168445 – ASSERTION FAILED: m_flowThread->objectShouldFragmentInFlowRegion(box, this) in WebCore::RenderRegion::ensureOverflowForBox

Bug 168445 - ASSERTION FAILED: m_flowThread->objectShouldFragmentInFlowRegion(box, this) in WebCore::RenderRegion::ensureOverflowForBox

Summary: ASSERTION FAILED: m_flowThread->objectShouldFragmentInFlowRegion(box, this) i...

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2017-02-16 10:50 PST by Renata Hodovan
Modified:	2022-11-14 16:17 PST (History)
CC List:	4 users (show)

See Also:

Attachments
Test (168 bytes, text/html) 2017-02-16 10:50 PST, Renata Hodovan	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renata Hodovan 2017-02-16 10:50:25 PST

Created attachment 301786 [details]
Test

Load the attached test with debug WebKitTestRunner:

Checked version: f7953f1
OS: Darwin-16.4.0-x86_64-i386-64bit

<menu style="-webkit-column-width: 5em">
<table>
    <th>
        <a><TABLE ALIGN=LEFT></a>
        <input autofocus=-></input>
        <embed src=->
            <ol></ol>
        </embed>
    </th>
</TABLE>

Backtrace:


ASSERTION FAILED: m_flowThread->objectShouldFragmentInFlowRegion(box, this)
WebKit/Source/WebCore/rendering/RenderRegion.cpp(432) : void WebCore::RenderRegion::ensureOverflowForBox(const WebCore::RenderBox *, RefPtr<WebCore::RenderOverflow> &, bool)
1   0x11fbbee51 WTFCrash
2   0x129f6489b WebCore::RenderRegion::ensureOverflowForBox(WebCore::RenderBox const*, WTF::RefPtr<WebCore::RenderOverflow>&, bool)
3   0x129f5dd3e WebCore::RenderRegion::layoutOverflowRectForBox(WebCore::RenderBox const*)
4   0x129f674a0 WebCore::RenderRegion::layoutOverflowRectForBoxForPropagation(WebCore::RenderBox const*)
5   0x129bc554a WebCore::RenderFlowThread::addRegionsOverflowFromChild(WebCore::RenderBox const*, WebCore::RenderBox const*, WebCore::LayoutSize const&)
6   0x129a73bc3 WebCore::RenderBox::addOverflowFromChild(WebCore::RenderBox const*, WebCore::LayoutSize const&)
7   0x12997314f WebCore::RenderBlockFlow::addOverflowFromFloats()
8   0x129973e9e WebCore::RenderBlockFlow::computeOverflow(WebCore::LayoutUnit, bool)
9   0x12993d3f8 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
10  0x12a177f8e WebCore::RenderTableCell::layout()
11  0x12a19780d WebCore::RenderTableRow::layout()
12  0x125be3d9c WebCore::RenderElement::layoutIfNeeded()
13  0x12a19fd51 WebCore::RenderTableSection::layout()
14  0x125be3d9c WebCore::RenderElement::layoutIfNeeded()
15  0x12a14ed7a WebCore::RenderTable::layout()
16  0x129949be4 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
17  0x129940350 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
18  0x12993c528 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
19  0x1298874f4 WebCore::RenderBlock::layout()
20  0x129949be4 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
21  0x129940350 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
22  0x12993c528 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
23  0x1298874f4 WebCore::RenderBlock::layout()
24  0x129ba98dd WebCore::RenderFlowThread::layout()
25  0x129eb5b15 WebCore::RenderMultiColumnFlowThread::layout()
26  0x129993c43 WebCore::RenderBlockFlow::layoutSpecialExcludedChild(bool)
27  0x1299401b2 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
28  0x12993c528 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)
29  0x1298874f4 WebCore::RenderBlock::layout()
30  0x129949be4 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)
31  0x129940350 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)
ASAN:DEADLYSIGNAL
=================================================================
==3873==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00011fbbee89 bp 0x7fff5234c850 sp 0x7fff5234c840 T0)
    #0 0x11fbbee88 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3375e88)
    #1 0x129f6489a in WebCore::RenderRegion::ensureOverflowForBox(WebCore::RenderBox const*, WTF::RefPtr<WebCore::RenderOverflow>&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5ad289a)
    #2 0x129f5dd3d in WebCore::RenderRegion::layoutOverflowRectForBox(WebCore::RenderBox const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5acbd3d)
    #3 0x129f6749f in WebCore::RenderRegion::layoutOverflowRectForBoxForPropagation(WebCore::RenderBox const*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5ad549f)
    #4 0x129bc5549 in WebCore::RenderFlowThread::addRegionsOverflowFromChild(WebCore::RenderBox const*, WebCore::RenderBox const*, WebCore::LayoutSize const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5733549)
    #5 0x129a73bc2 in WebCore::RenderBox::addOverflowFromChild(WebCore::RenderBox const*, WebCore::LayoutSize const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x55e1bc2)
    #6 0x12997314e in WebCore::RenderBlockFlow::addOverflowFromFloats() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54e114e)
    #7 0x129973e9d in WebCore::RenderBlockFlow::computeOverflow(WebCore::LayoutUnit, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54e1e9d)
    #8 0x12993d3f7 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54ab3f7)
    #9 0x12a177f8d in WebCore::RenderTableCell::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5ce5f8d)
    #10 0x12a19780c in WebCore::RenderTableRow::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5d0580c)
    #11 0x125be3d9b in WebCore::RenderElement::layoutIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1751d9b)
    #12 0x12a19fd50 in WebCore::RenderTableSection::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5d0dd50)
    #13 0x125be3d9b in WebCore::RenderElement::layoutIfNeeded() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1751d9b)
    #14 0x12a14ed79 in WebCore::RenderTable::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5cbcd79)
    #15 0x129949be3 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54b7be3)
    #16 0x12994034f in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54ae34f)
    #17 0x12993c527 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54aa527)
    #18 0x1298874f3 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x53f54f3)
    #19 0x129949be3 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54b7be3)
    #20 0x12994034f in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54ae34f)
    #21 0x12993c527 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54aa527)
    #22 0x1298874f3 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x53f54f3)
    #23 0x129ba98dc in WebCore::RenderFlowThread::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x57178dc)
    #24 0x129eb5b14 in WebCore::RenderMultiColumnFlowThread::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5a23b14)
    #25 0x129993c42 in WebCore::RenderBlockFlow::layoutSpecialExcludedChild(bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5501c42)
    #26 0x1299401b1 in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54ae1b1)
    #27 0x12993c527 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54aa527)
    #28 0x1298874f3 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x53f54f3)
    #29 0x129949be3 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54b7be3)
    #30 0x12994034f in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54ae34f)
    #31 0x12993c527 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54aa527)
    #32 0x1298874f3 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x53f54f3)
    #33 0x129949be3 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54b7be3)
    #34 0x12994034f in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54ae34f)
    #35 0x12993c527 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54aa527)
    #36 0x1298874f3 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x53f54f3)
    #37 0x129949be3 in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54b7be3)
    #38 0x12994034f in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54ae34f)
    #39 0x12993c527 in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x54aa527)
    #40 0x1298874f3 in WebCore::RenderBlock::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x53f54f3)
    #41 0x12a2abf05 in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5e19f05)
    #42 0x12a2ae365 in WebCore::RenderView::layout() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5e1c365)
    #43 0x125f7bc2e in WebCore::FrameView::layout(bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ae9c2e)
    #44 0x12559b549 in WebCore::Document::implicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1109549)
    #45 0x125ee5562 in WebCore::FrameLoader::checkCallImplicitClose() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a53562)
    #46 0x125ee4d5b in WebCore::FrameLoader::checkCompleted() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a52d5b)
    #47 0x125ee0fa6 in WebCore::FrameLoader::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1a4efa6)
    #48 0x1255cba18 in WebCore::Document::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1139a18)
    #49 0x1262df785 in WebCore::HTMLConstructionSite::finishedParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e4d785)
    #50 0x12660c2a7 in WebCore::HTMLTreeBuilder::finished() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x217a2a7)
    #51 0x12635931b in WebCore::HTMLDocumentParser::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ec731b)
    #52 0x126353ac6 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ec1ac6)
    #53 0x12635367d in WebCore::HTMLDocumentParser::prepareToStopParsing() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ec167d)
    #54 0x12635943b in WebCore::HTMLDocumentParser::attemptToEnd() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ec743b)
    #55 0x126359573 in WebCore::HTMLDocumentParser::finish() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1ec7573)
    #56 0x125799aff in WebCore::DocumentWriter::end() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1307aff)
    #57 0x1256e0f32 in WebCore::DocumentLoader::finishedLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x124ef32)
    #58 0x1256e08da in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x124e8da)
    #59 0x124a9e7f3 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60c7f3)
    #60 0x124a9ee83 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60ce83)
    #61 0x124a90a58 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5fea58)
    #62 0x12acd26e2 in WebCore::SubresourceLoader::didFinishLoading(double) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x68406e2)
    #63 0x10f634549 in WebKit::WebResourceLoader::didFinishResourceLoad(double) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d76549)
    #64 0x10f64439e in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d8639e)
    #65 0x10f644044 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d86044)
    #66 0x10f6410f0 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d830f0)
    #67 0x10f63f25a in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d8125a)
    #68 0x10e141859 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x883859)
    #69 0x10daafc1a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f1c1a)
    #70 0x10da94244 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d6244)
    #71 0x10dab0905 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f2905)
    #72 0x10daf15ac in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2335ac)
    #73 0x10daf14d8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2334d8)
    #74 0x11fc3bd20 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x33f2d20)
    #75 0x11fc81290 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3438290)
    #76 0x11fc85e21 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x343ce21)
    #77 0x7fff8f2b3980 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa7980)
    #78 0x7fff8f294a7c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88a7c)
    #79 0x7fff8f293f75 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87f75)
    #80 0x7fff8f293973 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87973)
    #81 0x7fff8e81fa5b in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30a5b)
    #82 0x7fff8e81f890 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30890)
    #83 0x7fff8e81f6c5 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x306c5)
    #84 0x7fff8cdc55b3 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x475b3)
    #85 0x7fff8d53fd6a in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x7c1d6a)
    #86 0x7fff8cdb9f34 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3bf34)
    #87 0x7fff8cd8484f in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x684f)
    #88 0x7fffa4a4f8c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x108c6)
    #89 0x7fffa4a4e2e3 in xpc_main (/usr/lib/system/libxpc.dylib+0xf2e3)
    #90 0x10d8a20a3 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x1000020a3)
    #91 0x7fffa47eb254 in start (/usr/lib/system/libdyld.dylib+0x5254)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3375e88) in WTFCrash
==3873==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 3873)
LEAK: 1 WebProcessPool
LEAK: 1 WebPageProxy

Comment 1 Ahmad Saleem 2022-11-14 16:17:23 PST

Fixed in Blink with this - https://src.chromium.org/viewvc/blink?view=revision&revision=194657