<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Crash: LayoutState root's container is nullptr when the layout root is detached."
href="https://bugs.webkit.org/show_bug.cgi?id=146646">146646</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Crash: LayoutState root's container is nullptr when the layout root is detached.
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>528+ (Nightly build)
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>Layout and Rendering
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>zalan@apple.com
</td>
</tr></table>
<p>
<div>
<pre>0 WebCore 0x0000000196cb5f74 WebCore::RenderObject::localToAbsolute(WebCore::FloatPoint const&, unsigned int, bool*) const + 64 (RenderObject.cpp:1587)
1 WebCore 0x0000000196b0b0d0 WebCore::LayoutState::LayoutState(WebCore::RenderObject&) + 96 (LayoutState.cpp:140)
2 WebCore 0x0000000196b0b0d0 WebCore::LayoutState::LayoutState(WebCore::RenderObject&) + 96 (LayoutState.cpp:140)
3 WebCore 0x0000000196d1a074 WebCore::RenderView::pushLayoutState(WebCore::RenderObject&) + 40 (StdLibExtras.h:337)
4 WebCore 0x00000001961b181c WebCore::FrameView::layout(bool) + 716 (FrameView.cpp:1307)
5 WebCore 0x00000001962550e8 WebCore::RenderFrameBase::layoutWithFlattening(bool, bool) + 204 (RenderFrameBase.cpp:63)
6 WebCore 0x000000019624a324 WebCore::RenderIFrame::layout() + 76 (RenderIFrame.cpp:105)
7 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
8 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
9 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
10 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
11 WebCore 0x0000000196c28fcc WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 948 (RenderElement.h:134)
12 WebCore 0x0000000196c145a0 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 936 (RenderBlockFlow.cpp:651)
13 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
14 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
15 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
16 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
17 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
18 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
19 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
20 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
21 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
22 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
23 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
24 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
25 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
26 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
27 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
28 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
29 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
30 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
31 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
32 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
33 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
34 WebCore 0x0000000196c16228 WebCore::RenderBlockFlow::insertFloatingObject(WebCore::RenderBox&) + 280 (RenderElement.h:134)
35 WebCore 0x0000000196b17b24 WebCore::LineBreaker::skipLeadingWhitespace(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::FloatingObject*, WebCore::LineWidth&) + 448 (LineBreaker.cpp:69)
36 WebCore 0x0000000196b17ce8 WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow, 16ul>&) + 204 (LineBreaker.cpp:90)
37 WebCore 0x0000000196c26f58 WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) + 572 (RenderBlockLineLayout.cpp:1248)
38 WebCore 0x0000000196c25b94 WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) + 800 (RenderBlockLineLayout.cpp:1202)
39 WebCore 0x0000000196c29414 WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 2044 (RenderBlockLineLayout.cpp:1612)
40 WebCore 0x0000000196c145a0 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 936 (RenderBlockFlow.cpp:651)
41 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
42 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
43 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
44 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
45 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
46 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
47 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
48 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
49 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
50 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
51 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
52 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
53 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
54 WebCore 0x0000000196c16828 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 932 (RenderBlockFlow.cpp:709)
55 WebCore 0x0000000196c1553c WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) + 556 (RenderBlockFlow.cpp:632)
56 WebCore 0x0000000196c14518 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 800 (RenderBlockFlow.cpp:485)
57 WebCore 0x0000000196152b98 WebCore::RenderBlock::layout() + 68 (RenderBlock.cpp:926)
58 WebCore 0x00000001961b3ad8 WebCore::RenderView::layout() + 924 (RenderView.cpp:232)
59 WebCore 0x00000001961b20bc WebCore::FrameView::layout(bool) + 2924 (FrameView.cpp:1319)
60 WebCore 0x00000001964a15f8 WebCore::Document::updateLayoutIfDimensionsOutOfDate(WebCore::Element&, WebCore::DimensionsCheck) + 1360 (Document.cpp:1997)
61 WebCore 0x000000019621ba38 WebCore::Element::offsetWidth() + 36 (Element.cpp:747)
62 WebCore 0x00000001968570a4 WebCore::jsElementOffsetWidth(JSC::ExecState*, JSC::JSObject*, long long, JSC::PropertyName) + 44 (JSElement.cpp:856)
63 JavaScriptCore 0x00000001858214bc llint_slow_path_get_by_id + 2072 (PropertySlot.h:256)
64 JavaScriptCore 0x0000000185c3696c llint_entry + 9884
65 JavaScriptCore 0x0000000185c39e38 llint_entry + 23400
66 JavaScriptCore 0x0000000185c39e9c llint_entry + 23500
67 JavaScriptCore 0x0000000185c39e9c llint_entry + 23500
68 ??? 0x000000017d55b9bc 0 + 6397737404
69 ??? 0x000000017cb32218 0 + 6387081752
70 JavaScriptCore 0x0000000185c340b4 vmEntryToJavaScript + 308
71 JavaScriptCore 0x0000000185b6b63c JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 188 (JITCode.cpp:77)
72 JavaScriptCore 0x000000018582d1b4 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 396 (Interpreter.cpp:962)
73 JavaScriptCore 0x0000000185934f40 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*) + 76 (CallData.cpp:39)
74 WebCore 0x00000001962a4ab0 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 860 (JSMainThreadExecState.h:56)
75 WebCore 0x0000000196562b54 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow, 16ul>&) + 748 (EventTarget.cpp:256)
76 WebCore 0x00000001961a83bc WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 324 (EventTarget.cpp:208)
77 WebCore 0x00000001961c6350 WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 292 (DOMWindow.cpp:1901)
78 WebCore 0x00000001961caf7c WebCore::FrameLoader::stopLoading(WebCore::UnloadEventPolicy) + 656 (FrameLoader.cpp:451)
79 WebCore 0x00000001965d0618 WebCore::FrameLoader::detachFromParent() + 128 (FrameLoader.cpp:535)
80 WebCore 0x00000001961a1ba8 WebCore::FrameLoader::detachChildren() + 192 (FrameLoader.cpp:2396)
81 WebCore 0x00000001961a1a4c WebCore::FrameLoader::setDocumentLoader(WebCore::DocumentLoader*) + 44 (FrameLoader.cpp:1658)
82 WebCore 0x00000001965cfd64 WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) + 236 (FrameLoader.cpp:1883)
83 WebCore 0x00000001961a0f74 WebCore::FrameLoader::commitProvisionalLoad() + 444 (FrameLoader.cpp:1770)
84 WebCore 0x00000001961ca6c8 WebCore::DocumentLoader::commitLoad(char const*, int) + 104 (DocumentLoader.cpp:356)
85 WebCore 0x00000001961be780 WebCore::CachedRawResource::didAddClient(WebCore::CachedResourceClient*) + 792 (CachedRawResource.cpp:146)
86 WebCore 0x000000019613354c WebCore::ThreadTimers::sharedTimerFiredInternal() + 144 (ThreadTimers.cpp:132)
87 WebCore 0x000000019613348c WebCore::timerFired(__CFRunLoopTimer*, void*) + 32 (SharedTimerCF.cpp:82)
88 CoreFoundation 0x0000000184194720 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 24 (CFRunLoop.c:1632)
89 CoreFoundation 0x00000001841943c4 __CFRunLoopDoTimer + 880 (CFRunLoop.c:2171)
90 CoreFoundation 0x0000000184191aac __CFRunLoopRun + 1516 (CFRunLoop.c:2310)
91 CoreFoundation 0x00000001840bd0bc CFRunLoopRunSpecific + 380 (CFRunLoop.c:2818)
92 Foundation 0x0000000185058e8c -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 304 (NSRunLoop.m:366)
93 Foundation 0x00000001850ae724 -[NSRunLoop(NSRunLoop) run] + 84 (NSRunLoop.m:388)
94 libxpc.dylib 0x0000000199c4d298 _xpc_objc_main + 656 (main.m:176)
95 libxpc.dylib 0x0000000199c4efa8 xpc_main + 196 (init.c:1424)
96 com.apple.WebKit.WebContent 0x0000000100017920 main + 52 (XPCServiceMain.mm:89)
97 libdyld.dylib 0x0000000199a329e4 start + 0 (start_glue.s:78)</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>