151653 2015-11-30 00:51:01 -0800 [GTK] UI process crash when the screensaver DBus proxy is being created while the web view is destroyed 2015-11-30 01:40:07 -0800 1 1 1 Unclassified WebKit WebKitGTK WebKit Local Build Unspecified Unspecified RESOLVED FIXED Gtk P2 Normal --- 1 cgarcia webkit-unassigned berto bugs-noreply commit-queue gustavo mcatanzaro mrobinson svillar zan oldest_to_newest 1144738 0 cgarcia 2015-11-30 00:51:01 -0800 We correctly cancel the proxy creation, but when the async ready callback is called, the view could be destroyed already. In that case g_dbus_proxy_new_for_bus_finish() will return nullptr and fail with cancelled error, but we are using the passed web view without checking first if the creation failed or not. 1144739 1 cgarcia 2015-11-30 00:53:31 -0800 Forgot the bt. This crash is what makes /webkit2/WebKitWebView/submit-form fail sometimes, because when /webkit2/WebKitWebView/fullscreen runs, the proxy creation starts, and in /webkit2/WebKitWebView/submit-form the callback is called, but the web view of that previous test has been destroyed. Program received signal SIGSEGV, Segmentation fault. 0x00007ffff32c502b in screenSaverProxyCreatedCallback(_GObject*, _GAsyncResult*, _WebKitWebViewBase*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 (gdb) bt #0 0x00007ffff32c502b in screenSaverProxyCreatedCallback(_GObject*, _GAsyncResult*, _WebKitWebViewBase*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #1 0x00007ffff59861a3 in g_task_return_now (task=0x7cf8f0) at gtask.c:1104 #2 0x00007ffff598680e in g_task_return (task=0x7cf8f0, type=<optimized out>) at gtask.c:1162 #3 0x00007ffff59dbfac in init_second_async_cb (source_object=<optimized out>, res=<optimized out>, user_data=0x7cf8f0) at gdbusproxy.c:1807 #4 0x00007ffff59861a3 in g_task_return_now (task=0x7cfa90) at gtask.c:1104 #5 0x00007ffff598680e in g_task_return (task=0x7cfa90, type=<optimized out>) at gtask.c:1162 #6 0x00007ffff59dba1e in async_init_start_service_by_name_cb (connection=<optimized out>, res=0x7cfb60, user_data=0x7cfa90) at gdbusproxy.c:1645 #7 0x00007ffff59861a3 in g_task_return_now (task=0x7cfb60) at gtask.c:1104 #8 0x00007ffff598680e in g_task_return (task=0x7cfb60, type=<optimized out>) at gtask.c:1162 #9 0x00007ffff59d0d00 in g_dbus_connection_call_done (source=<optimized out>, result=0x87e850, user_data=0x7cfb60) at gdbusconnection.c:5702 #10 0x00007ffff59861a3 in g_task_return_now (task=0x87e850) at gtask.c:1104 #11 0x00007ffff59861d9 in complete_in_idle_cb (task=0x87e850) at gtask.c:1118 #12 0x00007ffff766fb4a in g_main_dispatch (context=0x656e30) at gmain.c:3154 #13 g_main_context_dispatch (context=context@entry=0x656e30) at gmain.c:3769 #14 0x00007ffff766fec8 in g_main_context_iterate (context=0x656e30, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3840 #15 0x00007ffff76701e2 in g_main_loop_run (loop=0x740380) at gmain.c:4034 #16 0x0000000000408757 in testWebViewSubmitForm(FormClientTest*, void const*) () #17 0x00007ffff76943db in test_case_run (tc=0x6c8ca0) at gtestutils.c:2158 #18 g_test_run_suite_internal (suite=suite@entry=0x7a5060, path=path@entry=0x0) at gtestutils.c:2241 #19 0x00007ffff76945a3 in g_test_run_suite_internal (suite=suite@entry=0x7a5080, path=path@entry=0x0) at gtestutils.c:2253 #20 0x00007ffff76945a3 in g_test_run_suite_internal (suite=suite@entry=0x7a50a0, path=path@entry=0x0) at gtestutils.c:2253 #21 0x00007ffff769479e in g_test_run_suite (suite=0x7a50a0) at gtestutils.c:2328 #22 0x00007ffff76947c1 in g_test_run () at gtestutils.c:1596 #23 0x0000000000407a85 in main () 1144740 2 266242 cgarcia 2015-11-30 00:56:04 -0800 Created attachment 266242 Patch 1144741 3 commit-queue 2015-11-30 00:57:07 -0800 Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See http://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API 1144742 4 266242 mrobinson 2015-11-30 01:33:17 -0800 Comment on attachment 266242 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=266242&action=review > Source/WebKit2/UIProcess/API/gtk/WebKitWebViewBase.cpp:1175 > + if (!proxy) > return; It might be a good idea to leave a comment here explaining the situation as well. I think that could be quite useful for people reading the code. 1144743 5 cgarcia 2015-11-30 01:40:07 -0800 Committed r192792: <http://trac.webkit.org/changeset/192792> 266242 2015-11-30 00:56:04 -0800 2015-11-30 01:33:17 -0800 Patch wk2-screensaver-crash.diff text/plain 1957 cgarcia ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZwppbmRleCAyOGU3NzNkLi5iN2IxMmY5IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0 Mi9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTkg QEAKKzIwMTUtMTEtMzAgIENhcmxvcyBHYXJjaWEgQ2FtcG9zICA8Y2dhcmNpYUBpZ2FsaWEuY29t PgorCisgICAgICAgIFtHVEtdIFVJIHByb2Nlc3MgY3Jhc2ggd2hlbiB0aGUgc2NyZWVuc2F2ZXIg REJ1cyBwcm94eSBpcyBiZWluZyBjcmVhdGVkIHdoaWxlIHRoZSB3ZWIgdmlldyBpcyBkZXN0cm95 ZWQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE1MTY1 MworCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFdlIGNv cnJlY3RseSBjYW5jZWwgdGhlIHByb3h5IGNyZWF0aW9uLCBidXQgd2hlbiB0aGUgYXN5bmMgcmVh ZHkKKyAgICAgICAgY2FsbGJhY2sgaXMgY2FsbGVkLCB0aGUgdmlldyBjb3VsZCBiZSBkZXN0cm95 ZWQgYWxyZWFkeS4gSW4gdGhhdAorICAgICAgICBjYXNlIGdfZGJ1c19wcm94eV9uZXdfZm9yX2J1 c19maW5pc2goKSB3aWxsIHJldHVybiBudWxscHRyIGFuZAorICAgICAgICBmYWlsIHdpdGggY2Fu Y2VsbGVkIGVycm9yLCBidXQgd2UgYXJlIHVzaW5nIHRoZSBwYXNzZWQgd2ViIHZpZXcKKyAgICAg ICAgd2l0aG91dCBjaGVja2luZyBmaXJzdCBpZiB0aGUgY3JlYXRpb24gZmFpbGVkIG9yIG5vdC4K KworICAgICAgICAqIFVJUHJvY2Vzcy9BUEkvZ3RrL1dlYktpdFdlYlZpZXdCYXNlLmNwcDoKKyAg ICAgICAgKHNjcmVlblNhdmVyUHJveHlDcmVhdGVkQ2FsbGJhY2spOgorCiAyMDE1LTExLTI4ICBU aW0gSG9ydG9uICA8dGltb3RoeV9ob3J0b25AYXBwbGUuY29tPgogCiAgICAgICAgIFN0b3AgdW5u ZWNlc3NhcmlseSBjb3B5aW5nIFdLV2ViVmlld0NvbmZpZ3VyYXRpb24gaW4gYSBmZXcgcGxhY2Vz CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nlc3MvQVBJL2d0ay9XZWJLaXRXZWJW aWV3QmFzZS5jcHAgYi9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nlc3MvQVBJL2d0ay9XZWJLaXRXZWJW aWV3QmFzZS5jcHAKaW5kZXggOTM5ODc5ZS4uMmZlZTk1MCAxMDA2NDQKLS0tIGEvU291cmNlL1dl YktpdDIvVUlQcm9jZXNzL0FQSS9ndGsvV2ViS2l0V2ViVmlld0Jhc2UuY3BwCisrKyBiL1NvdXJj ZS9XZWJLaXQyL1VJUHJvY2Vzcy9BUEkvZ3RrL1dlYktpdFdlYlZpZXdCYXNlLmNwcApAQCAtMTE3 MCwxMSArMTE3MCwxMSBAQCBzdGF0aWMgdm9pZCB3ZWJraXRXZWJWaWV3QmFzZVNlbmRJbmhpYml0 TWVzc2FnZVRvU2NyZWVuU2F2ZXIoV2ViS2l0V2ViVmlld0Jhc2UqCiAKIHN0YXRpYyB2b2lkIHNj cmVlblNhdmVyUHJveHlDcmVhdGVkQ2FsbGJhY2soR09iamVjdCosIEdBc3luY1Jlc3VsdCogcmVz dWx0LCBXZWJLaXRXZWJWaWV3QmFzZSogd2ViVmlld0Jhc2UpCiB7Ci0gICAgV2ViS2l0V2ViVmll d0Jhc2VQcml2YXRlKiBwcml2ID0gd2ViVmlld0Jhc2UtPnByaXY7Ci0gICAgcHJpdi0+c2NyZWVu U2F2ZXJQcm94eSA9IGFkb3B0R1JlZihnX2RidXNfcHJveHlfbmV3X2Zvcl9idXNfZmluaXNoKHJl c3VsdCwgbnVsbHB0cikpOwotICAgIGlmICghcHJpdi0+c2NyZWVuU2F2ZXJQcm94eSkKKyAgICBH UmVmUHRyPEdEQnVzUHJveHk+IHByb3h5ID0gYWRvcHRHUmVmKGdfZGJ1c19wcm94eV9uZXdfZm9y X2J1c19maW5pc2gocmVzdWx0LCBudWxscHRyKSk7CisgICAgaWYgKCFwcm94eSkKICAgICAgICAg cmV0dXJuOwogCisgICAgd2ViVmlld0Jhc2UtPnByaXYtPnNjcmVlblNhdmVyUHJveHkgPSBwcm94 eTsKICAgICB3ZWJraXRXZWJWaWV3QmFzZVNlbmRJbmhpYml0TWVzc2FnZVRvU2NyZWVuU2F2ZXIo d2ViVmlld0Jhc2UpOwogfQogCg==