdbdc3d6d5967a13378f5a3 commit fa759873d12635a75bdbdc3d6d5967a13378f5a3 Author: cbiesinger <cbiesinger@chromium.org> Date: Thu Jul 14 22:34:58 2016 [css-flexbox] freezeInflexibleItems has to skip out-of-flow boxes Out-of-flow items should not be frozen. This would have problematic effects when they have flex-grow/flex-shrink set because freezing them would subtract them from our flex-grow/shrink total without having been added. This also adds some DCHECKs. R=eae@chromium.org,dgrogan@chromium.org BUG= 628072 Review-Url: https://codereview.chromium.org/2146603007 Cr-Commit-Position: refs/heads/master@{#405608} [modify] https://crrev.com/fa759873d12635a75bdbdc3d6d5967a13378f5a3/third_party/WebKit/LayoutTests/css3/flexbox/max-width-violation.html [modify] https://crrev.com/fa759873d12635a75bdbdc3d6d5967a13378f5a3/third_party/WebKit/Source/core/layout/LayoutFlexibleBox.cpp
,
Jul 14 2016
,
Jul 15 2016
Requesting merge, because this can actually lead to wrong layout
,
Jul 15 2016
Before we approve merge to M53, Could you please confirm whether this change is baked/verified in Canary and safe to merge? Also is this change applicable to all OS or any specific OS?
,
Jul 15 2016
Yes, this is in 54.0.2797.0 canary and safe to merge. Affects all OSes.
,
Jul 15 2016
Approving merge to M53 branch 2785 based on comment #8. Please merge ASAP.
,
Jul 15 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8986d5f563027594f0f0ee7698bcb69915accd7a commit 8986d5f563027594f0f0ee7698bcb69915accd7a Author: Christian Biesinger <cbiesinger@chromium.org> Date: Fri Jul 15 19:51:19 2016 [css-flexbox] freezeInflexibleItems has to skip out-of-flow boxes Out-of-flow items should not be frozen. This would have problematic effects when they have flex-grow/flex-shrink set because freezing them would subtract them from our flex-grow/shrink total without having been added. This also adds some DCHECKs. R=eae@chromium.org,dgrogan@chromium.org BUG= 628072 Review-Url: https://codereview.chromium.org/2146603007 Cr-Commit-Position: refs/heads/master@{#405608} (cherry picked from commit fa759873d12635a75bdbdc3d6d5967a13378f5a3) Review URL: https://codereview.chromium.org/2155773002 . Cr-Commit-Position: refs/branch-heads/2785@{#162} Cr-Branched-From: 68623971be0cfc492a2cb0427d7f478e7b214c24-refs/heads/master@{#403382} [modify] https://crrev.com/8986d5f563027594f0f0ee7698bcb69915accd7a/third_party/WebKit/LayoutTests/css3/flexbox/max-width-violation.html [modify] https://crrev.com/8986d5f563027594f0f0ee7698bcb69915accd7a/third_party/WebKit/Source/core/layout/LayoutFlexibleBox.cpp
,
Jul 19 2016
@cbiesinger: Request you to please provide manual steps to verify the above fix for Test team?
,
Jul 19 2016
My apologies -- after further analysis, I have determined that this does not have user-visible impact, contrary to my statement in comment 6. It only affects debug builds that incorrectly trigger an assertion, which is how I had verified the fix. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by tony@chromium.org
, Jul 14 2016