[Webkit-unassigned] [Bug 217111] New: Crash while loading a confluence page

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Sep 29 17:48:57 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=217111

            Bug ID: 217111
           Summary: Crash while loading a confluence page
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: DOM
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rniwa at webkit.org

We can hit the following crash while loading a confluence page:

./dom/Node.cpp(2293) : void WebCore::Node::unregisterMutationObserver(WebCore::MutationObserverRegistration &)
1   0x6ec0debd9 WTFCrash
2   0x6cdf3b03b WTFCrashWithInfo(int, char const*, char const*, int)
3   0x6d0d4f4bd WebCore::Node::unregisterMutationObserver(WebCore::MutationObserverRegistration&)
4   0x6d0d1cfb6 WebCore::MutationObserver::disconnect()
5   0x6cef7e128 WebCore::jsMutationObserverPrototypeFunctionDisconnectBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSMutationObserver*)
6   0x6ceef0c6c long long WebCore::IDLOperation<WebCore::JSMutationObserver>::call<&(WebCore::jsMutationObserverPrototypeFunctionDisconnectBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSMutationObserver*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)
7   0x6ceef0944 WebCore::jsMutationObserverPrototypeFunctionDisconnect(JSC::JSGlobalObject*, JSC::CallFrame*)
8   0x30ae70801178
9   0x6ec65539d llint_entry
10  0x6ec632543 vmEntryToJavaScript
11  0x6ed4668fb JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
12  0x6ed465e12 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*)
13  0x6ed810937 JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
14  0x6ed810a8a JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
15  0x6d06a8e9c WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
16  0x6d06a8a7e WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&)
17  0x6d06a88a9 WebCore::ScriptController::evaluateInWorldIgnoringException(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&)
18  0x6d06a91a5 WebCore::ScriptController::evaluateIgnoringException(WebCore::ScriptSourceCode const&)
19  0x6d0d9d6b6 WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&)
20  0x6d0d9b62b WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport)
21  0x6d1319216 WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&)
22  0x6d1319017 WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement, WTF::DumbPtrTraits<WebCore::ScriptElement> >&&, WTF::TextPosition const&)
23  0x6d12fd721 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder()
24  0x6d12fdbac WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&)
25  0x6d12fcf1f WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode)
26  0x6d12fc86d WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode)
27  0x6d12fe972 WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl>, WTF::DefaultRefDerefTraits<WTF::StringImpl> >&&)
28  0x6d0b96616 WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&)
29  0x6d17090fc WebCore::DocumentWriter::end()
30  0x6d1708144 WebCore::DocumentLoader::finishedLoading()
31  0x6d1707b41 WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&, WebCore::NetworkLoadMetrics const&)

<rdar://problem/69757679>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200930/3ceccfa7/attachment.htm>

More information about the webkit-unassigned mailing list