Bug 272426 - Crash observed in running webxr layout test from WebCore::WebXRSession::~WebXRSession()
Summary: Crash observed in running webxr layout test from WebCore::WebXRSession::~WebX...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebXR (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2024-04-09 16:59 PDT by Ada Chan
Modified: 2024-04-25 09:33 PDT (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ada Chan 2024-04-09 16:59:56 PDT 
Crash observed in running webxr layout test from WebCore::WebXRSession::~WebXRSession()

Observed in wpe-wk2 test run from https://github.com/WebKit/WebKit/pull/26376.

Looks like a pure virtual method is called in WebXRSession destructor.

Stack trace of crash:
Thread 1 (Thread 0x7f636ce0da40 (LWP 1636)):
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007f63738a3e83 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007f6373851dce in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007f637383983f in __GI_abort () at abort.c:79
#4  0x00007f6373aace03 in __gnu_cxx::__verbose_terminate_handler() () at ../../../../libstdc++-v3/libsupc++/vterminate.cc:95
#5  0x00007f6373abfbfa in __cxxabiv1::__terminate(void (*)()) (handler=<optimized out>) at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:48
#6  0x00007f6373abfc65 in std::terminate() () at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:58
#7  0x00007f6373ac0a53 in __cxxabiv1::__cxa_pure_virtual() () at ../../../../libstdc++-v3/libsupc++/pure.cc:50
#8  0x00007f6378d24938 in WebCore::WebXRSession::~WebXRSession() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#9  0x00007f6378d25388 in WebCore::WebXRSystem::~WebXRSystem() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#10 0x00007f6378d25429 in WebCore::WebXRSystem::~WebXRSystem() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#11 0x00007f6378d1888d in WebCore::NavigatorWebXR::~NavigatorWebXR() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#12 0x00007f6379a49b16 in WebCore::Navigator::~Navigator() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#13 0x00007f6379a49c09 in WebCore::Navigator::~Navigator() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#14 0x00007f6379a2b12e in WebCore::LocalDOMWindow::~LocalDOMWindow() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#15 0x00007f6379a2b5d9 in WebCore::LocalDOMWindow::~LocalDOMWindow() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#16 0x00007f637929e216 in WebCore::Document::~Document() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#17 0x00007f637950aeac in WebCore::HTMLDocument::~HTMLDocument() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#18 0x00007f637929aef8 in WebCore::Document::removedLastRef() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#19 0x00007f63792cbae7 in WebCore::Event::~Event() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#20 0x00007f63774255d8 in void JSC::MarkedBlock::Handle::specializedSweep<true, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)1, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)1, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&) [clone .isra.0] () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#21 0x00007f6376f29ec3 in JSC::MarkedBlock::Handle::sweep(JSC::FreeList*) () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#22 0x00007f6376f10279 in JSC::IncrementalSweeper::doWork(JSC::VM&) () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#23 0x00007f63774c99bb in JSC::JSRunLoopTimer::timerDidFire() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#24 0x00007f63774e7e8c in JSC::JSRunLoopTimer::Manager::timerDidFire() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#25 0x00007f6377bc3d2c in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#26 0x00007f6377bc494f in WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#27 0x00007f6374055d36 in g_main_dispatch (context=0x55a708e46d00) at ../glib/gmain.c:3460
#28 g_main_context_dispatch (context=0x55a708e46d00) at ../glib/gmain.c:4200
#29 0x00007f63740b32b8 in g_main_context_iterate.isra.0 (context=0x55a708e46d00, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4276
#30 0x00007f63740553ff in g_main_loop_run (loop=0x55a708e46e40) at ../glib/gmain.c:4479
#31 0x00007f6377bc4ad0 in WTF::RunLoop::run() () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#32 0x00007f637640d886 in WebKit::WebProcessMain(int, char**) () at /app/webkit/WebKitBuild/WPE/Release/lib/libWPEWebKit-2.0.so.1
#33 0x00007f637383b08a in __libc_start_call_main (main=main@entry=0x55a70844d850 <main>, argc=argc@entry=4, argv=argv@entry=0x7ffc5b92c068) at ../sysdeps/nptl/libc_start_call_main.h:58
#34 0x00007f637383b14b in __libc_start_main_impl (main=0x55a70844d850 <main>, argc=4, argv=0x7ffc5b92c068, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffc5b92c058) at ../csu/libc-start.c:360
#35 0x000055a70844d785 in _start () at ../sysdeps/x86_64/start.S:115
Comment 1 Ada Chan 2024-04-09 17:02:15 PDT 
rdar://117928819
Comment 2 Vitaly Dyackhov 2024-04-25 01:51:40 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/27735
Comment 3 EWS 2024-04-25 09:33:38 PDT 
Committed 277983@main (75f9692054bd): <https://commits.webkit.org/277983@main>

Reviewed commits have been landed. Closing PR #27735 and removing active labels.