!start.document()->view() || !start.document()->view()->needsLayout() in TextIte |
|||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4812414615027712 Fuzzer: inferno_layout_test_unmodified Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !start.document()->view() || !start.document()->view()->needsLayout() in TextIte blink::TextIteratorAlgorithm<>::TextIteratorAlgorithm blink::PlainTextRange::createRangeFor Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=404886:404895 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95TFsc0BKsnCYbYAf88vithI-rGQPLpels_DDWEPRZULw6f2iDUxFcj7tykq1RO6UrWg8Diajw3Ji0KXDqv2Z8lGmrPgOb9MWM3UEwTxs7EyzgvMXWdFNaAPatcjm_znfz4PTbHNMOaz7sHYMCQDaf2oqsgUbrVqfLIzkE2Q6fjOzOQfR8?testcase_id=4812414615027712 Additional requirements: Requires Gestures Issue manually filed by: mummareddy See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 31 2016
Will do.
,
Sep 2 2016
The CL that caused it is actually https://codereview.chromium.org/2003793002.
,
Sep 2 2016
I was wrong in comment 3. Digging in more...
,
Sep 2 2016
Here's a better trace:
* frame #0: 0x000000010d575464 libbase.dylib`base::debug::BreakDebugger() + 20 at debugger_posix.cc:260
frame #1: 0x000000010d617c4e libbase.dylib`logging::LogMessage::~LogMessage(this=0x0000700009a46160) + 4302 at logging.cc:748
frame #2: 0x000000010d614785 libbase.dylib`logging::LogMessage::~LogMessage(this=0x0000700009a46160) + 21 at logging.cc:528
frame #3: 0x000000011a9a3e87 libblink_core.dylib`blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::TextIteratorAlgorithm(this=0x0000700009a46790, start=0x0000700009a466c8, end=0x0000700009a466b0, behavior=129) + 1015 at TextIterator.cpp:166
frame #4: 0x000000011a9a462b libblink_core.dylib`blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::TextIteratorAlgorithm(this=0x0000700009a46790, start=0x0000700009a466c8, end=0x0000700009a466b0, behavior=129) + 43 at TextIterator.cpp:159
frame #5: 0x000000011a8e7fd9 libblink_core.dylib`blink::PlainTextRange::createRangeFor(this=0x0000700009a46a70, scope=0x000031ea022a3540, getRangeFor=ForSelection) const + 441 at PlainTextRange.cpp:86
frame #6: 0x000000011a8e8739 libblink_core.dylib`blink::PlainTextRange::createRangeForSelection(this=0x0000700009a46a70, scope=0x000031ea022a3540) const + 41 at PlainTextRange.cpp:68
frame #7: 0x000000011a8bd93a libblink_core.dylib`blink::visiblePositionForIndex(index=1, scope=0x000031ea022a3540) + 106 at EditingUtilities.cpp:1759
frame #8: 0x000000011a976e3f libblink_core.dylib`blink::InsertListCommand::doApply(this=0x0000297efe03ad20, editingState=0x0000700009a476e0) + 2671 at InsertListCommand.cpp:215
frame #9: 0x000000011a948e1b libblink_core.dylib`blink::CompositeEditCommand::apply(this=0x0000297efe03ad20) + 651 at CompositeEditCommand.cpp:224
frame #10: 0x000000011a96a972 libblink_core.dylib`blink::executeInsertOrderedList(frame=0x0000297efe021f10, (null)=0x0000000000000000, (null)=CommandFromDOM, (null)=0x0000700009a481e0) + 274 at EditorCommand.cpp:725
frame #11: 0x000000011a966b66 libblink_core.dylib`blink::Editor::Command::execute(this=0x0000700009a47bb8, parameter=0x0000700009a481e0, triggeringEvent=0x0000000000000000) const + 662 at EditorCommand.cpp:1891
frame #12: 0x000000011b596138 libblink_core.dylib`blink::Document::execCommand(this=0x000031ea022a2770, commandName=0x0000700009a481e8, (null)=false, value=0x0000700009a481e0, exceptionState=0x0000700009a48248) + 680 at Document.cpp:4521
frame #13: 0x0000000119c0a2de libblink_core.dylib`blink::DocumentV8Internal::execCommandMethod(info=0x0000700009a48368) + 4062 at V8Document.cpp:4166
frame #14: 0x0000000119c0095f libblink_core.dylib`blink::DocumentV8Internal::execCommandMethodCallback(info=0x0000700009a48368) + 47 at V8Document.cpp:4176
frame #15: 0x00000001140f5b5e libv8.dylib`v8::internal::FunctionCallbackArguments::Call(this=0x0000700009a48448, f=0x0000000119c00930)(v8::FunctionCallbackInfo<v8::Value> const&)) + 382 at api-arguments.cc:21
frame #16: 0x00000001141b0495 libv8.dylib`v8::internal::MaybeHandle<v8::internal::Object> v8::internal::(anonymous namespace)::HandleApiCallHelper<false>(isolate=<unavailable>, function=<unavailable>, new_target=<unavailable>, fun_data=<unavailable>, receiver=<unavailable>, args=BuiltinArguments at 0x0000700009a484f0) + 1045 at builtins-api.cc:106
frame #17: 0x00000001141af1a8 libv8.dylib`v8::internal::Builtin_Impl_HandleApiCall(args=BuiltinArguments at 0x0000700009a48530, isolate=0x0000000129874e00) + 344 at builtins-api.cc:135
frame #18: 0x00000001141aef32 libv8.dylib`v8::internal::Builtin_HandleApiCall(args_length=<unavailable>, args_object=<unavailable>, isolate=0x0000000129874e00) + 210 at builtins-api.cc:123
frame #19: 0x00001582fa3063a7
frame #20: 0x00001582fa3823e5
frame #21: 0x00001582fa37973d
frame #22: 0x00001582fa307e55
frame #23: 0x00001582fa34a743
frame #24: 0x00001582fa329d41
frame #25: 0x00000001145114a5 libv8.dylib`v8::internal::(anonymous namespace)::Invoke(isolate=0x0000000129874e00, is_construct=<unavailable>, target=<unavailable>, receiver=<unavailable>, argc=1, args=<unavailable>, new_target=<unavailable>) + 1493 at execution.cc:141
frame #26: 0x0000000114510e97 libv8.dylib`v8::internal::Execution::Call(isolate=0x0000000129874e00, callable=Handle<v8::internal::Object> at r12, receiver=<unavailable>, argc=1, argv=<unavailable>) + 135 at execution.cc:178
frame #27: 0x0000000114123506 libv8.dylib`v8::Function::Call(this=0x00000001298bfd10, context=<unavailable>, recv=<unavailable>, argc=<unavailable>, argv=<unavailable>) + 694 at api.cc:4741
frame #28: 0x0000000119ac94ea libblink_core.dylib`blink::V8ScriptRunner::callFunction(function=(val_ = 0x00000001298bfd10), context=0x000031ea022a28d0, receiver=(val_ = 0x00000001298bfd48), argc=1, args=0x0000700009a48da0, isolate=0x0000000129874e00) + 1434 at V8ScriptRunner.cpp:516
frame #29: 0x0000000119a87f8c libblink_core.dylib`blink::V8EventListener::callListenerFunction(this=0x000038c6e9a450c8, scriptState=0x00000d8b1a807c98, jsEvent=(val_ = 0x00000001298bfca0), event=0x0000297efe03abe8) + 844 at V8EventListener.cpp:96
frame #30: 0x0000000119a6a0c4 libblink_core.dylib`blink::V8AbstractEventListener::invokeEventHandler(this=0x000038c6e9a450c8, scriptState=0x00000d8b1a807c98, event=0x0000297efe03abe8, jsEvent=(val_ = 0x00000001298bfca0)) + 580 at V8AbstractEventListener.cpp:130
frame #31: 0x0000000119a69e0b libblink_core.dylib`blink::V8AbstractEventListener::handleEvent(this=0x000038c6e9a450c8, scriptState=0x00000d8b1a807c98, event=0x0000297efe03abe8) + 507 at V8AbstractEventListener.cpp:95
frame #32: 0x0000000119a69ba1 libblink_core.dylib`blink::V8AbstractEventListener::handleEvent(this=0x000038c6e9a450c8, executionContext=0x000031ea022a28d0, event=0x0000297efe03abe8) + 337 at V8AbstractEventListener.cpp:84
frame #33: 0x000000011b7e7eee libblink_core.dylib`blink::EventTarget::fireEventListeners(this=0x000031ea022a2770, event=0x0000297efe03abe8, d=0x000038c6e9a45130, entry=0x0000334924774630) + 3326 at EventTarget.cpp:668
frame #34: 0x000000011b7e6cd6 libblink_core.dylib`blink::EventTarget::fireEventListeners(this=0x000031ea022a2770, event=0x0000297efe03abe8) + 854 at EventTarget.cpp:541
frame #35: 0x000000011b698522 libblink_core.dylib`blink::Node::handleLocalEvents(this=0x000031ea022a2770, event=0x0000297efe03abe8) + 114 at Node.cpp:1986
frame #36: 0x000000011b7fa136 libblink_core.dylib`blink::NodeEventContext::handleLocalEvents(this=0x000030eacea26e30, event=0x0000297efe03abe8) const + 342 at NodeEventContext.cpp:64
frame #37: 0x000000011b7c6d60 libblink_core.dylib`blink::EventDispatcher::dispatchEventAtBubbling(this=0x0000700009a4a4b8) + 512 at EventDispatcher.cpp:192
frame #38: 0x000000011b7c6469 libblink_core.dylib`blink::EventDispatcher::dispatch(this=0x0000700009a4a4b8) + 1657 at EventDispatcher.cpp:129
frame #39: 0x000000011b7c4d02 libblink_core.dylib`blink::EventDispatchMediator::dispatchEvent(this=0x000008e8c70e5d78, dispatcher=0x0000700009a4a4b8) const + 242 at EventDispatchMediator.cpp:56
frame #40: 0x000000011b7c556d libblink_core.dylib`blink::EventDispatcher::dispatchEvent(node=0x000031ea022a3830, mediator=0x000008e8c70e5d78) + 493 at EventDispatcher.cpp:53
frame #41: 0x000000011b805a84 libblink_core.dylib`blink::ScopedEventQueue::dispatchEvent(this=0x00000d8b1a89cef8, mediator=0x000008e8c70e5d78) const + 308 at ScopedEventQueue.cpp:83
frame #42: 0x000000011b80583d libblink_core.dylib`blink::ScopedEventQueue::enqueueEventDispatchMediator(this=0x00000d8b1a89cef8, mediator=0x000008e8c70e5d78) + 93 at ScopedEventQueue.cpp:67
frame #43: 0x000000011b7c58a3 libblink_core.dylib`blink::EventDispatcher::dispatchScopedEvent(node=0x000031ea022a3830, mediator=0x000008e8c70e5d78) + 67 at EventDispatcher.cpp:69
frame #44: 0x000000011b698574 libblink_core.dylib`blink::Node::dispatchScopedEvent(this=0x000031ea022a3830, event=0x0000297efe03abe8) + 68 at Node.cpp:1992
frame #45: 0x000000011b698764 libblink_core.dylib`blink::Node::dispatchSubtreeModifiedEvent(this=0x000031ea022a3830) + 420 at Node.cpp:2012
frame #46: 0x000000011b53e767 libblink_core.dylib`blink::ContainerNode::insertBefore(this=0x000031ea022a3830, newChild=0x000031ea022a5778, refChild=0x000031ea022a5518, exceptionState=0x0000700009a4ae20) + 1447 at ContainerNode.cpp:221
frame #47: 0x000000011a979c64 libblink_core.dylib`blink::InsertNodeBeforeCommand::doApply(this=0x0000297efe0396b0, (null)=0x0000700009a4be60) + 500 at InsertNodeBeforeCommand.cpp:56
frame #48: 0x000000011a94913a libblink_core.dylib`blink::CompositeEditCommand::applyCommandToComposite(this=0x0000297efe039560, command=0x0000297efe0396b0, editingState=0x0000700009a4be60) + 74 at CompositeEditCommand.cpp:270
frame #49: 0x000000011a949bcd libblink_core.dylib`blink::CompositeEditCommand::insertNodeBefore(this=0x0000297efe039560, insertChild=0x000031ea022a5778, refChild=0x000031ea022a5518, editingState=0x0000700009a4be60, shouldAssumeContentIsAlwaysEditable=DoNotAssumeContentIsAlwaysEditable) + 381 at CompositeEditCommand.cpp:340
frame #50: 0x000000011a94a449 libblink_core.dylib`blink::CompositeEditCommand::insertNodeAt(this=0x0000297efe039560, insertChild=0x000031ea022a5778, editingPosition=0x0000700009a4b270, editingState=0x0000700009a4be60) + 297 at CompositeEditCommand.cpp:374
frame #51: 0x000000011a97d138 libblink_core.dylib`blink::InsertTextCommand::positionInsideTextNode(this=0x0000297efe039560, p=0x0000700009a4b4d8, editingState=0x0000700009a4be60) + 376 at InsertTextCommand.cpp:67
frame #52: 0x000000011a97dfe2 libblink_core.dylib`blink::InsertTextCommand::doApply(this=0x0000297efe039560, editingState=0x0000700009a4be60) + 1986 at InsertTextCommand.cpp:208
frame #53: 0x000000011a949401 libblink_core.dylib`blink::CompositeEditCommand::applyCommandToComposite(this=0x0000297efe036a98, command=0x0000297efe039560, selection=0x0000297efe036b28, editingState=0x0000700009a4be60) + 161 at CompositeEditCommand.cpp:289
frame #54: 0x000000011a997357 libblink_core.dylib`blink::TypingCommand::insertTextRunWithoutNewlines(this=0x0000297efe036a98, text=0x0000700009a4be68, selectInsertedText=false, editingState=0x0000700009a4be60) + 151 at TypingCommand.cpp:384
frame #55: 0x000000011a9967d9 libblink_core.dylib`blink::TypingCommand::insertText(this=0x0000297efe036a98, text=0x0000700009a4be68, selectInsertedText=false, editingState=0x0000700009a4be60) + 345 at TypingCommand.cpp:370
frame #56: 0x000000011a9963ac libblink_core.dylib`blink::TypingCommand::insertText(document=0x000031ea022a2770, text=0x0000700009a4c1d8, selectionForInsertion=0x0000700009a4c0e0, options=0, compositionType=TextCompositionNone) + 636 at TypingCommand.cpp:194
frame #57: 0x000000011a8c1476 libblink_core.dylib`blink::Editor::insertTextWithoutSendingTextEvent(this=0x0000297efe0221b0, text=0x0000700009a4c1d8, selectInsertedText=false, triggeringEvent=0x0000297efe039378) + 438 at Editor.cpp:824
frame #58: 0x000000011a8c09d4 libblink_core.dylib`blink::Editor::handleTextEvent(this=0x0000297efe0221b0, event=0x0000297efe039378) + 436 at Editor.cpp:207
frame #59: 0x000000011b81fe40 libblink_core.dylib`blink::EventHandler::defaultTextInputEventHandler(this=0x0000297efe0225f0, event=0x0000297efe039378) + 48 at EventHandler.cpp:2501
frame #60: 0x000000011b698d25 libblink_core.dylib`blink::Node::defaultEventHandler(this=0x000031ea022a3680, event=0x0000297efe039378) + 581 at Node.cpp:2067
frame #61: 0x000000011a178b0f libblink_core.dylib`blink::HTMLElement::defaultEventHandler(this=0x000031ea022a3680, event=0x0000297efe039378) + 159 at HTMLElement.cpp:1057
frame #62: 0x000000011b7c72b7 libblink_core.dylib`blink::EventDispatcher::dispatchEventPostProcess(this=0x0000700009a4cd98, preDispatchEventHandlerResult=0x0000000000000000) + 871 at EventDispatcher.cpp:230
frame #63: 0x000000011b7c6486 libblink_core.dylib`blink::EventDispatcher::dispatch(this=0x0000700009a4cd98) + 1686 at EventDispatcher.cpp:132
frame #64: 0x000000011b7c4d02 libblink_core.dylib`blink::EventDispatchMediator::dispatchEvent(this=0x000008e8c70e5bd8, dispatcher=0x0000700009a4cd98) const + 242 at EventDispatchMediator.cpp:56
frame #65: 0x000000011b7c556d libblink_core.dylib`blink::EventDispatcher::dispatchEvent(node=0x000031ea022a3680, mediator=0x000008e8c70e5bd8) + 493 at EventDispatcher.cpp:53
frame #66: 0x000000011b6985b4 libblink_core.dylib`blink::Node::dispatchEventInternal(this=0x000031ea022a3680, event=0x0000297efe039378) + 52 at Node.cpp:1997
frame #67: 0x000000011b7e690c libblink_core.dylib`blink::EventTarget::dispatchEvent(this=0x000031ea022a3680, event=0x0000297efe039378) + 60 at EventTarget.cpp:442
frame #68: 0x000000011b81fdc6 libblink_core.dylib`blink::EventHandler::handleTextInputEvent(this=0x0000297efe0225f0, text=0x0000700009a4d040, underlyingEvent=0x0000297efe039220, inputType=TextEventInputKeyboard) + 358 at EventHandler.cpp:2495
frame #69: 0x000000011a8c5437 libblink_core.dylib`blink::Editor::insertText(this=0x0000297efe0221b0, text=0x0000700009a4d040, triggeringEvent=0x0000297efe039220) + 55 at Editor.cpp:809
frame #70: 0x000000011a8cca82 libblink_core.dylib`blink::Editor::handleEditingKeyboardEvent(this=0x0000297efe0221b0, evt=0x0000297efe039220) + 498 at EditorKeyBindings.cpp:68
frame #71: 0x000000011a8ccb1e libblink_core.dylib`blink::Editor::handleKeyboardEvent(this=0x0000297efe0221b0, evt=0x0000297efe039220) + 62 at EditorKeyBindings.cpp:74
frame #72: 0x000000011b8267b0 libblink_core.dylib`blink::KeyboardEventManager::defaultKeyboardEventHandler(this=0x0000297efe022a60, event=0x0000297efe039220, possibleFocusedNode=0x0000000000000000) + 464 at KeyboardEventManager.cpp:205
frame #73: 0x000000011b81f1c6 libblink_core.dylib`blink::EventHandler::defaultKeyboardEventHandler(this=0x0000297efe0225f0, event=0x0000297efe039220) + 70 at EventHandler.cpp:2276
frame #74: 0x000000011b698bba libblink_core.dylib`blink::Node::defaultEventHandler(this=0x000031ea022a3680, event=0x0000297efe039220) + 218 at Node.cpp:2055
frame #75: 0x000000011a178b0f libblink_core.dylib`blink::HTMLElement::defaultEventHandler(this=0x000031ea022a3680, event=0x0000297efe039220) + 159 at HTMLElement.cpp:1057
frame #76: 0x000000011b7c72b7 libblink_core.dylib`blink::EventDispatcher::dispatchEventPostProcess(this=0x0000700009a4dcb8, preDispatchEventHandlerResult=0x0000000000000000) + 871 at EventDispatcher.cpp:230
frame #77: 0x000000011b7c6486 libblink_core.dylib`blink::EventDispatcher::dispatch(this=0x0000700009a4dcb8) + 1686 at EventDispatcher.cpp:132
frame #78: 0x000000011b7c4d02 libblink_core.dylib`blink::EventDispatchMediator::dispatchEvent(this=0x000008e8c70e5bb8, dispatcher=0x0000700009a4dcb8) const + 242 at EventDispatchMediator.cpp:56
frame #79: 0x000000011b7c556d libblink_core.dylib`blink::EventDispatcher::dispatchEvent(node=0x000031ea022a3680, mediator=0x000008e8c70e5bb8) + 493 at EventDispatcher.cpp:53
frame #80: 0x000000011b6985b4 libblink_core.dylib`blink::Node::dispatchEventInternal(this=0x000031ea022a3680, event=0x0000297efe039220) + 52 at Node.cpp:1997
frame #81: 0x000000011b7e690c libblink_core.dylib`blink::EventTarget::dispatchEvent(this=0x000031ea022a3680, event=0x0000297efe039220) + 60 at EventTarget.cpp:442
frame #82: 0x000000011b8261a3 libblink_core.dylib`blink::KeyboardEventManager::keyEvent(this=0x0000297efe022a60, initialKeyEvent=0x0000000131395d9c) + 371 at KeyboardEventManager.cpp:123
frame #83: 0x000000011b81f16f libblink_core.dylib`blink::EventHandler::keyEvent(this=0x0000297efe0225f0, initialKeyEvent=0x0000000131395d9c) + 47 at EventHandler.cpp:2271
frame #84: 0x00000001178887f9 libblink_web.dylib`blink::WebViewImpl::handleCharEvent(this=0x00000d8b1a908010, event=0x0000000131395d9c) + 969 at WebViewImpl.cpp:1194
frame #85: 0x000000011774dafc libblink_web.dylib`blink::PageWidgetDelegate::handleInputEvent(handler=0x00000d8b1a908038, event=0x0000000131395d9c, root=0x0000297efe021f10) + 1116 at PageWidgetDelegate.cpp:165
frame #86: 0x00000001178862c5 libblink_web.dylib`blink::WebViewImpl::handleInputEvent(this=0x00000d8b1a908010, inputEvent=0x0000000131395d9c) + 4037 at WebViewImpl.cpp:2217
frame #87: 0x0000000106a3ca24 libcontent.dylib`content::RenderWidgetInputHandler::HandleInputEvent(this=0x000000013132c700, input_event=0x0000000131395d9c, latency_info=0x0000700009a4fdd8, dispatch_type=DISPATCH_TYPE_BLOCKING) + 3060 at render_widget_input_handler.cc:325
frame #88: 0x0000000106c3f62d libcontent.dylib`content::RenderWidget::OnHandleInputEvent(this=0x0000000132004400, input_event=0x0000000131395d9c, latency_info=0x0000700009a4fdd8, dispatch_type=DISPATCH_TYPE_BLOCKING) + 125 at render_widget.cc:687
frame #89: 0x0000000106c57140 libcontent.dylib`void base::DispatchToMethodImpl<content::RenderWidget*, void (content::RenderWidget::*)(blink::WebInputEvent const*, ui::LatencyInfo const&, content::InputEventDispatchType), std::__1::tuple<blink::WebInputEvent const*, ui::LatencyInfo, content::InputEventDispatchType> const&, 0ul, 1ul, 2ul>(obj=0x0000700009a4fcb0, method=0x0000000106c3f5b0, args=0x0000700009a4fdd0, (null)=IndexSequence<0, 1, 2> at 0x0000700009a4fbd0)(blink::WebInputEvent const*, ui::LatencyInfo const&, content::InputEventDispatchType), std::__1::tuple<blink::WebInputEvent const*, ui::LatencyInfo, content::InputEventDispatchType> const&&&, base::IndexSequence<0ul, 1ul, 2ul>) + 208 at tuple.h:144
frame #90: 0x0000000106c57069 libcontent.dylib`void base::DispatchToMethod<content::RenderWidget*, void (content::RenderWidget::*)(blink::WebInputEvent const*, ui::LatencyInfo const&, content::InputEventDispatchType), std::__1::tuple<blink::WebInputEvent const*, ui::LatencyInfo, content::InputEventDispatchType> const&>(obj=0x0000700009a4fcb0, method=0x0000000106c3f5b0, args=0x0000700009a4fdd0)(blink::WebInputEvent const*, ui::LatencyInfo const&, content::InputEventDispatchType), std::__1::tuple<blink::WebInputEvent const*, ui::LatencyInfo, content::InputEventDispatchType> const&&&) + 73 at tuple.h:151
frame #91: 0x0000000106c56ffd libcontent.dylib`void IPC::DispatchToMethod<content::RenderWidget, void (content::RenderWidget::*)(blink::WebInputEvent const*, ui::LatencyInfo const&, content::InputEventDispatchType), void, std::__1::tuple<blink::WebInputEvent const*, ui::LatencyInfo, content::InputEventDispatchType> >(obj=0x0000000132004400, method=0x0000000106c3f5b0, (null)=0x0000000000000000, tuple=0x0000700009a4fdd0)(blink::WebInputEvent const*, ui::LatencyInfo const&, content::InputEventDispatchType), void*, std::__1::tuple<blink::WebInputEvent const*, ui::LatencyInfo, content::InputEventDispatchType> const&) + 93 at ipc_message_templates.h:26
frame #92: 0x0000000106c3f527 libcontent.dylib`bool IPC::MessageT<InputMsg_HandleInputEvent_Meta, std::__1::tuple<blink::WebInputEvent const*, ui::LatencyInfo, content::InputEventDispatchType>, void>::Dispatch<content::RenderWidget, content::RenderWidget, void, void (msg=0x0000700009a529e8, obj=0x0000000132004400, sender=0x0000000132004400, parameter=0x0000000000000000, func=0x0000000106c3f5b0)(blink::WebInputEvent const*, ui::LatencyInfo const&, content::InputEventDispatchType)>(IPC::Message const*, content::RenderWidget*, content::RenderWidget*, void*, void (content::RenderWidget::*)(blink::WebInputEvent const*, ui::LatencyInfo const&, content::InputEventDispatchType)) + 615 at ipc_message_templates.h:121
frame #93: 0x0000000106c3e21f libcontent.dylib`content::RenderWidget::OnMessageReceived(this=0x0000000132004400, message=0x0000700009a529e8) + 1023 at render_widget.cc:485
frame #94: 0x0000000106c11e7e libcontent.dylib`content::RenderViewImpl::OnMessageReceived(this=0x0000000132004400, message=0x0000700009a529e8) + 10078 at render_view_impl.cc:1367
frame #95: 0x0000000110c6b99b libipc.dylib`IPC::MessageRouter::RouteMessage(this=0x0000000129853468, msg=0x0000700009a529e8) + 91 at message_router.cc:52
frame #96: 0x0000000103a91778 libcontent.dylib`content::ChildThreadImpl::ChildThreadMessageRouter::RouteMessage(this=0x0000000129853468, msg=0x0000700009a529e8) + 40 at child_thread_impl.cc:369
frame #97: 0x0000000110c6b91e libipc.dylib`IPC::MessageRouter::OnMessageReceived(this=0x0000000129853468, msg=0x0000700009a529e8) + 94 at message_router.cc:44
frame #98: 0x0000000103a9cf57 libcontent.dylib`content::ChildThreadImpl::OnMessageReceived(this=0x0000000129853408, msg=0x0000700009a529e8) + 1863 at child_thread_impl.cc:767
frame #99: 0x0000000106c00e85 libcontent.dylib`bool base::internal::FunctorTraits<bool (content::ChildThreadImpl::*)(IPC::Message const&), void>::Invoke<content::RenderThreadImpl*, IPC::Message const&>(method=0x0000000000000001, receiver_ptr=0x0000700009a526b0, args=0x0000700009a529e8)(IPC::Message const&), content::RenderThreadImpl*&&, IPC::Message const&&&) + 149 at bind_internal.h:214
frame #100: 0x0000000106c00de6 libcontent.dylib`void base::internal::FunctorTraits<base::internal::IgnoreResultHelper<bool (content::ChildThreadImpl::*)(IPC::Message const&)>, void>::Invoke<base::internal::IgnoreResultHelper<bool (ignore_result_helper=0x0000000128864fa0, args=0x0000700009a526b0, args=0x0000700009a529e8)(IPC::Message const&)> const&, content::RenderThreadImpl*, IPC::Message const&>(base::internal::IgnoreResultHelper<bool (content::ChildThreadImpl::*)(IPC::Message const&)> const&&&, content::RenderThreadImpl*&&, IPC::Message const&&&) + 86 at bind_internal.h:247
frame #101: 0x0000000106c00d7d libcontent.dylib`void base::internal::InvokeHelper<false, void>::MakeItSo<base::internal::IgnoreResultHelper<bool (functor=0x0000000128864fa0, args=0x0000700009a526b0, args=0x0000700009a529e8)(IPC::Message const&)> const&, content::RenderThreadImpl*, IPC::Message const&>(base::internal::IgnoreResultHelper<bool (content::ChildThreadImpl::*)(IPC::Message const&)> const&&&, content::RenderThreadImpl*&&, IPC::Message const&&&) + 61 at bind_internal.h:284
frame #102: 0x0000000106c00d1b libcontent.dylib`void base::internal::Invoker<base::internal::BindState<base::internal::IgnoreResultHelper<bool (content::ChildThreadImpl::*)(IPC::Message const&)>, base::internal::UnretainedWrapper<content::RenderThreadImpl> >, void (IPC::Message const&)>::RunImpl<base::internal::IgnoreResultHelper<bool (functor=0x0000000128864fa0, bound=0x0000000128864fb0, (null)=IndexSequence<0> at 0x0000700009a52690, unbound_args=0x0000700009a529e8)(IPC::Message const&)> const&, std::__1::tuple<base::internal::UnretainedWrapper<content::RenderThreadImpl> > const&, 0ul>(base::internal::IgnoreResultHelper<bool (content::ChildThreadImpl::*)(IPC::Message const&)> const&&&, std::__1::tuple<base::internal::UnretainedWrapper<content::RenderThreadImpl> > const&&&, base::IndexSequence<0ul>, IPC::Message const&) + 107 at bind_internal.h:347
frame #103: 0x0000000106c00994 libcontent.dylib`base::internal::Invoker<base::internal::BindState<base::internal::IgnoreResultHelper<bool (content::ChildThreadImpl::*)(IPC::Message const&)>, base::internal::UnretainedWrapper<content::RenderThreadImpl> >, void (IPC::Message const&)>::Run(base=0x0000000128864f90, unbound_args=0x0000700009a529e8) + 68 at bind_internal.h:325
frame #104: 0x00000001069c89f1 libcontent.dylib`base::Callback<void (IPC::Message const&), (base::internal::CopyMode)1>::Run(this=0x00000001298537e0, args=0x0000700009a529e8) const + 65 at callback.h:388
frame #105: 0x0000000106bffe14 libcontent.dylib`base::CancelableCallback<void (IPC::Message const&)>::Forward(this=0x00000001298537d0, args=0x0000700009a529e8) const + 52 at cancelable_callback.h:108
frame #106: 0x0000000106c00603 libcontent.dylib`void base::internal::FunctorTraits<void (base::CancelableCallback<void (IPC::Message const&)>::*)(IPC::Message cons constt&), void>::Invoke<base::WeakPtr<base::CancelableCallback<void (method=0x0000000106bffde0, receiver_ptr=0x00000001288650a0, args=0x0000700009a529e8)> > const&, IPC::Message const&>(void (base::CancelableCallback<void (IPC::Message const&)>::*)(IPC::Message cons constt&), base::WeakPtr<base::CancelableCallback<void (IPC::Message const&)> > const&&&, IPC::Message const&&&) + 147 at bind_internal.h:234
frame #107: 0x0000000106c004e9 libcontent.dylib`void base::internal::InvokeHelper<true, void>::MakeItSo<void (functor=0x0000000128865090, weak_ptr=0x00000001288650a0, args=0x0000700009a529e8)>::* const&)(IPC::Message cons constt&), base::WeakPtr<base::CancelableCallback<void (IPC::Message const&)> > const&, IPC::Message const&>(void (base::CancelableCallback<void (IPC::Message const&)>::* const&&&)(IPC::Message cons constt&), base::WeakPtr<base::CancelableCallback<void (IPC::Message const&)> > const&&&, IPC::Message const&&&) + 105 at bind_internal.h:304
frame #108: 0x0000000106c00478 libcontent.dylib`void base::internal::Invoker<base::internal::BindState<void (base::CancelableCallback<void (IPC::Message const&)>::*)(IPC::Message cons constt&), base::WeakPtr<base::CancelableCallback<void (IPC::Message const&)> > >, void (IPC::Message const&)>::RunImpl<void (functor=0x0000000128865090, bound=0x00000001288650a0, (null)=IndexSequence<0> at 0x0000700009a52870, unbound_args=0x0000700009a529e8)>::* const&)(IPC::Message cons constt&), std::__1::tuple<base::WeakPtr<base::CancelableCallback<void (IPC::Message const&)> > > const&, 0ul>(void (base::CancelableCallback<void (IPC::Message const&)>::* const&&&)(IPC::Message cons constt&), std::__1::tuple<base::WeakPtr<base::CancelableCallback<void (IPC::Message const&)> > > const&&&, base::IndexSequence<0ul>, IPC::Message const&) + 88 at bind_internal.h:347
frame #109: 0x0000000106c00024 libcontent.dylib`base::internal::Invoker<base::internal::BindState<void (base::CancelableCallback<void (IPC::Message const&)>::*)(IPC::Message cons constt&), base::WeakPtr<base::CancelableCallback<void (IPC::Message const&)> > >, void (IPC::Message const&)>::Run(base=0x0000000128865080, unbound_args=0x0000700009a529e8) + 68 at bind_internal.h:325
frame #110: 0x00000001069c89f1 libcontent.dylib`base::Callback<void (IPC::Message const&), (base::internal::CopyMode)1>::Run(this=0x000000013141e008, args=0x0000700009a529e8) const + 65 at callback.h:388
frame #111: 0x0000000106a1fcec libcontent.dylib`content::InputEventFilter::HandleEventOnMainThread(this=0x000000013141dfe0, routing_id=1, event=0x00000001288c1640, latency_info=0x0000700009a52d40, dispatch_type=DISPATCH_TYPE_BLOCKING) + 364 at input_event_filter.cc:278
frame #112: 0x0000000106a3359b libcontent.dylib`content::MainThreadEventQueue::DispatchInFlightEvent(this=0x0000000128c09d90) + 1915 at main_thread_event_queue.cc:178
frame #113: 0x0000000106a33db5 libcontent.dylib`content::MainThreadEventQueue::DispatchSingleEvent(this=0x0000000128c09d90) + 885 at main_thread_event_queue.cc:211
frame #114: 0x0000000106a36862 libcontent.dylib`void base::internal::FunctorTraits<void (content::MainThreadEventQueue::*)(), void>::Invoke<scoped_refptr<content::MainThreadEventQueue> const&>(method=0x0000000106a33a40, receiver_ptr=0x00000001288c1810)(), scoped_refptr<content::MainThreadEventQueue> const&&&) + 130 at bind_internal.h:214
frame #115: 0x0000000106a3677f libcontent.dylib`void base::internal::InvokeHelper<false, void>::MakeItSo<void (functor=0x00000001288c1800, args=0x00000001288c1810)(), scoped_refptr<content::MainThreadEventQueue> const&>(void (content::MainThreadEventQueue::* const&&&)(), scoped_refptr<content::MainThreadEventQueue> const&&&) + 63 at bind_internal.h:284
frame #116: 0x0000000106a36738 libcontent.dylib`void base::internal::Invoker<base::internal::BindState<void (content::MainThreadEventQueue::*)(), scoped_refptr<content::MainThreadEventQueue> >, void ()>::RunImpl<void (functor=0x00000001288c1800, bound=0x00000001288c1810, (null)=IndexSequence<0> at 0x0000700009a53198)(), std::__1::tuple<scoped_refptr<content::MainThreadEventQueue> > const&, 0ul>(void (content::MainThreadEventQueue::* const&&&)(), std::__1::tuple<scoped_refptr<content::MainThreadEventQueue> > const&&&, base::IndexSequence<0ul>) + 72 at bind_internal.h:347
frame #117: 0x0000000106a362dc libcontent.dylib`base::internal::Invoker<base::internal::BindState<void (content::MainThreadEventQueue::*)(), scoped_refptr<content::MainThreadEventQueue> >, void ()>::Run(base=0x00000001288c17f0) + 44 at bind_internal.h:325
frame #118: 0x000000010d547a8e libbase.dylib`base::Callback<void (), (base::internal::CopyMode)1>::Run(this=0x0000700009a53538) const + 46 at callback.h:388
frame #119: 0x000000010d58a204 libbase.dylib`base::debug::TaskAnnotator::RunTask(this=0x00000001288572b8, queue_function=0x0000000116054cfc, pending_task=0x0000700009a53520) + 676 at task_annotator.cc:54
frame #120: 0x000000011570ad25 libblink_platform.dylib`blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(this=0x0000000128857210, work_queue=0x00000001288586e0, out_previous_task=0x0000700009a53868) + 1589 at task_queue_manager.cc:320
frame #121: 0x00000001157073f0 libblink_platform.dylib`blink::scheduler::TaskQueueManager::DoWork(this=0x0000000128857210, run_time=TimeTicks at 0x0000700009a53930, from_main_thread=false) + 1200 at task_queue_manager.cc:221
frame #122: 0x0000000115710c77 libblink_platform.dylib`void base::internal::FunctorTraits<void (blink::scheduler::TaskQueueManager::*)(base::TimeTicks, bool), void>::Invoke<base::WeakPtr<blink::scheduler::TaskQueueManager> const&, base::TimeTicks const&, bool const&>(method=0x0000000115706f40, receiver_ptr=0x00000001288576c0, args=0x00000001288576d0, args=0x00000001288576d8)(base::TimeTicks, bool), base::WeakPtr<blink::scheduler::TaskQueueManager> const&&&, base::TimeTicks const&&&, bool const&&&) + 199 at bind_internal.h:214
frame #123: 0x0000000115710a60 libblink_platform.dylib`void base::internal::InvokeHelper<true, void>::MakeItSo<void (functor=0x00000001288576b0, weak_ptr=0x00000001288576c0, args=0x00000001288576d0, args=0x00000001288576d8)(base::TimeTicks, bool), base::WeakPtr<blink::scheduler::TaskQueueManager> const&, base::TimeTicks const&, bool const&>(void (blink::scheduler::TaskQueueManager::* const&&&)(base::TimeTicks, bool), base::WeakPtr<blink::scheduler::TaskQueueManager> const&&&, base::TimeTicks const&&&, bool const&&&) + 128 at bind_internal.h:304
frame #124: 0x00000001157109da libblink_platform.dylib`void base::internal::Invoker<base::internal::BindState<void (blink::scheduler::TaskQueueManager::*)(base::TimeTicks, bool), base::WeakPtr<blink::scheduler::TaskQueueManager>, base::TimeTicks, bool>, void ()>::RunImpl<void (functor=0x00000001288576b0, bound=0x00000001288576c0, (null)=IndexSequence<0, 1, 2> at 0x0000700009a53ba8)(base::TimeTicks, bool), std::__1::tuple<base::WeakPtr<blink::scheduler::TaskQueueManager>, base::TimeTicks, bool> const&, 0ul, 1ul, 2ul>(void (blink::scheduler::TaskQueueManager::* const&&&)(base::TimeTicks, bool), std::__1::tuple<base::WeakPtr<blink::scheduler::TaskQueueManager>, base::TimeTicks, bool> const&&&, base::IndexSequence<0ul, 1ul, 2ul>) + 138 at bind_internal.h:347
frame #125: 0x00000001157103dc libblink_platform.dylib`base::internal::Invoker<base::internal::BindState<void (blink::scheduler::TaskQueueManager::*)(base::TimeTicks, bool), base::WeakPtr<blink::scheduler::TaskQueueManager>, base::TimeTicks, bool>, void ()>::Run(base=0x00000001288576a0) + 44 at bind_internal.h:325
frame #126: 0x000000010d547a8e libbase.dylib`base::Callback<void (), (base::internal::CopyMode)1>::Run(this=0x0000700009a54150) const + 46 at callback.h:388
frame #127: 0x000000010d58a204 libbase.dylib`base::debug::TaskAnnotator::RunTask(this=0x000000013131f0b0, queue_function=0x000000010d95868f, pending_task=0x0000700009a54138) + 676 at task_annotator.cc:54
frame #128: 0x000000010d660b1d libbase.dylib`base::MessageLoop::RunTask(this=0x000000013131ef70, pending_task=0x0000700009a54138) + 877 at message_loop.cc:488
frame #129: 0x000000010d661104 libbase.dylib`base::MessageLoop::DeferOrRunPendingTask(this=0x000000013131ef70, pending_task=PendingTask at 0x0000700009a54138) + 68 at message_loop.cc:497
frame #130: 0x000000010d661b7d libbase.dylib`base::MessageLoop::DoWork(this=0x000000013131ef70) + 669 at message_loop.cc:621
frame #131: 0x000000010d672a38 libbase.dylib`base::MessagePumpCFRunLoopBase::RunWork(this=0x000000012880ec80) + 104 at message_pump_mac.mm:330
frame #132: 0x000000010d6729bc libbase.dylib`___ZN4base24MessagePumpCFRunLoopBase13RunWorkSourceEPv_block_invoke(.block_descriptor=<unavailable>) + 28 at message_pump_mac.mm:307
frame #133: 0x000000010d61ab6a libbase.dylib`base::mac::CallWithEHFrame(void () block_pointer) + 10 at call_with_eh_frame_asm.S:36
frame #134: 0x000000010d671f35 libbase.dylib`base::MessagePumpCFRunLoopBase::RunWorkSource(info=0x000000012880ec80) + 101 at message_pump_mac.mm:306
frame #135: 0x00007fff884a5881 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
frame #136: 0x00007fff88484fbc CoreFoundation`__CFRunLoopDoSources0 + 556
frame #137: 0x00007fff884844df CoreFoundation`__CFRunLoopRun + 927
frame #138: 0x00007fff88483ed8 CoreFoundation`CFRunLoopRunSpecific + 296
frame #139: 0x000000010d67309c libbase.dylib`base::MessagePumpCFRunLoop::DoRun(this=0x000000012880ec80, delegate=0x000000013131ef70) + 76 at message_pump_mac.mm:554
frame #140: 0x000000010d67271a libbase.dylib`base::MessagePumpCFRunLoopBase::Run(this=0x000000012880ec80, delegate=0x000000013131ef70) + 122 at message_pump_mac.mm:238
frame #141: 0x000000010d66032a libbase.dylib`base::MessageLoop::RunHandler(this=0x000000013131ef70) + 298 at message_loop.cc:451
frame #142: 0x000000010d728c75 libbase.dylib`base::RunLoop::Run(this=0x0000700009a55950) + 85 at run_loop.cc:35
frame #143: 0x000000010d81ee87 libbase.dylib`base::Thread::Run(this=0x000000013131d6b0, run_loop=0x0000700009a55950) + 215 at thread.cc:228
frame #144: 0x000000010d81fccd libbase.dylib`base::Thread::ThreadMain(this=0x000000013131d6b0) + 2525 at thread.cc:301
frame #145: 0x000000010d7fb791 libbase.dylib`base::(anonymous namespace)::ThreadFunc(params=0x000000013131e100) + 705 at platform_thread_posix.cc:71
frame #146: 0x00007fff96b5d99d libsystem_pthread.dylib`_pthread_body + 131
frame #147: 0x00007fff96b5d91a libsystem_pthread.dylib`_pthread_start + 168
frame #148: 0x00007fff96b5b351 libsystem_pthread.dylib`thread_start + 13
,
Sep 2 2016
Here's a better trace:
* frame #0: 0x000000010d575464 libbase.dylib`base::debug::BreakDebugger() + 20 at debugger_posix.cc:260
frame #1: 0x000000010d617c4e libbase.dylib`logging::LogMessage::~LogMessage(this=0x0000700009a46160) + 4302 at logging.cc:748
frame #2: 0x000000010d614785 libbase.dylib`logging::LogMessage::~LogMessage(this=0x0000700009a46160) + 21 at logging.cc:528
frame #3: 0x000000011a9a3e87 libblink_core.dylib`blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::TextIteratorAlgorithm(this=0x0000700009a46790, start=0x0000700009a466c8, end=0x0000700009a466b0, behavior=129) + 1015 at TextIterator.cpp:166
frame #4: 0x000000011a9a462b libblink_core.dylib`blink::TextIteratorAlgorithm<blink::EditingAlgorithm<blink::NodeTraversal> >::TextIteratorAlgorithm(this=0x0000700009a46790, start=0x0000700009a466c8, end=0x0000700009a466b0, behavior=129) + 43 at TextIterator.cpp:159
frame #5: 0x000000011a8e7fd9 libblink_core.dylib`blink::PlainTextRange::createRangeFor(this=0x0000700009a46a70, scope=0x000031ea022a3540, getRangeFor=ForSelection) const + 441 at PlainTextRange.cpp:86
frame #6: 0x000000011a8e8739 libblink_core.dylib`blink::PlainTextRange::createRangeForSelection(this=0x0000700009a46a70, scope=0x000031ea022a3540) const + 41 at PlainTextRange.cpp:68
frame #7: 0x000000011a8bd93a libblink_core.dylib`blink::visiblePositionForIndex(index=1, scope=0x000031ea022a3540) + 106 at EditingUtilities.cpp:1759
frame #8: 0x000000011a976e3f libblink_core.dylib`blink::InsertListCommand::doApply(this=0x0000297efe03ad20, editingState=0x0000700009a476e0) + 2671 at InsertListCommand.cpp:215
frame #9: 0x000000011a948e1b libblink_core.dylib`blink::CompositeEditCommand::apply(this=0x0000297efe03ad20) + 651 at CompositeEditCommand.cpp:224
frame #10: 0x000000011a96a972 libblink_core.dylib`blink::executeInsertOrderedList(frame=0x0000297efe021f10, (null)=0x0000000000000000, (null)=CommandFromDOM, (null)=0x0000700009a481e0) + 274 at EditorCommand.cpp:725
frame #11: 0x000000011a966b66 libblink_core.dylib`blink::Editor::Command::execute(this=0x0000700009a47bb8, parameter=0x0000700009a481e0, triggeringEvent=0x0000000000000000) const + 662 at EditorCommand.cpp:1891
frame #12: 0x000000011b596138 libblink_core.dylib`blink::Document::execCommand(this=0x000031ea022a2770, commandName=0x0000700009a481e8, (null)=false, value=0x0000700009a481e0, exceptionState=0x0000700009a48248) + 680 at Document.cpp:4521
frame #13: 0x0000000119c0a2de libblink_core.dylib`blink::DocumentV8Internal::execCommandMethod(info=0x0000700009a48368) + 4062 at V8Document.cpp:4166
frame #14: 0x0000000119c0095f libblink_core.dylib`blink::DocumentV8Internal::execCommandMethodCallback(info=0x0000700009a48368) + 47 at V8Document.cpp:4176
frame #15: 0x00000001140f5b5e libv8.dylib`v8::internal::FunctionCallbackArguments::Call(this=0x0000700009a48448, f=0x0000000119c00930)(v8::FunctionCallbackInfo<v8::Value> const&)) + 382 at api-arguments.cc:21
frame #16: 0x00000001141b0495 libv8.dylib`v8::internal::MaybeHandle<v8::internal::Object> v8::internal::(anonymous namespace)::HandleApiCallHelper<false>(isolate=<unavailable>, function=<unavailable>, new_target=<unavailable>, fun_data=<unavailable>, receiver=<unavailable>, args=BuiltinArguments at 0x0000700009a484f0) + 1045 at builtins-api.cc:106
frame #17: 0x00000001141af1a8 libv8.dylib`v8::internal::Builtin_Impl_HandleApiCall(args=BuiltinArguments at 0x0000700009a48530, isolate=0x0000000129874e00) + 344 at builtins-api.cc:135
frame #18: 0x00000001141aef32 libv8.dylib`v8::internal::Builtin_HandleApiCall(args_length=<unavailable>, args_object=<unavailable>, isolate=0x0000000129874e00) + 210 at builtins-api.cc:123
frame #19: 0x00001582fa3063a7
frame #20: 0x00001582fa3823e5
frame #21: 0x00001582fa37973d
frame #22: 0x00001582fa307e55
frame #23: 0x00001582fa34a743
frame #24: 0x00001582fa329d41
frame #25: 0x00000001145114a5 libv8.dylib`v8::internal::(anonymous namespace)::Invoke(isolate=0x0000000129874e00, is_construct=<unavailable>, target=<unavailable>, receiver=<unavailable>, argc=1, args=<unavailable>, new_target=<unavailable>) + 1493 at execution.cc:141
frame #26: 0x0000000114510e97 libv8.dylib`v8::internal::Execution::Call(isolate=0x0000000129874e00, callable=Handle<v8::internal::Object> at r12, receiver=<unavailable>, argc=1, argv=<unavailable>) + 135 at execution.cc:178
frame #27: 0x0000000114123506 libv8.dylib`v8::Function::Call(this=0x00000001298bfd10, context=<unavailable>, recv=<unavailable>, argc=<unavailable>, argv=<unavailable>) + 694 at api.cc:4741
frame #28: 0x0000000119ac94ea libblink_core.dylib`blink::V8ScriptRunner::callFunction(function=(val_ = 0x00000001298bfd10), context=0x000031ea022a28d0, receiver=(val_ = 0x00000001298bfd48), argc=1, args=0x0000700009a48da0, isolate=0x0000000129874e00) + 1434 at V8ScriptRunner.cpp:516
frame #29: 0x0000000119a87f8c libblink_core.dylib`blink::V8EventListener::callListenerFunction(this=0x000038c6e9a450c8, scriptState=0x00000d8b1a807c98, jsEvent=(val_ = 0x00000001298bfca0), event=0x0000297efe03abe8) + 844 at V8EventListener.cpp:96
frame #30: 0x0000000119a6a0c4 libblink_core.dylib`blink::V8AbstractEventListener::invokeEventHandler(this=0x000038c6e9a450c8, scriptState=0x00000d8b1a807c98, event=0x0000297efe03abe8, jsEvent=(val_ = 0x00000001298bfca0)) + 580 at V8AbstractEventListener.cpp:130
frame #31: 0x0000000119a69e0b libblink_core.dylib`blink::V8AbstractEventListener::handleEvent(this=0x000038c6e9a450c8, scriptState=0x00000d8b1a807c98, event=0x0000297efe03abe8) + 507 at V8AbstractEventListener.cpp:95
frame #32: 0x0000000119a69ba1 libblink_core.dylib`blink::V8AbstractEventListener::handleEvent(this=0x000038c6e9a450c8, executionContext=0x000031ea022a28d0, event=0x0000297efe03abe8) + 337 at V8AbstractEventListener.cpp:84
frame #33: 0x000000011b7e7eee libblink_core.dylib`blink::EventTarget::fireEventListeners(this=0x000031ea022a2770, event=0x0000297efe03abe8, d=0x000038c6e9a45130, entry=0x0000334924774630) + 3326 at EventTarget.cpp:668
frame #34: 0x000000011b7e6cd6 libblink_core.dylib`blink::EventTarget::fireEventListeners(this=0x000031ea022a2770, event=0x0000297efe03abe8) + 854 at EventTarget.cpp:541
frame #35: 0x000000011b698522 libblink_core.dylib`blink::Node::handleLocalEvents(this=0x000031ea022a2770, event=0x0000297efe03abe8) + 114 at Node.cpp:1986
frame #36: 0x000000011b7fa136 libblink_core.dylib`blink::NodeEventContext::handleLocalEvents(this=0x000030eacea26e30, event=0x0000297efe03abe8) const + 342 at NodeEventContext.cpp:64
frame #37: 0x000000011b7c6d60 libblink_core.dylib`blink::EventDispatcher::dispatchEventAtBubbling(this=0x0000700009a4a4b8) + 512 at EventDispatcher.cpp:192
frame #38: 0x000000011b7c6469 libblink_core.dylib`blink::EventDispatcher::dispatch(this=0x0000700009a4a4b8) + 1657 at EventDispatcher.cpp:129
frame #39: 0x000000011b7c4d02 libblink_core.dylib`blink::EventDispatchMediator::dispatchEvent(this=0x000008e8c70e5d78, dispatcher=0x0000700009a4a4b8) const + 242 at EventDispatchMediator.cpp:56
frame #40: 0x000000011b7c556d libblink_core.dylib`blink::EventDispatcher::dispatchEvent(node=0x000031ea022a3830, mediator=0x000008e8c70e5d78) + 493 at EventDispatcher.cpp:53
frame #41: 0x000000011b805a84 libblink_core.dylib`blink::ScopedEventQueue::dispatchEvent(this=0x00000d8b1a89cef8, mediator=0x000008e8c70e5d78) const + 308 at ScopedEventQueue.cpp:83
frame #42: 0x000000011b80583d libblink_core.dylib`blink::ScopedEventQueue::enqueueEventDispatchMediator(this=0x00000d8b1a89cef8, mediator=0x000008e8c70e5d78) + 93 at ScopedEventQueue.cpp:67
frame #43: 0x000000011b7c58a3 libblink_core.dylib`blink::EventDispatcher::dispatchScopedEvent(node=0x000031ea022a3830, mediator=0x000008e8c70e5d78) + 67 at EventDispatcher.cpp:69
frame #44: 0x000000011b698574 libblink_core.dylib`blink::Node::dispatchScopedEvent(this=0x000031ea022a3830, event=0x0000297efe03abe8) + 68 at Node.cpp:1992
frame #45: 0x000000011b698764 libblink_core.dylib`blink::Node::dispatchSubtreeModifiedEvent(this=0x000031ea022a3830) + 420 at Node.cpp:2012
frame #46: 0x000000011b53e767 libblink_core.dylib`blink::ContainerNode::insertBefore(this=0x000031ea022a3830, newChild=0x000031ea022a5778, refChild=0x000031ea022a5518, exceptionState=0x0000700009a4ae20) + 1447 at ContainerNode.cpp:221
frame #47: 0x000000011a979c64 libblink_core.dylib`blink::InsertNodeBeforeCommand::doApply(this=0x0000297efe0396b0, (null)=0x0000700009a4be60) + 500 at InsertNodeBeforeCommand.cpp:56
frame #48: 0x000000011a94913a libblink_core.dylib`blink::CompositeEditCommand::applyCommandToComposite(this=0x0000297efe039560, command=0x0000297efe0396b0, editingState=0x0000700009a4be60) + 74 at CompositeEditCommand.cpp:270
frame #49: 0x000000011a949bcd libblink_core.dylib`blink::CompositeEditCommand::insertNodeBefore(this=0x0000297efe039560, insertChild=0x000031ea022a5778, refChild=0x000031ea022a5518, editingState=0x0000700009a4be60, shouldAssumeContentIsAlwaysEditable=DoNotAssumeContentIsAlwaysEditable) + 381 at CompositeEditCommand.cpp:340
frame #50: 0x000000011a94a449 libblink_core.dylib`blink::CompositeEditCommand::insertNodeAt(this=0x0000297efe039560, insertChild=0x000031ea022a5778, editingPosition=0x0000700009a4b270, editingState=0x0000700009a4be60) + 297 at CompositeEditCommand.cpp:374
frame #51: 0x000000011a97d138 libblink_core.dylib`blink::InsertTextCommand::positionInsideTextNode(this=0x0000297efe039560, p=0x0000700009a4b4d8, editingState=0x0000700009a4be60) + 376 at InsertTextCommand.cpp:67
frame #52: 0x000000011a97dfe2 libblink_core.dylib`blink::InsertTextCommand::doApply(this=0x0000297efe039560, editingState=0x0000700009a4be60) + 1986 at InsertTextCommand.cpp:208
frame #53: 0x000000011a949401 libblink_core.dylib`blink::CompositeEditCommand::applyCommandToComposite(this=0x0000297efe036a98, command=0x0000297efe039560, selection=0x0000297efe036b28, editingState=0x0000700009a4be60) + 161 at CompositeEditCommand.cpp:289
frame #54: 0x000000011a997357 libblink_core.dylib`blink::TypingCommand::insertTextRunWithoutNewlines(this=0x0000297efe036a98, text=0x0000700009a4be68, selectInsertedText=false, editingState=0x0000700009a4be60) + 151 at TypingCommand.cpp:384
frame #55: 0x000000011a9967d9 libblink_core.dylib`blink::TypingCommand::insertText(this=0x0000297efe036a98, text=0x0000700009a4be68, selectInsertedText=false, editingState=0x0000700009a4be60) + 345 at TypingCommand.cpp:370
frame #56: 0x000000011a9963ac libblink_core.dylib`blink::TypingCommand::insertText(document=0x000031ea022a2770, text=0x0000700009a4c1d8, selectionForInsertion=0x0000700009a4c0e0, options=0, compositionType=TextCompositionNone) + 636 at TypingCommand.cpp:194
frame #57: 0x000000011a8c1476 libblink_core.dylib`blink::Editor::insertTextWithoutSendingTextEvent(this=0x0000297efe0221b0, text=0x0000700009a4c1d8, selectInsertedText=false, triggeringEvent=0x0000297efe039378) + 438 at Editor.cpp:824
frame #58: 0x000000011a8c09d4 libblink_core.dylib`blink::Editor::handleTextEvent(this=0x0000297efe0221b0, event=0x0000297efe039378) + 436 at Editor.cpp:207
frame #59: 0x000000011b81fe40 libblink_core.dylib`blink::EventHandler::defaultTextInputEventHandler(this=0x0000297efe0225f0, event=0x0000297efe039378) + 48 at EventHandler.cpp:2501
frame #60: 0x000000011b698d25 libblink_core.dylib`blink::Node::defaultEventHandler(this=0x000031ea022a3680, event=0x0000297efe039378) + 581 at Node.cpp:2067
frame #61: 0x000000011a178b0f libblink_core.dylib`blink::HTMLElement::defaultEventHandler(this=0x000031ea022a3680, event=0x0000297efe039378) + 159 at HTMLElement.cpp:1057
frame #62: 0x000000011b7c72b7 libblink_core.dylib`blink::EventDispatcher::dispatchEventPostProcess(this=0x0000700009a4cd98, preDispatchEventHandlerResult=0x0000000000000000) + 871 at EventDispatcher.cpp:230
frame #63: 0x000000011b7c6486 libblink_core.dylib`blink::EventDispatcher::dispatch(this=0x0000700009a4cd98) + 1686 at EventDispatcher.cpp:132
frame #64: 0x000000011b7c4d02 libblink_core.dylib`blink::EventDispatchMediator::dispatchEvent(this=0x000008e8c70e5bd8, dispatcher=0x0000700009a4cd98) const + 242 at EventDispatchMediator.cpp:56
frame #65: 0x000000011b7c556d libblink_core.dylib`blink::EventDispatcher::dispatchEvent(node=0x000031ea022a3680, mediator=0x000008e8c70e5bd8) + 493 at EventDispatcher.cpp:53
frame #66: 0x000000011b6985b4 libblink_core.dylib`blink::Node::dispatchEventInternal(this=0x000031ea022a3680, event=0x0000297efe039378) + 52 at Node.cpp:1997
frame #67: 0x000000011b7e690c libblink_core.dylib`blink::EventTarget::dispatchEvent(this=0x000031ea022a3680, event=0x0000297efe039378) + 60 at EventTarget.cpp:442
frame #68: 0x000000011b81fdc6 libblink_core.dylib`blink::EventHandler::handleTextInputEvent(this=0x0000297efe0225f0, text=0x0000700009a4d040, underlyingEvent=0x0000297efe039220, inputType=TextEventInputKeyboard) + 358 at EventHandler.cpp:2495
frame #69: 0x000000011a8c5437 libblink_core.dylib`blink::Editor::insertText(this=0x0000297efe0221b0, text=0x0000700009a4d040, triggeringEvent=0x0000297efe039220) + 55 at Editor.cpp:809
frame #70: 0x000000011a8cca82 libblink_core.dylib`blink::Editor::handleEditingKeyboardEvent(this=0x0000297efe0221b0, evt=0x0000297efe039220) + 498 at EditorKeyBindings.cpp:68
frame #71: 0x000000011a8ccb1e libblink_core.dylib`blink::Editor::handleKeyboardEvent(this=0x0000297efe0221b0, evt=0x0000297efe039220) + 62 at EditorKeyBindings.cpp:74
frame #72: 0x000000011b8267b0 libblink_core.dylib`blink::KeyboardEventManager::defaultKeyboardEventHandler(this=0x0000297efe022a60, event=0x0000297efe039220, possibleFocusedNode=0x0000000000000000) + 464 at KeyboardEventManager.cpp:205
frame #73: 0x000000011b81f1c6 libblink_core.dylib`blink::EventHandler::defaultKeyboardEventHandler(this=0x0000297efe0225f0, event=0x0000297efe039220) + 70 at EventHandler.cpp:2276
frame #74: 0x000000011b698bba libblink_core.dylib`blink::Node::defaultEventHandler(this=0x000031ea022a3680, event=0x0000297efe039220) + 218 at Node.cpp:2055
frame #75: 0x000000011a178b0f libblink_core.dylib`blink::HTMLElement::defaultEventHandler(this=0x000031ea022a3680, event=0x0000297efe039220) + 159 at HTMLElement.cpp:1057
frame #76: 0x000000011b7c72b7 libblink_core.dylib`blink::EventDispatcher::dispatchEventPostProcess(this=0x0000700009a4dcb8, preDispatchEventHandlerResult=0x0000000000000000) + 871 at EventDispatcher.cpp:230
frame #77: 0x000000011b7c6486 libblink_core.dylib`blink::EventDispatcher::dispatch(this=0x0000700009a4dcb8) + 1686 at EventDispatcher.cpp:132
frame #78: 0x000000011b7c4d02 libblink_core.dylib`blink::EventDispatchMediator::dispatchEvent(this=0x000008e8c70e5bb8, dispatcher=0x0000700009a4dcb8) const + 242 at EventDispatchMediator.cpp:56
frame #79: 0x000000011b7c556d libblink_core.dylib`blink::EventDispatcher::dispatchEvent(node=0x000031ea022a3680, mediator=0x000008e8c70e5bb8) + 493 at EventDispatcher.cpp:53
frame #80: 0x000000011b6985b4 libblink_core.dylib`blink::Node::dispatchEventInternal(this=0x000031ea022a3680, event=0x0000297efe039220) + 52 at Node.cpp:1997
frame #81: 0x000000011b7e690c libblink_core.dylib`blink::EventTarget::dispatchEvent(this=0x000031ea022a3680, event=0x0000297efe039220) + 60 at EventTarget.cpp:442
frame #82: 0x000000011b8261a3 libblink_core.dylib`blink::KeyboardEventManager::keyEvent(this=0x0000297efe022a60, initialKeyEvent=0x0000000131395d9c) + 371 at KeyboardEventManager.cpp:123
frame #83: 0x000000011b81f16f libblink_core.dylib`blink::EventHandler::keyEvent(this=0x0000297efe0225f0, initialKeyEvent=0x0000000131395d9c) + 47 at EventHandler.cpp:2271
frame #84: 0x00000001178887f9 libblink_web.dylib`blink::WebViewImpl::handleCharEvent(this=0x00000d8b1a908010, event=0x0000000131395d9c) + 969 at WebViewImpl.cpp:1194
frame #85: 0x000000011774dafc libblink_web.dylib`blink::PageWidgetDelegate::handleInputEvent(handler=0x00000d8b1a908038, event=0x0000000131395d9c, root=0x0000297efe021f10) + 1116 at PageWidgetDelegate.cpp:165
frame #86: 0x00000001178862c5 libblink_web.dylib`blink::WebViewImpl::handleInputEvent(this=0x00000d8b1a908010, inputEvent=0x0000000131395d9c) + 4037 at WebViewImpl.cpp:2217
frame #87: 0x0000000106a3ca24 libcontent.dylib`content::RenderWidgetInputHandler::HandleInputEvent(this=0x000000013132c700, input_event=0x0000000131395d9c, latency_info=0x0000700009a4fdd8, dispatch_type=DISPATCH_TYPE_BLOCKING) + 3060 at render_widget_input_handler.cc:325
frame #88: 0x0000000106c3f62d libcontent.dylib`content::RenderWidget::OnHandleInputEvent(this=0x0000000132004400, input_event=0x0000000131395d9c, latency_info=0x0000700009a4fdd8, dispatch_type=DISPATCH_TYPE_BLOCKING) + 125 at render_widget.cc:687
frame #89: 0x0000000106c57140 libcontent.dylib`void base::DispatchToMethodImpl<content::RenderWidget*, void (content::RenderWidget::*)(blink::WebInputEvent const*, ui::LatencyInfo const&, content::InputEventDispatchType), std::__1::tuple<blink::WebInputEvent const*, ui::LatencyInfo, content::InputEventDispatchType> const&, 0ul, 1ul, 2ul>(obj=0x0000700009a4fcb0, method=0x0000000106c3f5b0, args=0x0000700009a4fdd0, (null)=IndexSequence<0, 1, 2> at 0x0000700009a4fbd0)(blink::WebInputEvent const*, ui::LatencyInfo const&, content::InputEventDispatchType), std::__1::tuple<blink::WebInputEvent const*, ui::LatencyInfo, content::InputEventDispatchType> const&&&, base::IndexSequence<0ul, 1ul, 2ul>) + 208 at tuple.h:144
frame #90: 0x0000000106c57069 libcontent.dylib`void base::DispatchToMethod<content::RenderWidget*, void (content::RenderWidget::*)(blink::WebInputEvent const*, ui::LatencyInfo const&, content::InputEventDispatchType), std::__1::tuple<blink::WebInputEvent const*, ui::LatencyInfo, content::InputEventDispatchType> const&>(obj=0x0000700009a4fcb0, method=0x0000000106c3f5b0, args=0x0000700009a4fdd0)(blink::WebInputEvent const*, ui::LatencyInfo const&, content::InputEventDispatchType), std::__1::tuple<blink::WebInputEvent const*, ui::LatencyInfo, content::InputEventDispatchType> const&&&) + 73 at tuple.h:151
frame #91: 0x0000000106c56ffd libcontent.dylib`void IPC::DispatchToMethod<content::RenderWidget, void (content::RenderWidget::*)(blink::WebInputEvent const*, ui::LatencyInfo const&, content::InputEventDispatchType), void, std::__1::tuple<blink::WebInputEvent const*, ui::LatencyInfo, content::InputEventDispatchType> >(obj=0x0000000132004400, method=0x0000000106c3f5b0, (null)=0x0000000000000000, tuple=0x0000700009a4fdd0)(blink::WebInputEvent const*, ui::LatencyInfo const&, content::InputEventDispatchType), void*, std::__1::tuple<blink::WebInputEvent const*, ui::LatencyInfo, content::InputEventDispatchType> const&) + 93 at ipc_message_templates.h:26
frame #92: 0x0000000106c3f527 libcontent.dylib`bool IPC::MessageT<InputMsg_HandleInputEvent_Meta, std::__1::tuple<blink::WebInputEvent const*, ui::LatencyInfo, content::InputEventDispatchType>, void>::Dispatch<content::RenderWidget, content::RenderWidget, void, void (msg=0x0000700009a529e8, obj=0x0000000132004400, sender=0x0000000132004400, parameter=0x0000000000000000, func=0x0000000106c3f5b0)(blink::WebInputEvent const*, ui::LatencyInfo const&, content::InputEventDispatchType)>(IPC::Message const*, content::RenderWidget*, content::RenderWidget*, void*, void (content::RenderWidget::*)(blink::WebInputEvent const*, ui::LatencyInfo const&, content::InputEventDispatchType)) + 615 at ipc_message_templates.h:121
frame #93: 0x0000000106c3e21f libcontent.dylib`content::RenderWidget::OnMessageReceived(this=0x0000000132004400, message=0x0000700009a529e8) + 1023 at render_widget.cc:485
frame #94: 0x0000000106c11e7e libcontent.dylib`content::RenderViewImpl::OnMessageReceived(this=0x0000000132004400, message=0x0000700009a529e8) + 10078 at render_view_impl.cc:1367
frame #95: 0x0000000110c6b99b libipc.dylib`IPC::MessageRouter::RouteMessage(this=0x0000000129853468, msg=0x0000700009a529e8) + 91 at message_router.cc:52
frame #96: 0x0000000103a91778 libcontent.dylib`content::ChildThreadImpl::ChildThreadMessageRouter::RouteMessage(this=0x0000000129853468, msg=0x0000700009a529e8) + 40 at child_thread_impl.cc:369
frame #97: 0x0000000110c6b91e libipc.dylib`IPC::MessageRouter::OnMessageReceived(this=0x0000000129853468, msg=0x0000700009a529e8) + 94 at message_router.cc:44
frame #98: 0x0000000103a9cf57 libcontent.dylib`content::ChildThreadImpl::OnMessageReceived(this=0x0000000129853408, msg=0x0000700009a529e8) + 1863 at child_thread_impl.cc:767
frame #99: 0x0000000106c00e85 libcontent.dylib`bool base::internal::FunctorTraits<bool (content::ChildThreadImpl::*)(IPC::Message const&), void>::Invoke<content::RenderThreadImpl*, IPC::Message const&>(method=0x0000000000000001, receiver_ptr=0x0000700009a526b0, args=0x0000700009a529e8)(IPC::Message const&), content::RenderThreadImpl*&&, IPC::Message const&&&) + 149 at bind_internal.h:214
frame #100: 0x0000000106c00de6 libcontent.dylib`void base::internal::FunctorTraits<base::internal::IgnoreResultHelper<bool (content::ChildThreadImpl::*)(IPC::Message const&)>, void>::Invoke<base::internal::IgnoreResultHelper<bool (ignore_result_helper=0x0000000128864fa0, args=0x0000700009a526b0, args=0x0000700009a529e8)(IPC::Message const&)> const&, content::RenderThreadImpl*, IPC::Message const&>(base::internal::IgnoreResultHelper<bool (content::ChildThreadImpl::*)(IPC::Message const&)> const&&&, content::RenderThreadImpl*&&, IPC::Message const&&&) + 86 at bind_internal.h:247
frame #101: 0x0000000106c00d7d libcontent.dylib`void base::internal::InvokeHelper<false, void>::MakeItSo<base::internal::IgnoreResultHelper<bool (functor=0x0000000128864fa0, args=0x0000700009a526b0, args=0x0000700009a529e8)(IPC::Message const&)> const&, content::RenderThreadImpl*, IPC::Message const&>(base::internal::IgnoreResultHelper<bool (content::ChildThreadImpl::*)(IPC::Message const&)> const&&&, content::RenderThreadImpl*&&, IPC::Message const&&&) + 61 at bind_internal.h:284
frame #102: 0x0000000106c00d1b libcontent.dylib`void base::internal::Invoker<base::internal::BindState<base::internal::IgnoreResultHelper<bool (content::ChildThreadImpl::*)(IPC::Message const&)>, base::internal::UnretainedWrapper<content::RenderThreadImpl> >, void (IPC::Message const&)>::RunImpl<base::internal::IgnoreResultHelper<bool (functor=0x0000000128864fa0, bound=0x0000000128864fb0, (null)=IndexSequence<0> at 0x0000700009a52690, unbound_args=0x0000700009a529e8)(IPC::Message const&)> const&, std::__1::tuple<base::internal::UnretainedWrapper<content::RenderThreadImpl> > const&, 0ul>(base::internal::IgnoreResultHelper<bool (content::ChildThreadImpl::*)(IPC::Message const&)> const&&&, std::__1::tuple<base::internal::UnretainedWrapper<content::RenderThreadImpl> > const&&&, base::IndexSequence<0ul>, IPC::Message const&) + 107 at bind_internal.h:347
frame #103: 0x0000000106c00994 libcontent.dylib`base::internal::Invoker<base::internal::BindState<base::internal::IgnoreResultHelper<bool (content::ChildThreadImpl::*)(IPC::Message const&)>, base::internal::UnretainedWrapper<content::RenderThreadImpl> >, void (IPC::Message const&)>::Run(base=0x0000000128864f90, unbound_args=0x0000700009a529e8) + 68 at bind_internal.h:325
frame #104: 0x00000001069c89f1 libcontent.dylib`base::Callback<void (IPC::Message const&), (base::internal::CopyMode)1>::Run(this=0x00000001298537e0, args=0x0000700009a529e8) const + 65 at callback.h:388
frame #105: 0x0000000106bffe14 libcontent.dylib`base::CancelableCallback<void (IPC::Message const&)>::Forward(this=0x00000001298537d0, args=0x0000700009a529e8) const + 52 at cancelable_callback.h:108
frame #106: 0x0000000106c00603 libcontent.dylib`void base::internal::FunctorTraits<void (base::CancelableCallback<void (IPC::Message const&)>::*)(IPC::Message cons constt&), void>::Invoke<base::WeakPtr<base::CancelableCallback<void (method=0x0000000106bffde0, receiver_ptr=0x00000001288650a0, args=0x0000700009a529e8)> > const&, IPC::Message const&>(void (base::CancelableCallback<void (IPC::Message const&)>::*)(IPC::Message cons constt&), base::WeakPtr<base::CancelableCallback<void (IPC::Message const&)> > const&&&, IPC::Message const&&&) + 147 at bind_internal.h:234
frame #107: 0x0000000106c004e9 libcontent.dylib`void base::internal::InvokeHelper<true, void>::MakeItSo<void (functor=0x0000000128865090, weak_ptr=0x00000001288650a0, args=0x0000700009a529e8)>::* const&)(IPC::Message cons constt&), base::WeakPtr<base::CancelableCallback<void (IPC::Message const&)> > const&, IPC::Message const&>(void (base::CancelableCallback<void (IPC::Message const&)>::* const&&&)(IPC::Message cons constt&), base::WeakPtr<base::CancelableCallback<void (IPC::Message const&)> > const&&&, IPC::Message const&&&) + 105 at bind_internal.h:304
frame #108: 0x0000000106c00478 libcontent.dylib`void base::internal::Invoker<base::internal::BindState<void (base::CancelableCallback<void (IPC::Message const&)>::*)(IPC::Message cons constt&), base::WeakPtr<base::CancelableCallback<void (IPC::Message const&)> > >, void (IPC::Message const&)>::RunImpl<void (functor=0x0000000128865090, bound=0x00000001288650a0, (null)=IndexSequence<0> at 0x0000700009a52870, unbound_args=0x0000700009a529e8)>::* const&)(IPC::Message cons constt&), std::__1::tuple<base::WeakPtr<base::CancelableCallback<void (IPC::Message const&)> > > const&, 0ul>(void (base::CancelableCallback<void (IPC::Message const&)>::* const&&&)(IPC::Message cons constt&), std::__1::tuple<base::WeakPtr<base::CancelableCallback<void (IPC::Message const&)> > > const&&&, base::IndexSequence<0ul>, IPC::Message const&) + 88 at bind_internal.h:347
frame #109: 0x0000000106c00024 libcontent.dylib`base::internal::Invoker<base::internal::BindState<void (base::CancelableCallback<void (IPC::Message const&)>::*)(IPC::Message cons constt&), base::WeakPtr<base::CancelableCallback<void (IPC::Message const&)> > >, void (IPC::Message const&)>::Run(base=0x0000000128865080, unbound_args=0x0000700009a529e8) + 68 at bind_internal.h:325
frame #110: 0x00000001069c89f1 libcontent.dylib`base::Callback<void (IPC::Message const&), (base::internal::CopyMode)1>::Run(this=0x000000013141e008, args=0x0000700009a529e8) const + 65 at callback.h:388
frame #111: 0x0000000106a1fcec libcontent.dylib`content::InputEventFilter::HandleEventOnMainThread(this=0x000000013141dfe0, routing_id=1, event=0x00000001288c1640, latency_info=0x0000700009a52d40, dispatch_type=DISPATCH_TYPE_BLOCKING) + 364 at input_event_filter.cc:278
frame #112: 0x0000000106a3359b libcontent.dylib`content::MainThreadEventQueue::DispatchInFlightEvent(this=0x0000000128c09d90) + 1915 at main_thread_event_queue.cc:178
frame #113: 0x0000000106a33db5 libcontent.dylib`content::MainThreadEventQueue::DispatchSingleEvent(this=0x0000000128c09d90) + 885 at main_thread_event_queue.cc:211
frame #114: 0x0000000106a36862 libcontent.dylib`void base::internal::FunctorTraits<void (content::MainThreadEventQueue::*)(), void>::Invoke<scoped_refptr<content::MainThreadEventQueue> const&>(method=0x0000000106a33a40, receiver_ptr=0x00000001288c1810)(), scoped_refptr<content::MainThreadEventQueue> const&&&) + 130 at bind_internal.h:214
frame #115: 0x0000000106a3677f libcontent.dylib`void base::internal::InvokeHelper<false, void>::MakeItSo<void (functor=0x00000001288c1800, args=0x00000001288c1810)(), scoped_refptr<content::MainThreadEventQueue> const&>(void (content::MainThreadEventQueue::* const&&&)(), scoped_refptr<content::MainThreadEventQueue> const&&&) + 63 at bind_internal.h:284
frame #116: 0x0000000106a36738 libcontent.dylib`void base::internal::Invoker<base::internal::BindState<void (content::MainThreadEventQueue::*)(), scoped_refptr<content::MainThreadEventQueue> >, void ()>::RunImpl<void (functor=0x00000001288c1800, bound=0x00000001288c1810, (null)=IndexSequence<0> at 0x0000700009a53198)(), std::__1::tuple<scoped_refptr<content::MainThreadEventQueue> > const&, 0ul>(void (content::MainThreadEventQueue::* const&&&)(), std::__1::tuple<scoped_refptr<content::MainThreadEventQueue> > const&&&, base::IndexSequence<0ul>) + 72 at bind_internal.h:347
frame #117: 0x0000000106a362dc libcontent.dylib`base::internal::Invoker<base::internal::BindState<void (content::MainThreadEventQueue::*)(), scoped_refptr<content::MainThreadEventQueue> >, void ()>::Run(base=0x00000001288c17f0) + 44 at bind_internal.h:325
frame #118: 0x000000010d547a8e libbase.dylib`base::Callback<void (), (base::internal::CopyMode)1>::Run(this=0x0000700009a53538) const + 46 at callback.h:388
frame #119: 0x000000010d58a204 libbase.dylib`base::debug::TaskAnnotator::RunTask(this=0x00000001288572b8, queue_function=0x0000000116054cfc, pending_task=0x0000700009a53520) + 676 at task_annotator.cc:54
frame #120: 0x000000011570ad25 libblink_platform.dylib`blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(this=0x0000000128857210, work_queue=0x00000001288586e0, out_previous_task=0x0000700009a53868) + 1589 at task_queue_manager.cc:320
frame #121: 0x00000001157073f0 libblink_platform.dylib`blink::scheduler::TaskQueueManager::DoWork(this=0x0000000128857210, run_time=TimeTicks at 0x0000700009a53930, from_main_thread=false) + 1200 at task_queue_manager.cc:221
frame #122: 0x0000000115710c77 libblink_platform.dylib`void base::internal::FunctorTraits<void (blink::scheduler::TaskQueueManager::*)(base::TimeTicks, bool), void>::Invoke<base::WeakPtr<blink::scheduler::TaskQueueManager> const&, base::TimeTicks const&, bool const&>(method=0x0000000115706f40, receiver_ptr=0x00000001288576c0, args=0x00000001288576d0, args=0x00000001288576d8)(base::TimeTicks, bool), base::WeakPtr<blink::scheduler::TaskQueueManager> const&&&, base::TimeTicks const&&&, bool const&&&) + 199 at bind_internal.h:214
frame #123: 0x0000000115710a60 libblink_platform.dylib`void base::internal::InvokeHelper<true, void>::MakeItSo<void (functor=0x00000001288576b0, weak_ptr=0x00000001288576c0, args=0x00000001288576d0, args=0x00000001288576d8)(base::TimeTicks, bool), base::WeakPtr<blink::scheduler::TaskQueueManager> const&, base::TimeTicks const&, bool const&>(void (blink::scheduler::TaskQueueManager::* const&&&)(base::TimeTicks, bool), base::WeakPtr<blink::scheduler::TaskQueueManager> const&&&, base::TimeTicks const&&&, bool const&&&) + 128 at bind_internal.h:304
frame #124: 0x00000001157109da libblink_platform.dylib`void base::internal::Invoker<base::internal::BindState<void (blink::scheduler::TaskQueueManager::*)(base::TimeTicks, bool), base::WeakPtr<blink::scheduler::TaskQueueManager>, base::TimeTicks, bool>, void ()>::RunImpl<void (functor=0x00000001288576b0, bound=0x00000001288576c0, (null)=IndexSequence<0, 1, 2> at 0x0000700009a53ba8)(base::TimeTicks, bool), std::__1::tuple<base::WeakPtr<blink::scheduler::TaskQueueManager>, base::TimeTicks, bool> const&, 0ul, 1ul, 2ul>(void (blink::scheduler::TaskQueueManager::* const&&&)(base::TimeTicks, bool), std::__1::tuple<base::WeakPtr<blink::scheduler::TaskQueueManager>, base::TimeTicks, bool> const&&&, base::IndexSequence<0ul, 1ul, 2ul>) + 138 at bind_internal.h:347
frame #125: 0x00000001157103dc libblink_platform.dylib`base::internal::Invoker<base::internal::BindState<void (blink::scheduler::TaskQueueManager::*)(base::TimeTicks, bool), base::WeakPtr<blink::scheduler::TaskQueueManager>, base::TimeTicks, bool>, void ()>::Run(base=0x00000001288576a0) + 44 at bind_internal.h:325
frame #126: 0x000000010d547a8e libbase.dylib`base::Callback<void (), (base::internal::CopyMode)1>::Run(this=0x0000700009a54150) const + 46 at callback.h:388
frame #127: 0x000000010d58a204 libbase.dylib`base::debug::TaskAnnotator::RunTask(this=0x000000013131f0b0, queue_function=0x000000010d95868f, pending_task=0x0000700009a54138) + 676 at task_annotator.cc:54
frame #128: 0x000000010d660b1d libbase.dylib`base::MessageLoop::RunTask(this=0x000000013131ef70, pending_task=0x0000700009a54138) + 877 at message_loop.cc:488
frame #129: 0x000000010d661104 libbase.dylib`base::MessageLoop::DeferOrRunPendingTask(this=0x000000013131ef70, pending_task=PendingTask at 0x0000700009a54138) + 68 at message_loop.cc:497
frame #130: 0x000000010d661b7d libbase.dylib`base::MessageLoop::DoWork(this=0x000000013131ef70) + 669 at message_loop.cc:621
frame #131: 0x000000010d672a38 libbase.dylib`base::MessagePumpCFRunLoopBase::RunWork(this=0x000000012880ec80) + 104 at message_pump_mac.mm:330
frame #132: 0x000000010d6729bc libbase.dylib`___ZN4base24MessagePumpCFRunLoopBase13RunWorkSourceEPv_block_invoke(.block_descriptor=<unavailable>) + 28 at message_pump_mac.mm:307
frame #133: 0x000000010d61ab6a libbase.dylib`base::mac::CallWithEHFrame(void () block_pointer) + 10 at call_with_eh_frame_asm.S:36
frame #134: 0x000000010d671f35 libbase.dylib`base::MessagePumpCFRunLoopBase::RunWorkSource(info=0x000000012880ec80) + 101 at message_pump_mac.mm:306
frame #135: 0x00007fff884a5881 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
frame #136: 0x00007fff88484fbc CoreFoundation`__CFRunLoopDoSources0 + 556
frame #137: 0x00007fff884844df CoreFoundation`__CFRunLoopRun + 927
frame #138: 0x00007fff88483ed8 CoreFoundation`CFRunLoopRunSpecific + 296
frame #139: 0x000000010d67309c libbase.dylib`base::MessagePumpCFRunLoop::DoRun(this=0x000000012880ec80, delegate=0x000000013131ef70) + 76 at message_pump_mac.mm:554
frame #140: 0x000000010d67271a libbase.dylib`base::MessagePumpCFRunLoopBase::Run(this=0x000000012880ec80, delegate=0x000000013131ef70) + 122 at message_pump_mac.mm:238
frame #141: 0x000000010d66032a libbase.dylib`base::MessageLoop::RunHandler(this=0x000000013131ef70) + 298 at message_loop.cc:451
frame #142: 0x000000010d728c75 libbase.dylib`base::RunLoop::Run(this=0x0000700009a55950) + 85 at run_loop.cc:35
frame #143: 0x000000010d81ee87 libbase.dylib`base::Thread::Run(this=0x000000013131d6b0, run_loop=0x0000700009a55950) + 215 at thread.cc:228
frame #144: 0x000000010d81fccd libbase.dylib`base::Thread::ThreadMain(this=0x000000013131d6b0) + 2525 at thread.cc:301
frame #145: 0x000000010d7fb791 libbase.dylib`base::(anonymous namespace)::ThreadFunc(params=0x000000013131e100) + 705 at platform_thread_posix.cc:71
frame #146: 0x00007fff96b5d99d libsystem_pthread.dylib`_pthread_body + 131
frame #147: 0x00007fff96b5d91a libsystem_pthread.dylib`_pthread_start + 168
frame #148: 0x00007fff96b5b351 libsystem_pthread.dylib`thread_start + 13
,
Sep 4 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/bcef514e9b3272877f89c9f353a44791b00c220d commit bcef514e9b3272877f89c9f353a44791b00c220d Author: dglazkov <dglazkov@chromium.org> Date: Sun Sep 04 19:54:46 2016 Add a missing updateStyleAndLayout call in InsertListCommand. This was omitted during my earlier audit. My bad. As a penance, I have to write a test. See below. BUG= 642545 R=esprehn,yosin Review-Url: https://codereview.chromium.org/2308683003 Cr-Commit-Position: refs/heads/master@{#416477} [modify] https://crrev.com/bcef514e9b3272877f89c9f353a44791b00c220d/third_party/WebKit/Source/core/BUILD.gn [modify] https://crrev.com/bcef514e9b3272877f89c9f353a44791b00c220d/third_party/WebKit/Source/core/editing/commands/InsertListCommand.cpp [modify] https://crrev.com/bcef514e9b3272877f89c9f353a44791b00c220d/third_party/WebKit/Source/core/editing/commands/InsertListCommand.h [add] https://crrev.com/bcef514e9b3272877f89c9f353a44791b00c220d/third_party/WebKit/Source/core/editing/commands/InsertListCommandTest.cpp
,
Sep 4 2016
,
Sep 6 2016
ClusterFuzz has detected this issue as fixed in range 416466:416526. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4812414615027712 Fuzzer: inferno_layout_test_unmodified Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !start.document()->view() || !start.document()->view()->needsLayout() in TextIte blink::TextIteratorAlgorithm<>::TextIteratorAlgorithm blink::PlainTextRange::createRangeFor Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=404886:404895 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=416466:416526 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95TFsc0BKsnCYbYAf88vithI-rGQPLpels_DDWEPRZULw6f2iDUxFcj7tykq1RO6UrWg8Diajw3Ji0KXDqv2Z8lGmrPgOb9MWM3UEwTxs7EyzgvMXWdFNaAPatcjm_znfz4PTbHNMOaz7sHYMCQDaf2oqsgUbrVqfLIzkE2Q6fjOzOQfR8?testcase_id=4812414615027712 Additional requirements: Requires Gestures See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 6 2016
As per comment #8 and #9, closing the issue. Thank you
,
Sep 6 2016
\o/
,
Oct 18 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by mummare...@chromium.org
, Aug 30 2016Labels: M-55 Te-Logged
Owner: dglazkov@chromium.org
Status: Assigned (was: Untriaged)