[Webkit-unassigned] [Bug 150199] New: Null dereference loading Blink layout test fast/dom/Window/property-access-on-cached-properties-after-frame-removed.html
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 15 16:07:03 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=150199
Bug ID: 150199
Summary: Null dereference loading Blink layout test
fast/dom/Window/property-access-on-cached-properties-a
fter-frame-removed.html
Classification: Unclassified
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Keywords: HasReduction, NeedsRadar
Severity: Normal
Priority: P2
Component: Page Loading
Assignee: webkit-unassigned at lists.webkit.org
Reporter: jhoneycutt at apple.com
CC: webkit-bug-importer at group.apple.com
Created attachment 263214
--> https://bugs.webkit.org/attachment.cgi?id=263214&action=review
crashing test
Null dereference loading Blink layout test fast/dom/Window/property-access-on-cached-properties-after-frame-removed.html.
Stack trace:
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGABRT)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000008
VM Regions Near 0x8:
-->
__TEXT 0000000101f3c000-0000000101fd6000 [ 616K] r-x/rwx SM=COW /Users/USER/*
Application Specific Information:
CRASHING TEST: blink-tests-that-are-unknown/fast/dom/Window/property-access-on-cached-properties-after-frame-removed.html
================================================================
==22079==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x000107d8ac2b bp 0x7fff5dcb8070 sp 0x7fff5dcb8070 T0)
#0 0x107d8ac2a in WebCore::DocumentLoadTiming::monotonicTimeToPseudoWallTime(double) const DocumentLoadTiming.cpp:68
#1 0x109149e2e in WebCore::PerformanceTiming::monotonicTimeToIntegerMilliseconds(double) const PerformanceTiming.cpp:345
#2 0x108afbef8 in WebCore::jsPerformanceTimingDomComplete(JSC::ExecState*, JSC::JSObject*, long long, JSC::PropertyName) JSPerformanceTiming.cpp:498
#3 0x102d5a4b5 in llint_slow_path_get_by_id PropertySlot.h:278
#4 0x102d6f5ff in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab15ff)
#5 0x102d6ca0a in vmEntryToJavaScript (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xaaea0a)
#6 0x102ace07d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) JITCode.cpp:80
#7 0x102a8417f in JSC::Interpreter::execute(JSC::EvalExecutable*, JSC::ExecState*, JSC::JSValue, JSC::JSScope*) Interpreter.cpp:1269
#8 0x102a83542 in JSC::eval(JSC::ExecState*) Interpreter.cpp:182
#9 0x102afe792 in operationCallEval JITOperations.cpp:677
#10 0x30bc76212a74 (<unknown module>)
#11 0x102d725dd in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab45dd)
#12 0x102d7264f in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab464f)
#13 0x102d6ca0a in vmEntryToJavaScript (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xaaea0a)
#14 0x102ace07d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) JITCode.cpp:80
#15 0x102a8b714 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) Interpreter.cpp:1024
#16 0x10239c9d1 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) CallData.cpp:39
#17 0x10239cac1 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) CallData.cpp:44
#18 0x1086b39c7 in WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) JSMainThreadExecState.h:56
#19 0x1088a5f5d in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) JSEventListener.cpp:130
#20 0x107fc9d21 in WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow, 16ul>&) EventTarget.cpp:256
#21 0x107fc9721 in WebCore::EventTarget::fireEventListeners(WebCore::Event*) EventTarget.cpp:208
#22 0x107f8c897 in WebCore::EventContext::handleLocalEvents(WebCore::Event&) const EventContext.cpp:54
#23 0x107f8f453 in WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&, WebCore::WindowEventContext&) EventDispatcher.cpp:280
#24 0x107f8e9b5 in WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) EventDispatcher.cpp:342
#25 0x1090a8e14 in WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) Node.cpp:2145
#26 0x107ec538a in WebCore::DOMWindow::dispatchLoadEvent() DOMWindow.cpp:1867
#27 0x107d0762f in WebCore::Document::dispatchWindowLoadEvent() Document.cpp:4067
#28 0x107d03201 in WebCore::Document::implicitClose() Document.cpp:2663
#29 0x10810d0ab in WebCore::FrameLoader::checkCompleted() FrameLoader.cpp:836
#30 0x10810a35c in WebCore::FrameLoader::finishedParsing() FrameLoader.cpp:757
#31 0x107d18049 in WebCore::Document::finishedParsing() Document.cpp:4897
#32 0x1082aad3d in WebCore::HTMLDocumentParser::prepareToStopParsing() HTMLDocumentParser.cpp:132
#33 0x107da795c in WebCore::DocumentWriter::end() DocumentWriter.cpp:247
#34 0x107d6fb67 in WebCore::DocumentLoader::finishedLoading(double) DocumentLoader.cpp:437
#35 0x107d75b53 in WebCore::DocumentLoader::maybeLoadEmpty() DocumentLoader.cpp:1397
#36 0x107d75ea6 in WebCore::DocumentLoader::startLoadingMainResource() DocumentLoader.cpp:1409
#37 0x108114ee9 in WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool, WebCore::AllowNavigationToInvalidURL) FrameLoader.cpp:2997
#38 0x108121783 in WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) const FrameLoader.cpp:1483
#39 0x1081215bd in void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool>(WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4&&&, WebCore::ResourceRequest const&&&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) __functional_base:415
#40 0x10917f1b2 in std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) const functional:1793
#41 0x10917dfd8 in WebCore::PolicyCallback::call(bool) PolicyCallback.cpp:95
#42 0x109180830 in WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction) PolicyChecker.cpp:204
#43 0x10ea43a2e in std::__1::function<void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction) const functional:1793
#44 0x10ea43148 in -[WebFramePolicyListener receivedPolicyDecision:] WebFrameLoaderClient.mm:2356
#45 0x7fff96f96b5b in __invoking___ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x86b5b)
#46 0x7fff96f969ed in -[NSInvocation invoke] (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x869ed)
#47 0x7fff96fb1e35 in -[NSInvocation invokeWithTarget:] (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa1e35)
#48 0x10eb559b6 in -[_WebSafeForwarder forwardInvocation:] WebView.mm:4613
#49 0x7fff96f95471 in ___forwarding___ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x85471)
#50 0x7fff96f951e7 in _CF_forwarding_prep_0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x851e7)
#51 0x10ea3b425 in WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(WebCore::NavigationAction const&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::PolicyAction)>) WebFrameLoaderClient.mm:915
#52 0x1091800b9 in WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>) PolicyChecker.cpp:120
#53 0x108113dd5 in WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL) FrameLoader.cpp:1482
#54 0x108112b2e in WebCore::FrameLoader::loadWithNavigationAction(WebCore::ResourceRequest const&, WebCore::NavigationAction const&, WebCore::LockHistory, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL) FrameLoader.cpp:1346
#55 0x10810fab5 in WebCore::FrameLoader::loadURL(WebCore::FrameLoadRequest const&, WTF::String const&, WebCore::FrameLoadType, WebCore::Event*, WTF::PassRefPtr<WebCore::FormState>) FrameLoader.cpp:1273
#56 0x10810de7c in WebCore::FrameLoader::loadURLIntoChildFrame(WebCore::URL const&, WTF::String const&, WebCore::Frame*) FrameLoader.cpp:919
#57 0x10ea3fa25 in WebFrameLoaderClient::createFrame(WebCore::URL const&, WTF::String const&, WebCore::HTMLFrameOwnerElement*, WTF::String const&, bool, int, int) WebFrameLoaderClient.mm:1641
#58 0x10994e840 in WebCore::SubframeLoader::loadSubframe(WebCore::HTMLFrameOwnerElement&, WebCore::URL const&, WTF::String const&, WTF::String const&) SubframeLoader.cpp:326
#59 0x10994c2a3 in WebCore::SubframeLoader::loadOrRedirectSubframe(WebCore::HTMLFrameOwnerElement&, WebCore::URL const&, WTF::AtomicString const&, WebCore::LockHistory, WebCore::LockBackForwardList) SubframeLoader.cpp:290
#60 0x10994bf45 in WebCore::SubframeLoader::requestFrame(WebCore::HTMLFrameOwnerElement&, WTF::String const&, WTF::AtomicString const&, WebCore::LockHistory, WebCore::LockBackForwardList) SubframeLoader.cpp:87
#61 0x1082f5288 in WebCore::HTMLFrameElementBase::openURL(WebCore::LockHistory, WebCore::LockBackForwardList) HTMLFrameElementBase.cpp:90
#62 0x1079d1708 in WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) ContainerNode.cpp:353
#63 0x1079d0736 in WebCore::ContainerNode::parserAppendChild(WTF::Ref<WebCore::Node>&&) ContainerNode.cpp:734
#64 0x108283a55 in WebCore::insert(WebCore::HTMLConstructionSiteTask&) HTMLConstructionSite.cpp:107
#65 0x1082835bc in WebCore::executeInsertTask(WebCore::HTMLConstructionSiteTask&) HTMLConstructionSite.cpp:114
#66 0x10827cfe2 in WebCore::HTMLConstructionSite::executeQueuedTasks() HTMLConstructionSite.cpp:202
#67 0x1082abf28 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&) HTMLDocumentParser.cpp:321
#68 0x1082ab28e in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) HTMLDocumentParser.cpp:276
#69 0x1082acc9d in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() HTMLDocumentParser.cpp:496
#70 0x1082acf61 in WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) HTMLDocumentParser.cpp:536
#71 0x1078ceca7 in WebCore::CachedResource::checkNotify() CachedResource.cpp:297
#72 0x109957588 in WebCore::SubresourceLoader::didFinishLoading(double) SubresourceLoader.cpp:372
#73 0x7fff8c4a3850 in __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e850)
#74 0x7fff8c4a3765 in -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e765)
#75 0x7fff8c4a366a in -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e66a)
#76 0x7fff8c4a8491 in ___ZN27URLConnectionClient_Classic26_delegate_didFinishLoadingEU13block_pointerFvvE_block_invoke (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x33491)
#77 0x7fff8c63c976 in ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x1c7976)
#78 0x7fff9a99c3c2 in _dispatch_client_callout (/usr/lib/system/libdispatch.dylib+0x23c2)
#79 0x7fff9a9aa0bd in _dispatch_block_invoke (/usr/lib/system/libdispatch.dylib+0x100bd)
#80 0x7fff8c4a3527 in RunloopBlockContext::_invoke_block(void const*, void*) (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e527)
#81 0x7fff96f5ce63 in CFArrayApplyFunction (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x4ce63)
#82 0x7fff8c4a3420 in RunloopBlockContext::perform() (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e420)
#83 0x7fff8c4a32c1 in MultiplexerSource::perform() (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e2c1)
#84 0x7fff8c4a30e3 in MultiplexerSource::_perform(void*) (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e0e3)
#85 0x7fff96fba8b0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa8b0)
#86 0x7fff96f9a0ab in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8a0ab)
#87 0x7fff96f995ce in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x895ce)
#88 0x7fff96f98fc7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88fc7)
#89 0x101f5e98d in runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) DumpRenderTree.mm:2030
#90 0x101f5df39 in runTestingServerLoop() DumpRenderTree.mm:1180
#91 0x101f5d267 in dumpRenderTree(int, char const**) DumpRenderTree.mm:1288
#92 0x101f5f2b1 in DumpRenderTreeMain(int, char const**) DumpRenderTree.mm:1418
#93 0x7fff931e95ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
#94 0x1 (<unknown module>)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151015/3156c03f/attachment-0001.html>
More information about the webkit-unassigned
mailing list