[Webkit-unassigned] [Bug 151139] [GTK] Web Process crashes on reparenting a WebView with AC mode on

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Nov 12 07:25:14 PST 2015 

https://bugs.webkit.org/show_bug.cgi?id=151139

--- Comment #9 from Mario Sanchez Prada <mario at webkit.org> ---
Created attachment 265387
  --> https://bugs.webkit.org/attachment.cgi?id=265387&action=review
Backtrace for the WebProcess with Carlos's patch

As commented with Carlos on IRC, the patch definitely fixes the crash in the UI process (as the drawingAreaImpl variable is now null-checked before using) but I'm still seeing the crash in the WebProcess with the attached test cases, specially if running the Poster Circle example. You can see attached the full backtrace when that happens, although that's not a very useful one since it crashes on an ASSERT that it's probably wrong anyway.

Now, removing that ASSERT and running it again, this is the backtrace I get on a Debug build:

Breakpoint 1, gdk_x_error (xdisplay=0x46b8d0, error=0x7fffffffcb20) at gdkmain-x11.c:268
268      if (error->error_code)
(gdb) bt
#0  gdk_x_error (xdisplay=0x46b8d0, error=0x7fffffffcb20) at gdkmain-x11.c:268
#1  0x00007fffe7f3646d in _XError (dpy=dpy at entry=0x46b8d0, rep=rep at entry=0xacd270) at ../../src/XlibInt.c:1429
#2  0x00007fffe7f333a7 in handle_error (dpy=dpy at entry=0x46b8d0, err=0xacd270, in_XReply=in_XReply at entry=1) at ../../src/xcb_io.c:213
#3  0x00007fffe7f34525 in _XReply (dpy=dpy at entry=0x46b8d0, rep=rep at entry=0x7fffffffcce0, extra=extra at entry=0, discard=discard at entry=1) at ../../src/xcb_io.c:699
#4  0x00007fffe7f18cfe in XGetGeometry (dpy=0x46b8d0, d=27263103, root=0x7fffffffcd90, x=0x7fffffffcd9c, y=0x7fffffffcd98, width=0x7fffffffcd8c, height=0x7fffffffcd88, borderWidth=0x7fffffffcd84, depth=0x7fffffffcd80)
    at ../../src/GetGeom.c:47
#5  0x00007ffff39921d4 in WebCore::GLContextGLX::defaultFrameBufferSize (this=0x800140) at ../../Source/WebCore/platform/graphics/glx/GLContextGLX.cpp:189
#6  0x00007ffff2453054 in WebKit::LayerTreeHostGtk::compositeLayersToContext (this=0x7fffdb2eec60, purpose=WebKit::LayerTreeHostGtk::NotForResize) at ../../Source/WebKit2/WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp:335
#7  0x00007ffff245321e in WebKit::LayerTreeHostGtk::flushAndRenderLayers (this=0x7fffdb2eec60) at ../../Source/WebKit2/WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp:368
#8  0x00007ffff2452e74 in WebKit::LayerTreeHostGtk::renderFrame (this=0x7fffdb2eec60) at ../../Source/WebKit2/WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp:307
#9  0x00007ffff2454dbf in std::_Mem_fn_base<bool (WebKit::LayerTreeHostGtk::*)(), true>::operator()<, void>(std::_Mem_fn_base<bool (WebKit::LayerTreeHostGtk::*)(), true>::_Class *) const (this=0x847370, __object=0x7fffdb2eec60)
    at /usr/include/c++/5/functional:600
#10 0x00007ffff2454d00 in std::_Bind<std::_Mem_fn<bool (WebKit::LayerTreeHostGtk::*)()>(WebKit::LayerTreeHostGtk*)>::__call<bool, 0ul>(<unknown type in /home/mario/work/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37, CU 0x0, DIE 0x1540a0>, std::_Index_tuple<0ul>) (this=0x847370, __args=<unknown type in /home/mario/work/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37, CU 0x0, DIE 0x1540a0>) at /usr/include/c++/5/functional:1074
#11 0x00007ffff2454a92 in std::_Bind<std::_Mem_fn<bool (WebKit::LayerTreeHostGtk::*)()>(WebKit::LayerTreeHostGtk*)>::operator()<, bool>(void) (this=0x847370) at /usr/include/c++/5/functional:1133
#12 0x00007ffff2454635 in std::_Function_handler<bool(), std::_Bind<std::_Mem_fn<bool (WebKit::LayerTreeHostGtk::*)()>(WebKit::LayerTreeHostGtk*)> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/5/functional:1857
#13 0x00007ffff2453a8a in std::function<bool()>::operator()(void) const (this=0x7fffdb2eed50) at /usr/include/c++/5/functional:2271
#14 0x00007ffff2451d06 in WebKit::LayerTreeHostGtk::RenderFrameScheduler::renderFrame (this=0x7fffdb2eed50) at ../../Source/WebKit2/WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp:124
#15 0x00007ffff2454e90 in WTF::RunLoop::Timer<WebKit::LayerTreeHostGtk::RenderFrameScheduler>::fired (this=0x7fffdb2eed70) at ../../Source/WTF/wtf/RunLoop.h:131
#16 0x00007fffec3df2e7 in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::operator()(void*) const () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:131
#17 0x00007fffec3df323 in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:135
#18 0x00007fffec3deb0c in WTF::<lambda(GSource*, GSourceFunc, gpointer)>::operator()(GSource *, GSourceFunc, gpointer) const (__closure=0x0, source=0x510e70, 
    callback=0x7fffec3df306 <WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*)>, userData=0x7fffdb2eed70) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:44
#19 0x00007fffec3deb3b in WTF::<lambda(GSource*, GSourceFunc, gpointer)>::_FUN(GSource *, GSourceFunc, gpointer) () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:45
#20 0x00007fffe955bbea in g_main_dispatch (context=0x466640) at gmain.c:3122
#21 g_main_context_dispatch (context=context at entry=0x466640) at gmain.c:3737
#22 0x00007fffe955bf68 in g_main_context_iterate (context=0x466640, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at gmain.c:3808
#23 0x00007fffe955c282 in g_main_loop_run (loop=0xaf5820) at gmain.c:4002
#24 0x00007fffec3df104 in WTF::RunLoop::run () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:94
#25 0x00007ffff2450199 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd348) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#26 0x00007ffff2450000 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd348) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:77
#27 0x0000000000400c6a in main (argc=2, argv=0x7fffffffd348) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151112/b6374263/attachment-0001.html>

More information about the webkit-unassigned mailing list