[Webkit-unassigned] [Bug 124964] [GTK] GTK+2 crash on www.jolla.com

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Nov 28 09:46:07 PST 2013 

https://bugs.webkit.org/show_bug.cgi?id=124964


Andres Gomez Garcia <agomez at igalia.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |agomez at igalia.com




--- Comment #1 from Andres Gomez Garcia <agomez at igalia.com>  2013-11-28 09:44:33 PST ---
Compiled 2.2.2 in a Debian Testing:

Release build spits an uninformative SIGTRAP with a similar traceback or even emptier when the page is finishing loading.

Debug build crashes in an ASSERT, but just when starting to scroll down.

This is the backtrace:

ASSERTION FAILED: m_repaintRect == renderer().clippedOverflowRectForRepaint(renderer().containerForRepaint())
../../Source/WebCore/rendering/RenderLayer.cpp(797) : void WebCore::RenderLayer::updateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, WebCore::RenderLayer::UpdateLayerPositionsAfterScrollFlags)
1   0x7ffff2e3971e /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libjavascriptcoregtk-3.0.so.0(WTFCrash+0x1e) [0x7ffff2e3971e]
2   0x7ffff46fab0a /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x10f0b0a) [0x7ffff46fab0a]
3   0x7ffff46fabb8 /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x10f0bb8) [0x7ffff46fabb8]
4   0x7ffff46fabb8 /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x10f0bb8) [0x7ffff46fabb8]
5   0x7ffff46fabb8 /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x10f0bb8) [0x7ffff46fabb8]
6   0x7ffff46fa876 /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x10f0876) [0x7ffff46fa876]
7   0x7ffff455367e /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0xf4967e) [0x7ffff455367e]
8   0x7ffff4cae64e /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x16a464e) [0x7ffff4cae64e]
9   0x7ffff4556e70 /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0xf4ce70) [0x7ffff4556e70]
10  0x7ffff4cae5ae /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x16a45ae) [0x7ffff4cae5ae]
11  0x7ffff4caa111 /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x16a0111) [0x7ffff4caa111]
12  0x7ffff4caa409 /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x16a0409) [0x7ffff4caa409]
13  0x7ffff4cba819 /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x16b0819) [0x7ffff4cba819]
14  0x7ffff4cba1ee /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x16b01ee) [0x7ffff4cba1ee]
15  0x7ffff4ca9f6a /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x169ff6a) [0x7ffff4ca9f6a]
16  0x7ffff4cafdf7 /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x16a5df7) [0x7ffff4cafdf7]
17  0x7ffff4cadfc1 /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x16a3fc1) [0x7ffff4cadfc1]
18  0x7ffff454ea36 /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0xf44a36) [0x7ffff454ea36]
19  0x7ffff454ec27 /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0xf44c27) [0x7ffff454ec27]
20  0x7ffff4550b10 /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0xf46b10) [0x7ffff4550b10]
21  0x7ffff3fada18 /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x9a3a18) [0x7ffff3fada18]
22  0x7ffff3fadae9 /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(_ZN7WebCore8Document36updateLayoutIgnorePendingStylesheetsEv+0xcf) [0x7ffff3fadae9]
23  0x7ffff4518af8 /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0xf0eaf8) [0x7ffff4518af8]
24  0x7ffff49da5ea /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x13d05ea) [0x7ffff49da5ea]
25  0x7ffff49ab7da /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libwebkitgtk-3.0.so.0(+0x13a17da) [0x7ffff49ab7da]
26  0x7ffff29dc2a8 /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libjavascriptcoregtk-3.0.so.0(_ZNK3JSC12PropertySlot8getValueEPNS_9ExecStateENS_12PropertyNameE+0xe2) [0x7ffff29dc2a8]
27  0x7ffff2b5eac7 /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libjavascriptcoregtk-3.0.so.0(_ZNK3JSC7JSValue3getEPNS_9ExecStateENS_12PropertyNameERNS_12PropertySlotE+0xf5) [0x7ffff2b5eac7]
28  0x7ffff2b562af /home/tanty/webkit-stable/WebKit.git/WebKitBuild/Debug/.libs/libjavascriptcoregtk-3.0.so.0(+0x7ff2af) [0x7ffff2b562af]
29  0x7fffa39267d7 [0x7fffa39267d7]

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff2e39723 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:342
342         *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff2e39723 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:342
#1  0x00007ffff46fab0a in WebCore::RenderLayer::updateLayerPositionsAfterScroll (this=0xd2ac18, geometryMap=0x7fffffffb270, flags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:797
#2  0x00007ffff46fabb8 in WebCore::RenderLayer::updateLayerPositionsAfterScroll (this=0xb58538, geometryMap=0x7fffffffb270, flags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:802
#3  0x00007ffff46fabb8 in WebCore::RenderLayer::updateLayerPositionsAfterScroll (this=0x84f2e8, geometryMap=0x7fffffffb270, flags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:802
#4  0x00007ffff46fabb8 in WebCore::RenderLayer::updateLayerPositionsAfterScroll (this=0x879588, geometryMap=0x7fffffffb270, flags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:802
#5  0x00007ffff46fa876 in WebCore::RenderLayer::updateLayerPositionsAfterDocumentScroll (this=0x879588) at ../../Source/WebCore/rendering/RenderLayer.cpp:749
#6  0x00007ffff455367e in WebCore::FrameView::repaintFixedElementsAfterScrolling (this=0x84c900) at ../../Source/WebCore/page/FrameView.cpp:2000
#7  0x00007ffff4cae64e in WebCore::ScrollView::scrollTo (this=0x84c900, newOffset=...) at ../../Source/WebCore/platform/ScrollView.cpp:397
#8  0x00007ffff4556e70 in WebCore::FrameView::scrollTo (this=0x84c900, newOffset=...) at ../../Source/WebCore/page/FrameView.cpp:3050
#9  0x00007ffff4cae5ae in WebCore::ScrollView::setScrollOffset (this=0x84c900, offset=...) at ../../Source/WebCore/platform/ScrollView.cpp:378
#10 0x00007ffff4caa111 in WebCore::ScrollableArea::scrollPositionChanged (this=0x84c938, position=...) at ../../Source/WebCore/platform/ScrollableArea.cpp:145
#11 0x00007ffff4caa409 in WebCore::ScrollableArea::setScrollOffsetFromAnimation (this=0x84c938, offset=...) at ../../Source/WebCore/platform/ScrollableArea.cpp:190
#12 0x00007ffff4cba819 in WebCore::ScrollAnimator::notifyPositionChanged (this=0xcf5780, delta=...) at ../../Source/WebCore/platform/ScrollAnimator.cpp:142
#13 0x00007ffff4cba1ee in WebCore::ScrollAnimator::scrollToOffsetWithoutAnimation (this=0xcf5780, offset=...) at ../../Source/WebCore/platform/ScrollAnimator.cpp:81
#14 0x00007ffff4ca9f6a in WebCore::ScrollableArea::scrollToOffsetWithoutAnimation (this=0x84c938, offset=...) at ../../Source/WebCore/platform/ScrollableArea.cpp:124
#15 0x00007ffff4cafdf7 in WebCore::ScrollView::updateScrollbars (this=0x84c900, desiredOffset=...) at ../../Source/WebCore/platform/ScrollView.cpp:636
#16 0x00007ffff4cadfc1 in WebCore::ScrollView::setContentsSize (this=0x84c900, newSize=...) at ../../Source/WebCore/platform/ScrollView.cpp:310
#17 0x00007ffff454ea36 in WebCore::FrameView::setContentsSize (this=0x84c900, size=...) at ../../Source/WebCore/page/FrameView.cpp:573
#18 0x00007ffff454ec27 in WebCore::FrameView::adjustViewSize (this=0x84c900) at ../../Source/WebCore/page/FrameView.cpp:602
#19 0x00007ffff4550b10 in WebCore::FrameView::layout (this=0x84c900, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1311
#20 0x00007ffff3fada18 in WebCore::Document::updateLayout (this=0x9abcb0) at ../../Source/WebCore/dom/Document.cpp:1851
#21 0x00007ffff3fadae9 in WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0x9abcb0) at ../../Source/WebCore/dom/Document.cpp:1883
#22 0x00007ffff4518af8 in WebCore::DOMWindow::scrollY (this=0x933200) at ../../Source/WebCore/page/DOMWindow.cpp:1241
#23 0x00007ffff49da5ea in WebCore::DOMWindow::pageYOffset (this=0x933200) at ../../Source/WebCore/page/DOMWindow.h:188
#24 0x00007ffff49ab7da in WebCore::jsDOMWindowPageYOffset (exec=0x7fff8bc00130, slotBase=...) at DerivedSources/WebCore/JSDOMWindow.cpp:2214
#25 0x00007ffff29dc2a8 in JSC::PropertySlot::getValue (this=0x7fffffffbf60, exec=0x7fff8bc00130, propertyName=...) at ../../Source/JavaScriptCore/runtime/JSObject.h:1532
#26 0x00007ffff2b5eac7 in JSC::JSValue::get (this=0x7fffffffbfa0, exec=0x7fff8bc00130, propertyName=..., slot=...) at ../../Source/JavaScriptCore/runtime/JSCJSValueInlines.h:641
#27 0x00007ffff2b562af in JSC::DFG::operationGetById (exec=0x7fff8bc00130, base=140735477055448, uid=0xa8f800) at ../../Source/JavaScriptCore/dfg/DFGOperations.cpp:625
#28 0x00007fffa39267d7 in ?? ()
#29 0x00007fff8bc00060 in ?? ()
#30 0x000000000084d4a8 in ?? ()
#31 0x00007fffffffc040 in ?? ()
#32 0x00007ffff2c4c7d1 in JSC::JSStack::installTrapsAfterFrame (this=0x0, frame=0x0) at ../../Source/JavaScriptCore/interpreter/JSStackInlines.h:212
#33 0x00007ffff2c5d8a8 in JSC::JITCode::execute (this=0x1e4d3f0, stack=0x84d4a8, callFrame=0x7fff8bc00060, vm=0x8e47c0) at ../../Source/JavaScriptCore/jit/JITCode.cpp:46
#34 0x00007ffff2c4925e in JSC::Interpreter::executeCall (this=0x84d490, callFrame=0x7fff8819f9e0, function=0x7fff8a770bf0, callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...)
    at ../../Source/JavaScriptCore/interpreter/Interpreter.cpp:841
#35 0x00007ffff2d219c4 in JSC::call (exec=0x7fff8819f9e0, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../Source/JavaScriptCore/runtime/CallData.cpp:39
#36 0x00007ffff3d2d725 in WebCore::JSMainThreadExecState::call (exec=0x7fff8819f9e0, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../Source/WebCore/bindings/js/JSMainThreadExecState.h:53
#37 0x00007ffff3d2d35f in WebCore::JSCallbackData::invokeCallback (this=0x20090c0, thisValue=..., args=..., raisedException=0x7fffffffc4bf) at ../../Source/WebCore/bindings/js/JSCallbackData.cpp:77
#38 0x00007ffff3d2d0db in WebCore::JSCallbackData::invokeCallback (this=0x20090c0, args=..., raisedException=0x7fffffffc4bf) at ../../Source/WebCore/bindings/js/JSCallbackData.cpp:48
#39 0x00007ffff3d7d962 in WebCore::JSRequestAnimationFrameCallback::handleEvent (this=0x2146360, highResNowMs=19440.025999996578) at ../../Source/WebCore/bindings/js/JSRequestAnimationFrameCallbackCustom.cpp:49
#40 0x00007ffff40738a2 in WebCore::ScriptedAnimationController::serviceScriptedAnimations (this=0x11556e0, monotonicTimeNow=174137.63710299999) at ../../Source/WebCore/dom/ScriptedAnimationController.cpp:151
#41 0x00007ffff4073b09 in WebCore::ScriptedAnimationController::animationTimerFired (this=0x11556e0) at ../../Source/WebCore/dom/ScriptedAnimationController.cpp:214
#42 0x00007ffff407490b in WebCore::Timer<WebCore::ScriptedAnimationController>::fired (this=0x1155708) at ../../Source/WebCore/platform/Timer.h:114
#43 0x00007ffff3c980ad in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x84c8b0) at ../../Source/WebCore/platform/ThreadTimers.cpp:129
#44 0x00007ffff3c97f9d in WebCore::ThreadTimers::sharedTimerFired () at ../../Source/WebCore/platform/ThreadTimers.cpp:105
#45 0x00007ffff3cb4853 in WebCore::timeout_cb () at ../../Source/WebCore/platform/gtk/SharedTimerGtk.cpp:49
#46 0x00007fffee2db4c3 in g_timeout_dispatch (source=0x14195d0, source at entry=0xffff000000000002, callback=<optimized out>, user_data=<optimized out>) at gmain.c:4413
#47 0x00007fffee2da966 in g_main_dispatch (context=0x7fff8bc00130) at gmain.c:3054
#48 g_main_context_dispatch (context=0x7fff8bc00130, context at entry=0x63e660) at gmain.c:3630
#49 0x00007fffee2dacb8 in g_main_context_iterate (context=0x63e660, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at gmain.c:3701
#50 0x00007fffee2db0ba in g_main_loop_run (loop=0x832a10) at gmain.c:3895
#51 0x00007ffff16d099d in gtk_main () at gtkmain.c:1163
---Type <return> to continue, or q <return> to quit---
#52 0x0000000000405a89 in main (argc=1, argv=0x7fffffffc938) at ../../Tools/GtkLauncher/main.c:553
(gdb)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list