181031 – [GTK] fast/frames/crash-when-iframe-is-remove-in-eventhandler.html crashes sometimes

Bug 181031 - [GTK] fast/frames/crash-when-iframe-is-remove-in-eventhandler.html crashes sometimes

Summary: [GTK] fast/frames/crash-when-iframe-is-remove-in-eventhandler.html crashes so...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKitGTK (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-12-20 06:15 PST by Alicia Boya García
Modified:	2020-06-18 23:16 PDT (History)
CC List:	5 users (show)

See Also:	182257

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alicia Boya García 2017-12-20 06:15:20 PST

fast/frames/crash-when-iframe-is-remove-in-eventhandler.html crashes often on GTK. Last runs:

CCPPCCCPPCPCPCPCPCCPCCCCCCCPPCCPPPCCCCPPCCCPCPPPCCCPPCCPPCPCCCCCPCPCPPCPCPPPPCPCPCPCPPCCPCCCCCCCPPPP

Comment 1 Fujii Hironori 2017-12-25 20:06:15 PST

https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release%20%28Tests%29/builds/4710

> Thread 1 (Thread 0x7fd2c7a03a80 (LWP 12565)):
> #0  0x00007fd2d6f6c330 in WebCore::FrameLoader::dispatchDidClearWindowObjectInWorld(WebCore::DOMWrapperWorld&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #1  0x00007fd2d6ab0688 in WebCore::ScriptController::initScript(WebCore::DOMWrapperWorld&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #2  0x00007fd2d6a84afb in WebCore::toJS(JSC::ExecState*, WebCore::Frame&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #3  0x00007fd2d6a84b42 in WebCore::toJS(JSC::ExecState*, WebCore::DOMWindow&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #4  0x00007fd2d6a85c2e in WebCore::cachedDocumentWrapper(JSC::ExecState&, WebCore::JSDOMGlobalObject&, WebCore::Document&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #5  0x00007fd2d6a88f96 in WebCore::toJS(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::Document&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #6  0x00007fd2d65a1b55 in WebCore::jsHTMLIFrameElementContentDocument(JSC::ExecState*, long, JSC::PropertyName) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #7  0x00007fd2d3bc691f in JSC::PropertySlot::customGetter(JSC::ExecState*, JSC::PropertyName) const () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #8  0x00007fd2d3923ffa in llint_slow_path_get_by_id () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #9  0x00007fd2d39104db in llint_entry () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #10 0x00007fd2d390d420 in vmEntryToJavaScript () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #11 0x00007fd2d38b5754 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #12 0x00007fd2d388d324 in JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #13 0x00007fd2d3a5fb6a in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #14 0x00007fd2d3a5fd61 in JSC::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #15 0x00007fd2d6ab087b in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&, WebCore::ExceptionDetails*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #16 0x00007fd2d6ab0a03 in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&, WebCore::ExceptionDetails*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #17 0x00007fd2d6cd1417 in WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #18 0x00007fd2d6cdc1f5 in WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #19 0x00007fd2d6e9609e in WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #20 0x00007fd2d6e9696d in WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement>&&, WTF::TextPosition const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #21 0x00007fd2d6e8126a in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #22 0x00007fd2d6e813d5 in WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #23 0x00007fd2d6e826cc in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #24 0x00007fd2d6e8486a in WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #25 0x00007fd2d6c4b17b in WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #26 0x00007fd2d6f52fcd in WebCore::DocumentWriter::end() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #27 0x00007fd2d6f5bbc9 in WebCore::DocumentLoader::finishedLoading() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #28 0x00007fd2d6fceb14 in WebCore::CachedResource::checkNotify() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #29 0x00007fd2d6fd8fa6 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #30 0x00007fd2d6fa96ce in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #31 0x00007fd2d644eda5 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #32 0x00007fd2d644e9cf in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #33 0x00007fd2d600c04b in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #34 0x00007fd2d600cf6c in IPC::Connection::dispatchOneMessage() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #35 0x00007fd2d3d78c07 in WTF::RunLoop::performWork() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #36 0x00007fd2d3dade09 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #37 0x00007fd2d11f481a in g_main_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmain.c:3148
> #38 g_main_context_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmain.c:3813
> #39 0x00007fd2d11f4ba8 in g_main_context_iterate () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmain.c:3886
> #40 0x00007fd2d11f4ec2 in g_main_loop_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmain.c:4082
> #41 0x00007fd2d3dae7b0 in WTF::RunLoop::run() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
> #42 0x00007fd2d63dfe52 in int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
> #43 0x00007fd2ccbaa2b1 in __libc_start_main (main=0x7fd2d8747d30 <main>, argc=2, argv=0x7ffc537e1b08, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffc537e1af8) at ../csu/libc-start.c:291
> #44 0x00007fd2d8747dba in _start ()

Comment 2 Fujii Hironori 2018-02-02 01:32:00 PST

I can't reproduce this crash in my Ubuntu 17.10.

Comment 3 Diego Pino 2020-06-18 23:16:37 PDT

The test(s) filed under this bug have been consistently passing for the last 4000 revisions. Marking bug as fixed.

Committed r263254: <https://trac.webkit.org/changeset/263254>