[Webkit-unassigned] [Bug 173540] [GTK] Layout Test imported/w3c/web-platform-tests/html/syntax/parsing/html5lib_tests1.html flaky crash

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 7 00:36:09 PST 2017 

https://bugs.webkit.org/show_bug.cgi?id=173540

--- Comment #3 from Fujii Hironori <Hironori.Fujii at sony.com> ---
Created attachment 326199

  --> https://bugs.webkit.org/attachment.cgi?id=326199&action=review

debug patch to detect an element is destructed without unregistering from m_deferredRecomputeIsIgnoredList

I created a debug patch to detect an element is destructed without unregistering from m_deferredRecomputeIsIgnoredList.
And, I got a following bt. It shows a body element was destructed without unregistering from m_deferredRecomputeIsIgnoredList.

> (gdb) bt
> #0  0x00007fe7ce43232c in WTFCrash () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #1  0x00007fe7d356e5f5 in WebCore::Node::~Node() () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #2  0x00007fe7d367c2e9 in WebCore::HTMLBodyElement::~HTMLBodyElement() () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #3  0x00007fe7d34d97dc in WebCore::ChildNodeList::~ChildNodeList() () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #4  0x00007fe7d34d9809 in WebCore::ChildNodeList::~ChildNodeList() () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #5  0x00007fe7ce1f53ae in JSC::JSDestructibleObjectSubspace::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #6  0x00007fe7cdeda5a3 in JSC::MarkedBlock::Handle::sweep(JSC::FreeList*) () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #7  0x00007fe7cdedb8b1 in JSC::MarkedAllocator::tryAllocateWithoutCollecting() ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #8  0x00007fe7cdedbf25 in JSC::MarkedAllocator::allocateSlowCaseImpl(JSC::GCDeferralContext*, bool) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #9  0x00007fe7ce1dd807 in JSC::Structure::create(JSC::VM&, JSC::JSGlobalObject*, JSC::JSValue, JSC::TypeInfo const&, JSC::ClassInfo const*, unsigned char, unsigned int) [clone .constprop.627] () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #10 0x00007fe7ce1f8852 in JSC::JSGlobalObject::init(JSC::VM&) () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #11 0x00007fe7ce2012e4 in JSC::JSGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #12 0x00007fe7d3324371 in WebCore::JSDOMGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #13 0x00007fe7d3327381 in WebCore::JSDOMWindowBase::finishCreation(JSC::VM&, WebCore::JSDOMWindowProxy*) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #14 0x00007fe7d2d1b053 in WebCore::JSDOMWindow::finishCreation(JSC::VM&, WebCore::JSDOMWindowProxy*) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #15 0x00007fe7d3331d5a in WebCore::JSDOMWindowProxy::setWindow(WTF::RefPtr<WebCore::DOMWindow>&&) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #16 0x00007fe7d3353117 in WebCore::ScriptController::setDOMWindowForWindowProxy(WebCore::DOMWindow*) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #17 0x00007fe7d381bdc6 in WebCore::FrameLoader::clear(WebCore::Document*, bool, bool, bool) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #18 0x00007fe7d3802019 in WebCore::DocumentWriter::begin(WebCore::URL const&, bool, WebCore::Document*) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #19 0x00007fe7d38023cd in WebCore::DocumentLoader::commitData(char const*, unsigned long) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #20 0x00007fe7d2a445fe in WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #21 0x00007fe7d3800986 in WebCore::DocumentLoader::commitLoad(char const*, int) () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #22 0x00007fe7d388640a in WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #23 0x00007fe7d38865b5 in WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #24 0x00007fe7d3850a81 in WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer>&&, long long, WebCore::DataPayloadType) () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #25 0x00007fe7d3850c25 in WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #26 0x00007fe7d2cad74c in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #27 0x00007fe7d281fb0b in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #28 0x00007fe7d28204bd in IPC::Connection::dispatchOneMessage() () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #29 0x00007fe7ce449d26 in WTF::RunLoop::performWork() () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #30 0x00007fe7ce480c99 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) ()
>    from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #31 0x00007fe7ce947935 in g_main_dispatch () at /home/fujii/work/webkit/gb/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3212
> #32 g_main_context_dispatch () at /home/fujii/work/webkit/gb/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3865
> #33 0x00007fe7ce947cf8 in g_main_context_iterate () at /home/fujii/work/webkit/gb/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3938
> #34 0x00007fe7ce948012 in g_main_loop_run () at /home/fujii/work/webkit/gb/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:4134
> #35 0x00007fe7ce481690 in WTF::RunLoop::run() () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #36 0x00007fe7d2c27d98 in WebProcessMainUnix () from /home/fujii/work/webkit/gb/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #37 0x00007fe7d0eb11c1 in __libc_start_main (main=0x56139b0c48c0 <main>, argc=2, argv=0x7fffa46edfa8, init=<optimized out>, fini=<optimized out>, 
>     rtld_fini=<optimized out>, stack_end=0x7fffa46edf98) at ../csu/libc-start.c:308
> #38 0x000056139b0c494a in _start ()
> (gdb) q

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171107/9df98b80/attachment-0001.html>

More information about the webkit-unassigned mailing list