Bug 178939

Summary: ASSERTION FAILED: beforeChildAnonymousContainer->isTable() in WebCore::RenderBlock::addChildIgnoringContinuation
Product: WebKit Reporter: Renata Hodovan <hodovan>
Component: Layout and RenderingAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: bfulgham, simon.fraser, zalan
Priority: P2    
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 116980    
Attachments:
Description Flags
Test none

Renata Hodovan
Reported 2017-10-27 09:01:54 PDT
Created attachment 325165 [details] Test Load the attached test with debug WebKitTestRunner: <strike> <summary> <select autofocus="true"></select> <noscript></noscript> Checked version: 9e82982 OS: macOS Sierra (10.12.6) Backtrace: ASSERTION FAILED: beforeChildAnonymousContainer->isTable() WebKit/Source/WebCore/rendering/RenderBlock.cpp(575) : virtual void WebCore::RenderBlock::addChildIgnoringContinuation(RenderPtr<WebCore::RenderObject>, WebCore::RenderObject *) 1 0x134349321 WTFCrash 2 0x113160383 WebCore::RenderBlock::addChildIgnoringContinuation(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) 3 0x11315ee8b WebCore::RenderBlock::addChild(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) 4 0x1132893c0 WebCore::RenderBlockFlow::addChild(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) 5 0x113bf712a WebCore::RenderTreePosition::insert(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>) 6 0x113bf8b20 WebCore::createTextRenderer(WebCore::Text&, WebCore::RenderTreePosition&, WebCore::Style::TextUpdate const*) 7 0x113bf2045 WebCore::RenderTreeUpdater::updateTextRenderer(WebCore::Text&, WebCore::Style::TextUpdate const*) 8 0x113bf1688 WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&) 9 0x113bf0261 WebCore::RenderTreeUpdater::commit(std::__1::unique_ptr<WebCore::Style::Update const, std::__1::default_delete<WebCore::Style::Update const> >) 10 0x11835afeb WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) 11 0x11835dbf3 WebCore::Document::updateStyleIfNeeded() 12 0x118379b71 WebCore::Document::setFocusedElement(WebCore::Element*, WebCore::FocusDirection, WebCore::Document::FocusRemovalEventsMode) 13 0x111b25389 WebCore::FocusController::setFocusedElement(WebCore::Element*, WebCore::Frame&, WebCore::FocusDirection) 14 0x1184ae9bb WebCore::Element::focus(bool, WebCore::FocusDirection) 15 0x11230839f WebCore::HTMLFormControlElement::didAttachRenderers()::$_1::operator()() const 16 0x112308259 WTF::Function<void ()>::CallableWrapper<WebCore::HTMLFormControlElement::didAttachRenderers()::$_1>::call() 17 0x1110a0f93 WTF::Function<void ()>::operator()() const 18 0x11416fe62 WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler() 19 0x11416ff75 WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler() 20 0x11835b433 WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) 21 0x11835dbf3 WebCore::Document::updateStyleIfNeeded() 22 0x1183f0686 WebCore::Document::Document(WebCore::Frame*, WebCore::URL const&, unsigned int, unsigned int)::$_0::operator()() const 23 0x1183f0619 WTF::Function<void ()>::CallableWrapper<WebCore::Document::Document(WebCore::Frame*, WebCore::URL const&, unsigned int, unsigned int)::$_0>::call() 24 0x1110a0f93 WTF::Function<void ()>::operator()() const 25 0x11115d2e9 WebCore::Timer::fired() 26 0x1146f3bc0 WebCore::ThreadTimers::sharedTimerFiredInternal() 27 0x1146f53a1 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const 28 0x1146f5359 WTF::Function<void ()>::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>::call() 29 0x1110a0f93 WTF::Function<void ()>::operator()() const 30 0x112ad02aa WebCore::MainThreadSharedTimer::fired() 31 0x112ad0a6a WebCore::timerFired(__CFRunLoopTimer*, void*) ASAN:DEADLYSIGNAL ================================================================= ==34099==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x000134349359 bp 0x7fff58bf5630 sp 0x7fff58bf5620 T0) ==34099==The signal is caused by a WRITE memory access. ==34099==WARNING: invalid path to external symbolizer! ==34099==WARNING: Failed to use and restart external symbolizer! #0 0x134349358 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358) #1 0x113160382 in WebCore::RenderBlock::addChildIgnoringContinuation(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x20d8382) #2 0x11315ee8a in WebCore::RenderBlock::addChild(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x20d6e8a) #3 0x1132893bf in WebCore::RenderBlockFlow::addChild(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>, WebCore::RenderObject*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x22013bf) #4 0x113bf7129 in WebCore::RenderTreePosition::insert(std::__1::unique_ptr<WebCore::RenderObject, WebCore::RenderObjectDeleter>) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b6f129) #5 0x113bf8b1f in WebCore::createTextRenderer(WebCore::Text&, WebCore::RenderTreePosition&, WebCore::Style::TextUpdate const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b70b1f) #6 0x113bf2044 in WebCore::RenderTreeUpdater::updateTextRenderer(WebCore::Text&, WebCore::Style::TextUpdate const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b6a044) #7 0x113bf1687 in WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b69687) #8 0x113bf0260 in WebCore::RenderTreeUpdater::commit(std::__1::unique_ptr<WebCore::Style::Update const, std::__1::default_delete<WebCore::Style::Update const> >) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x2b68260) #9 0x11835afea in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72d2fea) #10 0x11835dbf2 in WebCore::Document::updateStyleIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72d5bf2) #11 0x118379b70 in WebCore::Document::setFocusedElement(WebCore::Element*, WebCore::FocusDirection, WebCore::Document::FocusRemovalEventsMode) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72f1b70) #12 0x111b25388 in WebCore::FocusController::setFocusedElement(WebCore::Element*, WebCore::Frame&, WebCore::FocusDirection) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0xa9d388) #13 0x1184ae9ba in WebCore::Element::focus(bool, WebCore::FocusDirection) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x74269ba) #14 0x11230839e in WebCore::HTMLFormControlElement::didAttachRenderers()::$_1::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x128039e) #15 0x112308258 in WTF::Function<void ()>::CallableWrapper<WebCore::HTMLFormControlElement::didAttachRenderers()::$_1>::call() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1280258) #16 0x1110a0f92 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x18f92) #17 0x11416fe61 in WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x30e7e61) #18 0x11416ff74 in WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x30e7f74) #19 0x11835b432 in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72d3432) #20 0x11835dbf2 in WebCore::Document::updateStyleIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x72d5bf2) #21 0x1183f0685 in WebCore::Document::Document(WebCore::Frame*, WebCore::URL const&, unsigned int, unsigned int)::$_0::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7368685) #22 0x1183f0618 in WTF::Function<void ()>::CallableWrapper<WebCore::Document::Document(WebCore::Frame*, WebCore::URL const&, unsigned int, unsigned int)::$_0>::call() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7368618) #23 0x1110a0f92 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x18f92) #24 0x11115d2e8 in WebCore::Timer::fired() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0xd52e8) #25 0x1146f3bbf in WebCore::ThreadTimers::sharedTimerFiredInternal() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x366bbbf) #26 0x1146f53a0 in WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x366d3a0) #27 0x1146f5358 in WTF::Function<void ()>::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>::call() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x366d358) #28 0x1110a0f92 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x18f92) #29 0x112ad02a9 in WebCore::MainThreadSharedTimer::fired() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1a482a9) #30 0x112ad0a69 in WebCore::timerFired(__CFRunLoopTimer*, void*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x1a48a69) #31 0x7fffcdf2ac53 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90c53) #32 0x7fffcdf2a8de in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x908de) #33 0x7fffcdf2a439 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x90439) #34 0x7fffcdf21b80 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87b80) #35 0x7fffcdf21113 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x87113) #36 0x7fffcd481ebb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30ebb) #37 0x7fffcd481cf0 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30cf0) #38 0x7fffcd481b25 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox:x86_64+0x30b25) #39 0x7fffcba1aa53 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x46a53) #40 0x7fffcc1967ed in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x7c27ed) #41 0x7fffcba0f3da in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x3b3da) #42 0x7fffcb9d9e0d in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit:x86_64+0x5e0d) #43 0x7fffe39028c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x108c6) #44 0x7fffe39012e3 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0xf2e3) #45 0x107000dc0 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x100001dc0) #46 0x7fffe36a9234 in start (/usr/lib/system/libdyld.dylib:x86_64+0x5234) ==34099==Register values: rax = 0x00000000bbadbeef rbx = 0x00007fff58bf5a40 rcx = 0x00000000bbadbeef rdx = 0x0000000000000000 rdi = 0x00001fffeb17ea7c rsi = 0x0000000000000000 rbp = 0x00007fff58bf5630 rsp = 0x00007fff58bf5620 r8 = 0x000000000000002e r9 = 0x0000200000000000 r10 = 0x0000000000000000 r11 = 0xffffffffffffffff r12 = 0x0000100000000000 r13 = 0x000000011315f070 r14 = 0xf2f2f200f201f2f2 r15 = 0xf200f201f1f1f1f1 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x39fe358) in WTFCrash ==34099==ABORTING #CRASHED - com.apple.WebKit.WebContent.Development (pid 34099) LEAK: 1 WebProcessPool LEAK: 1 WebPageProxy
Attachments
Test (76 bytes, text/html)
2017-10-27 09:01 PDT, Renata Hodovan 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Note You need to log in before you can comment on or make changes to this bug.