GTK port Debug build is still crashing intermittently. trunk r266379 https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Debug%20%28Tests%29/builds/7100 https://results.webkit.org/?suite=layout-tests&test=fast%2Fforms%2Finteractive-validation-remove-node-in-handler.html Thread 1 (Thread 0x7f84d4c3f2c0 (LWP 29094)): #0 0x00007f84dda567be in WTFCrash() () at ../../Source/WTF/wtf/Assertions.cpp:295 #1 0x00007f84dda567d9 in WTFCrashWithSecurityImplication() () at ../../Source/WTF/wtf/Assertions.cpp:316 #2 0x00007f84ed2267d1 in WebCore::ContainerNode::removeNodeWithScriptAssertion(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) (this=0x7f849130bac8, childToRemove=..., source=WebCore::ContainerNode::ChildChangeSource::API) at ../../Source/WebCore/dom/ContainerNode.cpp:132 #3 0x00007f84ed21f5a1 in WebCore::ContainerNode::removeChild(WebCore::Node&) (this=0x7f849130bac8, oldChild=...) at ../../Source/WebCore/dom/ContainerNode.cpp:577 #4 0x00007f84ed84074c in WebCore::ValidationMessage::deleteBubbleTree() (this=0x7f846d8f8300) at ../../Source/WebCore/html/ValidationMessage.cpp:263 #5 0x00007f84ed84057c in WebCore::ValidationMessage::~ValidationMessage() (this=0x7f846d8f8300) at ../../Source/WebCore/html/ValidationMessage.cpp:67 #6 0x00007f84ed6c104b in std::default_delete<WebCore::ValidationMessage>::operator()(WebCore::ValidationMessage*) const (this=0x7f84911eb408, __ptr=0x7f846d8f8300) at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/9.3.0/../../../../include/c++/9.3.0/bits/unique_ptr.h:81 #7 0x00007f84ed6c12c9 in std::unique_ptr<WebCore::ValidationMessage, std::default_delete<WebCore::ValidationMessage> >::reset(WebCore::ValidationMessage*) (this=0x7f84911eb408, __p=0x7f846d8f8300) at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/9.3.0/../../../../include/c++/9.3.0/bits/unique_ptr.h:402 #8 0x00007f84ed6b3a07 in std::unique_ptr<WebCore::ValidationMessage, std::default_delete<WebCore::ValidationMessage> >::operator=(decltype(nullptr)) (this=0x7f84911eb408) at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/9.3.0/../../../../include/c++/9.3.0/bits/unique_ptr.h:336 #9 0x00007f84ed6a7c59 in WebCore::HTMLFormControlElement::removedFromAncestor(WebCore::Node::RemovalType, WebCore::ContainerNode&) (this=0x7f84911eb360, removalType=..., oldParentOfRemovedTree=...) at ../../Source/WebCore/html/HTMLFormControlElement.cpp:314 #10 0x00007f84ed6a9221 in WebCore::HTMLFormControlElementWithState::removedFromAncestor(WebCore::Node::RemovalType, WebCore::ContainerNode&) (this=0x7f84911eb360, removalType=..., oldParentOfRemovedTree=...) at ../../Source/WebCore/html/HTMLFormControlElementWithState.cpp:55 #11 0x00007f84ed6e1104 in WebCore::HTMLInputElement::removedFromAncestor(WebCore::Node::RemovalType, WebCore::ContainerNode&) (this=0x7f84911eb360, removalType=..., oldParentOfRemovedTree=...) at ../../Source/WebCore/html/HTMLInputElement.cpp:1570 #12 0x00007f84ed222547 in WebCore::notifyNodeRemovedFromDocument(WebCore::ContainerNode&, WebCore::TreeScopeChange, WebCore::Node&) (oldParentOfRemovedTree=..., treeScopeChange=WebCore::TreeScopeChange::Changed, node=...) at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:114 #13 0x00007f84ed222617 in WebCore::notifyNodeRemovedFromDocument(WebCore::ContainerNode&, WebCore::TreeScopeChange, WebCore::Node&) (oldParentOfRemovedTree=..., treeScopeChange=WebCore::TreeScopeChange::Changed, node=...) at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:121 #14 0x00007f84ed222617 in WebCore::notifyNodeRemovedFromDocument(WebCore::ContainerNode&, WebCore::TreeScopeChange, WebCore::Node&) (oldParentOfRemovedTree=..., treeScopeChange=WebCore::TreeScopeChange::Changed, node=...) at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:121 #15 0x00007f84ed222617 in WebCore::notifyNodeRemovedFromDocument(WebCore::ContainerNode&, WebCore::TreeScopeChange, WebCore::Node&) (oldParentOfRemovedTree=..., treeScopeChange=WebCore::TreeScopeChange::Changed, node=...) at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:121 #16 0x00007f84ed22240f in WebCore::notifyChildNodeRemoved(WebCore::ContainerNode&, WebCore::Node&) (oldParentOfRemovedTree=..., child=...) at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:161 #17 0x00007f84ed222b1c in WebCore::addChildNodesToDeletionQueue(WebCore::Node*&, WebCore::Node*&, WebCore::ContainerNode&) (head=@0x7ffe9ed04f40: 0x0, tail=@0x7ffe9ed04f38: 0x0, container=...) at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:195 #18 0x00007f84ed21c99d in WebCore::removeDetachedChildrenInContainer(WebCore::ContainerNode&) (container=...) at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:209 #19 0x00007f84ed21c952 in WebCore::ContainerNode::removeDetachedChildren() (this=0x7f84911acbc8) at ../../Source/WebCore/dom/ContainerNode.cpp:245 #20 0x00007f84ed26e89a in WebCore::Document::removedLastRef() (this=0x7f84911acbc8) at ../../Source/WebCore/dom/Document.cpp:766 #21 0x00007f84ed3f10b4 in WebCore::Node::removedLastRef() (this=0x7f84911acbc8) at ../../Source/WebCore/dom/Node.cpp:2556 #22 0x00007f84ea9d6b5f in WebCore::Node::deref() const (this=0x7f84911acbc8) at DerivedSources/ForwardingHeaders/WebCore/Node.h:741 #23 0x00007f84ed20734f in WTF::Ref<WebCore::ContainerNode, WTF::DumbPtrTraits<WebCore::ContainerNode> >::~Ref() (this=0x7f847af74570) at DerivedSources/ForwardingHeaders/wtf/Ref.h:61 #24 0x00007f84ed206095 in WebCore::ChildNodeList::~ChildNodeList() (this=0x7f847af74558) at ../../Source/WebCore/dom/ChildNodeList.cpp:48 #25 0x00007f84ed2060c9 in WebCore::ChildNodeList::~ChildNodeList() (this=0x7f847af74558) at ../../Source/WebCore/dom/ChildNodeList.cpp:46 #26 0x00007f84eb1d9cbf in std::default_delete<WebCore::NodeList>::operator()(WebCore::NodeList*) const (this=0x7ffe9ed050e0, __ptr=0x7f847af74558) at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/9.3.0/../../../../include/c++/9.3.0/bits/unique_ptr.h:81 #27 0x00007f84eb1d9c80 in WTF::RefCounted<WebCore::NodeList, std::default_delete<WebCore::NodeList> >::deref() const (this=0x7f847af74568) at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:190 #28 0x00007f84eb1d5863 in WTF::Ref<WebCore::NodeList, WTF::DumbPtrTraits<WebCore::NodeList> >::~Ref() (this=0x7f83bfb80058) at DerivedSources/ForwardingHeaders/wtf/Ref.h:61 #29 0x00007f84ebf0db69 in WebCore::JSDOMWrapper<WebCore::NodeList>::~JSDOMWrapper() (this=0x7f83bfb80040) at ../../Source/WebCore/bindings/js/JSDOMWrapper.h:72 #30 0x00007f84ebf0bcc5 in WebCore::JSNodeList::~JSNodeList() (this=0x7f83bfb80040) at DerivedSources/WebCore/JSNodeList.h:29 #31 0x00007f84ebf01b1d in WebCore::JSNodeList::destroy(JSC::JSCell*) (cell=0x7f83bfb80040) at DerivedSources/WebCore/JSNodeList.cpp:170 #32 0x00007f84dd4cd8ba in JSC::JSDestructibleObjectDestroyFunc::operator()(JSC::VM&, JSC::JSCell*) const (this=0x7ffe9ed05450, cell=0x7f83bfb80040) at ../../Source/JavaScriptCore/runtime/JSDestructibleObjectHeapCellType.cpp:38 #33 0x00007f84dd4e78f5 in JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&)::{lambda(void*)#1}::operator()(void*) const (this=0x7ffe9ed05338, cell=0x7f83bfb80040) at ../../Source/JavaScriptCore/heap/MarkedBlockInlines.h:260 #34 0x00007f84dd4e2425 in JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&) (this=0x7f846cb6a300, freeList=0x0, emptyMode=JSC::MarkedBlock::Handle::IsEmpty, sweepMode=JSC::MarkedBlock::Handle::SweepOnly, destructionMode=JSC::MarkedBlock::Handle::BlockHasDestructors, scribbleMode=JSC::MarkedBlock::Handle::Scribble, newlyAllocatedMode=JSC::MarkedBlock::Handle::DoesNotHaveNewlyAllocated, marksMode=JSC::MarkedBlock::Handle::MarksStale, destroyFunc=...) at ../../Source/JavaScriptCore/heap/MarkedBlockInlines.h:294 #35 0x00007f84dd4cd882 in JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::JSDestructibleObjectDestroyFunc const&) (this=0x7f846cb6a300, freeList=0x0, destroyFunc=...) at ../../Source/JavaScriptCore/heap/MarkedBlockInlines.h:439 #36 0x00007f84dd48a615 in JSC::JSDestructibleObjectHeapCellType::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) (this=0x7f84d43f9300, handle=..., freeList=0x0) at ../../Source/JavaScriptCore/runtime/JSDestructibleObjectHeapCellType.cpp:53 #37 0x00007f84dced8eb5 in JSC::Subspace::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) (this=0x7f8479cb08d0, block=..., freeList=0x0) at ../../Source/JavaScriptCore/heap/Subspace.cpp:60 #38 0x00007f84dcebba90 in JSC::MarkedBlock::Handle::sweep(JSC::FreeList*) (this=0x7f846cb6a300, freeList=0x0) at ../../Source/JavaScriptCore/heap/MarkedBlock.cpp:415 #39 0x00007f84dce268a4 in JSC::BlockDirectory::sweep()::$_7::operator()(unsigned long) const (this=0x7ffe9ed05630, index=0) at ../../Source/JavaScriptCore/heap/BlockDirectory.cpp:280 #40 0x00007f84dce248bc in WTF::FastBitVectorImpl<JSC::BlockDirectoryBits::BlockDirectoryBitVectorWordView<(JSC::BlockDirectoryBits::Kind)6> >::forEachSetBit<JSC::BlockDirectory::sweep()::$_7>(JSC::BlockDirectory::sweep()::$_7 const&) const (this=0x7ffe9ed05638, func=...) at DerivedSources/ForwardingHeaders/wtf/FastBitVector.h:355 #41 0x00007f84dce24833 in JSC::BlockDirectory::sweep() (this=0x7f8479cb0930) at ../../Source/JavaScriptCore/heap/BlockDirectory.cpp:277 #42 0x00007f84dcec5219 in JSC::MarkedSpace::sweepBlocks()::$_9::operator()(JSC::BlockDirectory&) const (this=0x7ffe9ed056c0, directory=...) at ../../Source/JavaScriptCore/heap/MarkedSpace.cpp:222 #43 0x00007f84dcebdddf in JSC::MarkedSpace::forEachDirectory<JSC::MarkedSpace::sweepBlocks()::$_9>(JSC::MarkedSpace::sweepBlocks()::$_9 const&) (this=0x7f8491000130, functor=...) at ../../Source/JavaScriptCore/heap/MarkedSpace.h:241 #44 0x00007f84dcebdd96 in JSC::MarkedSpace::sweepBlocks() (this=0x7f8491000130) at ../../Source/JavaScriptCore/heap/MarkedSpace.cpp:220 #45 0x00007f84dce41c9b in JSC::Heap::sweepSynchronously() (this=0x7f8491000048) at ../../Source/JavaScriptCore/heap/Heap.cpp:1048 #46 0x00007f84dce42134 in JSC::Heap::collectNow(JSC::Synchronousness, JSC::GCRequest) (this=0x7f8491000048, synchronousness=JSC::Sync, request=...) at ../../Source/JavaScriptCore/heap/Heap.cpp:1091 #47 0x00007f84ecd4d9f3 in WebCore::GCController::garbageCollectNow() (this=0x7f84f5854220 <WebCore::GCController::singleton()::controller>) at ../../Source/WebCore/bindings/js/GCController.cpp:96 #48 0x00007f84eb140339 in WebKit::InjectedBundle::garbageCollectJavaScriptObjects() (this=0x7f84d43ca030) at ../../Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.cpp:463 #49 0x00007f84eb15aa0d in WKBundleGarbageCollectJavaScriptObjects(WKBundleRef) (bundleRef=0x7f84d43ca030) at ../../Source/WebKit/WebProcess/InjectedBundle/API/c/WKBundle.cpp:86 #50 0x00007f84917b3221 in WTR::GCController::collect() (this=0x7f83c00c5150) at ../../Tools/WebKitTestRunner/InjectedBundle/GCController.cpp:55 #51 0x00007f8491801677 in WTR::JSGCController::collect(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) (context=0x7f846cd6cea0, thisObject=0x7f8490ea11c0, argumentCount=0, arguments=0x7ffe9ed059a0, exception=0x7ffe9ed05970) at DerivedSources/WebKitTestRunner/InjectedBundle/JSGCController.cpp:80 #52 0x00007f84dc00a2dc in JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::JSGlobalObject*, JSC::CallFrame*) (globalObject=0x7f846cd6cea0, callFrame=0x7ffe9ed05ae0) at ../../Source/JavaScriptCore/API/APICallbackFunction.h:63 #53 0x00007f8494034027 in () #54 0x00007ffe9ed05b50 in () #55 0x00007f84dbecea53 in llint_op_call () at /app/webkit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18 #56 0x0000000000000000 in ()

The following tests are also failing the assertion. https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Debug%20%28Tests%29/builds/7109 fast/forms/interactive-validation-formnovalidate-2.html fast/forms/validation-message-in-relative-body.html https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Debug%20%28Tests%29/builds/7108 fast/forms/validation-message-clone.html fast/forms/validation-message-user-modify.html https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Debug%20%28Tests%29/builds/7107 fast/forms/interactive-validation-cancel.html fast/forms/validation-message-clone.html fast/forms/validation-message-user-modify.html

https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Debug%20%28Tests%29/builds/7107 fast/forms/validation-message-clone.html Thread 1 (Thread 0x7f4280a602c0 (LWP 16407)): #0 0x00007f428987787e in WTFCrash() () at ../../Source/WTF/wtf/Assertions.cpp:295 #1 0x00007f4289877899 in WTFCrashWithSecurityImplication() () at ../../Source/WTF/wtf/Assertions.cpp:316 #2 0x00007f4299055ee1 in WebCore::ContainerNode::removeNodeWithScriptAssertion(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) (this=0x7f423e4b3180, childToRemove=..., source=WebCore::ContainerNode::ChildChangeSource::API) at ../../Source/WebCore/dom/ContainerNode.cpp:132 #3 0x00007f429904ecb1 in WebCore::ContainerNode::removeChild(WebCore::Node&) (this=0x7f423e4b3180, oldChild=...) at ../../Source/WebCore/dom/ContainerNode.cpp:577 #4 0x00007f429966fe5c in WebCore::ValidationMessage::deleteBubbleTree() (this=0x7f423c2f9ab0) at ../../Source/WebCore/html/ValidationMessage.cpp:263 #5 0x00007f429966fc8c in WebCore::ValidationMessage::~ValidationMessage() (this=0x7f423c2f9ab0) at ../../Source/WebCore/html/ValidationMessage.cpp:67 #6 0x00007f42994f075b in std::default_delete<WebCore::ValidationMessage>::operator()(WebCore::ValidationMessage*) const (this=0x7f423e4b3118, __ptr=0x7f423c2f9ab0) at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/9.3.0/../../../../include/c++/9.3.0/bits/unique_ptr.h:81 #7 0x00007f42994f09d9 in std::unique_ptr<WebCore::ValidationMessage, std::default_delete<WebCore::ValidationMessage> >::reset(WebCore::ValidationMessage*) (this=0x7f423e4b3118, __p=0x7f423c2f9ab0) at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/9.3.0/../../../../include/c++/9.3.0/bits/unique_ptr.h:402 #8 0x00007f42994e3117 in std::unique_ptr<WebCore::ValidationMessage, std::default_delete<WebCore::ValidationMessage> >::operator=(decltype(nullptr)) (this=0x7f423e4b3118) at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/9.3.0/../../../../include/c++/9.3.0/bits/unique_ptr.h:336 #9 0x00007f42994d7369 in WebCore::HTMLFormControlElement::removedFromAncestor(WebCore::Node::RemovalType, WebCore::ContainerNode&) (this=0x7f423e4b3070, removalType=..., oldParentOfRemovedTree=...) at ../../Source/WebCore/html/HTMLFormControlElement.cpp:314 #10 0x00007f42994d8931 in WebCore::HTMLFormControlElementWithState::removedFromAncestor(WebCore::Node::RemovalType, WebCore::ContainerNode&) (this=0x7f423e4b3070, removalType=..., oldParentOfRemovedTree=...) at ../../Source/WebCore/html/HTMLFormControlElementWithState.cpp:55 #11 0x00007f4299510814 in WebCore::HTMLInputElement::removedFromAncestor(WebCore::Node::RemovalType, WebCore::ContainerNode&) (this=0x7f423e4b3070, removalType=..., oldParentOfRemovedTree=...) at ../../Source/WebCore/html/HTMLInputElement.cpp:1570 #12 0x00007f4299051c57 in WebCore::notifyNodeRemovedFromDocument(WebCore::ContainerNode&, WebCore::TreeScopeChange, WebCore::Node&) (oldParentOfRemovedTree=..., treeScopeChange=WebCore::TreeScopeChange::Changed, node=...) at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:114 #13 0x00007f4299051d27 in WebCore::notifyNodeRemovedFromDocument(WebCore::ContainerNode&, WebCore::TreeScopeChange, WebCore::Node&) (oldParentOfRemovedTree=..., treeScopeChange=WebCore::TreeScopeChange::Changed, node=...) at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:121 #14 0x00007f4299051d27 in WebCore::notifyNodeRemovedFromDocument(WebCore::ContainerNode&, WebCore::TreeScopeChange, WebCore::Node&) (oldParentOfRemovedTree=..., treeScopeChange=WebCore::TreeScopeChange::Changed, node=...) at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:121 #15 0x00007f4299051d27 in WebCore::notifyNodeRemovedFromDocument(WebCore::ContainerNode&, WebCore::TreeScopeChange, WebCore::Node&) (oldParentOfRemovedTree=..., treeScopeChange=WebCore::TreeScopeChange::Changed, node=...) at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:121 #16 0x00007f4299051b1f in WebCore::notifyChildNodeRemoved(WebCore::ContainerNode&, WebCore::Node&) (oldParentOfRemovedTree=..., child=...) at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:161 #17 0x00007f429905222c in WebCore::addChildNodesToDeletionQueue(WebCore::Node*&, WebCore::Node*&, WebCore::ContainerNode&) (head=@0x7fff281b0b40: 0x0, tail=@0x7fff281b0b38: 0x0, container=...) at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:195 #18 0x00007f429904c0ad in WebCore::removeDetachedChildrenInContainer(WebCore::ContainerNode&) (container=...) at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:209 #19 0x00007f429904c062 in WebCore::ContainerNode::removeDetachedChildren() (this=0x7f423e4aa358) at ../../Source/WebCore/dom/ContainerNode.cpp:245 #20 0x00007f429909dfaa in WebCore::Document::removedLastRef() (this=0x7f423e4aa358) at ../../Source/WebCore/dom/Document.cpp:766 #21 0x00007f42992207c4 in WebCore::Node::removedLastRef() (this=0x7f423e4aa358) at ../../Source/WebCore/dom/Node.cpp:2556 #22 0x00007f4296804f6f in WebCore::Node::deref() const (this=0x7f423e4aa358) at DerivedSources/ForwardingHeaders/WebCore/Node.h:741 #23 0x00007f4299219305 in WebCore::Node::derefEventTarget() (this=0x7f423e4aa358) at ../../Source/WebCore/dom/Node.cpp:834 #24 0x00007f429700c319 in WebCore::EventTarget::deref() (this=0x7f423e4aa358) at DerivedSources/ForwardingHeaders/WebCore/EventTarget.h:60 #25 0x00007f42978231bf in WTF::Ref<WebCore::EventTarget, WTF::DumbPtrTraits<WebCore::EventTarget> >::~Ref() (this=0x7f423c4dc018) at DerivedSources/ForwardingHeaders/wtf/Ref.h:61 #26 0x00007f429783d289 in WebCore::JSDOMWrapper<WebCore::EventTarget>::~JSDOMWrapper() (this=0x7f423c4dc000) at ../../Source/WebCore/bindings/js/JSDOMWrapper.h:72 #27 0x00007f42978398e5 in WebCore::JSEventTarget::~JSEventTarget() (this=0x7f423c4dc000) at DerivedSources/WebCore/JSEventTarget.h:30 #28 0x00007f4297829c9d in WebCore::JSEventTarget::destroy(JSC::JSCell*) (cell=0x7f423c4dc000) at DerivedSources/WebCore/JSEventTarget.cpp:262 #29 0x00007f42892ee95a in JSC::JSDestructibleObjectDestroyFunc::operator()(JSC::VM&, JSC::JSCell*) const (this=0x7fff281b1010, cell=0x7f423c4dc000) at ../../Source/JavaScriptCore/runtime/JSDestructibleObjectHeapCellType.cpp:38 #30 0x00007f4289308995 in JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&)::{lambda(void*)#1}::operator()(void*) const (this=0x7fff281b0ef8, cell=0x7f423c4dc000) at ../../Source/JavaScriptCore/heap/MarkedBlockInlines.h:260 #31 0x00007f4289308a04 in JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&)::{lambda(unsigned long)#1}::operator()(unsigned long) const (this=0x7fff281b0e38, i=0) at ../../Source/JavaScriptCore/heap/MarkedBlockInlines.h:319 #32 0x00007f4289303717 in JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&) (this=0x7f423c6652a0, freeList=0x7f428019a858, emptyMode=JSC::MarkedBlock::Handle::NotEmpty, sweepMode=JSC::MarkedBlock::Handle::SweepToFreeList, destructionMode=JSC::MarkedBlock::Handle::BlockHasDestructors, scribbleMode=JSC::MarkedBlock::Handle::Scribble, newlyAllocatedMode=JSC::MarkedBlock::Handle::DoesNotHaveNewlyAllocated, marksMode=JSC::MarkedBlock::Handle::MarksNotStale, destroyFunc=...) at ../../Source/JavaScriptCore/heap/MarkedBlockInlines.h:341 #33 0x00007f42892ee922 in JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::JSDestructibleObjectDestroyFunc const&) (this=0x7f423c6652a0, freeList=0x7f428019a858, destroyFunc=...) at ../../Source/JavaScriptCore/heap/MarkedBlockInlines.h:439 #34 0x00007f42892ab6b5 in JSC::JSDestructibleObjectHeapCellType::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) (this=0x7f42801fa310, handle=..., freeList=0x7f428019a858) at ../../Source/JavaScriptCore/runtime/JSDestructibleObjectHeapCellType.cpp:53 #35 0x00007f4288cf9f55 in JSC::Subspace::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) (this=0x7f428019a758, block=..., freeList=0x7f428019a858) at ../../Source/JavaScriptCore/heap/Subspace.cpp:60 #36 0x00007f4288cdcb30 in JSC::MarkedBlock::Handle::sweep(JSC::FreeList*) (this=0x7f423c6652a0, freeList=0x7f428019a858) at ../../Source/JavaScriptCore/heap/MarkedBlock.cpp:415 #37 0x00007f4288cc57f8 in JSC::LocalAllocator::tryAllocateIn(JSC::MarkedBlock::Handle*) (this=0x7f428019a840, block=0x7f423c6652a0) at ../../Source/JavaScriptCore/heap/LocalAllocator.cpp:225 #38 0x00007f4288cc5534 in JSC::LocalAllocator::tryAllocateWithoutCollecting() (this=0x7f428019a840) at ../../Source/JavaScriptCore/heap/LocalAllocator.cpp:191 #39 0x00007f4288cc51fd in JSC::LocalAllocator::allocateSlowCase(JSC::Heap&, JSC::GCDeferralContext*, JSC::AllocationFailureMode) (this=0x7f428019a840, heap=..., deferralContext=0x0, failureMode=JSC::AllocationFailureMode::Assert) at ../../Source/JavaScriptCore/heap/LocalAllocator.cpp:132 #40 0x00007f4296869a5c in JSC::LocalAllocator::allocate(JSC::Heap&, JSC::GCDeferralContext*, JSC::AllocationFailureMode)::{lambda()#1}::operator()() const (this=0x7fff281b1330) at DerivedSources/ForwardingHeaders/JavaScriptCore/LocalAllocatorInlines.h:40 #41 0x00007f4296869989 in JSC::FreeList::allocate<JSC::LocalAllocator::allocate(JSC::Heap&, JSC::GCDeferralContext*, JSC::AllocationFailureMode)::{lambda()#1}>(JSC::LocalAllocator::allocate(JSC::Heap&, JSC::GCDeferralContext*, JSC::AllocationFailureMode)::{lambda()#1} const&) (this=0x7f428019a858, slowPath=...) at DerivedSources/ForwardingHeaders/JavaScriptCore/FreeListInlines.h:46 #42 0x00007f429686988c in JSC::LocalAllocator::allocate(JSC::Heap&, JSC::GCDeferralContext*, JSC::AllocationFailureMode) (this=0x7f428019a840, heap=..., deferralContext=0x0, failureMode=JSC::AllocationFailureMode::Assert) at DerivedSources/ForwardingHeaders/JavaScriptCore/LocalAllocatorInlines.h:37 #43 0x00007f42968697de in JSC::Allocator::allocate(JSC::Heap&, JSC::GCDeferralContext*, JSC::AllocationFailureMode) const (this=0x7fff281b13d0, heap=..., context=0x0, mode=JSC::AllocationFailureMode::Assert) at DerivedSources/ForwardingHeaders/JavaScriptCore/AllocatorInlines.h:35 #44 0x00007f42968690f0 in JSC::IsoSubspace::allocateNonVirtual(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode) (this=0x7f428019a758, vm=..., size=32, deferralContext=0x0, failureMode=JSC::AllocationFailureMode::Assert) at DerivedSources/ForwardingHeaders/JavaScriptCore/IsoSubspaceInlines.h:34 #45 0x00007f4298beb628 in JSC::tryAllocateCellHelper<WebCore::JSHTMLDocument>(JSC::Heap&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode) (heap=..., size=32, deferralContext=0x0, failureMode=JSC::AllocationFailureMode::Assert) at DerivedSources/ForwardingHeaders/JavaScriptCore/JSCellInlines.h:174 #46 0x00007f4298beb513 in JSC::allocateCell<WebCore::JSHTMLDocument>(JSC::Heap&, unsigned long) (heap=..., size=32) at DerivedSources/ForwardingHeaders/JavaScriptCore/JSCellInlines.h:188 #47 0x00007f4298beb261 in WebCore::JSHTMLDocument::create(JSC::Structure*, WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::HTMLDocument, WTF::DumbPtrTraits<WebCore::HTMLDocument> >&&) (structure=0x7f423ccc19d0, globalObject=0x7f423c4ccea0, impl=...) at DerivedSources/WebCore/JSHTMLDocument.h:35 #48 0x00007f4298beb184 in _ZN7WebCore13createWrapperINS_12HTMLDocumentES1_EENSt9enable_ifIXsr3std7is_sameIT_T0_EE5valueEPNS_27JSDOMWrapperConverterTraitsIS3_E12WrapperClassEE4typeEPNS_17JSDOMGlobalObjectEON3WTF3RefIS4_NSD_13DumbPtrTraitsIS4_EEEE (globalObject=0x7f423c4ccea0, domObject=...) at ../../Source/WebCore/bindings/js/JSDOMWrapperCache.h:187 #49 0x00007f4298beaf1d in _ZN7WebCore13createWrapperINS_12HTMLDocumentENS_8DocumentEEENSt9enable_ifIXntsr3std7is_sameIT_T0_EE5valueEPNS_27JSDOMWrapperConverterTraitsIS4_E12WrapperClassEE4typeEPNS_17JSDOMGlobalObjectEON3WTF3RefIS5_NSE_13DumbPtrTraitsIS5_EEEE (globalObject=0x7f423c4ccea0, domObject=...) at ../../Source/WebCore/bindings/js/JSDOMWrapperCache.h:194 #50 0x00007f4298be9167 in WebCore::createNewDocumentWrapper(JSC::JSGlobalObject&, WebCore::JSDOMGlobalObject&, WTF::Ref<WebCore::Document, WTF::DumbPtrTraits<WebCore::Document> >&&) (lexicalGlobalObject=..., globalObject=..., passedDocument=...) at ../../Source/WebCore/bindings/js/JSDocumentCustom.cpp:40 #51 0x00007f4298be9100 in WebCore::toJSNewlyCreated(JSC::JSGlobalObject*, WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::Document, WTF::DumbPtrTraits<WebCore::Document> >&&) (lexicalGlobalObject=0x7f423c4ccea0, globalObject=0x7f423c4ccea0, document=...) at ../../Source/WebCore/bindings/js/JSDocumentCustom.cpp:86 #52 0x00007f4298be927d in WebCore::toJS(JSC::JSGlobalObject*, WebCore::JSDOMGlobalObject*, WebCore::Document&) (lexicalGlobalObject=0x7f423c4ccea0, globalObject=0x7f423c4ccea0, document=...) at ../../Source/WebCore/bindings/js/JSDocumentCustom.cpp:93 #53 0x00007f4298c07771 in WebCore::createWrapperInline(JSC::JSGlobalObject*, WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >&&) (lexicalGlobalObject=0x7f423c4ccea0, globalObject=0x7f423c4ccea0, node=...) at ../../Source/WebCore/bindings/js/JSNodeCustom.cpp:179 #54 0x00007f4298c07440 in WebCore::createWrapper(JSC::JSGlobalObject*, WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >&&) (lexicalGlobalObject=0x7f423c4ccea0, globalObject=0x7f423c4ccea0, node=...) at ../../Source/WebCore/bindings/js/JSNodeCustom.cpp:198 #55 0x00007f4296f988e1 in WebCore::toJS(JSC::JSGlobalObject*, WebCore::JSDOMGlobalObject*, WebCore::Node&) (lexicalGlobalObject=0x7f423c4ccea0, globalObject=0x7f423c4ccea0, node=...) at DerivedSources/ForwardingHeaders/WebCore/JSNodeCustom.h:64 #56 0x00007f4296f984a0 in WebCore::toJS(JSC::JSGlobalObject*, WebCore::JSDOMGlobalObject*, WebCore::Node*) (lexicalGlobalObject=0x7f423c4ccea0, globalObject=0x7f423c4ccea0, impl=0x7f423cff0bc8) at DerivedSources/ForwardingHeaders/WebCore/JSNode.h:104 #57 0x00007f4298bd3021 in WebCore::JSDOMWindowBase::updateDocument() (this=0x7f423c4ccea0) at ../../Source/WebCore/bindings/js/JSDOMWindowBase.cpp:137 #58 0x00007f4298c31313 in WebCore::ScriptController::updateDocument() (this=0x7f42801f3730) at ../../Source/WebCore/bindings/js/ScriptController.cpp:422 #59 0x00007f42990a603b in WebCore::Document::didBecomeCurrentDocumentInFrame() (this=0x7f423cff0bc8) at ../../Source/WebCore/dom/Document.cpp:2391 #60 0x00007f4299c9cc5f in WebCore::Frame::setDocument(WTF::RefPtr<WebCore::Document, WTF::DumbPtrTraits<WebCore::Document> >&&) (this=0x7f4280178000, newDocument=...) at ../../Source/WebCore/page/Frame.cpp:288 #61 0x00007f4299a7c629 in WebCore::DocumentWriter::begin(WTF::URL const&, bool, WebCore::Document*) (this=0x7f423d0bed88, urlReference=..., dispatch=false, ownerDocument=0x0) at ../../Source/WebCore/loader/DocumentWriter.cpp:165 #62 0x00007f4299a7649e in WebCore::DocumentLoader::commitData(char const*, unsigned long) (this=0x7f423d0bed00, bytes=0x7f423e3f4b80 "<!DOCTYPE html>\n<head>\n<script src=\"../../resources/js-test-pre.js\"></script>\n<script src=\"resources/common.js\"></script>\n</head>\n<body>\n<p>There are two text fields. The first one should have a valid"..., length=1332) at ../../Source/WebCore/loader/DocumentLoader.cpp:1092 #63 0x00007f42971fa36f in WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) (this=0x7f42801e93b8, loader=0x7f423d0bed00, data=0x7f423e3f4b80 "<!DOCTYPE html>\n<head>\n<script src=\"../../resources/js-test-pre.js\"></script>\n<script src=\"resources/common.js\"></script>\n</head>\n<body>\n<p>There are two text fields. The first one should have a valid"..., length=1332) at ../../Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:1143 #64 0x00007f4299a7c28a in WebCore::DocumentLoader::commitLoad(char const*, int) (this=0x7f423d0bed00, data=0x7f423e3f4b80 "<!DOCTYPE html>\n<head>\n<script src=\"../../resources/js-test-pre.js\"></script>\n<script src=\"resources/common.js\"></script>\n</head>\n<body>\n<p>There are two text fields. The first one should have a valid"..., length=1332) at ../../Source/WebCore/loader/DocumentLoader.cpp:1062 #65 0x00007f4299a7c1b7 in WebCore::DocumentLoader::dataReceived(char const*, int) (this=0x7f423d0bed00, data=0x7f423e3f4b80 "<!DOCTYPE html>\n<head>\n<script src=\"../../resources/js-test-pre.js\"></script>\n<script src=\"resources/common.js\"></script>\n</head>\n<body>\n<p>There are two text fields. The first one should have a valid"..., length=1332) at ../../Source/WebCore/loader/DocumentLoader.cpp:1212 #66 0x00007f4299a7d066 in WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int) (this=0x7f423d0bed00, resource=..., data=0x7f423e3f4b80 "<!DOCTYPE html>\n<head>\n<script src=\"../../resources/js-test-pre.js\"></script>\n<script src=\"resources/common.js\"></script>\n</head>\n<body>\n<p>There are two text fields. The first one should have a valid"..., length=1332) at ../../Source/WebCore/loader/DocumentLoader.cpp:1185 #67 0x00007f4299bb709c in WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) (this=0x7f423c691800, data=0x7f423e3f4b80 "<!DOCTYPE html>\n<head>\n<script src=\"../../resources/js-test-pre.js\"></script>\n<script src=\"resources/common.js\"></script>\n</head>\n<body>\n<p>There are two text fields. The first one should have a valid"..., length=1332) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:139 #68 0x00007f4299bb6ea9 in WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&) (this=0x7f423c691800, data=...) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:76 #69 0x00007f4299b44092 in WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer, WTF::DumbPtrTraits<WebCore::SharedBuffer> >&&, long long, WebCore::DataPayloadType) (this=0x7f42801c7500, data=0x7f423e3de018 "<!DOCTYPE html>\n<head>\n<script src=\"../../resources/js-test-pre.js\"></script>\n<script src=\"resources/common.js\"></script>\n</head>\n<body>\n<p>There are two text fields. The first one should have a valid"..., length=1332, buffer=..., encodedDataLength=1332, dataPayloadType=WebCore::DataPayloadBytes) at ../../Source/WebCore/loader/SubresourceLoader.cpp:537 #70 0x00007f4299b43de1 in WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) (this=0x7f42801c7500, data=0x7f423e3de018 "<!DOCTYPE html>\n<head>\n<script src=\"../../resources/js-test-pre.js\"></script>\n<script src=\"resources/common.js\"></script>\n</head>\n<body>\n<p>There are two text fields. The first one should have a valid"..., length=1332, encodedDataLength=1332, dataPayloadType=WebCore::DataPayloadBytes) at ../../Source/WebCore/loader/SubresourceLoader.cpp:505 #71 0x00007f42970efd71 in WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long) (this=0x7f423c6066c0, data=..., encodedDataLength=1332) at ../../Source/WebKit/WebProcess/Network/WebResourceLoader.cpp:211 #72 0x00007f4296255443 in IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long), std::tuple<IPC::DataReference, long>, 0ul, 1ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long), std::tuple<IPC::DataReference, long>&&, std::integer_sequence<unsigned long, 0ul, 1ul>) (object=0x7f423c6066c0, function=(void (WebKit::WebResourceLoader::*)(WebKit::WebResourceLoader * const, const IPC::DataReference &, long)) 0x7f42970ef9d0 <WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long)>, args=...) at ../../Source/WebKit/Platform/IPC/HandleMessage.h:41 #73 0x00007f4296255380 in IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long), std::tuple<IPC::DataReference, long>, std::integer_sequence<unsigned long, 0ul, 1ul> >(std::tuple<IPC::DataReference, long>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long)) (args=..., object=0x7f423c6066c0, function=(void (WebKit::WebResourceLoader::*)(WebKit::WebResourceLoader * const, const IPC::DataReference &, long)) 0x7f42970ef9d0 <WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long)>) at ../../Source/WebKit/Platform/IPC/HandleMessage.h:47 #74 0x00007f42962530f6 in IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long)) (decoder=..., object=0x7f423c6066c0, function=(void (WebKit::WebResourceLoader::*)(WebKit::WebResourceLoader * const, const IPC::DataReference &, long)) 0x7f42970ef9d0 <WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long)>) at ../../Source/WebKit/Platform/IPC/HandleMessage.h:120 #75 0x00007f42962529f2 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (this=0x7f423c6066c0, connection=..., decoder=...) at DerivedSources/WebKit/WebResourceLoaderMessageReceiver.cpp:61 #76 0x00007f42970c41d0 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (this=0x7f42801e9038, connection=..., decoder=...) at ../../Source/WebKit/WebProcess/Network/NetworkProcessConnection.cpp:93 #77 0x00007f42967a59af in IPC::Connection::dispatchMessage(IPC::Decoder&) (this=0x7f42801e71c0, decoder=...) at ../../Source/WebKit/Platform/IPC/Connection.cpp:1001 #78 0x00007f42967a5f2e in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (this=0x7f42801e71c0, message=std::unique_ptr<IPC::Decoder> = {...}) at ../../Source/WebKit/Platform/IPC/Connection.cpp:1070 #79 0x00007f42967a6473 in IPC::Connection::dispatchOneIncomingMessage() (this=0x7f42801e71c0) at ../../Source/WebKit/Platform/IPC/Connection.cpp:1139 #80 0x00007f42967a9e95 in IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >)::$_7::operator()() (this=0x7f42801d5168) at ../../Source/WebKit/Platform/IPC/Connection.cpp:978 #81 0x00007f42967a9e39 in WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >)::$_7, void>::call() (this=0x7f42801d5160) at DerivedSources/ForwardingHeaders/wtf/Function.h:52 #82 0x00007f4295c5d04a in WTF::Function<void ()>::operator()() const (this=0x7fff281b2a88) at DerivedSources/ForwardingHeaders/wtf/Function.h:83 #83 0x00007f42898af466 in WTF::RunLoop::performWork() (this=0x7f42801f9000) at ../../Source/WTF/wtf/RunLoop.cpp:123 #84 0x00007f4289945b3c in WTF::RunLoop::RunLoop()::$_1::operator()(void*) const (this=0x7f42801f9000, userData=0x7f42801f9000) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:80 #85 0x00007f4289945b15 in WTF::RunLoop::RunLoop()::$_1::__invoke(void*) (userData=0x7f42801f9000) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:79 #86 0x00007f4289945ac9 in WTF::RunLoop::$_0::operator()(_GSource*, int (*)(void*), void*) const (this=0xdbf8a0, source=0xdbf8a0, callback=0x7f4289945b00 <WTF::RunLoop::RunLoop()::$_1::__invoke(void*)>, userData=0x7f42801f9000) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:53 #87 0x00007f4289944bc5 in WTF::RunLoop::$_0::__invoke(_GSource*, int (*)(void*), void*) (source=0xdbf8a0, callback=0x7f4289945b00 <WTF::RunLoop::RunLoop()::$_1::__invoke(void*)>, userData=0x7f42801f9000) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:45 #88 0x00007f4282ca4c3e in g_main_dispatch (context=0xd919f0) at ../glib/gmain.c:3309 #89 0x00007f4282ca4c3e in g_main_context_dispatch (context=context@entry=0xd919f0) at ../glib/gmain.c:3974 #90 0x00007f4282ca4ff0 in g_main_context_iterate (context=0xd919f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4047 #91 0x00007f4282ca52e3 in g_main_loop_run (loop=0xdbf880) at ../glib/gmain.c:4241 #92 0x00007f42899451c1 in WTF::RunLoop::run() () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:108 #93 0x00007f42972f5a18 in WebKit::AuxiliaryProcessMain<WebKit::WebProcess, WebKit::WebProcessMainGtk>(int, char**) (argc=4, argv=0x7fff281b2ec8) at ../../Source/WebKit/Shared/AuxiliaryProcessMain.h:68 #94 0x00007f42972f462b in WebKit::WebProcessMain(int, char**) (argc=4, argv=0x7fff281b2ec8) at ../../Source/WebKit/WebProcess/gtk/WebProcessMainGtk.cpp:66 #95 0x0000000000400c96 in main(int, char**) (argc=4, argv=0x7fff281b2ec8) at ../../Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp:45 STDERR: STDERR: warning: core file may not match specified executable file. STDERR: ASSERTION FAILED: ScriptDisallowedScope::InMainThread::isEventDispatchAllowedInSubtree(childToRemove) STDERR: ../../Source/WebCore/dom/ContainerNode.cpp(132) : bool WebCore::ContainerNode::removeNodeWithScriptAssertion(WebCore::Node &, WebCore::ContainerNode::ChildChangeSource)

Fixed in r266913.