197985 – [GTK] Segfault with pure virtual method called in animations comparison

Bug 197985 - [GTK] Segfault with pure virtual method called in animations comparison

Summary: [GTK] Segfault with pure virtual method called in animations comparison

Status:	RESOLVED DUPLICATE of bug 164913

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Animations (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-05-17 08:14 PDT by Thibault Saunier
Modified:	2019-10-09 08:48 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thibault Saunier 2019-05-17 08:14:21 PDT

Appr.tc randomly segfaults with the following stack trace during video calls:

Thread 1 (Thread 0x7faf2683fac0 (LWP 28173)):
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007faf27de4895 in __GI_abort () at abort.c:79
#2  0x00007faf281856da in _ZN9__gnu_cxx27__verbose_terminate_handlerEv () at ../../../../libstdc++-v3/libsupc++/vterminate.cc:95
#3  0x00007faf2819161c in _ZN10__cxxabiv111__terminateEPFvvE (handler=<optimized out>) at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:47
#4  0x00007faf28191677 in _ZSt9terminatev () at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:57
#5  0x00007faf28192415 in __cxxabiv1::__cxa_pure_virtual () at ../../../../libstdc++-v3/libsupc++/pure.cc:50
#6  0x00007faf30e59db8 in _ZNK7WebCore9Animation15animationsMatchERKS0_b (this=0x7fae482c0000, other=..., matchProperties=matchProperties@entry=true) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:71
#7  0x00007faf30e5a889 in _ZNK7WebCore9AnimationeqERKS0_ (o=..., this=<optimized out>) at ../../Source/WebCore/platform/animation/Animation.h:152
#8  _ZNK7WebCore9AnimationneERKS0_ (o=..., this=<optimized out>) at ../../Source/WebCore/platform/animation/Animation.h:152
#9  _ZNK7WebCore13AnimationListeqERKS0_ (this=0x7faf25ed1280, other=...) at ../../Source/WebCore/platform/animation/AnimationList.cpp:60
#10 0x00007faf313079e5 in _ZN3WTF22arePointingToEqualDataISt10unique_ptrIN7WebCore13AnimationListESt14default_deleteIS3_EEEEbRKT_S9_ (a=std::unique_ptr<class WebCore::AnimationList> = {...}, b=std::unique_ptr<class WebCore::AnimationList> = {...}) at /usr/include/c++/9/bits/unique_ptr.h:357
#11 0x00007faf313071cb in _ZNK7WebCore25StyleRareNonInheritedDataeqERKS0_ (this=0x7fae482bf720, o=...) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:71
#12 0x00007faf312f9923 in _ZNK7WebCore7DataRefINS_25StyleRareNonInheritedDataEEeqERKS2_ (other=..., this=0x7faea8601eb0) at DerivedSources/ForwardingHeaders/wtf/Ref.h:121
#13 _ZNK7WebCore11RenderStyleeqERKS0_ (other=..., this=0x7faea8601e90) at ../../Source/WebCore/rendering/style/RenderStyle.cpp:364
#14 _ZNK7WebCore11RenderStyleeqERKS0_ (this=0x7faea8601e90, other=...) at ../../Source/WebCore/rendering/style/RenderStyle.cpp:355
#15 0x00007faf3139bf64 in _ZNK7WebCore11RenderStyleneERKS0_ (other=..., this=0x7faea8601e90) at ../../Source/WebCore/rendering/style/RenderStyle.h:165
#16 _ZN7WebCore5Style15determineChangeERKNS_11RenderStyleES3_ (s1=..., s2=...) at ../../Source/WebCore/style/StyleChange.cpp:52
#17 0x00007faf313a3a66 in _ZN7WebCore5Style12TreeResolver27createAnimatedElementUpdateESt10unique_ptrINS_11RenderStyleESt14default_deleteIS3_EERNS_7ElementENS0_6ChangeE (this=this@entry=0x7fff85a55680, newStyle=std::unique_ptr<class WebCore::RenderStyle> = {...}, element=warning: can't find linker symbol for virtual table for `WebCore::Element' value
warning:   found `_ZTVN7WebCore13SVGSVGElementE' instead
..., parentChange=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleTreeResolver.cpp:326
#18 0x00007faf313ae6b5 in _ZN7WebCore5Style12TreeResolver14resolveElementERNS_7ElementE (this=this@entry=0x7fff85a55680, element=warning: can't find linker symbol for virtual table for `WebCore::Element' value
warning:   found `_ZTVN7WebCore13SVGSVGElementE' instead
...) at /usr/include/c++/9/bits/move.h:74
#19 0x00007faf313b0164 in _ZN7WebCore5Style12TreeResolver19resolveComposedTreeEv (this=this@entry=0x7fff85a55680) at ../../Source/WebCore/style/StyleTreeResolver.cpp:500
#20 0x00007faf313b12ab in _ZN7WebCore5Style12TreeResolver7resolveEv (this=this@entry=0x7fff85a55680) at ../../Source/WebCore/style/StyleTreeResolver.cpp:558
#21 0x00007faf306cfccf in _ZN7WebCore8Document12resolveStyleENS0_16ResolveStyleTypeE (this=this@entry=0x7faed0601ca0, type=<optimized out>, type@entry=WebCore::Document::ResolveStyleType::Normal) at ../../Source/WebCore/dom/Document.cpp:1904
#22 0x00007faf306d0881 in _ZN7WebCore8Document19updateStyleIfNeededEv (this=0x7faed0601ca0) at ../../Source/WebCore/dom/Document.cpp:2023
#23 0x00007faf30e517b8 in _ZN7WebCore12ThreadTimers24sharedTimerFiredInternalEv (this=0x7faf25e9dde8) at ../../Source/WebCore/platform/ThreadTimers.h:101
#24 _ZN7WebCore12ThreadTimers24sharedTimerFiredInternalEv (this=0x7faf25e9dde8) at ../../Source/WebCore/platform/ThreadTimers.cpp:101
#25 0x00007faf2c9ae624 in WTF::RunLoop::TimerBase::<lambda(gpointer)>::operator() (__closure=0x0, userData=0x7faf34170fd0 <_ZZN7WebCore21MainThreadSharedTimer9singletonEvE8instance+16>) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:171
#26 WTF::RunLoop::TimerBase::<lambda(gpointer)>::_FUN(gpointer) () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:177
#27 0x00007faf285ff9c8 in g_main_dispatch () at ../../Source/glib-2.58.1/glib/gmain.c:3182
#28 g_main_context_dispatch () at ../../Source/glib-2.58.1/glib/gmain.c:3847
#29 0x00007faf285ffd88 in g_main_context_iterate () at ../../Source/glib-2.58.1/glib/gmain.c:3920
#30 0x00007faf28600072 in g_main_loop_run () at ../../Source/glib-2.58.1/glib/gmain.c:4116
#31 0x00007faf2c9aece8 in _ZN3WTF7RunLoop3runEv () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:96
#32 0x00007faf2f7f188a in _ZN6WebKit20AuxiliaryProcessMainINS_10WebProcessENS_14WebProcessMainEEEiiPPc (argc=3, argv=<optimized out>) at ../../Source/WebKit/Shared/unix/AuxiliaryProcessMain.h:47
#33 0x00007faf27de5f33 in __libc_start_main (main=0x400b90 <main(int, char**)>, argc=3, argv=0x7fff85a55e58, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff85a55e48) at ../csu/libc-start.c:308
#34 0x0000000000400c1e in _start ()

Comment 1 Thibault Saunier 2019-05-17 08:18:08 PDT

Unmangled trace fwiw:

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007faf27de4895 in __GI_abort () at abort.c:79
#2  0x00007faf281856da in __gnu_cxx::__verbose_terminate_handler () at ../../../../libstdc++-v3/libsupc++/vterminate.cc:95
#3  0x00007faf2819161c in __cxxabiv1::__terminate (handler=<optimized out>) at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:47
#4  0x00007faf28191677 in std::terminate () at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:57
#5  0x00007faf28192415 in __cxxabiv1::__cxa_pure_virtual () at ../../../../libstdc++-v3/libsupc++/pure.cc:50
#6  0x00007faf30e59db8 in WebCore::Animation::animationsMatch (this=0x7fae482c0000, other=..., matchProperties=matchProperties@entry=true) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:71
#7  0x00007faf30e5a889 in WebCore::Animation::operator== (o=..., this=<optimized out>) at ../../Source/WebCore/platform/animation/Animation.h:152
#8  WebCore::Animation::operator!= (o=..., this=<optimized out>) at ../../Source/WebCore/platform/animation/Animation.h:152
#9  WebCore::AnimationList::operator== (this=0x7faf25ed1280, other=...) at ../../Source/WebCore/platform/animation/AnimationList.cpp:60
#10 0x00007faf313079e5 in WTF::arePointingToEqualData<std::unique_ptr<WebCore::AnimationList, std::default_delete<WebCore::AnimationList> > > (a=std::unique_ptr<class WebCore::AnimationList> = {...}, b=std::unique_ptr<class WebCore::AnimationList> = {...}) at /usr/include/c++/9/bits/unique_ptr.h:357
#11 0x00007faf313071cb in WebCore::StyleRareNonInheritedData::operator== (this=0x7fae482bf720, o=...) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:71
#12 0x00007faf312f9923 in WebCore::DataRef<WebCore::StyleRareNonInheritedData>::operator== (other=..., this=0x7faea8601eb0) at DerivedSources/ForwardingHeaders/wtf/Ref.h:121
#13 WebCore::RenderStyle::operator== (other=..., this=0x7faea8601e90) at ../../Source/WebCore/rendering/style/RenderStyle.cpp:364
#14 WebCore::RenderStyle::operator== (this=0x7faea8601e90, other=...) at ../../Source/WebCore/rendering/style/RenderStyle.cpp:355
#15 0x00007faf3139bf64 in WebCore::RenderStyle::operator!= (other=..., this=0x7faea8601e90) at ../../Source/WebCore/rendering/style/RenderStyle.h:165
#16 WebCore::Style::determineChange (s1=..., s2=...) at ../../Source/WebCore/style/StyleChange.cpp:52
#17 0x00007faf313a3a66 in WebCore::Style::TreeResolver::createAnimatedElementUpdate (this=this@entry=0x7fff85a55680, newStyle=std::unique_ptr<class WebCore::RenderStyle> = {...}, element=..., parentChange=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleTreeResolver.cpp:326
#18 0x00007faf313ae6b5 in WebCore::Style::TreeResolver::resolveElement (this=this@entry=0x7fff85a55680, element=...) at /usr/include/c++/9/bits/move.h:74
#19 0x00007faf313b0164 in WebCore::Style::TreeResolver::resolveComposedTree (this=this@entry=0x7fff85a55680) at ../../Source/WebCore/style/StyleTreeResolver.cpp:500
#20 0x00007faf313b12ab in WebCore::Style::TreeResolver::resolve (this=this@entry=0x7fff85a55680) at ../../Source/WebCore/style/StyleTreeResolver.cpp:558
#21 0x00007faf306cfccf in WebCore::Document::resolveStyle (this=this@entry=0x7faed0601ca0, type=<optimized out>, type@entry=WebCore::Document::ResolveStyleType::Normal) at ../../Source/WebCore/dom/Document.cpp:1904
#22 0x00007faf306d0881 in WebCore::Document::updateStyleIfNeeded (this=0x7faed0601ca0) at ../../Source/WebCore/dom/Document.cpp:2023
#23 0x00007faf30e517b8 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7faf25e9dde8) at ../../Source/WebCore/platform/ThreadTimers.h:101
#24 WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7faf25e9dde8) at ../../Source/WebCore/platform/ThreadTimers.cpp:101
#25 0x00007faf2c9ae624 in WTF::RunLoop::TimerBase::<lambda(gpointer)>::operator() (__closure=0x0, userData=0x7faf34170fd0 <WebCore::MainThreadSharedTimer::singleton()::instance+16>) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:171
#26 WTF::RunLoop::TimerBase::<lambda(gpointer)>::_FUN(gpointer) () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:177
#27 0x00007faf285ff9c8 in g_main_dispatch () at ../../Source/glib-2.58.1/glib/gmain.c:3182
#28 g_main_context_dispatch () at ../../Source/glib-2.58.1/glib/gmain.c:3847
#29 0x00007faf285ffd88 in g_main_context_iterate () at ../../Source/glib-2.58.1/glib/gmain.c:3920
#30 0x00007faf28600072 in g_main_loop_run () at ../../Source/glib-2.58.1/glib/gmain.c:4116
#31 0x00007faf2c9aece8 in WTF::RunLoop::run () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:96
#32 0x00007faf2f7f188a in WebKit::AuxiliaryProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=3, argv=<optimized out>) at ../../Source/WebKit/Shared/unix/AuxiliaryProcessMain.h:47
#33 0x00007faf27de5f33 in __libc_start_main (main=0x400b90 <main(int, char**)>, argc=3, argv=0x7fff85a55e58, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff85a55e48) at ../csu/libc-start.c:308
#34 0x0000000000400c1e in _start ()

Comment 2 Michael Catanzaro 2019-10-09 08:48:52 PDT


*** This bug has been marked as a duplicate of bug 164913 ***