No subject
Tue Jan 27 15:54:36 PST 2015
[1] http://pkgs.fedoraproject.org/cgit/webkitgtk3.git/tree/
--
You are receiving this mail because:
You are the assignee for the bug.
--1428485358.ee3d7b4.3152
Date: Wed, 8 Apr 2015 02:29:18 -0700
MIME-Version: 1.0
Content-Type: text/html
<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_RESOLVED bz_closed"
title="RESOLVED FIXED - [GTK] WebKitDOM objects leaking"
href="https://bugs.webkit.org/show_bug.cgi?id=118788#c25">Comment # 25</a>
on <a class="bz_bug_link
bz_status_RESOLVED bz_closed"
title="RESOLVED FIXED - [GTK] WebKitDOM objects leaking"
href="https://bugs.webkit.org/show_bug.cgi?id=118788">bug 118788</a>
from <span class="vcard"><a class="email" href="mailto:mcrha@redhat.com" title="Milan Crha <mcrha@redhat.com>"> <span class="fn">Milan Crha</span></a>
</span></b>
<pre>Thanks. I've got webkitgtk3 2.4.8 as patched in Fedora [1] and applied on top of it your changeset. When I run cvurrent git master of evolution (at git commit 6668154), then it crashes with this backtrace:
#0 0x00007ffff1018668 in g_type_check_instance_is_fundamentally_a (type_instance=0x5337f20, fundamental_type=80) at gtype.c:4029
#1 0x00007ffff0ffebc4 in g_object_unref (_object=0x5337f20) at gobject.c:3067
#2 0x00007ffff4ad3de8 in WebKit::DOMObjectCacheFrameObserver::DOMWindowObserver::willDetachGlobalObjectFromFrame() () from /build/local/lib/libwebkitgtk-3.0.so.0
#3 0x00007ffff42e1db2 in WebCore::DOMWindow::willDetachDocumentFromFrame() () from /build/local/lib/libwebkitgtk-3.0.so.0
#4 0x00007ffff3ef307e in WebCore::Document::prepareForDestruction() () from /build/local/lib/libwebkitgtk-3.0.so.0
#5 0x00007ffff43021cd in WebCore::Frame::setView(WTF::PassRefPtr<WebCore::FrameView>) () from /build/local/lib/libwebkitgtk-3.0.so.0
#6 0x00007ffff4304fdb in WebCore::Frame::createView(WebCore::IntSize const&, WebCore::Color const&, bool, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool) ()
from /build/local/lib/libwebkitgtk-3.0.so.0
#7 0x00007ffff3bccf81 in WebKit::FrameLoaderClient::transitionToCommittedForNewPage() () from /build/local/lib/libwebkitgtk-3.0.so.0
#8 0x00007ffff4261359 in WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) () from /build/local/lib/libwebkitgtk-3.0.so.0
#9 0x00007ffff4262ee7 in WebCore::FrameLoader::commitProvisionalLoad() () from /build/local/lib/libwebkitgtk-3.0.so.0
#10 0x00007ffff424a75a in WebCore::DocumentLoader::commitLoad(char const*, int) () from /build/local/lib/libwebkitgtk-3.0.so.0
#11 0x00007ffff424b810 in WebCore::DocumentLoader::continueAfterContentPolicy(WebCore::PolicyAction) () from /build/local/lib/libwebkitgtk-3.0.so.0
#12 0x00007ffff424ea07 in WebCore::DocumentLoader::responseReceived(WebCore::CachedResource*, WebCore::ResourceResponse const&) () from /build/local/lib/libwebkitgtk-3.0.so.0
#13 0x00007ffff4247ed7 in WebCore::DocumentLoader::handleSubstituteDataLoadNow(WebCore::Timer<WebCore::DocumentLoader>*) () from /build/local/lib/libwebkitgtk-3.0.so.0
#14 0x00007ffff3cd8a09 in WebCore::ThreadTimers::sharedTimerFiredInternal() () from /build/local/lib/libwebkitgtk-3.0.so.0
#15 0x00007ffff3cf8682 in WebCore::sharedTimerTimeoutCallback(void*) () from /build/local/lib/libwebkitgtk-3.0.so.0
#16 0x00007ffff0cd5451 in g_timeout_dispatch (source=0x575bce0, callback=0x7ffff3cf8670 <WebCore::sharedTimerTimeoutCallback(void*)>, user_data=0x0) at gmain.c:4545
#17 0x00007ffff0cd3656 in g_main_dispatch (context=0x674460) at gmain.c:3122
#18 0x00007ffff0cd4491 in g_main_context_dispatch (context=0x674460) at gmain.c:3737
#19 0x00007ffff0cd4676 in g_main_context_iterate (context=0x674460, block=1, dispatch=1, self=0x6746d0) at gmain.c:3808
#20 0x00007ffff0cd4a9d in g_main_loop_run (loop=0x4b087f0) at gmain.c:4002
#21 0x00007ffff252cd4c in gtk_main () at gtkmain.c:1219
#22 0x0000000000404f14 in main (argc=1, argv=0x7fffffffdd88) at main.c:638
It also prints runtime warnings right after start at the very same place. We made some leak-hunting fixes on WebKit objects, as it used to be safe to unref (almost) any webkit-returned object and it took care of the DOMObjectCache properly, but it doesn't seem to be related to this crash, because when I involve valgrind, I get this:
==15478== Invalid read of size 4
==15478== at 0x86C5DE8: WebKit::DOMObjectCacheFrameObserver::DOMWindowObserver::willDetachGlobalObjectFromFrame() (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x7ED3DB1: WebCore::DOMWindow::willDetachDocumentFromFrame() (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x7AE507D: WebCore::Document::prepareForDestruction() (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x7EF41CC: WebCore::Frame::setView(WTF::PassRefPtr<WebCore::FrameView>) (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x7EF6FDA: WebCore::Frame::createView(WebCore::IntSize const&, WebCore::Color const&, bool, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool) (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x77BEF80: WebKit::FrameLoaderClient::transitionToCommittedForNewPage() (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x7E53358: WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x7E54EE6: WebCore::FrameLoader::commitProvisionalLoad() (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x7E3C759: WebCore::DocumentLoader::commitLoad(char const*, int) (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x7E3D80F: WebCore::DocumentLoader::continueAfterContentPolicy(WebCore::PolicyAction) (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x7E40A06: WebCore::DocumentLoader::responseReceived(WebCore::CachedResource*, WebCore::ResourceResponse const&) (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x7E39ED6: WebCore::DocumentLoader::handleSubstituteDataLoadNow(WebCore::Timer<WebCore::DocumentLoader>*) (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== Address 0x150c63f8 is 8 bytes inside a block of size 16 free'd
==15478== at 0x4A08103: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==15478== by 0x86C4538: WebKit::DOMObjectCache::forget(void*) (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x875CD24: webkit_dom_node_finalize(_GObject*) (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0xB9EFE87: g_object_unref (gobject.c:3170)
==15478== by 0x86C5DE7: WebKit::DOMObjectCacheFrameObserver::DOMWindowObserver::willDetachGlobalObjectFromFrame() (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x7ED3DB1: WebCore::DOMWindow::willDetachDocumentFromFrame() (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x7AE507D: WebCore::Document::prepareForDestruction() (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x7EF41CC: WebCore::Frame::setView(WTF::PassRefPtr<WebCore::FrameView>) (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x7EF6FDA: WebCore::Frame::createView(WebCore::IntSize const&, WebCore::Color const&, bool, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool) (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x77BEF80: WebKit::FrameLoaderClient::transitionToCommittedForNewPage() (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x7E53358: WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
==15478== by 0x7E54EE6: WebCore::FrameLoader::commitProvisionalLoad() (in /build/local/lib/libwebkitgtk-3.0.so.0.22.14)
More information about the webkit-unassigned
mailing list