33251 – Crash during page load [WebCore::CSSStyleSelector::SelectorChecker::checkSelector]

RESOLVED INVALID 33251

Crash during page load [WebCore::CSSStyleSelector::SelectorChecker::checkSelector]

https://bugs.webkit.org/show_bug.cgi?id=33251

Summary Crash during page load [WebCore::CSSStyleSelector::SelectorChecker::checkSele...

Priit Laes (IRC: plaes)

Reported 2010-01-06 04:20:05 PST

webkit-1.1.18 epiphany-2.29.3 libsoup-2.28.2 [Thread debugging using libthread_db enabled] [New Thread 0x7f70b9930710 (LWP 24162)] [New Thread 0x7f70ba231710 (LWP 24161)] 0x00007f70cde6ebcd in __libc_waitpid (pid=31972, stat_loc=<value optimized out>, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41 in ../sysdeps/unix/sysv/linux/waitpid.c #0 0x00007f70cde6ebcd in __libc_waitpid (pid=31972, stat_loc=<value optimized out>, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41 #1 0x00007f70ce629691 in IA__g_spawn_sync (working_directory=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>, flags=<value optimized out>, child_setup=<value optimized out>, user_data=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=0x0, error=0x7fff16655338) at gspawn.c:386 #2 0x00007f70ce6299a9 in IA__g_spawn_command_line_sync (command_line=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status= 0x0, error=0x7fff16655338) at gspawn.c:700 #3 0x00007f70bcc3ed61 in run_bug_buddy (signum=<value optimized out>) at gnome-breakpad.cc:369 #4 check_if_gdb (signum=<value optimized out>) at gnome-breakpad.cc:440 #5 bugbuddy_segv_handle (signum=<value optimized out>) at gnome-breakpad.cc:223 #6 <signal handler called> #7 0x00007f70d22d1b7d in WebCore::CSSStyleSelector::SelectorChecker::checkSelector (this=0x7fff166558b0, sel=0x7f70a9182988, e=0x7f70aa8ae400, selectorAttrs=0x0, dynamicPseudo=@0x7fff1665588c, isAncestor=<value optimized out>, isSubSelector=false, elementStyle=0x0, elementParentStyle= 0x0) at WebCore/css/CSSStyleSelector.cpp:1743 #8 0x00007f70d22d21e1 in WebCore::CSSStyleSelector::SelectorChecker::checkSelector (this=0x7f70aa8ae400, sel=0x7f70a9182988, element= 0x7f70aa8ae400) at WebCore/css/CSSStyleSelector.cpp:926 #9 0x00007f70d2358e86 in WebCore::createSelectorNodeList (rootNode=0x7f70ab1bf800, querySelectorList=...) at WebCore/dom/SelectorNodeList.cpp:61 #10 0x00007f70d233b133 in WebCore::Node::querySelectorAll (this=0x7f70ab1bf800, selectors=..., ec=@0x7fff16655b6c) at WebCore/dom/Node.cpp:1706 #11 0x00007f70d293b9bd in WebCore::jsDocumentPrototypeFunctionQuerySelectorAll (exec=0x7f70b27f42e8, thisValue=..., args=<value optimized out>) at DerivedSources/JSDocument.cpp:2072 #12 0x00007f70bc6341b4 in ?? () #13 0x00007f70b27f42a0 in ?? () #14 0x0000000000000001 in ?? () #15 0x0000000000000001 in ?? () #16 0x0000000000000002 in ?? () #17 0x00007f70a939ac78 in ?? () #18 0x00007f7000000004 in ?? () #19 0x00007f7000000003 in ?? () #20 0x0000000000000010 in ?? () #21 0x0000000000000000 in ?? () Thread 3 (Thread 0x7f70ba231710 (LWP 24161)): #0 0x00007f70cdba81cd in nanosleep () at ../sysdeps/unix/syscall-template.S:82 No locals. #1 0x00007f70cdba8040 in __sleep (seconds=<value optimized out>) at ../sysdeps/unix/sysv/linux/sleep.c:138 ts = {tv_sec = 1, tv_nsec = 749671369} set = {__val = {65536, 0 <repeats 15 times>}} oset = {__val = {0, 0, 140122565130280, 140122135924080, 140122135924104, 4294967296, 2822930839, 140122467478759, 140122464014832, 140122565130640, 0, 4294967295, 0, 5, 21018040, 0}} result = 4294967295 #2 0x00007f70d21e02c7 in WTF::TCMalloc_PageHeap::scavengerThread (this=0x7f70d3154d00) at JavaScriptCore/wtf/FastMalloc.cpp:2303 No locals. #3 0x00007f70d21e0359 in WTF::TCMalloc_PageHeap::runScavengerThread (context=0x7f70ba230df0) at JavaScriptCore/wtf/FastMalloc.cpp:1433 No locals. #4 0x00007f70cde66894 in start_thread (arg=<value optimized out>) at pthread_create.c:297 __res = <value optimized out> pd = 0x7f70ba231710 unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140122135926544, -4443494587179380915, 140122467536832, 0, 140122565353472, 3, 4374399800614670157, 4374142011112509261}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <value optimized out> robust = <value optimized out> freesize = <value optimized out> __PRETTY_FUNCTION__ = "start_thread" #5 0x00007f70cdbd7f9d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 No locals. #6 0x0000000000000000 in ?? () No symbol table info available. Thread 2 (Thread 0x7f70b9930710 (LWP 24162)): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162 No locals. #1 0x00007f70d26b4a68 in WebCore::IconDatabase::syncThreadMainLoop (this=0x7f70b9948a00) at WebCore/loader/icon/IconDatabase.cpp:1412 didAnyWork = <value optimized out> #2 0x00007f70d26b5fc1 in WebCore::IconDatabase::iconDatabaseSyncThread (this=0x7f70b9948a00) at WebCore/loader/icon/IconDatabase.cpp:1030 journalFilename = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x7f70b994ef20}} #3 0x00007f70cde66894 in start_thread (arg=<value optimized out>) at pthread_create.c:297 __res = <value optimized out> pd = 0x7f70b9930710 unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140122126485264, -4443494587179380915, 140122467536832, 0, 140122565353472, 3, 4374396096742248269, 4374142011112509261}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <value optimized out> robust = <value optimized out> freesize = <value optimized out> __PRETTY_FUNCTION__ = "start_thread" #4 0x00007f70cdbd7f9d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 No locals. #5 0x0000000000000000 in ?? () No symbol table info available. Current language: auto The current source language is "auto; currently asm". Thread 1 (Thread 0x7f70d3b65780 (LWP 24160)): #0 0x00007f70cde6ebcd in __libc_waitpid (pid=31972, stat_loc=<value optimized out>, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41 _a3 = 0 _a1 = 31972 resultvar = <value optimized out> _a4 = 0 _a2 = 140733569126816 oldtype = 0 result = <value optimized out> #1 0x00007f70ce629691 in IA__g_spawn_sync (working_directory=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>, flags=<value optimized out>, child_setup=<value optimized out>, user_data=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=0x0, error=0x7fff16655338) at gspawn.c:386 outpipe = -1 errpipe = -1 pid = 31972 fds = {__fds_bits = {0, 16, 16, 0, 108161880, 140733569127224, 109468064, 108161856, 3, 0, 108161880, 140122475520813, 140733569126824, 140733569126816, 140733569126936, 0}} ret = <value optimized out> outstr = 0x0 errstr = 0x0 failed = 0 status = <value optimized out> __PRETTY_FUNCTION__ = "IA__g_spawn_sync" #2 0x00007f70ce6299a9 in IA__g_spawn_command_line_sync (command_line=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status= 0x0, error=0x7fff16655338) at gspawn.c:700 retval = 0 argv = 0x6726b40 __PRETTY_FUNCTION__ = "IA__g_spawn_command_line_sync" #3 0x00007f70bcc3ed61 in run_bug_buddy (signum=<value optimized out>) at gnome-breakpad.cc:369 res = <value optimized out> warning_file = 0x0 exec_str = 0x65d1840 "bug-buddy --appname=\"epiphany\" --pid=24160" args_str = <value optimized out> error = 0x0 #4 check_if_gdb (signum=<value optimized out>) at gnome-breakpad.cc:440 gdb = 0x65c7060 "/usr/bin/gdb" pid = 24160 mypath = 0x64fedb0 "\220R_\006" has_debug_symbols = <value optimized out> appname = 0x1c660e0 "epiphany" #5 bugbuddy_segv_handle (signum=<value optimized out>) at gnome-breakpad.cc:223 in_segv = 1 #6 <signal handler called> No symbol table info available. #7 0x00007f70d22d1b7d in WebCore::CSSStyleSelector::SelectorChecker::checkSelector (this=0x7fff166558b0, sel=0x7f70a9182988, e=0x7f70aa8ae400, selectorAttrs=0x0, dynamicPseudo=@0x7fff1665588c, isAncestor=<value optimized out>, isSubSelector=false, elementStyle=0x0, elementParentStyle= 0x0) at WebCore/css/CSSStyleSelector.cpp:1743 relation = <value optimized out> #8 0x00007f70d22d21e1 in WebCore::CSSStyleSelector::SelectorChecker::checkSelector (this=0x7f70aa8ae400, sel=0x7f70a9182988, element= 0x7f70aa8ae400) at WebCore/css/CSSStyleSelector.cpp:926 dynamicPseudo = WebCore::NOPSEUDO #9 0x00007f70d2358e86 in WebCore::createSelectorNodeList (rootNode=0x7f70ab1bf800, querySelectorList=...) at WebCore/dom/SelectorNodeList.cpp:61 selector = 0x7f70a9182988 n = 0x7f70aa8ae400 nodes = {<WTF::FastAllocBase> = {<No data fields>}, m_size = 0, m_buffer = {<WTF::VectorBufferBase<WTF::RefPtr<WebCore::Node> >> = {<WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> = {<No data fields>}, <No data fields>}, m_buffer = 0x0, m_capacity = 0}, <No data fields>}} strictParsing = <value optimized out> document = <value optimized out> onlySelector = <value optimized out> selectorChecker = {<WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> = {<No data fields>}, <No data fields>}, m_document = 0x7f70ab1bf800, m_strictParsing = true, m_collectRulesOnly = false, m_pseudoStyle = WebCore::NOPSEUDO, m_documentIsHTML = true, m_linksCheckedForVisitedState = {<WTF::FastAllocBase> = {<No data fields>}, m_impl = {static m_minTableSize = <optimized out>, static m_maxLoad = <optimized out>, static m_minLoad = <optimized out>, m_table = 0x0, m_tableSize = 0, m_tableSizeMask = 0, m_keyCount = 0, m_deletedCount = 0}}} #10 0x00007f70d233b133 in WebCore::Node::querySelectorAll (this=0x7f70ab1bf800, selectors=..., ec=@0x7fff16655b6c) at WebCore/dom/Node.cpp:1706 p = {m_strict = true, m_important = false, m_id = 0, m_styleSheet = 0x7f70aba32b40, m_rule = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x0}, m_keyframe = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x0}, m_mediaQuery = 0x0, m_valueList = 0x0, m_parsedProperties = 0x7f70ab93f400, m_selectorListForParseSelector = 0x0, m_numParsedProperties = 0, m_maxParsedProperties = 32, m_inParseShorthand = 0, m_currentShorthand = 0, m_implicitShorthand = false, m_hasFontFaceOnlyValues = false, m_hadSyntacticallyValidCSSRule = false, m_variableNames = {<WTF::FastAllocBase> = {<No data fields>}, m_size = 0, m_buffer = {<WTF::VectorBufferBase<WebCore::String>> = {<WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> = {<No data fields>}, <No data fields>}, m_buffer = 0x0, m_capacity = 0}, <No data fields>}}, m_variableValues = {<WTF::FastAllocBase> = {<No data fields>}, m_size = 0, m_buffer = {<WTF::VectorBufferBase<WTF::RefPtr<WebCore::CSSValue> >> = {<WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> = {<No data fields>}, <No data fields>}, m_buffer = 0x0, m_capacity = 0}, <No data fields>}}, m_defaultNamespace = {m_string = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x7f70b9931258}}}, m_data = 0x7f70ab890960, yytext = 0x7f70ab8909ac, yy_c_buf_p = 0x7f70ab8909ac, yy_hold_char = 0, yy_last_accepting_state = 7, yy_last_accepting_cpos = 0x7f70ab8909ae, yyleng = 1, yyTok = 0, yy_start = 1, m_allowImportRules = true, m_allowVariablesRules = true, m_allowNamespaceDeclarations = true, m_parsedStyleObjects = {<WTF::FastAllocBase> = {<No data fields>}, m_size = 0, m_buffer = {<WTF::VectorBufferBase<WTF::RefPtr<WebCore::StyleBase> >> = {<WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> = {<No data fields>}, <No data fields>}, m_buffer = 0x0, m_capacity = 0}, <No data fields>}}, m_parsedRuleLists = {<WTF::FastAllocBase> = {<No data fields>}, m_size = 0, m_buffer = {<WTF::VectorBufferBase<WTF::RefPtr<WebCore::CSSRuleList> >> = {<WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> = {<No data fields>}, <No data fields>}, m_buffer = 0x0, m_capacity = 0}, <No data fields>}}, m_floatingSelectors = {<WTF::FastAllocBase> = {<No data fields>}, m_impl = {static m_minTableSize = <optimized out>, static m_maxLoad = <optimized out>, static m_minLoad = <optimized out>, m_table = 0x7f70ab90dc00, m_tableSize = 64, m_tableSizeMask = 63, m_keyCount = 0, m_deletedCount = 2}}, m_floatingValueLists = {<WTF::FastAllocBase> = {<No data fields>}, m_impl = {static m_minTableSize = <optimized out>, static m_maxLoad = <optimized out>, static m_minLoad = <optimized out>, m_table = 0x0, m_tableSize = 0, m_tableSizeMask = 0, m_keyCount = 0, m_deletedCount = 0}}, m_floatingFunctions = {<WTF::FastAllocBase> = {<No data fields>}, m_impl = {static m_minTableSize = <optimized out>, static m_maxLoad = <optimized out>, static m_minLoad = <optimized out>, m_table = 0x0, m_tableSize = 0, m_tableSizeMask = 0, m_keyCount = 0, m_deletedCount = 0}}, m_floatingMediaQuery = 0x0, m_floatingMediaQueryExp = 0x0, m_floatingMediaQueryExpList = 0x0, m_reusableSelectorVector = {<WTF::FastAllocBase> = {<No data fields>}, m_size = 0, m_buffer = {<WTF::VectorBufferBase<WebCore::CSSSelector*>> = {<WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> = {<No data fields>}, <No data fields>}, m_buffer = 0x7f70abaecb80, m_capacity = 16}, <No data fields>}}} querySelectorList = {<WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> = {<No data fields>}, <No data fields>}, m_selectorArray = 0x7f70a9182988} #11 0x00007f70d293b9bd in WebCore::jsDocumentPrototypeFunctionQuerySelectorAll (exec=0x7f70b27f42e8, thisValue=..., args=<value optimized out>) at DerivedSources/JSDocument.cpp:2072 ec = 0 #12 0x00007f70bc6341b4 in ?? () No symbol table info available. #13 0x00007f70b27f42a0 in ?? () No symbol table info available. #14 0x0000000000000001 in ?? () No symbol table info available. #15 0x0000000000000001 in ?? () No symbol table info available. #16 0x0000000000000002 in ?? () No symbol table info available. #17 0x00007f70a939ac78 in ?? () No symbol table info available. #18 0x00007f7000000004 in ?? () No symbol table info available. #19 0x00007f7000000003 in ?? () No symbol table info available. #20 0x0000000000000010 in ?? () No symbol table info available. #21 0x0000000000000000 in ?? () No symbol table info available. Current language: auto The current source language is "auto; currently c". A debugging session is active. Inferior 1 [process 24160] will be detached. Quit anyway? (y or n) [answered Y; input not from terminal] ----------- .xsession-errors (215023 sec old) --------------------- ** (epiphany:3374): DEBUG: 0x246c6e0: "NameOwnerChanged old-owner '' new-owner ':1.211'" ** (epiphany:3374): DEBUG: 0x246c6e0: "Viewer now connected to the bus" ** (epiphany:3374): DEBUG: 0x246c6e0: "ViewerSetup" ** (epiphany:3374): DEBUG: 0x246c6e0: "Calling SetWindow" Viewer: SetWindow XID 54031765 size 600:416 TotemEmbedded-Message: AFTER _open (ret: 1) TotemEmbedded-Message: Viewer state: PLAYING TotemEmbedded-Message: Viewer state: STOPPED ** (epiphany:3374): DEBUG: OpenStream reply ** (epiphany:3374): DEBUG: SetWindow reply ** (epiphany:3374): DEBUG: 0x246c6e0: "ViewerReady" ** (epiphany:3374): DEBUG: 0x246c6e0: "Stream requested (force viewer: 0)" ** (epiphany:3374): DEBUG: 0x246c6e0: "IsSchemeSupported scheme 'http': yes" ...Too much output, ignoring rest... --------------------------------------------------

Attachments
Add attachment proposed patch, testcase, etc.

Priit Laes (IRC: plaes)

Comment 1 2011-01-14 10:57:09 PST

Closing hard-to-reproduce crasher bugs that are over year old..

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution INVALID

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS OS X 10.5

Product WebKit

Component WebKitGTK

Assignee

Nobody

Reported

2010-01-06 04:20 PST

Modified

2011-01-14 10:57 PST History

CC List

1 user Show

URL

Keywords

Depends on

Blocks