[Webkit-unassigned] [Bug 272426] New: Crash observed in running webxr layout test from WebCore::WebXRSession::~WebXRSession()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 9 16:59:56 PDT 2024


https://bugs.webkit.org/show_bug.cgi?id=272426

            Bug ID: 272426
           Summary: Crash observed in running webxr layout test from
                    WebCore::WebXRSession::~WebXRSession()
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebXR
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: adachan at apple.com

Crash observed in running webxr layout test from WebCore::WebXRSession::~WebXRSession()

Observed in wpe-wk2 test run from https://github.com/WebKit/WebKit/pull/26376.

Looks like a pure virtual method is called in WebXRSession destructor.

Stack trace of crash:
Thread 1 (Thread 0x7f636ce0da40 (LWP 1636)):
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo at entry=6, no_tid=no_tid at entry=0) at pthread_kill.c:44
#1  0x00007f63738a3e83 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007f6373851dce in __GI_raise (sig=sig at entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007f637383983f in __GI_abort () at abort.c:79
#4  0x00007f6373aace03 in __gnu_cxx::__verbose_terminate_handler() () at ../../../../libstdc++-v3/libsupc++/vterminate.cc:95
#5  0x00007f6373abfbfa in __cxxabiv1::__terminate(void (*)()) (handler=<optimized out>) at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:48
#6  0x00007f6373abfc65 in std::terminate() () at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:58
#7  0x00007f6373ac0a53 in __cxxabiv1::__cxa_pure_virtual() () at ../../../../libstdc++-v3/libsupc++/pure.cc:50
#8  0x00007f6378d24938 in WebCore::WebXRSession::~WebXRSession() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#9  0x00007f6378d25388 in WebCore::WebXRSystem::~WebXRSystem() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#10 0x00007f6378d25429 in WebCore::WebXRSystem::~WebXRSystem() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#11 0x00007f6378d1888d in WebCore::NavigatorWebXR::~NavigatorWebXR() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#12 0x00007f6379a49b16 in WebCore::Navigator::~Navigator() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#13 0x00007f6379a49c09 in WebCore::Navigator::~Navigator() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#14 0x00007f6379a2b12e in WebCore::LocalDOMWindow::~LocalDOMWindow() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#15 0x00007f6379a2b5d9 in WebCore::LocalDOMWindow::~LocalDOMWindow() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#16 0x00007f637929e216 in WebCore::Document::~Document() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#17 0x00007f637950aeac in WebCore::HTMLDocument::~HTMLDocument() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#18 0x00007f637929aef8 in WebCore::Document::removedLastRef() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#19 0x00007f63792cbae7 in WebCore::Event::~Event() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#20 0x00007f63774255d8 in void JSC::MarkedBlock::Handle::specializedSweep<true, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)1, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)1, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&) [clone .isra.0] () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#21 0x00007f6376f29ec3 in JSC::MarkedBlock::Handle::sweep(JSC::FreeList*) () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#22 0x00007f6376f10279 in JSC::IncrementalSweeper::doWork(JSC::VM&) () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#23 0x00007f63774c99bb in JSC::JSRunLoopTimer::timerDidFire() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#24 0x00007f63774e7e8c in JSC::JSRunLoopTimer::Manager::timerDidFire() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#25 0x00007f6377bc3d2c in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#26 0x00007f6377bc494f in WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#27 0x00007f6374055d36 in g_main_dispatch (context=0x55a708e46d00) at ../glib/gmain.c:3460
#28 g_main_context_dispatch (context=0x55a708e46d00) at ../glib/gmain.c:4200
#29 0x00007f63740b32b8 in g_main_context_iterate.isra.0 (context=0x55a708e46d00, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/gmain.c:4276
#30 0x00007f63740553ff in g_main_loop_run (loop=0x55a708e46e40) at ../glib/gmain.c:4479
#31 0x00007f6377bc4ad0 in WTF::RunLoop::run() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#32 0x00007f637640d886 in WebKit::WebProcessMain(int, char**) () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#33 0x00007f637383b08a in __libc_start_call_main (main=main at entry=0x55a70844d850 <main>, argc=argc at entry=4, argv=argv at entry=0x7ffc5b92c068) at ../sysdeps/nptl/libc_start_call_main.h:58
#34 0x00007f637383b14b in __libc_start_main_impl (main=0x55a70844d850 <main>, argc=4, argv=0x7ffc5b92c068, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffc5b92c058) at ../csu/libc-start.c:360
#35 0x000055a70844d785 in _start () at ../sysdeps/x86_64/start.S:115

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240409/f8b6e67f/attachment-0001.htm>


More information about the webkit-unassigned mailing list