[Webkit-unassigned] [Bug 178939] New: ASSERTION FAILED: beforeChildAnonymousContainer->isTable() in WebCore::RenderBlock::addChildIgnoringContinuation

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 27 09:01:54 PDT 2017 

https://bugs.webkit.org/show_bug.cgi?id=178939

            Bug ID: 178939
           Summary: ASSERTION FAILED:
                    beforeChildAnonymousContainer->isTable() in
                    WebCore::RenderBlock::addChildIgnoringContinuation
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: hodovan at inf.u-szeged.hu
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    zalan at apple.com

Created attachment 325165

  --> https://bugs.webkit.org/attachment.cgi?id=325165&action=review

Test

Load the attached test with debug WebKitTestRunner:

<strike>
<summary>
<select autofocus="true"></select>
<noscript></noscript>

Checked version: 9e82982
OS: macOS Sierra (10.12.6)

Backtrace:

ASSERTION FAILED: beforeChildAnonymousContainer->isTable()
WebKit/Source/WebCore/rendering/RenderBlock.cpp(575) : virtual void WebCore::RenderBlock::addChildIgnoringContinuation(RenderPtr<WebCore::RenderObject>, WebCore::RenderObject *)
1   0x134349321 WTFCrash
2   0x113160383 WebCore::RenderBlock::addChildIgnoringContinuation(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*)
3   0x11315ee8b WebCore::RenderBlock::addChild(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*)
4   0x1132893c0 WebCore::RenderBlockFlow::addChild(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*)
5   0x113bf712a WebCore::RenderTreePosition::insert(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>)
6   0x113bf8b20 WebCore::createTextRenderer(WebCore::Text&, WebCore::RenderTreePosition&, WebCore::Style::TextUpdate const*)
7   0x113bf2045 WebCore::RenderTreeUpdater::updateTextRenderer(WebCore::Text&, WebCore::Style::TextUpdate const*)
8   0x113bf1688 WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&)
9   0x113bf0261 WebCore::RenderTreeUpdater::commit(std::__1::unique_ptr<WebCore::Style::Update const, std::__1::default_delete<WebCore::Style::Update const> >)
10  0x11835afeb WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType)
11  0x11835dbf3 WebCore::Document::updateStyleIfNeeded()
12  0x118379b71 WebCore::Document::setFocusedElement(WebCore::Element*, WebCore::FocusDirection, WebCore::Document::FocusRemovalEventsMode)
13  0x111b25389 WebCore::FocusController::setFocusedElement(WebCore::Element*, WebCore::Frame&, WebCore::FocusDirection)
14  0x1184ae9bb WebCore::Element::focus(bool, WebCore::FocusDirection)
15  0x11230839f WebCore::HTMLFormControlElement::didAttachRenderers()::$_1::operator()() const
16  0x112308259 WTF::Function<void ()>::CallableWrapper<WebCore::HTMLFormControlElement::didAttachRenderers()::$_1>::call()
17  0x1110a0f93 WTF::Function<void ()>::operator()() const
18  0x11416fe62 WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler()
19  0x11416ff75 WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler()
20  0x11835b433 WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType)
21  0x11835dbf3 WebCore::Document::updateStyleIfNeeded()
22  0x1183f0686 WebCore::Document::Document(WebCore::Frame*, WebCore::URL const&, unsigned int, unsigned int)::$_0::operator()() const
23  0x1183f0619 WTF::Function<void ()>::CallableWrapper<WebCore::Document::Document(WebCore::Frame*, WebCore::URL const&, unsigned int, unsigned int)::$_0>::call()
24  0x1110a0f93 WTF::Function<void ()>::operator()() const
25  0x11115d2e9 WebCore::Timer::fired()
26  0x1146f3bc0 WebCore::ThreadTimers::sharedTimerFiredInternal()
27  0x1146f53a1 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const
28  0x1146f5359 WTF::Function<void ()>::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>::call()
29  0x1110a0f93 WTF::Function<void ()>::operator()() const
30  0x112ad02aa WebCore::MainThreadSharedTimer::fired()
31  0x112ad0a6a WebCore::timerFired(__CFRunLoopTimer*, void*)
ASAN:DEADLYSIGNAL
=================================================================
==34099==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x000134349359 bp 0x7fff58bf5630 sp 0x7fff58bf5620 T0)
==34099==The signal is caused by a WRITE memory access.
==34099==WARNING: invalid path to external symbolizer!
==34099==WARNING: Failed to use and restart external symbolizer!
    #0 0x134349358 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358)
    #1 0x113160382 in WebCore::RenderBlock::addChildIgnoringContinuation(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x20d8382)
    #2 0x11315ee8a in WebCore::RenderBlock::addChild(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x20d6e8a)
    #3 0x1132893bf in WebCore::RenderBlockFlow::addChild(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x22013bf)
    #4 0x113bf7129 in WebCore::RenderTreePosition::insert(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b6f129)
    #5 0x113bf8b1f in WebCore::createTextRenderer(WebCore::Text&, WebCore::RenderTreePosition&, WebCore::Style::TextUpdate const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b70b1f)
    #6 0x113bf2044 in WebCore::RenderTreeUpdater::updateTextRenderer(WebCore::Text&, WebCore::Style::TextUpdate const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b6a044)
    #7 0x113bf1687 in WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b69687)
    #8 0x113bf0260 in WebCore::RenderTreeUpdater::commit(std::__1::unique_ptr<WebCore::Style::Update const, std::__1::default_delete<WebCore::Style::Update const> >) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b68260)
    #9 0x11835afea in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72d2fea)
    #10 0x11835dbf2 in WebCore::Document::updateStyleIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72d5bf2)
    #11 0x118379b70 in WebCore::Document::setFocusedElement(WebCore::Element*, WebCore::FocusDirection, WebCore::Document::FocusRemovalEventsMode) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72f1b70)
    #12 0x111b25388 in WebCore::FocusController::setFocusedElement(WebCore::Element*, WebCore::Frame&, WebCore::FocusDirection) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0xa9d388)
    #13 0x1184ae9ba in WebCore::Element::focus(bool, WebCore::FocusDirection) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x74269ba)
    #14 0x11230839e in WebCore::HTMLFormControlElement::didAttachRenderers()::$_1::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x128039e)
    #15 0x112308258 in WTF::Function<void ()>::CallableWrapper<WebCore::HTMLFormControlElement::didAttachRenderers()::$_1>::call() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1280258)
    #16 0x1110a0f92 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x18f92)
    #17 0x11416fe61 in WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x30e7e61)
    #18 0x11416ff74 in WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x30e7f74)
    #19 0x11835b432 in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72d3432)
    #20 0x11835dbf2 in WebCore::Document::updateStyleIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72d5bf2)
    #21 0x1183f0685 in WebCore::Document::Document(WebCore::Frame*, WebCore::URL const&, unsigned int, unsigned int)::$_0::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7368685)
    #22 0x1183f0618 in WTF::Function<void ()>::CallableWrapper<WebCore::Document::Document(WebCore::Frame*, WebCore::URL const&, unsigned int, unsigned int)::$_0>::call() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7368618)
    #23 0x1110a0f92 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x18f92)
    #24 0x11115d2e8 in WebCore::Timer::fired() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0xd52e8)
    #25 0x1146f3bbf in WebCore::ThreadTimers::sharedTimerFiredInternal() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x366bbbf)
    #26 0x1146f53a0 in WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x366d3a0)
    #27 0x1146f5358 in WTF::Function<void ()>::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>::call() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x366d358)
    #28 0x1110a0f92 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x18f92)
    #29 0x112ad02a9 in WebCore::MainThreadSharedTimer::fired() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1a482a9)
    #30 0x112ad0a69 in WebCore::timerFired(__CFRunLoopTimer*, void*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1a48a69)
    #31 0x7fffcdf2ac53 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90c53)
    #32 0x7fffcdf2a8de in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x908de)
    #33 0x7fffcdf2a439 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90439)
    #34 0x7fffcdf21b80 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87b80)
    #35 0x7fffcdf21113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113)
    #36 0x7fffcd481ebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb)
    #37 0x7fffcd481cf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0)
    #38 0x7fffcd481b25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25)
    #39 0x7fffcba1aa53 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x46a53)
    #40 0x7fffcc1967ed in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7c27ed)
    #41 0x7fffcba0f3da in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x3b3da)
    #42 0x7fffcb9d9e0d in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5e0d)
    #43 0x7fffe39028c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x108c6)
    #44 0x7fffe39012e3 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf2e3)
    #45 0x107000dc0 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x100001dc0)
    #46 0x7fffe36a9234 in start (/usr/lib/system/libdyld.dylib:x86_64+0x5234)

==34099==Register values:
rax = 0x00000000bbadbeef  rbx = 0x00007fff58bf5a40  rcx = 0x00000000bbadbeef  rdx = 0x0000000000000000  
rdi = 0x00001fffeb17ea7c  rsi = 0x0000000000000000  rbp = 0x00007fff58bf5630  rsp = 0x00007fff58bf5620  
 r8 = 0x000000000000002e   r9 = 0x0000200000000000  r10 = 0x0000000000000000  r11 = 0xffffffffffffffff  
r12 = 0x0000100000000000  r13 = 0x000000011315f070  r14 = 0xf2f2f200f201f2f2  r15 = 0xf200f201f1f1f1f1  
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358) in WTFCrash
==34099==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 34099)
LEAK: 1 WebProcessPool
LEAK: 1 WebPageProxy

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171027/f57e36f5/attachment-0001.html>

More information about the webkit-unassigned mailing list