[Webkit-unassigned] [Bug 150199] New: Null dereference loading Blink layout test fast/dom/Window/property-access-on-cached-properties-after-frame-removed.html

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 15 16:07:03 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=150199

            Bug ID: 150199
           Summary: Null dereference loading Blink layout test
                    fast/dom/Window/property-access-on-cached-properties-a
                    fter-frame-removed.html
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: HasReduction, NeedsRadar
          Severity: Normal
          Priority: P2
         Component: Page Loading
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jhoneycutt at apple.com
                CC: webkit-bug-importer at group.apple.com

Created attachment 263214
  --> https://bugs.webkit.org/attachment.cgi?id=263214&action=review
crashing test

Null dereference loading Blink layout test fast/dom/Window/property-access-on-cached-properties-after-frame-removed.html.

Stack trace:

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGABRT)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000008

VM Regions Near 0x8:
--> 
    __TEXT                 0000000101f3c000-0000000101fd6000 [  616K] r-x/rwx SM=COW  /Users/USER/*

Application Specific Information:
CRASHING TEST: blink-tests-that-are-unknown/fast/dom/Window/property-access-on-cached-properties-after-frame-removed.html
================================================================
==22079==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x000107d8ac2b bp 0x7fff5dcb8070 sp 0x7fff5dcb8070 T0)
    #0 0x107d8ac2a in WebCore::DocumentLoadTiming::monotonicTimeToPseudoWallTime(double) const DocumentLoadTiming.cpp:68
    #1 0x109149e2e in WebCore::PerformanceTiming::monotonicTimeToIntegerMilliseconds(double) const PerformanceTiming.cpp:345
    #2 0x108afbef8 in WebCore::jsPerformanceTimingDomComplete(JSC::ExecState*, JSC::JSObject*, long long, JSC::PropertyName) JSPerformanceTiming.cpp:498
    #3 0x102d5a4b5 in llint_slow_path_get_by_id PropertySlot.h:278
    #4 0x102d6f5ff in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab15ff)
    #5 0x102d6ca0a in vmEntryToJavaScript (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xaaea0a)
    #6 0x102ace07d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) JITCode.cpp:80
    #7 0x102a8417f in JSC::Interpreter::execute(JSC::EvalExecutable*, JSC::ExecState*, JSC::JSValue, JSC::JSScope*) Interpreter.cpp:1269
    #8 0x102a83542 in JSC::eval(JSC::ExecState*) Interpreter.cpp:182
    #9 0x102afe792 in operationCallEval JITOperations.cpp:677
    #10 0x30bc76212a74  (<unknown module>)
    #11 0x102d725dd in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab45dd)
    #12 0x102d7264f in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab464f)
    #13 0x102d6ca0a in vmEntryToJavaScript (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xaaea0a)
    #14 0x102ace07d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) JITCode.cpp:80
    #15 0x102a8b714 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) Interpreter.cpp:1024
    #16 0x10239c9d1 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) CallData.cpp:39
    #17 0x10239cac1 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) CallData.cpp:44
    #18 0x1086b39c7 in WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) JSMainThreadExecState.h:56
    #19 0x1088a5f5d in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) JSEventListener.cpp:130
    #20 0x107fc9d21 in WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow, 16ul>&) EventTarget.cpp:256
    #21 0x107fc9721 in WebCore::EventTarget::fireEventListeners(WebCore::Event*) EventTarget.cpp:208
    #22 0x107f8c897 in WebCore::EventContext::handleLocalEvents(WebCore::Event&) const EventContext.cpp:54
    #23 0x107f8f453 in WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&, WebCore::WindowEventContext&) EventDispatcher.cpp:280
    #24 0x107f8e9b5 in WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) EventDispatcher.cpp:342
    #25 0x1090a8e14 in WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) Node.cpp:2145
    #26 0x107ec538a in WebCore::DOMWindow::dispatchLoadEvent() DOMWindow.cpp:1867
    #27 0x107d0762f in WebCore::Document::dispatchWindowLoadEvent() Document.cpp:4067
    #28 0x107d03201 in WebCore::Document::implicitClose() Document.cpp:2663
    #29 0x10810d0ab in WebCore::FrameLoader::checkCompleted() FrameLoader.cpp:836
    #30 0x10810a35c in WebCore::FrameLoader::finishedParsing() FrameLoader.cpp:757
    #31 0x107d18049 in WebCore::Document::finishedParsing() Document.cpp:4897
    #32 0x1082aad3d in WebCore::HTMLDocumentParser::prepareToStopParsing() HTMLDocumentParser.cpp:132
    #33 0x107da795c in WebCore::DocumentWriter::end() DocumentWriter.cpp:247
    #34 0x107d6fb67 in WebCore::DocumentLoader::finishedLoading(double) DocumentLoader.cpp:437
    #35 0x107d75b53 in WebCore::DocumentLoader::maybeLoadEmpty() DocumentLoader.cpp:1397
    #36 0x107d75ea6 in WebCore::DocumentLoader::startLoadingMainResource() DocumentLoader.cpp:1409
    #37 0x108114ee9 in WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool, WebCore::AllowNavigationToInvalidURL) FrameLoader.cpp:2997
    #38 0x108121783 in WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) const FrameLoader.cpp:1483
    #39 0x1081215bd in void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool>(WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4&&&, WebCore::ResourceRequest const&&&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) __functional_base:415
    #40 0x10917f1b2 in std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) const functional:1793
    #41 0x10917dfd8 in WebCore::PolicyCallback::call(bool) PolicyCallback.cpp:95
    #42 0x109180830 in WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction) PolicyChecker.cpp:204
    #43 0x10ea43a2e in std::__1::function<void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction) const functional:1793
    #44 0x10ea43148 in -[WebFramePolicyListener receivedPolicyDecision:] WebFrameLoaderClient.mm:2356
    #45 0x7fff96f96b5b in __invoking___ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x86b5b)
    #46 0x7fff96f969ed in -[NSInvocation invoke] (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x869ed)
    #47 0x7fff96fb1e35 in -[NSInvocation invokeWithTarget:] (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa1e35)
    #48 0x10eb559b6 in -[_WebSafeForwarder forwardInvocation:] WebView.mm:4613
    #49 0x7fff96f95471 in ___forwarding___ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x85471)
    #50 0x7fff96f951e7 in _CF_forwarding_prep_0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x851e7)
    #51 0x10ea3b425 in WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(WebCore::NavigationAction const&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::PolicyAction)>) WebFrameLoaderClient.mm:915
    #52 0x1091800b9 in WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>) PolicyChecker.cpp:120
    #53 0x108113dd5 in WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL) FrameLoader.cpp:1482
    #54 0x108112b2e in WebCore::FrameLoader::loadWithNavigationAction(WebCore::ResourceRequest const&, WebCore::NavigationAction const&, WebCore::LockHistory, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL) FrameLoader.cpp:1346
    #55 0x10810fab5 in WebCore::FrameLoader::loadURL(WebCore::FrameLoadRequest const&, WTF::String const&, WebCore::FrameLoadType, WebCore::Event*, WTF::PassRefPtr<WebCore::FormState>) FrameLoader.cpp:1273
    #56 0x10810de7c in WebCore::FrameLoader::loadURLIntoChildFrame(WebCore::URL const&, WTF::String const&, WebCore::Frame*) FrameLoader.cpp:919
    #57 0x10ea3fa25 in WebFrameLoaderClient::createFrame(WebCore::URL const&, WTF::String const&, WebCore::HTMLFrameOwnerElement*, WTF::String const&, bool, int, int) WebFrameLoaderClient.mm:1641
    #58 0x10994e840 in WebCore::SubframeLoader::loadSubframe(WebCore::HTMLFrameOwnerElement&, WebCore::URL const&, WTF::String const&, WTF::String const&) SubframeLoader.cpp:326
    #59 0x10994c2a3 in WebCore::SubframeLoader::loadOrRedirectSubframe(WebCore::HTMLFrameOwnerElement&, WebCore::URL const&, WTF::AtomicString const&, WebCore::LockHistory, WebCore::LockBackForwardList) SubframeLoader.cpp:290
    #60 0x10994bf45 in WebCore::SubframeLoader::requestFrame(WebCore::HTMLFrameOwnerElement&, WTF::String const&, WTF::AtomicString const&, WebCore::LockHistory, WebCore::LockBackForwardList) SubframeLoader.cpp:87
    #61 0x1082f5288 in WebCore::HTMLFrameElementBase::openURL(WebCore::LockHistory, WebCore::LockBackForwardList) HTMLFrameElementBase.cpp:90
    #62 0x1079d1708 in WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) ContainerNode.cpp:353
    #63 0x1079d0736 in WebCore::ContainerNode::parserAppendChild(WTF::Ref<WebCore::Node>&&) ContainerNode.cpp:734
    #64 0x108283a55 in WebCore::insert(WebCore::HTMLConstructionSiteTask&) HTMLConstructionSite.cpp:107
    #65 0x1082835bc in WebCore::executeInsertTask(WebCore::HTMLConstructionSiteTask&) HTMLConstructionSite.cpp:114
    #66 0x10827cfe2 in WebCore::HTMLConstructionSite::executeQueuedTasks() HTMLConstructionSite.cpp:202
    #67 0x1082abf28 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&) HTMLDocumentParser.cpp:321
    #68 0x1082ab28e in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) HTMLDocumentParser.cpp:276
    #69 0x1082acc9d in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() HTMLDocumentParser.cpp:496
    #70 0x1082acf61 in WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) HTMLDocumentParser.cpp:536
    #71 0x1078ceca7 in WebCore::CachedResource::checkNotify() CachedResource.cpp:297
    #72 0x109957588 in WebCore::SubresourceLoader::didFinishLoading(double) SubresourceLoader.cpp:372
    #73 0x7fff8c4a3850 in __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e850)
    #74 0x7fff8c4a3765 in -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e765)
    #75 0x7fff8c4a366a in -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e66a)
    #76 0x7fff8c4a8491 in ___ZN27URLConnectionClient_Classic26_delegate_didFinishLoadingEU13block_pointerFvvE_block_invoke (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x33491)
    #77 0x7fff8c63c976 in ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x1c7976)
    #78 0x7fff9a99c3c2 in _dispatch_client_callout (/usr/lib/system/libdispatch.dylib+0x23c2)
    #79 0x7fff9a9aa0bd in _dispatch_block_invoke (/usr/lib/system/libdispatch.dylib+0x100bd)
    #80 0x7fff8c4a3527 in RunloopBlockContext::_invoke_block(void const*, void*) (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e527)
    #81 0x7fff96f5ce63 in CFArrayApplyFunction (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x4ce63)
    #82 0x7fff8c4a3420 in RunloopBlockContext::perform() (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e420)
    #83 0x7fff8c4a32c1 in MultiplexerSource::perform() (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e2c1)
    #84 0x7fff8c4a30e3 in MultiplexerSource::_perform(void*) (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e0e3)
    #85 0x7fff96fba8b0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa8b0)
    #86 0x7fff96f9a0ab in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8a0ab)
    #87 0x7fff96f995ce in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x895ce)
    #88 0x7fff96f98fc7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88fc7)
    #89 0x101f5e98d in runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) DumpRenderTree.mm:2030
    #90 0x101f5df39 in runTestingServerLoop() DumpRenderTree.mm:1180
    #91 0x101f5d267 in dumpRenderTree(int, char const**) DumpRenderTree.mm:1288
    #92 0x101f5f2b1 in DumpRenderTreeMain(int, char const**) DumpRenderTree.mm:1418
    #93 0x7fff931e95ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
    #94 0x1  (<unknown module>)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151015/3156c03f/attachment-0001.html>

More information about the webkit-unassigned mailing list