[Webkit-unassigned] [Bug 66640] New: [GTK] WebProcess crash on hitting assertion m_isWaitingForDidUpdate in DrawingAreaImpl

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Aug 21 23:03:52 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=66640

           Summary: [GTK] WebProcess crash on hitting assertion
                    m_isWaitingForDidUpdate in DrawingAreaImpl
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebKit2
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: amruthraj at motorola.com


This is a crash happening sometimes during page load with the following backtrace.

Program terminated with signal 11, Segmentation fault.
#0  0x00007f3f7dae68f0 in WebKit::DrawingAreaImpl::display (this=0xe204e0) at ../../Source/WebKit2/WebProcess/WebPage/DrawingAreaImpl.cpp:560
560        ASSERT(!m_isWaitingForDidUpdate);
(gdb) bt
#0  0x00007f3f7dae68f0 in WebKit::DrawingAreaImpl::display (this=0xe204e0) at ../../Source/WebKit2/WebProcess/WebPage/DrawingAreaImpl.cpp:560
#1  0x00007f3f7dae683e in WebKit::DrawingAreaImpl::displayTimerFired (this=0xe204e0) at ../../Source/WebKit2/WebProcess/WebPage/DrawingAreaImpl.cpp:552
#2  0x00007f3f7dae800e in Timer<WebKit::DrawingAreaImpl>::fired (this=0xe20570) at ../../Source/WebKit2/Platform/RunLoop.h:128
#3  0x00007f3f7d97602b in RunLoop::TimerBase::timerFiredCallback (timer=0xe20570) at ../../Source/WebKit2/Platform/gtk/RunLoopGtk.cpp:108
#4  0x00007f3f7a1b84eb in g_timeout_dispatch (source=0x135ff90, callback=<value optimized out>, user_data=<value optimized out>)
    at /build/buildd/glib2.0-2.28.6/./glib/gmain.c:3882
#5  0x00007f3f7a1b6bcd in g_main_dispatch (context=0xde0e60) at /build/buildd/glib2.0-2.28.6/./glib/gmain.c:2440
#6  g_main_context_dispatch (context=0xde0e60) at /build/buildd/glib2.0-2.28.6/./glib/gmain.c:3013
#7  0x00007f3f7a1b73a8 in g_main_context_iterate (context=0xde0e60, block=<value optimized out>, dispatch=1, self=<value optimized out>)
    at /build/buildd/glib2.0-2.28.6/./glib/gmain.c:3091
#8  0x00007f3f7a1b79f2 in g_main_loop_run (loop=0xddfb30) at /build/buildd/glib2.0-2.28.6/./glib/gmain.c:3299
#9  0x00007f3f7d975e0d in RunLoop::run () at ../../Source/WebKit2/Platform/gtk/RunLoopGtk.cpp:56
#10 0x00007f3f7da6d7ab in WebKit::WebProcessMainGtk (argc=2, argv=0x7fffc94b6eb8) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:71
#11 0x00000000004007e4 in main (argc=2, argv=0x7fffc94b6eb8) at ../../Source/WebKit2/gtk/MainGtk.cpp:31

The usecase(though not consistent always) to reproduce this problem a little easily is:
Load http://hp.com in MiniBrowser
While the page keeps loading, keep on doing a maximize-unmaximize the window and it crashes in between.

I see the following sequence happening which is leading to a crash:
displayTimer callback gets triggered
UpdateInfo gets created and displayTimer is stopped in DrawingAreaImpl::display
WebProcess sends an Update event to the UIProcess
The acknowledgement from UI Process hasn't been sent yet
displayTimer callback in WebProcess gets triggered again and hits the ASSERT statement.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list