<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - [GTK][EFL] SIGSEGV in AccessibilityRenderObject::remoteSVGRootElement"

   href="https://bugs.webkit.org/show_bug.cgi?id=159452">159452</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>[GTK][EFL] SIGSEGV in AccessibilityRenderObject::remoteSVGRootElement

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>WebKit

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>WebKit Nightly Build

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>Unspecified

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Unspecified

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>Normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P2

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Accessibility

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>webkit-unassigned&#64;lists.webkit.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>Hironori.Fujii&#64;sony.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>webkit-bug-importer&#64;group.apple.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>BuildBot of GTK Linux 64-bit Release fails.

<a href="https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release%20%28Tests%29/builds/16841/steps/layout-test/logs/stdio">https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release%20%28Tests%29/builds/16841/steps/layout-test/logs/stdio</a>

<span class="quote">&gt; fast/history/page-cache-geolocation-active-oneshot.html [ Crash ]</span >

I tested with trunk&#64;202817, Gtk port, release build, 64bit.

This can not be reproduced with single test case fast/history/page-cache-geolocation-active-oneshot.html.

I can reproduce this with two test cases:

<span class="quote">&gt; $ ./Tools/Scripts/run-webkit-tests --gtk --release fast/history/page-cache-destroy-document.html fast/history/page-cache-geolocation-active-oneshot.html</span >

Callstack:

<span class="quote">&gt; #0  0x00007f12c82847e2 in WebCore::AccessibilityRenderObject::remoteSVGRootElement(WebCore::AccessibilityRenderObject::CreationChoice) const () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #1  0x00007f12c828550e in WebCore::AccessibilityRenderObject::detachRemoteSVGRoot() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #2  0x00007f12c8287ac1 in WebCore::AccessibilityRenderObject::detach(WebCore::AccessibilityDetachmentType, WebCore::AXObjectCache*) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #3  0x00007f12c8252848 in WebCore::AXObjectCache::~AXObjectCache() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #4  0x00007f12c8492c30 in WebCore::Document::clearAXObjectCache() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #5  0x00007f12c8496f98 in WebCore::Document::destroyRenderTree() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #6  0x00007f12c84a9fc8 in WebCore::Document::prepareForDestruction() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #7  0x00007f12c86218e7 in WebCore::CachedFrame::destroy() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #8  0x00007f12c86219e2 in WebCore::CachedPage::~CachedPage() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #9  0x00007f12c862609f in WebCore::PageCache::prune(WebCore::PruningReason) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #10 0x00007f12c8626166 in WebCore::PageCache::pruneToSizeNow(unsigned int, WebCore::PruningReason) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #11 0x00007f12c7f7fa80 in WebKit::WebPage::updatePreferences(WebKit::WebPreferencesStore const&amp;) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #12 0x00007f12c80ba734 in void IPC::handleMessage&lt;Messages::WebPage::PreferencesDidChange, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebPreferencesStore const&amp;)&gt;(IPC::MessageDecoder&amp;, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebPreferencesStore const&amp;)) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #13 0x00007f12c80b88d3 in WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&amp;, IPC::MessageDecoder&amp;) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #14 0x00007f12c7da39e9 in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&amp;, IPC::MessageDecoder&amp;) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #15 0x00007f12c7ed24f6 in WebKit::WebProcess::didReceiveMessage(IPC::Connection&amp;, IPC::MessageDecoder&amp;) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #16 0x00007f12c7d9fe96 in IPC::Connection::dispatchMessage(std::unique_ptr&lt;IPC::MessageDecoder, std::default_delete&lt;IPC::MessageDecoder&gt; &gt;) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #17 0x00007f12c7da08c3 in IPC::Connection::dispatchOneMessage() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #18 0x00007f12c699c62d in WTF::RunLoop::performWork() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18

&gt; #19 0x00007f12c69cd169 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18

&gt; #20 0x00007f12c10645f7 in g_main_dispatch () from /home/fujii/work/webkit/w1/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0

&gt; #21 0x00007f12c106542e in g_main_context_dispatch () from /home/fujii/work/webkit/w1/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0

&gt; #22 0x00007f12c1065612 in g_main_context_iterate () from /home/fujii/work/webkit/w1/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0

&gt; #23 0x00007f12c1065a38 in g_main_loop_run () from /home/fujii/work/webkit/w1/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0

&gt; #24 0x00007f12c69cda20 in WTF::RunLoop::run() () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18

&gt; #25 0x00007f12c8069682 in int WebKit::ChildProcessMain&lt;WebKit::WebProcess, WebKit::WebProcessMain&gt;(int, char**) () from /home/fujii/work/webkit/w1/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37

&gt; #26 0x00007f12bc066731 in __libc_start_main () from /lib64/libc.so.6

&gt; #27 0x0000000000400b99 in _start ()</span >

EFL Linux 64-bit Release has the same crash.

<a href="https://build.webkit.org/results/EFL%20Linux%2064-bit%20Release%20WK2/r202838%20(28753)/fast/history/page-cache-geolocation-active-oneshot-crash-log.txt">https://build.webkit.org/results/EFL%20Linux%2064-bit%20Release%20WK2/r202838%20(28753)/fast/history/page-cache-geolocation-active-oneshot-crash-log.txt</a></pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>