[Webkit-unassigned] [Bug 159452] New: [GTK][EFL] SIGSEGV in AccessibilityRenderObject::remoteSVGRootElement

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jul 5 23:37:06 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=159452

            Bug ID: 159452
           Summary: [GTK][EFL] SIGSEGV in
                    AccessibilityRenderObject::remoteSVGRootElement
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Accessibility
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Hironori.Fujii at sony.com
                CC: webkit-bug-importer at group.apple.com

BuildBot of GTK Linux 64-bit Release fails.

https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release%20%28Tests%29/builds/16841/steps/layout-test/logs/stdio

> fast/history/page-cache-geolocation-active-oneshot.html [ Crash ]

I tested with trunk at 202817, Gtk port, release build, 64bit.
This can not be reproduced with single test case fast/history/page-cache-geolocation-active-oneshot.html.
I can reproduce this with two test cases:

> $ ./Tools/Scripts/run-webkit-tests --gtk --release fast/history/page-cache-destroy-document.html fast/history/page-cache-geolocation-active-oneshot.html

Callstack:

> #0  0x00007f12c82847e2 in WebCore::AccessibilityRenderObject::remoteSVGRootElement(WebCore::AccessibilityRenderObject::CreationChoice) const () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #1  0x00007f12c828550e in WebCore::AccessibilityRenderObject::detachRemoteSVGRoot() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #2  0x00007f12c8287ac1 in WebCore::AccessibilityRenderObject::detach(WebCore::AccessibilityDetachmentType, WebCore::AXObjectCache*) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #3  0x00007f12c8252848 in WebCore::AXObjectCache::~AXObjectCache() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #4  0x00007f12c8492c30 in WebCore::Document::clearAXObjectCache() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #5  0x00007f12c8496f98 in WebCore::Document::destroyRenderTree() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #6  0x00007f12c84a9fc8 in WebCore::Document::prepareForDestruction() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #7  0x00007f12c86218e7 in WebCore::CachedFrame::destroy() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #8  0x00007f12c86219e2 in WebCore::CachedPage::~CachedPage() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #9  0x00007f12c862609f in WebCore::PageCache::prune(WebCore::PruningReason) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #10 0x00007f12c8626166 in WebCore::PageCache::pruneToSizeNow(unsigned int, WebCore::PruningReason) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #11 0x00007f12c7f7fa80 in WebKit::WebPage::updatePreferences(WebKit::WebPreferencesStore const&) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #12 0x00007f12c80ba734 in void IPC::handleMessage<Messages::WebPage::PreferencesDidChange, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebPreferencesStore const&)>(IPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebPreferencesStore const&)) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #13 0x00007f12c80b88d3 in WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::MessageDecoder&) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #14 0x00007f12c7da39e9 in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::MessageDecoder&) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #15 0x00007f12c7ed24f6 in WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #16 0x00007f12c7d9fe96 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #17 0x00007f12c7da08c3 in IPC::Connection::dispatchOneMessage() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #18 0x00007f12c699c62d in WTF::RunLoop::performWork() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #19 0x00007f12c69cd169 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #20 0x00007f12c10645f7 in g_main_dispatch () from /home/fujii/work/webkit/w1/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0
> #21 0x00007f12c106542e in g_main_context_dispatch () from /home/fujii/work/webkit/w1/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0
> #22 0x00007f12c1065612 in g_main_context_iterate () from /home/fujii/work/webkit/w1/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0
> #23 0x00007f12c1065a38 in g_main_loop_run () from /home/fujii/work/webkit/w1/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0
> #24 0x00007f12c69cda20 in WTF::RunLoop::run() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #25 0x00007f12c8069682 in int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #26 0x00007f12bc066731 in __libc_start_main () from /lib64/libc.so.6
> #27 0x0000000000400b99 in _start ()


EFL Linux 64-bit Release has the same crash.
https://build.webkit.org/results/EFL%20Linux%2064-bit%20Release%20WK2/r202838%20(28753)/fast/history/page-cache-geolocation-active-oneshot-crash-log.txt

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160706/14a845e7/attachment.html>

More information about the webkit-unassigned mailing list