272426 2024-04-09 16:59:56 -0700 Crash observed in running webxr layout test from WebCore::WebXRSession::~WebXRSession() 2024-04-25 09:33:39 -0700 1 1 1 Unclassified WebKit WebXR WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 adachan webkit-unassigned oldest_to_newest 2027284 0 adachan 2024-04-09 16:59:56 -0700 Crash observed in running webxr layout test from WebCore::WebXRSession::~WebXRSession() Observed in wpe-wk2 test run from https://github.com/WebKit/WebKit/pull/26376. Looks like a pure virtual method is called in WebXRSession destructor. Stack trace of crash: Thread 1 (Thread 0x7f636ce0da40 (LWP 1636)): #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007f63738a3e83 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78 #2 0x00007f6373851dce in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007f637383983f in __GI_abort () at abort.c:79 #4 0x00007f6373aace03 in __gnu_cxx::__verbose_terminate_handler() () at ../../../../libstdc++-v3/libsupc++/vterminate.cc:95 #5 0x00007f6373abfbfa in __cxxabiv1::__terminate(void (*)()) (handler=<optimized out>) at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:48 #6 0x00007f6373abfc65 in std::terminate() () at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:58 #7 0x00007f6373ac0a53 in __cxxabiv1::__cxa_pure_virtual() () at ../../../../libstdc++-v3/libsupc++/pure.cc:50 #8 0x00007f6378d24938 in WebCore::WebXRSession::~WebXRSession() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #9 0x00007f6378d25388 in WebCore::WebXRSystem::~WebXRSystem() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #10 0x00007f6378d25429 in WebCore::WebXRSystem::~WebXRSystem() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #11 0x00007f6378d1888d in WebCore::NavigatorWebXR::~NavigatorWebXR() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #12 0x00007f6379a49b16 in WebCore::Navigator::~Navigator() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #13 0x00007f6379a49c09 in WebCore::Navigator::~Navigator() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #14 0x00007f6379a2b12e in WebCore::LocalDOMWindow::~LocalDOMWindow() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #15 0x00007f6379a2b5d9 in WebCore::LocalDOMWindow::~LocalDOMWindow() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #16 0x00007f637929e216 in WebCore::Document::~Document() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #17 0x00007f637950aeac in WebCore::HTMLDocument::~HTMLDocument() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #18 0x00007f637929aef8 in WebCore::Document::removedLastRef() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #19 0x00007f63792cbae7 in WebCore::Event::~Event() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #20 0x00007f63774255d8 in void JSC::MarkedBlock::Handle::specializedSweep<true, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)1, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)1, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&) [clone .isra.0] () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #21 0x00007f6376f29ec3 in JSC::MarkedBlock::Handle::sweep(JSC::FreeList*) () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #22 0x00007f6376f10279 in JSC::IncrementalSweeper::doWork(JSC::VM&) () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #23 0x00007f63774c99bb in JSC::JSRunLoopTimer::timerDidFire() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #24 0x00007f63774e7e8c in JSC::JSRunLoopTimer::Manager::timerDidFire() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #25 0x00007f6377bc3d2c in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #26 0x00007f6377bc494f in WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #27 0x00007f6374055d36 in g_main_dispatch (context=0x55a708e46d00) at ../glib/gmain.c:3460 #28 g_main_context_dispatch (context=0x55a708e46d00) at ../glib/gmain.c:4200 #29 0x00007f63740b32b8 in g_main_context_iterate.isra.0 (context=0x55a708e46d00, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4276 #30 0x00007f63740553ff in g_main_loop_run (loop=0x55a708e46e40) at ../glib/gmain.c:4479 #31 0x00007f6377bc4ad0 in WTF::RunLoop::run() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #32 0x00007f637640d886 in WebKit::WebProcessMain(int, char**) () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1 #33 0x00007f637383b08a in __libc_start_call_main (main=main@entry=0x55a70844d850 <main>, argc=argc@entry=4, argv=argv@entry=0x7ffc5b92c068) at ../sysdeps/nptl/libc_start_call_main.h:58 #34 0x00007f637383b14b in __libc_start_main_impl (main=0x55a70844d850 <main>, argc=4, argv=0x7ffc5b92c068, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffc5b92c058) at ../csu/libc-start.c:360 #35 0x000055a70844d785 in _start () at ../sysdeps/x86_64/start.S:115 2027285 1 adachan 2024-04-09 17:02:15 -0700 rdar://117928819 2031114 2 vitaly 2024-04-25 01:51:40 -0700 Pull request: https://github.com/WebKit/WebKit/pull/27735 2031189 3 ews-feeder 2024-04-25 09:33:38 -0700 Committed 277983@main (75f9692054bd): <https://commits.webkit.org/277983@main> Reviewed commits have been landed. Closing PR #27735 and removing active labels.