119088 2013-07-25 07:28:23 -0700 [Qt] Crash in SimpleFontData, related to @font-face with non-existing src url 2013-08-14 04:30:15 -0700 1 1 1 Unclassified WebKit WebKit Qt 528+ (Nightly build) Unspecified Unspecified RESOLVED DUPLICATE 119740 P2 Normal --- 1 milian.wolff webkit-unassigned allan.jensen michael.bruning oldest_to_newest 911608 0 milian.wolff 2013-07-25 07:28:23 -0700 Using qtwebkit stable from gitorious, I see this crash now in an application of ours: ==11529== Invalid read of size 8 ==11529== at 0x87514B2: WTF::RefPtr<WebCore::FontPlatformDataPrivate>::RefPtr(WTF::RefPtr<WebCore::FontPlatformDataPrivate> const&) (RefPtr.h:43) ==11529== by 0x874F848: WebCore::FontPlatformData::FontPlatformData(WebCore::FontPlatformData const&) (FontPlatformData.h:80) ==11529== by 0x879B120: WebCore::SimpleFontData::SimpleFontData(WebCore::FontPlatformData const&, bool, bool, bool) (SimpleFontData.cpp:61) ==11529== by 0x801FFFA: WebCore::SimpleFontData::create(WebCore::FontPlatformData const&, bool, bool, bool) (SimpleFontData.h:90) ==11529== by 0x802077C: WebCore::CSSFontFaceSource::getFontData(WebCore::FontDescription const&, bool, bool, WebCore::CSSFontSelector*) (CSSFontFaceSource.cpp:185) ==11529== by 0x800AAA7: WebCore::CSSFontFace::getFontData(WebCore::FontDescription const&, bool, bool) (CSSFontFace.cpp:105) ==11529== by 0x80A0059: WebCore::CSSSegmentedFontFace::getFontData(WebCore::FontDescription const&) (CSSSegmentedFontFace.cpp:127) ==11529== by 0x80132CE: WebCore::CSSFontSelector::getFontData(WebCore::FontDescription const&, WTF::AtomicString const&) (CSSFontSelector.cpp:539) ==11529== by 0x8750992: WebCore::FontCache::getFontData(WebCore::Font const&, int&, WebCore::FontSelector*) (FontCache.cpp:475) ==11529== by 0x874010E: WebCore::FontFallbackList::fontDataAt(WebCore::Font const*, unsigned int) const (FontFallbackList.cpp:108) ==11529== by 0x8438477: WebCore::FontFallbackList::primaryFontData(WebCore::Font const*) const (FontFallbackList.h:96) ==11529== by 0x8438428: WebCore::FontFallbackList::primarySimpleFontData(WebCore::Font const*) (FontFallbackList.h:92) ==11529== Address 0x38 is not stack'd, malloc'd or (recently) free'd I have not yet found a simple testcase which triggers this crash in a standalone WebView. 911610 1 milian.wolff 2013-07-25 07:30:45 -0700 Indeed, the crash goes away if I remove the usage of @font-face from our application. 911612 2 milian.wolff 2013-07-25 07:35:40 -0700 This snippet reproduces the crash for me: <DOCTYPE html> <html> <head> <title>bug 119088 test</title> <style type="text/css"> @font-face { font-family: "test"; src: url("file:///doesNotExist.ttf"); } body { font-family: test; } </style> <body> test </body> </html> 911614 3 milian.wolff 2013-07-25 07:43:07 -0700 In our application it is probably due to using a custom scheme handler for fonts, which does not seem to be supported anymore: test.qml: import QtQuick 2.0 import QtWebKit 3.0 import QtWebKit.experimental 1.0 WebView { id: webView height: 500 width: 500 url: "test.html" experimental { preferences.developerExtrasEnabled: true urlSchemeDelegates: [ UrlSchemeDelegate { scheme: "test" onReceivedRequest: { console.log("retrieve:", request.url); reply.send() } } ] } } test.html: <DOCTYPE html> <html> <head> <title>bug 119088 test</title> <style type="text/css"> @font-face { font-family: "test"; src: url("test:///doesNotExist.ttf"); } body { font-family: test; } </style> <body> test </body> </html> run it via: qmlscene test.qml expected output: "retrieve test:///doesNotExist.ttf" actual output: WARNING: The web process experienced a crash on 'file:///ssd/milian/projects/qt5/examples/qmlwebkit2/test.html'. 913383 4 allan.jensen 2013-07-31 09:43:05 -0700 The example doesn't crash for me, though I have only tried WebKit trunk. I need to test Qt 5.0 or 5.1 913396 5 allan.jensen 2013-07-31 10:10:33 -0700 What version are you using? There was one crash fix in the area, but it should be fixed back in end of january, so in Qt 5.0.2 and Qt 5.1. 913406 6 milian.wolff 2013-07-31 10:29:04 -0700 I tried it with v5.1.0-17-g779b1cf. Do I understand it correctly, that you cannot reproduce this issue with a recent build of QtWebKit 5.1 stable? 914584 7 milian.wolff 2013-08-05 08:26:39 -0700 I just updated everything from the stable branches and wiped the build folders and redid everything, like this: cd $(dirname $0) mkdir qtbase &>/dev/null cd qtbase ../../qtbase/configure -prefix /home/milian/projects/compiled/qt5 \ -opensource -confirm-license -debug make -j40 && make install // note: qmake-qt5 is a ln -s of the qmabe build above for d in qtjsbackend qtxmlpatterns qtdeclarative qtconnectivity qtlocation qttools qtwebkit; do if [ ! -d "$d" ]; then mkdir $d; fi pushd $d qmake-qt5 CONFIG+=debug ../../$d/$d.pro -r (make -j40 && make install -j4) || exit popd done And it still crashes: ==32468== Thread 1: ==32468== Invalid read of size 8 ==32468== at 0x8DDF820: WebCore::SimpleFontData::SimpleFontData(WebCore::FontPlatformData const&, bool, bool, bool) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2) ==32468== by 0x89C5668: WebCore::CSSFontFaceSource::getFontData(WebCore::FontDescription const&, bool, bool, WebCore::CSSFontSelector*) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2) ==32468== by 0x89B570B: WebCore::CSSFontFace::getFontData(WebCore::FontDescription const&, bool, bool) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2) ==32468== by 0x8A27578: WebCore::CSSSegmentedFontFace::getFontData(WebCore::FontDescription const&) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2) ==32468== by 0x89C2C67: WebCore::CSSFontSelector::getFontData(WebCore::FontDescription const&, WTF::AtomicString const&) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2) ==32468== by 0x8DA3AE3: WebCore::FontCache::getFontData(WebCore::Font const&, int&, WebCore::FontSelector*) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2) ==32468== by 0x8D8D811: WebCore::FontFallbackList::fontDataAt(WebCore::Font const*, unsigned int) const (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2) ==32468== by 0x8D8DADD: WebCore::FontFallbackList::determinePitch(WebCore::Font const*) const (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2) ==32468== by 0x9D1B386: WebCore::RenderBlock::LineBreaker::nextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderBlock::RenderTextInfo&, WebCore::RenderBlock::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul>&) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2) ==32468== by 0x9D2090B: WebCore::RenderBlock::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2) ==32468== by 0x9D330E7: WebCore::RenderBlock::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2) ==32468== by 0x9D337F3: WebCore::RenderBlock::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (in /ssd/milian/projects/qt5/build-x86/qtwebkit/lib/libQt5WebKit.so.5.1.2) ==32468== Address 0x38 is not stack'd, malloc'd or (recently) free'd Considering that mibrunin also cannot reproduce this issue, I wonder what else could influence this? Any other stuff from the system which might be an issue? Any font library or such? 914594 8 allan.jensen 2013-08-05 08:43:50 -0700 I have tried both the HTML and QML example and neither of them crashes for me. Perhaps you can get a better backtrace? I think the way to get that in official Qt version is to edit the file qtwebkit/Tools/qmake/mkspecs/features/production_build.prf and comment out the part that disables debug info in the internals of WebKit. 914598 9 michael.bruning 2013-08-05 09:03:52 -0700 (In reply to comment #7) > I just updated everything from the stable branches and wiped the build folders and redid everything, like this: > > cd $(dirname $0) > mkdir qtbase &>/dev/null > cd qtbase > > ../../qtbase/configure -prefix /home/milian/projects/compiled/qt5 \ > -opensource -confirm-license -debug > make -j40 && make install > > // note: qmake-qt5 is a ln -s of the qmabe build above > > for d in qtjsbackend qtxmlpatterns qtdeclarative qtconnectivity qtlocation qttools qtwebkit; do > if [ ! -d "$d" ]; then mkdir $d; fi > pushd $d > qmake-qt5 CONFIG+=debug ../../$d/$d.pro -r This will not have any effect on the qtwebkit submodule, as qtwebkit/qtwebkit.pro simply does not exist. If you want to run qmake for qtwebkit, please use qtwebkit/WebKit.pro > (make -j40 && make install -j4) || exit > popd > done > 914608 10 milian.wolff 2013-08-05 09:59:12 -0700 Ok, here it is: Program received signal SIGSEGV, Segmentation fault. 0x00007f8782536376 in WTF::RefPtr<WebCore::FontPlatformDataPrivate>::RefPtr (this=0x6c5c48, o=...) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WTF/wtf/RefPtr.h:43 43 ALWAYS_INLINE RefPtr(const RefPtr& o) : m_ptr(o.m_ptr) { refIfNotNull(m_ptr); } (gdb) thread apply all bt Thread 5 (Thread 0x7f87753a1700 (LWP 23989)): #0 0x00007f877feeec61 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0 #1 0x00007f87837f110c in WTF::ThreadCondition::timedWait (this=0x659180, mutex=..., absoluteTime=1375721283.5345609) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WTF/wtf/ThreadingPthreads.cpp:400 #2 0x00007f87835015ae in JSC::BlockAllocator::waitForRelativeTimeWhileHoldingLock (this=0x659078, relative=1) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/JavaScriptCore/heap/BlockAllocator.cpp:89 #3 0x00007f87835015f4 in JSC::BlockAllocator::waitForRelativeTime (this=0x659078, relative=1) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/JavaScriptCore/heap/BlockAllocator.cpp:99 #4 0x00007f8783501642 in JSC::BlockAllocator::blockFreeingThreadMain (this=0x659078) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/JavaScriptCore/heap/BlockAllocator.cpp:113 #5 0x00007f878350161a in JSC::BlockAllocator::blockFreeingThreadStartFunc (blockAllocator=0x659078) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/JavaScriptCore/heap/BlockAllocator.cpp:104 #6 0x00007f87837d716d in WTF::threadEntryPoint (contextData=0x61de00) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WTF/wtf/Threading.cpp:69 #7 0x00007f87837f0705 in WTF::wtfThreadEntryPoint (param=0x645850) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WTF/wtf/ThreadingPthreads.cpp:196 #8 0x00007f877feeadd2 in start_thread () from /usr/lib/libpthread.so.0 #9 0x00007f877f403cdd in clone () from /usr/lib/libc.so.6 Thread 4 (Thread 0x7f8775c16700 (LWP 23988)): #0 0x00007f877f3fb08d in poll () from /usr/lib/libc.so.6 #1 0x00007f8786087094 in ?? () from /usr/lib/libglib-2.0.so.0 #2 0x00007f878608719c in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #3 0x00007f878065eb0b in QEventDispatcherGlib::processEvents (this=0x7f87200008c0, flags=...) at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:426 #4 0x00007f87805eb686 in QEventLoop::processEvents (this=0x7f8775c15e20, flags=...) at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qeventloop.cpp:136 #5 0x00007f87805eb969 in QEventLoop::exec (this=0x7f8775c15e20, flags=...) at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qeventloop.cpp:212 #6 0x00007f87803f80fc in QThread::exec (this=0x638b00) at /ssd/milian/projects/qt5/qtbase/src/corelib/thread/qthread.cpp:507 #7 0x00007f87803f829a in QThread::run (this=0x638b00) at /ssd/milian/projects/qt5/qtbase/src/corelib/thread/qthread.cpp:574 #8 0x00007f87803feb98 in QThreadPrivate::start (arg=0x638b00) at /ssd/milian/projects/qt5/qtbase/src/corelib/thread/qthread_unix.cpp:345 #9 0x00007f877feeadd2 in start_thread () from /usr/lib/libpthread.so.0 #10 0x00007f877f403cdd in clone () from /usr/lib/libc.so.6 Thread 3 (Thread 0x7f87764f6700 (LWP 23987)): #0 0x00007f877f3fb08d in poll () from /usr/lib/libc.so.6 #1 0x00007f8786087094 in ?? () from /usr/lib/libglib-2.0.so.0 ---Type <return> to continue, or q <return> to quit--- #2 0x00007f878608719c in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #3 0x00007f878065eb0b in QEventDispatcherGlib::processEvents (this=0x7f87280008c0, flags=...) at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:426 #4 0x00007f87805eb686 in QEventLoop::processEvents (this=0x7f87764f5e20, flags=...) at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qeventloop.cpp:136 #5 0x00007f87805eb969 in QEventLoop::exec (this=0x7f87764f5e20, flags=...) at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qeventloop.cpp:212 #6 0x00007f87803f80fc in QThread::exec (this=0x5b3450) at /ssd/milian/projects/qt5/qtbase/src/corelib/thread/qthread.cpp:507 #7 0x00007f87803f829a in QThread::run (this=0x5b3450) at /ssd/milian/projects/qt5/qtbase/src/corelib/thread/qthread.cpp:574 #8 0x00007f87803feb98 in QThreadPrivate::start (arg=0x5b3450) at /ssd/milian/projects/qt5/qtbase/src/corelib/thread/qthread_unix.cpp:345 #9 0x00007f877feeadd2 in start_thread () from /usr/lib/libpthread.so.0 #10 0x00007f877f403cdd in clone () from /usr/lib/libc.so.6 Thread 2 (Thread 0x7f8776f02700 (LWP 23986)): #0 0x00007f877f3fb08d in poll () from /usr/lib/libc.so.6 #1 0x00007f877eef76e2 in ?? () from /usr/lib/libxcb.so.1 #2 0x00007f877eef8d7f in xcb_wait_for_event () from /usr/lib/libxcb.so.1 #3 0x00007f87797fc6c9 in QXcbEventReader::run (this=0x5957a0) at /ssd/milian/projects/qt5/qtbase/src/plugins/platforms/xcb/qxcbconnection.cpp:983 #4 0x00007f87803feb98 in QThreadPrivate::start (arg=0x5957a0) at /ssd/milian/projects/qt5/qtbase/src/corelib/thread/qthread_unix.cpp:345 #5 0x00007f877feeadd2 in start_thread () from /usr/lib/libpthread.so.0 #6 0x00007f877f403cdd in clone () from /usr/lib/libc.so.6 Thread 1 (Thread 0x7f878844e740 (LWP 23869)): #0 0x00007f8782536376 in WTF::RefPtr<WebCore::FontPlatformDataPrivate>::RefPtr (this=0x6c5c48, o=...) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WTF/wtf/RefPtr.h:43 #1 0x00007f8782534719 in WebCore::FontPlatformData::FontPlatformData (this=0x6c5c48) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/platform/graphics/qt/FontPlatformData.h:80 #2 0x00007f878257b5dd in WebCore::SimpleFontData::SimpleFontData (this=0x6c5c10, platformData=..., isCustomFont=true, isLoading=true, isTextOrientationFallback=false) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/platform/graphics/SimpleFontData.cpp:59 #3 0x00007f878214632e in WebCore::SimpleFontData::create (platformData=..., isCustomFont=true, isLoading=true, isTextOrientationFallback=false) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/platform/graphics/SimpleFontData.h:90 #4 0x00007f8782146fbe in WebCore::CSSFontFaceSource::getFontData (this=0x69d370, fontDescription=..., syntheticBold=false, syntheticItalic=false, fontSelector=0x676550) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/css/CSSFontFaceSource.cpp:185 #5 0x00007f8782130f4c in WebCore::CSSFontFace::getFontData (this=0x697560, fontDescription=..., syntheticBold=false, syntheticItalic=false) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/css/CSSFontFace.cpp:105 #6 0x00007f87821c5982 in WebCore::CSSSegmentedFontFace::getFontData (this=0x69dc70, fontDescription=...) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/css/CSSSegmentedFontFace.cpp:127 ---Type <return> to continue, or q <return> to quit--- #7 0x00007f87821398b1 in WebCore::CSSFontSelector::getFontData (this=0x676550, fontDescription=..., familyName=...) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/css/CSSFontSelector.cpp:539 #8 0x00007f8782535857 in WebCore::FontCache::getFontData (this=0x6336e0, font=..., familyIndex=@0x6a0c0c: 1, fontSelector=0x676550) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/platform/graphics/FontCache.cpp:475 #9 0x00007f8782525e65 in WebCore::FontFallbackList::fontDataAt (this=0x6a0b70, font=0x698488, realizedFontIndex=0) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/platform/graphics/FontFallbackList.cpp:108 #10 0x00007f878234430a in WebCore::FontFallbackList::primaryFontData (this=0x6a0b70, f=0x698488) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/platform/graphics/FontFallbackList.h:96 #11 0x00007f8782525c1d in WebCore::FontFallbackList::determinePitch (this=0x6a0b70, font=0x698488) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/platform/graphics/FontFallbackList.cpp:79 #12 0x00007f8783103b73 in WebCore::FontFallbackList::isFixedPitch (this=0x6a0b70, f=0x698488) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/platform/graphics/FontFallbackList.h:73 #13 0x00007f8783103d00 in WebCore::Font::isFixedPitch (this=0x698488) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/platform/graphics/Font.h:333 #14 0x00007f878316cf3e in WebCore::RenderBlock::LineBreaker::nextLineBreak (this=0x7fff567f11d0, resolver=..., lineInfo=..., renderTextInfo=..., lastFloatFromPreviousLine=0x0, consecutiveHyphenatedLines=0, wordMeasurements=...) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/rendering/RenderBlockLineLayout.cpp:2544 #15 0x00007f8783166d24 in WebCore::RenderBlock::layoutRunsAndFloatsInRange (this=0x678988, layoutState=..., resolver=..., cleanLineStart=..., cleanLineBidiStatus=..., consecutiveHyphenatedLines=0) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1438 #16 0x00007f87831666c9 in WebCore::RenderBlock::layoutRunsAndFloats (this=0x678988, layoutState=..., hasInlineChild=true) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1369 #17 0x00007f8783168b81 in WebCore::RenderBlock::layoutInlineChildren (this=0x678988, relayoutChildren=true, repaintLogicalTop=..., repaintLogicalBottom=...) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1717 #18 0x00007f878313b31c in WebCore::RenderBlock::layoutBlock (this=0x678988, relayoutChildren=true, pageLogicalHeight=...) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/rendering/RenderBlock.cpp:1562 #19 0x00007f878313a886 in WebCore::RenderBlock::layout (this=0x678988) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/rendering/RenderBlock.cpp:1390 #20 0x00007f87831404bf in WebCore::RenderBlock::layoutBlockChild (this=0x676cc8, child=0x678988, marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/rendering/RenderBlock.cpp:2492 #21 0x00007f878314003f in WebCore::RenderBlock::layoutBlockChildren (this=0x676cc8, relayoutChildren=true, maxFloatLogicalBottom=...) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/rendering/RenderBlock.cpp:2428 #22 0x00007f878313b33d in WebCore::RenderBlock::layoutBlock (this=0x676cc8, relayoutChildren=true, pageLogicalHeight=...) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/rendering/RenderBlock.cpp:1564 #23 0x00007f878313a886 in WebCore::RenderBlock::layout (this=0x676cc8) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/rendering/RenderBlock.cpp:1390 #24 0x00007f87831404bf in WebCore::RenderBlock::layoutBlockChild (this=0x61dbf8, child=0x676cc8, marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) ---Type <return> to continue, or q <return> to quit--- at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/rendering/RenderBlock.cpp:2492 #25 0x00007f878314003f in WebCore::RenderBlock::layoutBlockChildren (this=0x61dbf8, relayoutChildren=true, maxFloatLogicalBottom=...) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/rendering/RenderBlock.cpp:2428 #26 0x00007f878313b33d in WebCore::RenderBlock::layoutBlock (this=0x61dbf8, relayoutChildren=true, pageLogicalHeight=...) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/rendering/RenderBlock.cpp:1564 #27 0x00007f878313a886 in WebCore::RenderBlock::layout (this=0x61dbf8) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/rendering/RenderBlock.cpp:1390 #28 0x00007f878324a556 in WebCore::RenderView::layoutContent (this=0x61dbf8, state=...) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/rendering/RenderView.cpp:140 #29 0x00007f878324ab53 in WebCore::RenderView::layout (this=0x61dbf8) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/rendering/RenderView.cpp:198 #30 0x00007f87824c90f0 in WebCore::FrameView::layout (this=0x61c150, allowSubtree=true) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/page/FrameView.cpp:1196 #31 0x00007f87832de668 in WebCore::Document::implicitClose (this=0x658540) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/dom/Document.cpp:2463 #32 0x00007f87823fd6ad in WebCore::FrameLoader::checkCallImplicitClose (this=0x60c8b8) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/loader/FrameLoader.cpp:830 #33 0x00007f87823fd418 in WebCore::FrameLoader::checkCompleted (this=0x60c8b8) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/loader/FrameLoader.cpp:773 #34 0x00007f87823fd156 in WebCore::FrameLoader::finishedParsing (this=0x60c8b8) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/loader/FrameLoader.cpp:706 #35 0x00007f87832e5663 in WebCore::Document::finishedParsing (this=0x658540) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/dom/Document.cpp:4415 #36 0x00007f878238aa2f in WebCore::HTMLTreeBuilder::finished (this=0x61cc60) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2703 #37 0x00007f878235d382 in WebCore::HTMLDocumentParser::end (this=0x674230) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/html/parser/HTMLDocumentParser.cpp:377 #38 0x00007f878235d48b in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x674230) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/html/parser/HTMLDocumentParser.cpp:386 #39 0x00007f878235c5b3 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x674230) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/html/parser/HTMLDocumentParser.cpp:154 #40 0x00007f878235d4ce in WebCore::HTMLDocumentParser::attemptToEnd (this=0x674230) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/html/parser/HTMLDocumentParser.cpp:398 #41 0x00007f878235d585 in WebCore::HTMLDocumentParser::finish (this=0x674230) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/html/parser/HTMLDocumentParser.cpp:425 #42 0x00007f87823f49cd in WebCore::DocumentWriter::end (this=0x647128) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/loader/DocumentWriter.cpp:244 #43 0x00007f87823e3dcd in WebCore::DocumentLoader::finishedLoading (this=0x647080) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/loader/DocumentLoader.cpp:301 ---Type <return> to continue, or q <return> to quit--- #44 0x00007f878241ecaf in WebCore::MainResourceLoader::didFinishLoading (this=0x6478f0, finishTime=0) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/loader/MainResourceLoader.cpp:520 #45 0x00007f878242b2b3 in WebCore::ResourceLoader::didFinishLoading (this=0x6478f0, finishTime=0) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/loader/ResourceLoader.cpp:453 #46 0x00007f87826e0e91 in WebCore::QNetworkReplyHandler::finish (this=0x6492e0) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:515 #47 0x00007f87826dfa90 in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x649318) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:249 #48 0x00007f87826df7b8 in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x649318, method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7f87826e0cbc <WebCore::QNetworkReplyHandler::finish()>) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:215 #49 0x00007f87826e07a6 in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x63bc20) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:408 #50 0x00007f87826e31e2 in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x63bc20, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fff567f47d0) at .moc/debug-shared/moc_QNetworkReplyHandler.cpp:175 #51 0x00007f878062e5b7 in QMetaObject::activate (sender=0x5ffc50, signalOffset=7, local_signal_index=1, argv=0x0) at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qobject.cpp:3479 #52 0x00007f878062de08 in QMetaObject::activate (sender=0x5ffc50, m=0x7f8780fdd640 <QNetworkReply::staticMetaObject>, local_signal_index=1, argv=0x0) at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qobject.cpp:3354 #53 0x00007f8780f6219f in QNetworkReply::finished (this=0x5ffc50) at .moc/debug-shared/moc_qnetworkreply.cpp:297 #54 0x00007f8780f61d44 in QNetworkReply::qt_static_metacall (_o=0x5ffc50, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x63b440) at .moc/debug-shared/moc_qnetworkreply.cpp:183 #55 0x00007f8780626da5 in QMetaCallEvent::placeMetaCall (this=0x63b960, object=0x5ffc50) at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qobject.cpp:479 #56 0x00007f8780627c92 in QObject::event (this=0x5ffc50, e=0x63b960) at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qobject.cpp:1070 #57 0x00007f878119c328 in QApplicationPrivate::notify_helper (this=0x579d70, receiver=0x5ffc50, e=0x63b960) at /ssd/milian/projects/qt5/qtbase/src/widgets/kernel/qapplication.cpp:3457 #58 0x00007f8781199ac4 in QApplication::notify (this=0x572db0, receiver=0x5ffc50, e=0x63b960) at /ssd/milian/projects/qt5/qtbase/src/widgets/kernel/qapplication.cpp:2878 #59 0x00007f87805ee926 in QCoreApplication::notifyInternal (this=0x572db0, receiver=0x5ffc50, event=0x63b960) at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:867 #60 0x00007f87805f248b in QCoreApplication::sendEvent (receiver=0x5ffc50, event=0x63b960) at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qcoreapplication.h:232 #61 0x00007f87805efc6f in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x579ee0) at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1471 #62 0x00007f87805ef61f in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1329 #63 0x00007f878065e363 in postEventSourceDispatch (s=0x585980) at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:279 ---Type <return> to continue, or q <return> to quit--- #64 0x00007f8786086da6 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #65 0x00007f87860870f8 in ?? () from /usr/lib/libglib-2.0.so.0 #66 0x00007f878608719c in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #67 0x00007f878065eb0b in QEventDispatcherGlib::processEvents (this=0x57c170, flags=...) at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:426 #68 0x00007f877982bc10 in QPAEventDispatcherGlib::processEvents (this=0x57c170, flags=...) at /ssd/milian/projects/qt5/qtbase/src/platformsupport/eventdispatchers/qeventdispatcher_glib.cpp:123 #69 0x00007f87805eb686 in QEventLoop::processEvents (this=0x7fff567f5630, flags=...) at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qeventloop.cpp:136 #70 0x00007f87805eb969 in QEventLoop::exec (this=0x7fff567f5630, flags=...) at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qeventloop.cpp:212 #71 0x00007f87805ef002 in QCoreApplication::exec () at /ssd/milian/projects/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1120 #72 0x00007f87826ed4fc in WebCore::RunLoop::run () at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebCore/platform/qt/RunLoopQt.cpp:69 #73 0x00007f8781f6c750 in WebKit::WebProcessMainQt (app=0x572db0) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebKit2/WebProcess/qt/WebProcessMainQt.cpp:195 #74 0x00000000004011c8 in main (argc=2, argv=0x7fff567f5a58) at /ssd/milian/projects/qt5/qtwebkit-gitorious/Source/WebKit2/qt/MainQt.cpp:100 for a valgrind log and bt full, see http://paste.kde.org/p9b641be0/ (was too long for the bugtracker). 916642 11 allan.jensen 2013-08-13 03:35:00 -0700 If you are seeing the crash on a 32bit machine then it could be the same as https://bugreports.qt-project.org/browse/QTBUG-32879 and explain why we don't see it on out 64bit development machines. 916654 12 allan.jensen 2013-08-13 04:41:27 -0700 Most likely caused by the patch for bug #118532 916672 13 milian.wolff 2013-08-13 05:55:56 -0700 Nope, I'm on a 64bit machine: Linux milian-kdab2 3.10.5-1-ARCH #1 SMP PREEMPT Mon Aug 5 08:04:22 CEST 2013 x86_64 GNU/Linux 916677 14 allan.jensen 2013-08-13 06:16:03 -0700 (In reply to comment #13) > Nope, I'm on a 64bit machine: > > Linux milian-kdab2 3.10.5-1-ARCH #1 SMP PREEMPT Mon Aug 5 08:04:22 CEST 2013 x86_64 GNU/Linux Yes, the bug seem to hit more than 32bit, but is kind of random. Have you tried to revert the patch from bug 118532 ? 916719 15 milian.wolff 2013-08-13 08:39:01 -0700 https://codereview.qt-project.org/#change,62910 fixes the issue for me. 917078 16 allan.jensen 2013-08-14 04:29:36 -0700 *** This bug has been marked as a duplicate of bug 119740 *** 917080 17 allan.jensen 2013-08-14 04:30:15 -0700 (In reply to comment #15) > https://codereview.qt-project.org/#change,62910 fixes the issue for me. Can you test if the new patch in bug 118532 also works without crashing?