[Webkit-unassigned] [Bug 267992] New: [SOUP] Flaky crash in g_tls_certificate_gnutls_finalize() - corrupted double-linked list

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=267992

            Bug ID: 267992
           Summary: [SOUP] Flaky crash in
                    g_tls_certificate_gnutls_finalize() - corrupted
                    double-linked list
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: vitaly at igalia.com
                CC: bugs-noreply at webkitgtk.org

Tests:
imported/w3c/web-platform-tests/html/cross-origin-opener-policy/javascript-url.https.html?11-12
imported/w3c/web-platform-tests/html/cross-origin-opener-policy/popup-unsafe-none-with-cross-origin.https.html

Stack trace:
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo at entry=6, no_tid=no_tid at entry=0) at pthread_kill.c:44
#1  0x00007fa2cfbafe83 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007fa2cfb5ddce in __GI_raise (sig=sig at entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007fa2cfb4583f in __GI_abort () at abort.c:79
#4  0x00007fa2cfb46710 in __libc_message (fmt=fmt at entry=0x7fa2cfcc955b "%s\n") at ../sysdeps/posix/libc_fatal.c:150
#5  0x00007fa2cfbb9fd5 in malloc_printerr (str=str at entry=0x7fa2cfcc6fbd "corrupted double-linked list") at malloc.c:5765
#6  0x00007fa2cfbba8fc in unlink_chunk (p=p at entry=0x55dd380be850, av=0x7fa2cfcfdac0 <main_arena>) at malloc.c:1616
#7  0x00007fa2cfbbab6c in _int_free_create_chunk (av=av at entry=0x7fa2cfcfdac0 <main_arena>, p=p at entry=0x55dd380be5d0, size=size at entry=640, nextchunk=nextchunk at entry=0x55dd380be850, nextsize=nextsize at entry=128) at malloc.c:4714
#8  0x00007fa2cfbbbf7a in _int_free_merge_chunk (av=av at entry=0x7fa2cfcfdac0 <main_arena>, p=0x55dd380be5d0, size=640) at malloc.c:4693
#9  0x00007fa2cfbbc2fa in _int_free (av=0x7fa2cfcfdac0 <main_arena>, p=p at entry=0x55dd380be7b0, have_lock=<optimized out>, have_lock at entry=0) at malloc.c:4639
#10 0x00007fa2cfbbebbe in __GI___libc_free (mem=mem at entry=0x55dd380be7c0) at malloc.c:3391
#11 0x00007fa2cb403083 in _asn1_remove_node (node=node at entry=0x55dd380be7c0, flags=flags at entry=0) at ../../lib/parser_aux.c:511
#12 0x00007fa2cb40413b in _asn1_delete_structure (e_list=e_list at entry=0x0, structure=structure at entry=0x55dd380275c0, flags=flags at entry=0) at ../../lib/structure.c:341
#13 0x00007fa2cb4044f0 in asn1_delete_structure (structure=structure at entry=0x55dd380275c0) at ../../lib/structure.c:296
#14 0x00007fa26c6df05e in gnutls_x509_crt_deinit (cert=0x55dd380275c0) at ../../../lib/x509/x509.c:295
#15 0x00007fa27c21f9f6 in g_tls_certificate_gnutls_finalize (object=0x55dd380a0da0) at ../tls/gnutls/gtlscertificate-gnutls.c:89
#16 0x00007fa2cedd11ff in g_object_unref (_object=0x55dd380a0da0) at ../gobject/gobject.c:3938
#17 g_object_unref (_object=0x55dd380a0da0) at ../gobject/gobject.c:3802
#18 0x00007fa2d026aa3f in soup_message_finalize (object=0x55dd37ffd7d0) at ../libsoup/soup-message.c:208
#19 0x00007fa2cedd11ff in g_object_unref (_object=0x55dd37ffd7d0) at ../gobject/gobject.c:3938
#20 g_object_unref (_object=0x55dd37ffd7d0) at ../gobject/gobject.c:3802
#21 0x00007fa2d023c552 in soup_content_sniffer_stream_finalize (object=0x55dd38103dd0) at ../libsoup/content-sniffer/soup-content-sniffer-stream.c:61
#22 0x00007fa2cedd11ff in g_object_unref (_object=0x55dd38103dd0) at ../gobject/gobject.c:3938
#23 g_object_unref (_object=0x55dd38103dd0) at ../gobject/gobject.c:3802
#24 0x00007fa2cee82a89 in g_filter_input_stream_finalize (object=0x55dd380a7a30) at ../gio/gfilterinputstream.c:178
#25 0x00007fa2cedd11ff in g_object_unref (_object=0x55dd380a7a30) at ../gobject/gobject.c:3938
#26 g_object_unref (_object=0x55dd380a7a30) at ../gobject/gobject.c:3802
#27 0x00007fa2ceec8af1 in g_task_finalize (object=0x55dd380e9d40) at ../gio/gtask.c:712
#28 0x00007fa2cedd11ff in g_object_unref (_object=0x55dd380e9d40) at ../gobject/gobject.c:3938
#29 g_object_unref (_object=0x55dd380e9d40) at ../gobject/gobject.c:3802
#30 0x00007fa2d0308a85 in g_source_callback_unref (cb_data=0x55dd37fe9780) at ../glib/gmain.c:1742
#31 g_source_callback_unref (cb_data=0x55dd37fe9780) at ../glib/gmain.c:1735
#32 0x00007fa2d030d2db in g_source_destroy_internal (source=0x55dd3807ca70, context=0x55dd37f5e120, have_lock=1) at ../glib/gmain.c:1407
#33 0x00007fa2d030ed9a in g_main_dispatch (context=0x55dd37f5e120) at ../glib/gmain.c:3490
#34 g_main_context_dispatch (context=0x55dd37f5e120) at ../glib/gmain.c:4200
#35 0x00007fa2d036c2b8 in g_main_context_iterate.isra.0 (context=0x55dd37f5e120, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/gmain.c:4276
#36 0x00007fa2d030e3ff in g_main_loop_run (loop=0x55dd37f5e260) at ../glib/gmain.c:4479
#37 0x00007fa2dee81496 in WTF::RunLoop::run() () at /app/webkit/Source/WTF/wtf/glib/RunLoopGLib.cpp:108
#38 0x00007fa2dbc68aa1 in WebKit::AuxiliaryProcessMainBase<WebKit::NetworkProcess, false>::run(int, char**) (this=0x7ffe59504ab0, argc=3, argv=0x7ffe59504c88) at /app/webkit/Source/WebKit/Shared/AuxiliaryProcessMain.h:72
#39 0x00007fa2dbc65bea in WebKit::AuxiliaryProcessMain<WebKit::NetworkProcessMainSoup>(int, char**) (argc=3, argv=0x7ffe59504c88) at /app/webkit/Source/WebKit/Shared/AuxiliaryProcessMain.h:98
#40 0x00007fa2dbc575c9 in WebKit::NetworkProcessMain(int, char**) (argc=3, argv=0x7ffe59504c88) at /app/webkit/Source/WebKit/NetworkProcess/soup/NetworkProcessMainSoup.cpp:61
#41 0x000055dd372dc8e9 in main(int, char**) (argc=3, argv=0x7ffe59504c88) at /app/webkit/Source/WebKit/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:31

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240124/b754ef93/attachment-0001.htm>