WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
264382
WTFCrash in ~CanMakeCheckedPtrBase of ~EventTarget
https://bugs.webkit.org/show_bug.cgi?id=264382
Summary
WTFCrash in ~CanMakeCheckedPtrBase of ~EventTarget
Fujii Hironori
Reported
2023-11-07 21:14:17 PST
Created
attachment 468510
[details]
page-cache-iframe-provisional-load-crash-log.txt Today, I observed a crash for running layout tests with Windows Release builds of
270344@main
. This is the second time I observed this crash for running layout tests. I don't know how to reproduce this crash. Regressions: Unexpected crashes (1) http/tests/navigation/page-cache-iframe-provisional-load.html [ Crash ] # Child-SP RetAddr Call Site 00 00000018`1915e8d0 00007ffc`5c10a21d WTF!WTFCrash(void)+0xe [C:\webkit\Source\WTF\wtf\Assertions.cpp @ 333] 01 00000018`1915e900 00007ffc`5d013c8c WebCore!WTFCrashWithInfo(void)+0x1d [C:\webkit\WebKitBuild\Release\WTF\Headers\wtf\Assertions.h @ 778] 02 (Inline Function) --------`-------- WebCore!WTF::CanMakeCheckedPtrBase<WTF::SingleThreadIntegralWrapper<unsigned int>,unsigned int>::~CanMakeCheckedPtrBase(void)+0xab [C:\webkit\WebKitBuild\Release\WTF\Headers\wtf\CheckedRef.h @ 325] 03 00000018`1915e940 00007ffc`5d264480 WebCore!WebCore::EventTarget::~EventTarget(void)+0x11c [C:\webkit\Source\WebCore\dom\EventTarget.cpp @ 77] 04 00000018`1915e980 00007ffc`5d0340ff WebCore!WebCore::TextDocument::~TextDocument(int should_call_delete = 0n1)+0x10 [C:\webkit\Source\WebCore\html\TextDocument.h @ 31] 05 (Inline Function) --------`-------- WebCore!WebCore::Document::decrementReferencingNodeCount(void)+0x23 [C:\webkit\Source\WebCore\dom\Document.h @ 431] 06 00000018`1915e9c0 00007ffc`5cfe5fff WebCore!WebCore::Node::~Node(void)+0xcf [C:\webkit\Source\WebCore\dom\Node.cpp @ 453] 07 00000018`1915ea00 00007ffc`5d1d29b0 WebCore!WebCore::Element::~Element(void)+0x13f [C:\webkit\Source\WebCore\dom\Element.cpp @ 277] 08 00000018`1915ea50 00007ffc`5d2bddc4 WebCore!WebCore::HTMLHeadElement::~HTMLHeadElement(int should_call_delete = 0n1)+0x10 [C:\webkit\Source\WebCore\html\HTMLHeadElement.h @ 30] 09 (Inline Function) --------`-------- WebCore!WebCore::Node::deref(void)+0x12 [C:\webkit\Source\WebCore\dom\Node.h @ 822] 0a (Inline Function) --------`-------- WebCore!WTF::DefaultRefDerefTraits<WebCore::ContainerNode>::derefIfNotNull(class WebCore::ContainerNode * ptr = <Value unavailable error>)+0x17 [C:\webkit\WebKitBuild\Release\WTF\Headers\wtf\RefPtr.h @ 43] 0b (Inline Function) --------`-------- WebCore!WTF::RefPtr<WebCore::ContainerNode,WTF::RawPtrTraits<WebCore::ContainerNode>,WTF::DefaultRefDerefTraits<WebCore::ContainerNode> >::~RefPtr(void)+0x23 [C:\webkit\WebKitBuild\Release\WTF\Headers\wtf\RefPtr.h @ 75] 0c (Inline Function) --------`-------- WebCore!WebCore::HTMLStackItem::~HTMLStackItem(void)+0x2c [C:\webkit\Source\WebCore\html\parser\HTMLStackItem.h @ 38] 0d 00000018`1915ea90 00007ffc`5d2c80fe WebCore!WebCore::HTMLConstructionSite::~HTMLConstructionSite(void)+0x84 [C:\webkit\Source\WebCore\html\parser\HTMLConstructionSite.cpp @ 280] 0e 00000018`1915ead0 00007ffc`5d2c2a6e WebCore!WebCore::HTMLTreeBuilder::~HTMLTreeBuilder(void)+0xce [C:\webkit\Source\WebCore\html\parser\HTMLTreeBuilder.h @ 238] 0f (Inline Function) --------`-------- WebCore!std::default_delete<WebCore::HTMLTreeBuilder>::operator()(class WebCore::HTMLTreeBuilder * _Ptr = 0x0000018d`f7d9e2a0)+0x8 [C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\memory @ 3180] 10 (Inline Function) --------`-------- WebCore!std::unique_ptr<WebCore::HTMLTreeBuilder,std::default_delete<WebCore::HTMLTreeBuilder> >::~unique_ptr(void)+0x14 [C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\memory @ 3290] 11 00000018`1915eb10 00007ffc`5d2ecee0 WebCore!WebCore::HTMLDocumentParser::~HTMLDocumentParser(void)+0xee [C:\webkit\Source\WebCore\html\parser\HTMLDocumentParser.cpp @ 96] 12 00000018`1915eb50 00007ffc`5d452e30 WebCore!WebCore::TextDocumentParser::~TextDocumentParser(int should_call_delete = 0n1)+0x10 [C:\webkit\Source\WebCore\html\parser\TextDocumentParser.h @ 31] 13 (Inline Function) --------`-------- WebCore!std::default_delete<WebCore::DocumentParser>::operator()(class WebCore::DocumentParser * _Ptr = <Value unavailable error>)+0xa [C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\memory @ 3180] 14 (Inline Function) --------`-------- WebCore!WTF::RefCounted<WebCore::DocumentParser,std::default_delete<WebCore::DocumentParser> >::deref(void)+0x16 [C:\webkit\WebKitBuild\Release\WTF\Headers\wtf\RefCounted.h @ 190] 15 (Inline Function) --------`-------- WebCore!WTF::DefaultRefDerefTraits<WebCore::DocumentParser>::derefIfNotNull(class WebCore::DocumentParser * ptr = <Value unavailable error>)+0x1b [C:\webkit\WebKitBuild\Release\WTF\Headers\wtf\RefPtr.h @ 43] 16 (Inline Function) --------`-------- WebCore!WTF::RefPtr<WebCore::DocumentParser,WTF::RawPtrTraits<WebCore::DocumentParser>,WTF::DefaultRefDerefTraits<WebCore::DocumentParser> >::~RefPtr(void)+0x27 [C:\webkit\WebKitBuild\Release\WTF\Headers\wtf\RefPtr.h @ 75] 17 00000018`1915eb90 00007ffc`5d452a4d WebCore!WebCore::DocumentWriter::~DocumentWriter(void)+0x30 [C:\webkit\Source\WebCore\loader\DocumentWriter.h @ 44] 18 00000018`1915ebd0 00007ffc`652ba7c1 WebCore!WebCore::DocumentLoader::~DocumentLoader(void)+0xc2d [C:\webkit\Source\WebCore\loader\DocumentLoader.cpp @ 222] 19 00000018`1915ec30 00007ffc`5d186a21 WebKit2!WebKit::WebDocumentLoader::~WebDocumentLoader(int should_call_delete = 0n1)+0x11 [C:\webkit\Source\WebKit\WebProcess\WebPage\WebDocumentLoader.h @ 33] 1a (Inline Function) --------`-------- WebCore!std::default_delete<WebCore::DocumentLoader>::operator()(class WebCore::DocumentLoader * _Ptr = <Value unavailable error>)+0xb [C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\memory @ 3180] 1b (Inline Function) --------`-------- WebCore!WTF::RefCounted<WebCore::DocumentLoader,std::default_delete<WebCore::DocumentLoader> >::deref(void)+0x17 [C:\webkit\WebKitBuild\Release\WTF\Headers\wtf\RefCounted.h @ 190] 1c (Inline Function) --------`-------- WebCore!WTF::DefaultRefDerefTraits<WebCore::DocumentLoader>::derefIfNotNull(class WebCore::DocumentLoader * ptr = <Value unavailable error>)+0x1c [C:\webkit\WebKitBuild\Release\WTF\Headers\wtf\RefPtr.h @ 43] 1d (Inline Function) --------`-------- WebCore!WTF::RefPtr<WebCore::DocumentLoader,WTF::RawPtrTraits<WebCore::DocumentLoader>,WTF::DefaultRefDerefTraits<WebCore::DocumentLoader> >::~RefPtr(void)+0x28 [C:\webkit\WebKitBuild\Release\WTF\Headers\wtf\RefPtr.h @ 75] 1e 00000018`1915ec70 00007ffc`5d18695a WebCore!WebCore::CachedFrameBase::~CachedFrameBase(void)+0x111 [C:\webkit\Source\WebCore\history\CachedFrame.cpp @ 76] 1f (Inline Function) --------`-------- WebCore!std::default_delete<WebCore::CachedFrame>::operator()(class WebCore::CachedFrame * _Ptr = 0x0000018d`f7c5a010)+0x8 [C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\memory @ 3180] 20 (Inline Function) --------`-------- WebCore!std::unique_ptr<WebCore::CachedFrame,std::default_delete<WebCore::CachedFrame> >::~unique_ptr(void)+0x11 [C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\memory @ 3290] 21 (Inline Function) --------`-------- WebCore!WTF::UniqueRef<WebCore::CachedFrame>::~UniqueRef(void)+0x11 [C:\webkit\WebKitBuild\Release\WTF\Headers\wtf\UniqueRef.h @ 57] 22 (Inline Function) --------`-------- WebCore!WTF::VectorDestructor<1,WTF::UniqueRef<WebCore::CachedFrame> >::destruct(class WTF::UniqueRef<WebCore::CachedFrame> * begin = 0x0000018d`f42ad2c0, class WTF::UniqueRef<WebCore::CachedFrame> * end = <Value unavailable error>)+0x2d [C:\webkit\WebKitBuild\Release\WTF\Headers\wtf\Vector.h @ 70] 23 (Inline Function) --------`-------- WebCore!WTF::VectorTypeOperations<WTF::UniqueRef<WebCore::CachedFrame> >::destruct(class WTF::UniqueRef<WebCore::CachedFrame> * begin = 0x0000018d`f42ad2c0, class WTF::UniqueRef<WebCore::CachedFrame> * end = <Value unavailable error>)+0x2d [C:\webkit\WebKitBuild\Release\WTF\Headers\wtf\Vector.h @ 253] 24 (Inline Function) --------`-------- WebCore!WTF::Vector<WTF::UniqueRef<WebCore::CachedFrame>,0,WTF::CrashOnOverflow,16,WTF::FastMalloc>::~Vector(void)+0x3a [C:\webkit\WebKitBuild\Release\WTF\Headers\wtf\Vector.h @ 766] 25 00000018`1915ecd0 00007ffc`5d183be7 WebCore!WebCore::CachedFrameBase::~CachedFrameBase(void)+0x4a [C:\webkit\Source\WebCore\history\CachedFrame.cpp @ 76] 26 (Inline Function) --------`-------- WebCore!std::default_delete<WebCore::CachedFrame>::operator()(class WebCore::CachedFrame * _Ptr = 0x0000018d`f7c59670)+0x8 [C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\memory @ 3180] 27 (Inline Function) --------`-------- WebCore!std::unique_ptr<WebCore::CachedFrame,std::default_delete<WebCore::CachedFrame> >::~unique_ptr(void)+0x11 [C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\memory @ 3290] 28 00000018`1915ed30 00007ffc`5d182552 WebCore!WebCore::CachedPage::~CachedPage(void)+0x97 [C:\webkit\Source\WebCore\history\CachedPage.cpp @ 80] 29 (Inline Function) --------`-------- WebCore!std::default_delete<WebCore::CachedPage>::operator()(class WebCore::CachedPage * _Ptr = 0x0000018d`f430c560)+0x8 [C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\memory @ 3180] 2a (Inline Function) --------`-------- WebCore!std::unique_ptr<WebCore::CachedPage,std::default_delete<WebCore::CachedPage> >::reset(class WebCore::CachedPage * _Ptr = <Value unavailable error>)+0x18 [C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\memory @ 3325] 2b (Inline Function) --------`-------- WebCore!std::unique_ptr<WebCore::CachedPage,std::default_delete<WebCore::CachedPage> >::operator=(class std::unique_ptr<WebCore::CachedPage,std::default_delete<WebCore::CachedPage> > * _Right = <Value unavailable error>)+0x18 [C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\memory @ 3277] 2c (Inline Function) --------`-------- WebCore!WebCore::HistoryItem::setCachedPage(class std::unique_ptr<WebCore::CachedPage,std::default_delete<WebCore::CachedPage> > * cachedPage = <Value unavailable error>)+0x1f [C:\webkit\Source\WebCore\history\HistoryItem.cpp @ 155] 2d 00000018`1915ed80 00007ffc`65155ddb WebCore!WebCore::BackForwardCache::remove(class WebCore::HistoryItem * item = 0x0000018d`b01cbba0)+0x102 [C:\webkit\Source\WebCore\history\BackForwardCache.cpp @ 599] 2e 00000018`1915edd0 00007ffc`64d416f6 WebKit2!WebKit::WebProcess::clearCachedPage(class WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::BackForwardItemIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> > * backForwardItemID = <Value unavailable error>, class WTF::CompletionHandler<void ()> * completionHandler = 0x00000018`1915ee70)+0x2b [C:\webkit\Source\WebKit\WebProcess\WebProcess.cpp @ 1998] 2f (Inline Function) --------`-------- WebKit2!IPC::callMemberFunction<WebKit::WebProcess,WebKit::WebProcess,void (class WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::BackForwardItemIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> > * args = <Value unavailable error>)+0x20 [C:\webkit\Source\WebKit\Platform\IPC\HandleMessage.h @ 147] 30 (Inline Function) --------`-------- WebKit2!std::invoke(class IPC::callMemberFunction<WebKit::WebProcess,WebKit::WebProcess,void (WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::BackForwardItemIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >, WTF::CompletionHandler<void ()> &&),std::tuple<WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::BackForwardItemIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> > >,void ()>::<lambda_1> * _Obj = <Value unavailable error>, class WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::BackForwardItemIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> > * _Arg1 = <Value unavailable error>)+0x20 [C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\type_traits @ 1762] 31 (Inline Function) --------`-------- WebKit2!std::_Apply_impl(class IPC::callMemberFunction<WebKit::WebProcess,WebKit::WebProcess,void (WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::BackForwardItemIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >, WTF::CompletionHandler<void ()> &&),std::tuple<WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::BackForwardItemIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> > >,void ()>::<lambda_1> * _Obj = <Value unavailable error>, class std::tuple<WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::BackForwardItemIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> > > * _Tpl = <Value unavailable error>)+0x20 [C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\tuple @ 1079] 32 (Inline Function) --------`-------- WebKit2!std::apply(class IPC::callMemberFunction<WebKit::WebProcess,WebKit::WebProcess,void (WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::BackForwardItemIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> >, WTF::CompletionHandler<void ()> &&),std::tuple<WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::BackForwardItemIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> > >,void ()>::<lambda_1> * _Obj = <Value unavailable error>, class std::tuple<WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::BackForwardItemIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> > > * _Tpl = <Value unavailable error>)+0x20 [C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include\tuple @ 1090] 33 (Inline Function) --------`-------- WebKit2!IPC::callMemberFunction(class WebKit::WebProcess * object = <Value unavailable error>, <function> * function = 0x00000000`00000000, class std::tuple<WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::BackForwardItemIdentifierType,WTF::ObjectIdentifierMainThreadAccessTraits> > > * tuple = <Value unavailable error>, class WTF::CompletionHandler<void ()> * completionHandler = <Value unavailable error>)+0x20 [C:\webkit\Source\WebKit\Platform\IPC\HandleMessage.h @ 145] 34 00000018`1915ee10 00007ffc`64d3e421 WebKit2!IPC::handleMessageAsync<Messages::WebProcess::ClearCachedPage,WebKit::WebProcess,WebKit::WebProcess,void (class IPC::Connection * connection = 0x0000018d`b01e9d00, class IPC::Decoder * decoder = <Value unavailable error>, class WebKit::WebProcess * object = <Value unavailable error>, <function> * function = 0x00000000`00000000)+0xd6 [C:\webkit\Source\WebKit\Platform\IPC\HandleMessage.h @ 334] 35 00000018`1915eec0 00007ffc`64ff9e2f WebKit2!WebKit::WebProcess::didReceiveWebProcessMessage(class IPC::Connection * connection = <Value unavailable error>, class IPC::Decoder * decoder = 0x0000018d`f422d170)+0xc1 [C:\webkit\WebKitBuild\Release\WebKit\DerivedSources\WebProcessMessageReceiver.cpp @ 290] 36 00000018`1915f640 00007ffc`64ff9fcc WebKit2!IPC::Connection::dispatchMessage(class std::unique_ptr<IPC::Decoder,std::default_delete<IPC::Decoder> > message = unique_ptr {...})+0xff [C:\webkit\Source\WebKit\Platform\IPC\Connection.cpp @ 1280] 37 00000018`1915f690 00007ffc`6eae018e WebKit2!IPC::Connection::dispatchOneIncomingMessage(void)+0xec [C:\webkit\Source\WebKit\Platform\IPC\Connection.cpp @ 1344] 38 (Inline Function) --------`-------- WTF!WTF::Function<void (void)+0x9 [C:\webkit\Source\WTF\wtf\Function.h @ 82] 39 00000018`1915f6f0 00007ffc`6eb45e18 WTF!WTF::RunLoop::performWork(void)+0x19e [C:\webkit\Source\WTF\wtf\RunLoop.cpp @ 148] 3a (Inline Function) --------`-------- WTF!WTF::RunLoop::wndProc(struct HWND__ * hWnd = 0x00000000`001d343a, unsigned int message = 0x401, unsigned int64 wParam = 0x0000018d`b01beb60, int64 lParam = 0n0)+0x18 [C:\webkit\Source\WTF\wtf\win\RunLoopWin.cpp @ 56] 3b 00000018`1915f740 00007ffc`e547e858 WTF!WTF::RunLoop::RunLoopWndProc(struct HWND__ * hWnd = 0x00000000`001d343a, unsigned int message = 0x401, unsigned int64 wParam = 0x0000018d`b01beb60, int64 lParam = 0n0)+0x38 [C:\webkit\Source\WTF\wtf\win\RunLoopWin.cpp @ 39] 3c 00000018`1915f790 00007ffc`e547e299 USER32!UserCallWinProcCheckWow+0x2f8 3d 00000018`1915f920 00007ffc`6eb45f8f USER32!DispatchMessageWorker+0x249 3e 00000018`1915f9a0 00007ffc`64c4d0fd WTF!WTF::RunLoop::run(void)+0x5f [C:\webkit\Source\WTF\wtf\win\RunLoopWin.cpp @ 73] 3f (Inline Function) --------`-------- WebKit2!WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess,1>::run(int argc = <Value unavailable error>, char ** argv = <Value unavailable error>)+0x59 [C:\webkit\Source\WebKit\Shared\AuxiliaryProcessMain.h @ 72] 40 00000018`1915fa20 00007ff7`b2c2100a WebKit2!WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainWin>(int argc = 0n8, char ** argv = <Value unavailable error>)+0xad [C:\webkit\Source\WebKit\Shared\AuxiliaryProcessMain.h @ 98] 41 00000018`1915fab0 00007ff7`b2c213bc WebKitWebProcess!main(int argc = <Value unavailable error>, char ** argv = <Value unavailable error>)+0xa [C:\webkit\Source\WebKit\WebProcess\EntryPoint\win\WebProcessMain.cpp @ 35] 42 (Inline Function) --------`-------- WebKitWebProcess!invoke_main(void)+0x22 [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 78] 43 00000018`1915fae0 00007ffc`e44b7344 WebKitWebProcess!__scrt_common_main_seh(void)+0x10c [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 288] 44 00000018`1915fb20 00007ffc`e5f026b1 KERNEL32!BaseThreadInitThunk+0x14 45 00000018`1915fb50 00000000`00000000 ntdll!RtlUserThreadStart+0x21
268146@main
made EventTarget a subclass of CanMakeCheckedPtr.
Attachments
page-cache-iframe-provisional-load-crash-log.txt
(148.89 KB, text/plain)
2023-11-07 21:14 PST
,
Fujii Hironori
no flags
Details
debugging patch
(1.17 KB, patch)
2023-11-15 18:05 PST
,
Fujii Hironori
no flags
Details
Formatted Diff
Diff
crash log with the debugging patch comment#5
(145.50 KB, text/plain)
2023-11-15 18:06 PST
,
Fujii Hironori
no flags
Details
WIP patch
(1.85 KB, patch)
2023-11-15 19:28 PST
,
Fujii Hironori
no flags
Details
Formatted Diff
Diff
WIP patch
(877 bytes, patch)
2023-11-15 19:35 PST
,
Fujii Hironori
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Chris Dumez
Comment 1
2023-11-07 21:20:22 PST
Can you reproduce the crash? If so, it would be helpful to set CHECKED_POINTER_DEBUG to 1 in CheckedRef.h and rebuild. It will print out on stderr which CheckedPtr/CheckedRef to the object are still live, before crashing. Otherwise, it is not super actionable.
Fujii Hironori
Comment 2
2023-11-07 23:19:01 PST
I'm keeping trying, but no luch so far.
Radar WebKit Bug Importer
Comment 3
2023-11-14 21:15:14 PST
<
rdar://problem/118435976
>
Fujii Hironori
Comment 4
2023-11-15 13:24:03 PST
I conclude that this is not reproducible with CHECKED_POINTER_DEBUG=1. But, it's easy to reproduce this crash without CHECKED_POINTER_DEBUG=1 on my PC.
> python .\Tools\Scripts\run-webkit-tests --release --no-retry --iter=100 -f http/tests/navigation/page-cache-iframe-provisional-load.html
Fujii Hironori
Comment 5
2023-11-15 18:05:06 PST
Created
attachment 468612
[details]
debugging patch
Fujii Hironori
Comment 6
2023-11-15 18:06:43 PST
Created
attachment 468613
[details]
crash log with the debugging patch
comment#5
Chris Dumez
Comment 7
2023-11-15 18:49:15 PST
(In reply to Fujii Hironori from
comment #6
)
> Created
attachment 468613
[details]
> crash log with the debugging log
Is this with `CHECKED_POINTER_DEBUG=1`, I don't see the allocation traces of the remaining CheckedPtrs / CheckedRefs like I would expect.
Fujii Hironori
Comment 8
2023-11-15 19:28:41 PST
Created
attachment 468614
[details]
WIP patch Partially reverting
268278@main
(
bug#261589
) fixes the crash. I need to revert both CheckedRef (m_document and m_attachmentRoot).
Fujii Hironori
Comment 9
2023-11-15 19:35:18 PST
Created
attachment 468615
[details]
WIP patch destorying m_head after destorying m_document and m_attachmentRoot also fixed the crash.
Fujii Hironori
Comment 10
2023-11-15 20:06:29 PST
Pull request:
https://github.com/WebKit/WebKit/pull/20581
EWS
Comment 11
2023-11-16 00:04:38 PST
Committed
270813@main
(b43c0f571e0a): <
https://commits.webkit.org/270813@main
> Reviewed commits have been landed. Closing PR #20581 and removing active labels.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug