Bug 33251
| Summary: | Crash during page load [WebCore::CSSStyleSelector::SelectorChecker::checkSelector] | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Priit Laes (IRC: plaes) <plaes> |
| Component: | WebKitGTK | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED INVALID | ||
| Severity: | Normal | CC: | slomo |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | PC | ||
| OS: | OS X 10.5 | ||
Priit Laes (IRC: plaes)
webkit-1.1.18
epiphany-2.29.3
libsoup-2.28.2
[Thread debugging using libthread_db enabled]
[New Thread 0x7f70b9930710 (LWP 24162)]
[New Thread 0x7f70ba231710 (LWP 24161)]
0x00007f70cde6ebcd in __libc_waitpid (pid=31972, stat_loc=<value optimized out>, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41
in ../sysdeps/unix/sysv/linux/waitpid.c
#0 0x00007f70cde6ebcd in __libc_waitpid (pid=31972, stat_loc=<value optimized out>, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41
#1 0x00007f70ce629691 in IA__g_spawn_sync (working_directory=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>,
flags=<value optimized out>, child_setup=<value optimized out>, user_data=<value optimized out>, standard_output=0x0, standard_error=0x0,
exit_status=0x0, error=0x7fff16655338) at gspawn.c:386
#2 0x00007f70ce6299a9 in IA__g_spawn_command_line_sync (command_line=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=
0x0, error=0x7fff16655338) at gspawn.c:700
#3 0x00007f70bcc3ed61 in run_bug_buddy (signum=<value optimized out>) at gnome-breakpad.cc:369
#4 check_if_gdb (signum=<value optimized out>) at gnome-breakpad.cc:440
#5 bugbuddy_segv_handle (signum=<value optimized out>) at gnome-breakpad.cc:223
#6 <signal handler called>
#7 0x00007f70d22d1b7d in WebCore::CSSStyleSelector::SelectorChecker::checkSelector (this=0x7fff166558b0, sel=0x7f70a9182988, e=0x7f70aa8ae400,
selectorAttrs=0x0, dynamicPseudo=@0x7fff1665588c, isAncestor=<value optimized out>, isSubSelector=false, elementStyle=0x0, elementParentStyle=
0x0) at WebCore/css/CSSStyleSelector.cpp:1743
#8 0x00007f70d22d21e1 in WebCore::CSSStyleSelector::SelectorChecker::checkSelector (this=0x7f70aa8ae400, sel=0x7f70a9182988, element=
0x7f70aa8ae400) at WebCore/css/CSSStyleSelector.cpp:926
#9 0x00007f70d2358e86 in WebCore::createSelectorNodeList (rootNode=0x7f70ab1bf800, querySelectorList=...) at WebCore/dom/SelectorNodeList.cpp:61
#10 0x00007f70d233b133 in WebCore::Node::querySelectorAll (this=0x7f70ab1bf800, selectors=..., ec=@0x7fff16655b6c) at WebCore/dom/Node.cpp:1706
#11 0x00007f70d293b9bd in WebCore::jsDocumentPrototypeFunctionQuerySelectorAll (exec=0x7f70b27f42e8, thisValue=..., args=<value optimized out>)
at DerivedSources/JSDocument.cpp:2072
#12 0x00007f70bc6341b4 in ?? ()
#13 0x00007f70b27f42a0 in ?? ()
#14 0x0000000000000001 in ?? ()
#15 0x0000000000000001 in ?? ()
#16 0x0000000000000002 in ?? ()
#17 0x00007f70a939ac78 in ?? ()
#18 0x00007f7000000004 in ?? ()
#19 0x00007f7000000003 in ?? ()
#20 0x0000000000000010 in ?? ()
#21 0x0000000000000000 in ?? ()
Thread 3 (Thread 0x7f70ba231710 (LWP 24161)):
#0 0x00007f70cdba81cd in nanosleep () at ../sysdeps/unix/syscall-template.S:82
No locals.
#1 0x00007f70cdba8040 in __sleep (seconds=<value optimized out>) at ../sysdeps/unix/sysv/linux/sleep.c:138
ts = {tv_sec = 1, tv_nsec = 749671369}
set = {__val = {65536, 0 <repeats 15 times>}}
oset = {__val = {0, 0, 140122565130280, 140122135924080, 140122135924104, 4294967296, 2822930839, 140122467478759, 140122464014832,
140122565130640, 0, 4294967295, 0, 5, 21018040, 0}}
result = 4294967295
#2 0x00007f70d21e02c7 in WTF::TCMalloc_PageHeap::scavengerThread (this=0x7f70d3154d00) at JavaScriptCore/wtf/FastMalloc.cpp:2303
No locals.
#3 0x00007f70d21e0359 in WTF::TCMalloc_PageHeap::runScavengerThread (context=0x7f70ba230df0) at JavaScriptCore/wtf/FastMalloc.cpp:1433
No locals.
#4 0x00007f70cde66894 in start_thread (arg=<value optimized out>) at pthread_create.c:297
__res = <value optimized out>
pd = 0x7f70ba231710
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140122135926544, -4443494587179380915, 140122467536832, 0, 140122565353472, 3,
4374399800614670157, 4374142011112509261}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0,
canceltype = 0}}}
not_first_call = <value optimized out>
robust = <value optimized out>
freesize = <value optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#5 0x00007f70cdbd7f9d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#6 0x0000000000000000 in ?? ()
No symbol table info available.
Thread 2 (Thread 0x7f70b9930710 (LWP 24162)):
#0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
No locals.
#1 0x00007f70d26b4a68 in WebCore::IconDatabase::syncThreadMainLoop (this=0x7f70b9948a00) at WebCore/loader/icon/IconDatabase.cpp:1412
didAnyWork = <value optimized out>
#2 0x00007f70d26b5fc1 in WebCore::IconDatabase::iconDatabaseSyncThread (this=0x7f70b9948a00) at WebCore/loader/icon/IconDatabase.cpp:1030
journalFilename = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x7f70b994ef20}}
#3 0x00007f70cde66894 in start_thread (arg=<value optimized out>) at pthread_create.c:297
__res = <value optimized out>
pd = 0x7f70b9930710
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140122126485264, -4443494587179380915, 140122467536832, 0, 140122565353472, 3,
4374396096742248269, 4374142011112509261}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0,
canceltype = 0}}}
not_first_call = <value optimized out>
robust = <value optimized out>
freesize = <value optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#4 0x00007f70cdbd7f9d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#5 0x0000000000000000 in ?? ()
No symbol table info available.
Current language: auto
The current source language is "auto; currently asm".
Thread 1 (Thread 0x7f70d3b65780 (LWP 24160)):
#0 0x00007f70cde6ebcd in __libc_waitpid (pid=31972, stat_loc=<value optimized out>, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41
_a3 = 0
_a1 = 31972
resultvar = <value optimized out>
_a4 = 0
_a2 = 140733569126816
oldtype = 0
result = <value optimized out>
#1 0x00007f70ce629691 in IA__g_spawn_sync (working_directory=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>,
flags=<value optimized out>, child_setup=<value optimized out>, user_data=<value optimized out>, standard_output=0x0, standard_error=0x0,
exit_status=0x0, error=0x7fff16655338) at gspawn.c:386
outpipe = -1
errpipe = -1
pid = 31972
fds = {__fds_bits = {0, 16, 16, 0, 108161880, 140733569127224, 109468064, 108161856, 3, 0, 108161880, 140122475520813, 140733569126824,
140733569126816, 140733569126936, 0}}
ret = <value optimized out>
outstr = 0x0
errstr = 0x0
failed = 0
status = <value optimized out>
__PRETTY_FUNCTION__ = "IA__g_spawn_sync"
#2 0x00007f70ce6299a9 in IA__g_spawn_command_line_sync (command_line=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=
0x0, error=0x7fff16655338) at gspawn.c:700
retval = 0
argv = 0x6726b40
__PRETTY_FUNCTION__ = "IA__g_spawn_command_line_sync"
#3 0x00007f70bcc3ed61 in run_bug_buddy (signum=<value optimized out>) at gnome-breakpad.cc:369
res = <value optimized out>
warning_file = 0x0
exec_str = 0x65d1840 "bug-buddy --appname=\"epiphany\" --pid=24160"
args_str = <value optimized out>
error = 0x0
#4 check_if_gdb (signum=<value optimized out>) at gnome-breakpad.cc:440
gdb = 0x65c7060 "/usr/bin/gdb"
pid = 24160
mypath = 0x64fedb0 "\220R_\006"
has_debug_symbols = <value optimized out>
appname = 0x1c660e0 "epiphany"
#5 bugbuddy_segv_handle (signum=<value optimized out>) at gnome-breakpad.cc:223
in_segv = 1
#6 <signal handler called>
No symbol table info available.
#7 0x00007f70d22d1b7d in WebCore::CSSStyleSelector::SelectorChecker::checkSelector (this=0x7fff166558b0, sel=0x7f70a9182988, e=0x7f70aa8ae400,
selectorAttrs=0x0, dynamicPseudo=@0x7fff1665588c, isAncestor=<value optimized out>, isSubSelector=false, elementStyle=0x0, elementParentStyle=
0x0) at WebCore/css/CSSStyleSelector.cpp:1743
relation = <value optimized out>
#8 0x00007f70d22d21e1 in WebCore::CSSStyleSelector::SelectorChecker::checkSelector (this=0x7f70aa8ae400, sel=0x7f70a9182988, element=
0x7f70aa8ae400) at WebCore/css/CSSStyleSelector.cpp:926
dynamicPseudo = WebCore::NOPSEUDO
#9 0x00007f70d2358e86 in WebCore::createSelectorNodeList (rootNode=0x7f70ab1bf800, querySelectorList=...) at WebCore/dom/SelectorNodeList.cpp:61
selector = 0x7f70a9182988
n = 0x7f70aa8ae400
nodes = {<WTF::FastAllocBase> = {<No data fields>}, m_size = 0, m_buffer = {<WTF::VectorBufferBase<WTF::RefPtr<WebCore::Node> >> =
{<WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> = {<No data fields>}, <No data fields>}, m_buffer = 0x0, m_capacity =
0}, <No data fields>}}
strictParsing = <value optimized out>
document = <value optimized out>
onlySelector = <value optimized out>
selectorChecker = {<WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> = {<No data fields>}, <No data fields>}, m_document =
0x7f70ab1bf800, m_strictParsing = true, m_collectRulesOnly = false, m_pseudoStyle = WebCore::NOPSEUDO, m_documentIsHTML = true,
m_linksCheckedForVisitedState = {<WTF::FastAllocBase> = {<No data fields>}, m_impl = {static m_minTableSize = <optimized out>,
static m_maxLoad = <optimized out>, static m_minLoad = <optimized out>, m_table = 0x0, m_tableSize = 0, m_tableSizeMask = 0,
m_keyCount = 0, m_deletedCount = 0}}}
#10 0x00007f70d233b133 in WebCore::Node::querySelectorAll (this=0x7f70ab1bf800, selectors=..., ec=@0x7fff16655b6c) at WebCore/dom/Node.cpp:1706
p = {m_strict = true, m_important = false, m_id = 0, m_styleSheet = 0x7f70aba32b40, m_rule = {<WTF::FastAllocBase> = {<No data fields>},
m_ptr = 0x0}, m_keyframe = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x0}, m_mediaQuery = 0x0, m_valueList = 0x0,
m_parsedProperties = 0x7f70ab93f400, m_selectorListForParseSelector = 0x0, m_numParsedProperties = 0, m_maxParsedProperties = 32,
m_inParseShorthand = 0, m_currentShorthand = 0, m_implicitShorthand = false, m_hasFontFaceOnlyValues = false,
m_hadSyntacticallyValidCSSRule = false, m_variableNames = {<WTF::FastAllocBase> = {<No data fields>}, m_size = 0, m_buffer =
{<WTF::VectorBufferBase<WebCore::String>> = {<WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> = {<No data fields>}, <No data fields>},
m_buffer = 0x0, m_capacity = 0}, <No data fields>}}, m_variableValues = {<WTF::FastAllocBase> = {<No data fields>}, m_size = 0,
m_buffer = {<WTF::VectorBufferBase<WTF::RefPtr<WebCore::CSSValue> >> = {<WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> =
{<No data fields>}, <No data fields>}, m_buffer = 0x0, m_capacity = 0}, <No data fields>}}, m_defaultNamespace = {m_string = {m_impl =
{<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x7f70b9931258}}}, m_data = 0x7f70ab890960, yytext = 0x7f70ab8909ac, yy_c_buf_p =
0x7f70ab8909ac, yy_hold_char = 0, yy_last_accepting_state = 7, yy_last_accepting_cpos = 0x7f70ab8909ae, yyleng = 1, yyTok = 0, yy_start = 1,
m_allowImportRules = true, m_allowVariablesRules = true, m_allowNamespaceDeclarations = true, m_parsedStyleObjects =
{<WTF::FastAllocBase> = {<No data fields>}, m_size = 0, m_buffer = {<WTF::VectorBufferBase<WTF::RefPtr<WebCore::StyleBase> >> =
{<WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> = {<No data fields>}, <No data fields>}, m_buffer = 0x0, m_capacity =
0}, <No data fields>}}, m_parsedRuleLists = {<WTF::FastAllocBase> = {<No data fields>}, m_size = 0, m_buffer =
{<WTF::VectorBufferBase<WTF::RefPtr<WebCore::CSSRuleList> >> = {<WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> =
{<No data fields>}, <No data fields>}, m_buffer = 0x0, m_capacity = 0}, <No data fields>}}, m_floatingSelectors = {<WTF::FastAllocBase> =
{<No data fields>}, m_impl = {static m_minTableSize = <optimized out>, static m_maxLoad = <optimized out>, static m_minLoad = <optimized out>,
m_table = 0x7f70ab90dc00, m_tableSize = 64, m_tableSizeMask = 63, m_keyCount = 0, m_deletedCount = 2}}, m_floatingValueLists =
{<WTF::FastAllocBase> = {<No data fields>}, m_impl = {static m_minTableSize = <optimized out>, static m_maxLoad = <optimized out>,
static m_minLoad = <optimized out>, m_table = 0x0, m_tableSize = 0, m_tableSizeMask = 0, m_keyCount = 0, m_deletedCount = 0}},
m_floatingFunctions = {<WTF::FastAllocBase> = {<No data fields>}, m_impl = {static m_minTableSize = <optimized out>,
static m_maxLoad = <optimized out>, static m_minLoad = <optimized out>, m_table = 0x0, m_tableSize = 0, m_tableSizeMask = 0,
m_keyCount = 0, m_deletedCount = 0}}, m_floatingMediaQuery = 0x0, m_floatingMediaQueryExp = 0x0, m_floatingMediaQueryExpList = 0x0,
m_reusableSelectorVector = {<WTF::FastAllocBase> = {<No data fields>}, m_size = 0, m_buffer =
{<WTF::VectorBufferBase<WebCore::CSSSelector*>> = {<WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> =
{<No data fields>}, <No data fields>}, m_buffer = 0x7f70abaecb80, m_capacity = 16}, <No data fields>}}}
querySelectorList = {<WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> = {<No data fields>}, <No data fields>}, m_selectorArray =
0x7f70a9182988}
#11 0x00007f70d293b9bd in WebCore::jsDocumentPrototypeFunctionQuerySelectorAll (exec=0x7f70b27f42e8, thisValue=..., args=<value optimized out>)
at DerivedSources/JSDocument.cpp:2072
ec = 0
#12 0x00007f70bc6341b4 in ?? ()
No symbol table info available.
#13 0x00007f70b27f42a0 in ?? ()
No symbol table info available.
#14 0x0000000000000001 in ?? ()
No symbol table info available.
#15 0x0000000000000001 in ?? ()
No symbol table info available.
#16 0x0000000000000002 in ?? ()
No symbol table info available.
#17 0x00007f70a939ac78 in ?? ()
No symbol table info available.
#18 0x00007f7000000004 in ?? ()
No symbol table info available.
#19 0x00007f7000000003 in ?? ()
No symbol table info available.
#20 0x0000000000000010 in ?? ()
No symbol table info available.
#21 0x0000000000000000 in ?? ()
No symbol table info available.
Current language: auto
The current source language is "auto; currently c".
A debugging session is active.
Inferior 1 [process 24160] will be detached.
Quit anyway? (y or n) [answered Y; input not from terminal]
----------- .xsession-errors (215023 sec old) ---------------------
** (epiphany:3374): DEBUG: 0x246c6e0: "NameOwnerChanged old-owner '' new-owner ':1.211'"
** (epiphany:3374): DEBUG: 0x246c6e0: "Viewer now connected to the bus"
** (epiphany:3374): DEBUG: 0x246c6e0: "ViewerSetup"
** (epiphany:3374): DEBUG: 0x246c6e0: "Calling SetWindow"
Viewer: SetWindow XID 54031765 size 600:416
TotemEmbedded-Message: AFTER _open (ret: 1)
TotemEmbedded-Message: Viewer state: PLAYING
TotemEmbedded-Message: Viewer state: STOPPED
** (epiphany:3374): DEBUG: OpenStream reply
** (epiphany:3374): DEBUG: SetWindow reply
** (epiphany:3374): DEBUG: 0x246c6e0: "ViewerReady"
** (epiphany:3374): DEBUG: 0x246c6e0: "Stream requested (force viewer: 0)"
** (epiphany:3374): DEBUG: 0x246c6e0: "IsSchemeSupported scheme 'http': yes"
...Too much output, ignoring rest...
--------------------------------------------------
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Priit Laes (IRC: plaes)
Closing hard-to-reproduce crasher bugs that are over year old..