Bug 192859

Summary: REGRESSION(r239353): iOS WK1 Assertion failure in notifyChildNodeRemoved while running TestWebKitAPI.QuickLook.LegacyQuickLookContent
Product: WebKit Reporter: Ryan Haddad <ryanhaddad>
Component: New BugsAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: aestes, cdumez, ddkilzer, jlewis3, koivisto, rniwa, thorton, tsavell, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Fixes the bug koivisto: review+

Ryan Haddad
Reported 2018-12-19 10:07:08 PST
TestWebKitAPI.QuickLook.LegacyQuickLookContent ASSERTION FAILED: !ScriptDisallowedScope::InMainThread::isScriptAllowed() ./dom/ContainerNodeAlgorithms.cpp(91) : WebCore::NodeVector WebCore::notifyChildNodeInserted(WebCore::ContainerNode &, WebCore::Node &) 1 0x10ad9b6c9 WTFCrash 2 0x119fdcc8b WTFCrashWithInfo(int, char const*, char const*, int) 3 0x11bf831a3 WebCore::notifyChildNodeInserted(WebCore::ContainerNode&, WebCore::Node&) 4 0x11bf80e40 void WebCore::executeNodeInsertionWithScriptAssertion<WebCore::ContainerNode::parserAppendChild(WebCore::Node&)::$_5>(WebCore::ContainerNode&, WebCore::Node&, WebCore::ContainerNode::ChildChangeSource, WebCore::ReplacedAllChildren, WebCore::ContainerNode::parserAppendChild(WebCore::Node&)::$_5) 5 0x11bf7cb63 WebCore::ContainerNode::parserAppendChild(WebCore::Node&) 6 0x11c5b282a WebCore::insert(WebCore::HTMLConstructionSiteTask&) 7 0x11c5b219d WebCore::executeInsertTask(WebCore::HTMLConstructionSiteTask&) 8 0x11c59feb6 WebCore::executeTask(WebCore::HTMLConstructionSiteTask&) 9 0x11c59fd72 WebCore::HTMLConstructionSite::executeQueuedTasks() 10 0x11c5a0640 WebCore::HTMLConstructionSite::insertHTMLHtmlStartTagBeforeHTML(WebCore::AtomicHTMLToken&&) 11 0x11c5e513b WebCore::HTMLTreeBuilder::defaultForBeforeHTML() 12 0x11c5def0d WebCore::HTMLTreeBuilder::processEndOfFile(WebCore::AtomicHTMLToken&&) 13 0x11c5da9cf WebCore::HTMLTreeBuilder::processToken(WebCore::AtomicHTMLToken&&) 14 0x11c5d9778 WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&&) 15 0x11c5a9b71 WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&) 16 0x11c5a97f8 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) 17 0x11c5a7ebe WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) 18 0x11c5a77cd WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) 19 0x11c5a7580 WebCore::HTMLDocumentParser::prepareToStopParsing() 20 0x11c5aa94f WebCore::HTMLDocumentParser::attemptToEnd() 21 0x11c5aaa28 WebCore::HTMLDocumentParser::finish() 22 0x11c88d11a WebCore::DocumentWriter::end() 23 0x11c84dcaf WebCore::DocumentLoader::finishedLoading() 24 0x11c858081 WebCore::DocumentLoader::maybeLoadEmpty() 25 0x11c858215 WebCore::DocumentLoader::startLoadingMainResource() 26 0x11c8d893a WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WebCore::FormState*, WebCore::ShouldContinue, WebCore::AllowNavigationToInvalidURL)::$_12::operator()()::'lambda'()::operator()() const 27 0x11c8d8659 WTF::Function<void ()>::CallableWrapper<WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WebCore::FormState*, WebCore::ShouldContinue, WebCore::AllowNavigationToInvalidURL)::$_12::operator()()::'lambda'()>::call() 28 0x119fddb9d WTF::Function<void ()>::operator()() const 29 0x11a047220 WTF::CompletionHandler<void ()>::operator()() 30 0x11c8d1a70 WebCore::FrameLoader::prepareForLoadStart(WTF::CompletionHandler<void ()>&&)::$_3::operator()() 31 0x11c8d17d9 WTF::Function<void ()>::CallableWrapper<WebCore::FrameLoader::prepareForLoadStart(WTF::CompletionHandler<void ()>&&)::$_3>::call() Child process terminated with signal 11: Segmentation fault https://build.webkit.org/builders/Apple%20iOS%2012%20Simulator%20Debug%20WK2%20(Tests)/builds/1411/steps/run-api-tests/logs/stdio
Attachments
Fixes the bug (4.76 KB, patch)
2018-12-20 22:00 PST, Ryosuke Niwa 		koivisto: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Ryan Haddad
Comment 1 2018-12-19 10:07:24 PST
I do not know when this regressed, but I think it is recent.
Ryan Haddad
Comment 2 2018-12-19 17:04:40 PST
I thinks this started with https://trac.webkit.org/changeset/239353/webkit
Ryan Haddad
Comment 3 2018-12-20 10:25:51 PST
Ryosuke, could you please take a look at this one?
Radar WebKit Bug Importer
Comment 4 2018-12-20 16:25:28 PST
<rdar://problem/46887237>
Ryosuke Niwa
Comment 5 2018-12-20 16:34:16 PST
Ugh... we need to update that assertion for WK1. I guess some API tests are testing WK1 :(
Ryosuke Niwa
Comment 6 2018-12-20 22:00:01 PST
Created attachment 357927 [details] Fixes the bug
Antti Koivisto
Comment 7 2018-12-21 06:41:54 PST
Comment on attachment 357927 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=357927&action=review > Source/WebCore/dom/ScriptDisallowedScope.h:90 > + static bool hasDisallowedScope() { return s_count; } Could we still ASSERT(isMainThread())?
Ryosuke Niwa
Comment 8 2018-12-21 15:47:22 PST
(In reply to Antti Koivisto from comment #7) > Comment on attachment 357927 [details] > Fixes the bug > > View in context: > https://bugs.webkit.org/attachment.cgi?id=357927&action=review > > > Source/WebCore/dom/ScriptDisallowedScope.h:90 > > + static bool hasDisallowedScope() { return s_count; } > > Could we still ASSERT(isMainThread())? Good catch! Sure, will fix.
Ryosuke Niwa
Comment 9 2018-12-21 16:28:46 PST
Committed r239529: <https://trac.webkit.org/changeset/239529>
Note You need to log in before you can comment on or make changes to this bug.