[Webkit-unassigned] [Bug 179015] New: ASSERTION FAILED: skipAssert || nextSiblingRenderer(node) == m_nextSibling in WebCore::RenderTreePosition::computeNextSibling
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 30 09:12:47 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=179015
Bug ID: 179015
Summary: ASSERTION FAILED: skipAssert ||
nextSiblingRenderer(node) == m_nextSibling in
WebCore::RenderTreePosition::computeNextSibling
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Layout and Rendering
Assignee: webkit-unassigned at lists.webkit.org
Reporter: hodovan at inf.u-szeged.hu
CC: bfulgham at webkit.org, simon.fraser at apple.com,
zalan at apple.com
Created attachment 325352
--> https://bugs.webkit.org/attachment.cgi?id=325352&action=review
Test
Load the attached test with debug WebKitTestRunner:
Checked version: 9e82982
OS: macOS Sierra (10.12.6)
<q style="display:contents"><video controls></video>
</q>
Backtrace:
ASSERTION FAILED: skipAssert || nextSiblingRenderer(node) == m_nextSibling
WebKit/Source/WebCore/style/RenderTreePosition.cpp(43) : void WebCore::RenderTreePosition::computeNextSibling(const WebCore::Node &)
1 0x134e3f321 WTFCrash
2 0x1146e00d5 WebCore::RenderTreePosition::computeNextSibling(WebCore::Node const&)
3 0x1146ee23f WebCore::createTextRenderer(WebCore::Text&, WebCore::RenderTreePosition&, WebCore::Style::TextUpdate const*)
4 0x1146e8045 WebCore::RenderTreeUpdater::updateTextRenderer(WebCore::Text&, WebCore::Style::TextUpdate const*)
5 0x1146e7688 WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&)
6 0x1146e6261 WebCore::RenderTreeUpdater::commit(std::__1::unique_ptr<WebCore::Style::Update const, std::__1::default_delete<WebCore::Style::Update const> >)
7 0x118e50feb WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType)
8 0x118e53bf3 WebCore::Document::updateStyleIfNeeded()
9 0x118e86693 WebCore::Document::finishedParsing()
10 0x112d20236 WebCore::HTMLConstructionSite::finishedParsing()
11 0x1130ec2c9 WebCore::HTMLTreeBuilder::finished()
12 0x112da8ead WebCore::HTMLDocumentParser::end()
13 0x112da2fe9 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd()
14 0x112da2b0a WebCore::HTMLDocumentParser::prepareToStopParsing()
15 0x112da478d WebCore::HTMLDocumentParser::endIfDelayed()
16 0x112da9db7 WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution()
17 0x112daa4d1 WebCore::HTMLDocumentParser::notifyFinished(WebCore::PendingScript&)
18 0x112daa59c non-virtual thunk to WebCore::HTMLDocumentParser::notifyFinished(WebCore::PendingScript&)
19 0x1190d407c WebCore::PendingScript::notifyClientFinished()
20 0x1190d4149 WebCore::PendingScript::notifyFinished(WebCore::LoadableScript&)
21 0x11902df5a WebCore::LoadableScript::notifyClientFinished()
22 0x11902dab6 WebCore::LoadableClassicScript::notifyFinished(WebCore::CachedResource&)
23 0x11902e05c non-virtual thunk to WebCore::LoadableClassicScript::notifyFinished(WebCore::CachedResource&)
24 0x119af3ee9 WebCore::CachedResource::checkNotify()
25 0x119aec1d4 WebCore::CachedResource::error(WebCore::CachedResource::Status)
26 0x119a23686 WebCore::SubresourceLoader::didFail(WebCore::ResourceError const&)
27 0x10ae33b6a WebKit::WebResourceLoader::didFailResourceLoad(WebCore::ResourceError const&)
28 0x10ae407c0 void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>&&, std::__1::integer_sequence<unsigned long, 0ul>)
29 0x10ae403d9 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebCore::ResourceError>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&))
30 0x10ae3d178 void IPC::handleMessage<Messages::WebResourceLoader::DidFailResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&))
31 0x10ae3ad1e WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&)
ASAN:DEADLYSIGNAL
=================================================================
==13506==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x000134e3f359 bp 0x7fff57187fb0 sp 0x7fff57187fa0 T0)
==13506==The signal is caused by a WRITE memory access.
==13506==WARNING: invalid path to external symbolizer!
==13506==WARNING: Failed to use and restart external symbolizer!
#0 0x134e3f358 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358)
#1 0x1146e00d4 in WebCore::RenderTreePosition::computeNextSibling(WebCore::Node const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b620d4)
#2 0x1146ee23e in WebCore::createTextRenderer(WebCore::Text&, WebCore::RenderTreePosition&, WebCore::Style::TextUpdate const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b7023e)
#3 0x1146e8044 in WebCore::RenderTreeUpdater::updateTextRenderer(WebCore::Text&, WebCore::Style::TextUpdate const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b6a044)
#4 0x1146e7687 in WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b69687)
#5 0x1146e6260 in WebCore::RenderTreeUpdater::commit(std::__1::unique_ptr<WebCore::Style::Update const, std::__1::default_delete<WebCore::Style::Update const> >) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b68260)
#6 0x118e50fea in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72d2fea)
#7 0x118e53bf2 in WebCore::Document::updateStyleIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72d5bf2)
#8 0x118e86692 in WebCore::Document::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7308692)
#9 0x112d20235 in WebCore::HTMLConstructionSite::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x11a2235)
#10 0x1130ec2c8 in WebCore::HTMLTreeBuilder::finished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x156e2c8)
#11 0x112da8eac in WebCore::HTMLDocumentParser::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x122aeac)
#12 0x112da2fe8 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1224fe8)
#13 0x112da2b09 in WebCore::HTMLDocumentParser::prepareToStopParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1224b09)
#14 0x112da478c in WebCore::HTMLDocumentParser::endIfDelayed() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x122678c)
#15 0x112da9db6 in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x122bdb6)
#16 0x112daa4d0 in WebCore::HTMLDocumentParser::notifyFinished(WebCore::PendingScript&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x122c4d0)
#17 0x112daa59b in non-virtual thunk to WebCore::HTMLDocumentParser::notifyFinished(WebCore::PendingScript&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x122c59b)
#18 0x1190d407b in WebCore::PendingScript::notifyClientFinished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x755607b)
#19 0x1190d4148 in WebCore::PendingScript::notifyFinished(WebCore::LoadableScript&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7556148)
#20 0x11902df59 in WebCore::LoadableScript::notifyClientFinished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x74aff59)
#21 0x11902dab5 in WebCore::LoadableClassicScript::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x74afab5)
#22 0x11902e05b in non-virtual thunk to WebCore::LoadableClassicScript::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x74b005b)
#23 0x119af3ee8 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f75ee8)
#24 0x119aec1d3 in WebCore::CachedResource::error(WebCore::CachedResource::Status) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7f6e1d3)
#25 0x119a23685 in WebCore::SubresourceLoader::didFail(WebCore::ResourceError const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7ea5685)
#26 0x10ae33b69 in WebKit::WebResourceLoader::didFailResourceLoad(WebCore::ResourceError const&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23a7b69)
#27 0x10ae407bf in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b47bf)
#28 0x10ae403d8 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&), std::__1::tuple<WebCore::ResourceError>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebCore::ResourceError>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b43d8)
#29 0x10ae3d177 in void IPC::handleMessage<Messages::WebResourceLoader::DidFailResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::ResourceError const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23b1177)
#30 0x10ae3ad1d in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x23aed1d)
#31 0x109433571 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x9a7571)
#32 0x108dae88a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x32288a)
#33 0x108d92198 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x306198)
#34 0x108daf5b7 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3235b7)
#35 0x108dee4bc in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3624bc)
#36 0x108dee3e8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x3623e8)
#37 0x134ed97e2 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3a987e2)
#38 0x134f30cec in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3aefcec)
#39 0x134f31d78 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3af0d78)
#40 0x7fffcdf41320 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0xa7320)
#41 0x7fffcdf2221c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8821c)
#42 0x7fffcdf21715 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87715)
#43 0x7fffcdf21113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113)
#44 0x7fffcd481ebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb)
#45 0x7fffcd481cf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0)
#46 0x7fffcd481b25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25)
#47 0x7fffcba1aa53 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x46a53)
#48 0x7fffcc1967ed in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7c27ed)
#49 0x7fffcba0f3da in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x3b3da)
#50 0x7fffcb9d9e0d in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5e0d)
#51 0x7fffe39028c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x108c6)
#52 0x7fffe39012e3 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf2e3)
#53 0x108a6fdc0 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x100001dc0)
#54 0x7fffe36a9234 in start (/usr/lib/system/libdyld.dylib:x86_64+0x5234)
==13506==Register values:
rax = 0x00000000bbadbeef rbx = 0x00007fff57188340 rcx = 0x00000000bbadbeef rdx = 0x0000000000000000
rdi = 0x00001fffeae30fac rsi = 0x0000000000000000 rbp = 0x00007fff57187fb0 rsp = 0x00007fff57187fa0
r8 = 0x000000000000005f r9 = 0x0000200000000000 r10 = 0x0000000000000000 r11 = 0xffffffffffffffff
r12 = 0x000000011a7e740a r13 = 0x00007fff57188060 r14 = 0x0000100000000000 r15 = 0x00000001146eddf0
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358) in WTFCrash
==13506==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 13506)
LEAK: 1 WebProcessPool
LEAK: 1 WebPageProxy
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171030/5433260c/attachment-0001.html>
More information about the webkit-unassigned
mailing list