139536 2014-12-11 07:15:44 -0800 [GTK] ASSERTION FAILED: child->parentObject() == this in WebCore::AccessibilityNodeObject::insertChild 2017-03-11 11:12:54 -0800 1 1 1 Unclassified WebKit Accessibility 528+ (Nightly build) Unspecified Unspecified REOPENED InRadar P2 Normal --- 116980 1 rhodovan.u-szeged webkit-unassigned bfulgham cfleizach darin mcatanzaro webkit-bug-importer oldest_to_newest 1054485 0 243121 rhodovan.u-szeged 2014-12-11 07:15:44 -0800 Created attachment 243121 Test case Load this test with debug WK: <!DOCTYPE html> <body onhashchange="" > <li> <a> <h1></h1> </a> <em onpaste=""></em> <select autofocus></select> <input></input> <a></a> </li> </body> Backtrace: ASSERTION FAILED: child->parentObject() == this ../../Source/WebCore/accessibility/AccessibilityNodeObject.cpp(352) : virtual void WebCore::AccessibilityNodeObject::insertChild(WebCore::AccessibilityObject*, unsigned int) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff9692a700 (LWP 4881)] 0x00007fffedbca36f in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; #0 0x00007fffedbca36f in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007ffff2d0d0d2 in WebCore::AccessibilityNodeObject::insertChild (this=0x65aa30, child=0x7ff840, index=1) at ../../Source/WebCore/accessibility/AccessibilityNodeObject.cpp:352 #2 0x00007ffff2d0d131 in WebCore::AccessibilityNodeObject::addChild (this=0x65aa30, child=0x7ff840) at ../../Source/WebCore/accessibility/AccessibilityNodeObject.cpp:359 #3 0x00007ffff2d325d0 in WebCore::AccessibilityRenderObject::addChildren (this=0x65aa30) at ../../Source/WebCore/accessibility/AccessibilityRenderObject.cpp:3066 #4 0x00007ffff2d1cbdd in WebCore::AccessibilityObject::updateChildrenIfNecessary (this=0x65aa30) at ../../Source/WebCore/accessibility/AccessibilityObject.cpp:1591 #5 0x00007ffff2d31b93 in WebCore::AccessibilityRenderObject::updateChildrenIfNecessary (this=0x65aa30) at ../../Source/WebCore/accessibility/AccessibilityRenderObject.cpp:2850 #6 0x00007ffff2d1cb62 in WebCore::AccessibilityObject::children (this=0x65aa30, updateChildrenIfNeeded=true) at ../../Source/WebCore/accessibility/AccessibilityObject.cpp:1580 #7 0x00007ffff2d0d02a in WebCore::AccessibilityNodeObject::insertChild (this=0x65a8b0, child=0x65aa30, index=0) at ../../Source/WebCore/accessibility/AccessibilityNodeObject.cpp:347 #8 0x00007ffff2d0d131 in WebCore::AccessibilityNodeObject::addChild (this=0x65a8b0, child=0x65aa30) at ../../Source/WebCore/accessibility/AccessibilityNodeObject.cpp:359 #9 0x00007ffff2d325d0 in WebCore::AccessibilityRenderObject::addChildren (this=0x65a8b0) at ../../Source/WebCore/accessibility/AccessibilityRenderObject.cpp:3066 #10 0x00007ffff2d1cbdd in WebCore::AccessibilityObject::updateChildrenIfNecessary (this=0x65a8b0) at ../../Source/WebCore/accessibility/AccessibilityObject.cpp:1591 #11 0x00007ffff2d31b93 in WebCore::AccessibilityRenderObject::updateChildrenIfNecessary (this=0x65a8b0) at ../../Source/WebCore/accessibility/AccessibilityRenderObject.cpp:2850 #12 0x00007ffff2d1cb62 in WebCore::AccessibilityObject::children (this=0x65a8b0, updateChildrenIfNeeded=true) at ../../Source/WebCore/accessibility/AccessibilityObject.cpp:1580 #13 0x00007ffff3e9bf61 in getInterfaceMaskFromObject (coreObject=0x65a8b0) at ../../Source/WebCore/accessibility/atk/WebKitAccessibleWrapperAtk.cpp:1091 #14 0x00007ffff3e9c070 in getAccessibilityTypeFromObject (coreObject=0x65a8b0) at ../../Source/WebCore/accessibility/atk/WebKitAccessibleWrapperAtk.cpp:1155 #15 0x00007ffff3e9c14f in webkitAccessibleNew (coreObject=0x65a8b0) at ../../Source/WebCore/accessibility/atk/WebKitAccessibleWrapperAtk.cpp:1174 #16 0x00007ffff3e835e5 in WebCore::AXObjectCache::attachWrapper (this=0x790420, obj=0x65a8b0) at ../../Source/WebCore/accessibility/atk/AXObjectCacheAtk.cpp:69 #17 0x00007ffff2ced0b9 in WebCore::AXObjectCache::getOrCreate (this=0x790420, renderer=0x77b690) at ../../Source/WebCore/accessibility/AXObjectCache.cpp:434 #18 0x00007ffff2d28493 in WebCore::AccessibilityRenderObject::parentObject (this=0x684630) at ../../Source/WebCore/accessibility/AccessibilityRenderObject.cpp:495 #19 0x00007ffff2d2094b in WebCore::AccessibilityObject::isARIAHidden (this=0x684630) at ../../Source/WebCore/accessibility/AccessibilityObject.cpp:2486 #20 0x00007ffff2d209ec in WebCore::AccessibilityObject::defaultObjectInclusion (this=0x684630) at ../../Source/WebCore/accessibility/AccessibilityObject.cpp:2507 #21 0x00007ffff2d2af0e in WebCore::AccessibilityRenderObject::defaultObjectInclusion (this=0x684630) at ../../Source/WebCore/accessibility/AccessibilityRenderObject.cpp:1158 #22 0x00007ffff2d2af94 in WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored (this=0x684630) at ../../Source/WebCore/accessibility/AccessibilityRenderObject.cpp:1173 #23 0x00007ffff2d20ad7 in WebCore::AccessibilityObject::accessibilityIsIgnored (this=0x684630) at ../../Source/WebCore/accessibility/AccessibilityObject.cpp:2535 #24 0x00007ffff2ced0da in WebCore::AXObjectCache::getOrCreate (this=0x790420, renderer=0x7cb530) at ../../Source/WebCore/accessibility/AXObjectCache.cpp:435 #25 0x00007ffff2d28493 in WebCore::AccessibilityRenderObject::parentObject (this=0x659e70) at ../../Source/WebCore/accessibility/AccessibilityRenderObject.cpp:495 #26 0x00007ffff2d2094b in WebCore::AccessibilityObject::isARIAHidden (this=0x659e70) at ../../Source/WebCore/accessibility/AccessibilityObject.cpp:2486 #27 0x00007ffff2d209ec in WebCore::AccessibilityObject::defaultObjectInclusion (this=0x659e70) at ../../Source/WebCore/accessibility/AccessibilityObject.cpp:2507 #28 0x00007ffff2d2af0e in WebCore::AccessibilityRenderObject::defaultObjectInclusion (this=0x659e70) at ../../Source/WebCore/accessibility/AccessibilityRenderObject.cpp:1158 #29 0x00007ffff2d2af94 in WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored (this=0x659e70) at ../../Source/WebCore/accessibility/AccessibilityRenderObject.cpp:1173 #30 0x00007ffff2d20ad7 in WebCore::AccessibilityObject::accessibilityIsIgnored (this=0x659e70) at ../../Source/WebCore/accessibility/AccessibilityObject.cpp:2535 #31 0x00007ffff2ced0da in WebCore::AXObjectCache::getOrCreate (this=0x790420, renderer=0x7ce280) at ../../Source/WebCore/accessibility/AXObjectCache.cpp:435 #32 0x00007ffff2cecbd2 in WebCore::AXObjectCache::getOrCreate (this=0x790420, node=0x79af00) at ../../Source/WebCore/accessibility/AXObjectCache.cpp:378 #33 0x00007ffff3e84651 in WebCore::AXObjectCache::platformHandleFocusedUIElementChanged (this=0x790420, oldFocusedNode=0x0, newFocusedNode=0x79af00) at ../../Source/WebCore/accessibility/atk/AXObjectCacheAtk.cpp:325 #34 0x00007ffff2cee944 in WebCore::AXObjectCache::handleFocusedUIElementChanged (this=0x790420, oldNode=0x0, newNode=0x79af00) at ../../Source/WebCore/accessibility/AXObjectCache.cpp:831 #35 0x00007ffff306bfe6 in WebCore::Document::setFocusedElement (this=0x82c5e0, prpNewFocusedElement=..., direction=WebCore::FocusDirectionNone) at ../../Source/WebCore/dom/Document.cpp:3548 #36 0x00007ffff368b755 in WebCore::FocusController::setFocusedElement (this=0x794a30, element=0x79af00, newFocusedFrame=..., direction=WebCore::FocusDirectionNone) at ../../Source/WebCore/page/FocusController.cpp:629 #37 0x00007ffff30cc5cf in WebCore::Element::focus (this=0x79af00, restorePreviousSelection=true, direction=WebCore::FocusDirectionNone) at ../../Source/WebCore/dom/Element.cpp:1921 #38 0x00007ffff32bdca6 in WebCore::HTMLFormControlElement::__lambda5::operator() (__closure=0x789b80) at ../../Source/WebCore/html/HTMLFormControlElement.cpp:221 #39 0x00007ffff32bf24a in std::_Function_handler<void(), WebCore::HTMLFormControlElement::didAttachRenderers()::__lambda5>::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/4.8/functional:2071 #40 0x00007ffff2727ec6 in std::function<void ()>::operator()() const (this=0x79cb40) at /usr/include/c++/4.8/functional:2464 #41 0x00007ffff3c3b38e in WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler (this=0x7fffffffd166, __in_chrg=<optimized out>) at ../../Source/WebCore/style/StyleResolveTree.cpp:1050 #42 0x00007ffff306587a in WebCore::Document::recalcStyle (this=0x82c5e0, change=WebCore::Style::NoChange) at ../../Source/WebCore/dom/Document.cpp:1808 #43 0x00007ffff3065b0a in WebCore::Document::updateStyleIfNeeded (this=0x82c5e0) at ../../Source/WebCore/dom/Document.cpp:1841 #44 0x00007ffff3070c7d in WebCore::Document::finishedParsing (this=0x82c5e0) at ../../Source/WebCore/dom/Document.cpp:4613 #45 0x00007ffff33c6039 in WebCore::HTMLConstructionSite::finishedParsing (this=0x67c9d8) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:395 #46 0x00007ffff3403a33 in WebCore::HTMLTreeBuilder::finished (this=0x67c9c0) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:3009 #47 0x00007ffff33ced4e in WebCore::HTMLDocumentParser::end (this=0x68e610) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:439 #48 0x00007ffff33cee39 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x68e610) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:450 #49 0x00007ffff33cd8e7 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x68e610) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:165 #50 0x00007ffff33cee7c in WebCore::HTMLDocumentParser::attemptToEnd (this=0x68e610) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:462 #51 0x00007ffff33cef33 in WebCore::HTMLDocumentParser::finish (this=0x68e610) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:490 #52 0x00007ffff3538b7f in WebCore::DocumentWriter::end (this=0x637440) at ../../Source/WebCore/loader/DocumentWriter.cpp:246 #53 0x00007ffff35248db in WebCore::DocumentLoader::finishedLoading (this=0x6373a0, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:440 #54 0x00007ffff3524644 in WebCore::DocumentLoader::notifyFinished (this=0x6373a0, resource=0x607050) at ../../Source/WebCore/loader/DocumentLoader.cpp:374 #55 0x00007ffff35d5370 in WebCore::CachedResource::checkNotify (this=0x607050) at ../../Source/WebCore/loader/cache/CachedResource.cpp:293 #56 0x00007ffff35d546e in WebCore::CachedResource::finishLoading (this=0x607050) at ../../Source/WebCore/loader/cache/CachedResource.cpp:309 #57 0x00007ffff35d1b63 in WebCore::CachedRawResource::finishLoading (this=0x607050, data=0x6772a0) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:104 #58 0x00007ffff358594c in WebCore::SubresourceLoader::didFinishLoading (this=0x607600, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:306 #59 0x00007ffff35816e1 in WebCore::ResourceLoader::didFinishLoading (this=0x607600, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:508 #60 0x00007ffff3f303e1 in WebCore::readCallback (asyncResult=0x7be1b0, data=0x7bca10) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1300 #61 0x00007fffeb7ab7d6 in async_ready_callback_wrapper (source_object=0x7426d0, res=0x7be1b0, user_data=user_data@entry=0x7bca10) at ginputstream.c:523 #62 0x00007fffeb7d10d5 in g_task_return_now (task=0x7be1b0) at gtask.c:1077 #63 0x00007fffeb7d10f9 in complete_in_idle_cb (task=0x7be1b0) at gtask.c:1086 #64 0x00007fffeaa10a1d in g_main_dispatch (context=0x4375c0) at gmain.c:3064 #65 g_main_context_dispatch (context=context@entry=0x4375c0) at gmain.c:3663 #66 0x00007fffeaa10d88 in g_main_context_iterate (context=0x4375c0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3734 #67 0x00007fffeaa1104a in g_main_loop_run (loop=0x87d590) at gmain.c:3928 #68 0x00007ffff45df9dc in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59 #69 0x00007ffff2b44f82 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd978) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #70 0x00007ffff2b44de7 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd978) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:73 #71 0x0000000000400891 in main (argc=2, argv=0x7fffffffd978) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44 1056423 1 webkit-bug-importer 2014-12-17 11:22:46 -0800 <rdar://problem/19281521> 1217537 2 bfulgham 2016-08-04 12:54:44 -0700 This does not reproduce for me in r204037. If you believe there is still a problem here, can you please reopen the bug and provide a revised test case? 1217941 3 rhodovan.u-szeged 2016-08-05 10:08:06 -0700 Using the attached test case the issue still seems valid in r204165 with debug EFL and GTK builds. 1218201 4 darin 2016-08-05 23:02:30 -0700 Seems peculiar that this would be platform dependent. When someone finds a fix I would like to understand why the platform difference exists. 243121 2014-12-11 07:15:44 -0800 2014-12-11 07:15:44 -0800 Test case crash.html text/html 219 rhodovan.u-szeged PCFET0NUWVBFIGh0bWw+Cjxib2R5IG9uaGFzaGNoYW5nZT0iIiA+CiAgICA8bGk+CiAgICAgICAg PGE+CiAgICAgICAgICAgIDxoMT48L2gxPgogICAgICAgIDwvYT4KICAgICAgICA8ZW0gIG9ucGFz dGU9IiI+PC9lbT4KICAgICAgICA8c2VsZWN0IGF1dG9mb2N1cz48L3NlbGVjdD4KICAgICAgICA8 aW5wdXQ+PC9pbnB1dD4KICAgICAgICA8YT48L2E+CiAgICA8L2xpPgo8L2JvZHk+