21390 2008-10-05 13:44:13 -0700 [Gtk] Linux/Gtk: GtkLauncher crashes on Acid3 (but after test 80 this time) 2008-10-14 07:33:50 -0700 1 1 1 Unclassified WebKit WebKitGTK 528+ (Nightly build) PC Linux RESOLVED FIXED P2 Normal --- 1 cmsigler webkit-unassigned alp camaradetux jmalonzo riccardo.magliocchetti oldest_to_newest 94167 0 cmsigler 2008-10-05 13:44:13 -0700 Hi, I feel like a persistent bearer of bad news :^( Thanks to Dave Hyatt, a previous Acid3 crash was fixed under Linux/Gtk. But now Acid3 crashes again, later on, around test 80 out of 100. This is running trunk r37317. This time I've actually got a backtrace! --> Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb58db8e0 (LWP 21108)] 0xb7b53abc in WebCore::ScrollView::platformRemoveChild () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 (gdb) backtrace #0 0xb7b53abc in WebCore::ScrollView::platformRemoveChild () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #1 0xb78ef707 in WebCore::ScrollView::removeChild () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #2 0xb78f00bd in WebCore::ScrollView::setHasHorizontalScrollbar () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #3 0xb78c65bf in WebCore::FrameView::~FrameView () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #4 0xb799c9ad in WebCore::RenderPart::~RenderPart () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #5 0xb799cf40 in WebCore::RenderPartObject::~RenderPartObject () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #6 0xb799648c in WebCore::RenderObject::arenaDelete () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #7 0xb79c3199 in WebCore::RenderWidget::deref () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #8 0xb79c3a16 in WebCore::RenderWidget::destroy () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #9 0xb7727dd9 in WebCore::Node::detach () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #10 0xb76f2eae in WebCore::ContainerNode::detach () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #11 0xb771886b in WebCore::Element::detach () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #12 0xb76f2e9b in WebCore::ContainerNode::detach () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #13 0xb771886b in WebCore::Element::detach () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #14 0xb76f4d19 in WebCore::ContainerNode::removeChild () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #15 0xb7662a87 in WebCore::JSNode::removeChild () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #16 0xb7c3ae03 in WebCore::jsNodePrototypeFunctionRemoveChild () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #17 0xb7e503e6 in JSC::Machine::privateExecute () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #18 0xb7e54ead in JSC::Machine::execute () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #19 0xb7d9919f in JSC::call () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #20 0xb766b0e7 in WebCore::ScheduledAction::execute () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #21 0xb7644dae in WebCore::JSDOMWindowBase::timerFired () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #22 0xb7644f3d in WebCore::DOMWindowTimer::fired () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #23 0xb78f3bcb in WebCore::TimerBase::fireTimers () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #24 0xb78f3f07 in WebCore::TimerBase::sharedTimerFired () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #25 0xb7b54f5e in WebCore::timeout_cb () from /opt/siglercm/webkit/WebKit/.libs/libwebkit-1.0.so.1 #26 0xb5b72441 in ?? () from /usr/lib/libglib-2.0.so.0 #27 0x00000000 in ?? () HTH. Clemmitt 94169 1 hyatt 2008-10-05 13:53:02 -0700 Can you tell what is returning null? Is it hostWindow()? 94171 2 jmalonzo 2008-10-05 14:22:21 -0700 (In reply to comment #1) > Can you tell what is returning null? Is it hostWindow()? > Hi Dave, Yes it's hostWindow that's returning NULL. Is it possible not to have a hostWindow before remove the child? Should we check if this is the case? 94191 3 24106 jmalonzo 2008-10-05 18:21:22 -0700 Created attachment 24106 patch to use the child's parent if HostWindow is null Remove the child from its parent if HostWindow is null. This makes Gtk pass acid3 again. But is it possible to have a null HostWindow when removing a child? 94197 4 cmsigler 2008-10-05 19:36:48 -0700 (In reply to comment #3) > Remove the child from its parent if HostWindow is null. This makes Gtk pass > acid3 again. Yup, looooking goooood. Applied to r37322 and the problem is fixed. Webkit, the little browser engine that could :^) Thanks very much. Clemmitt 94201 5 alp 2008-10-05 20:53:54 -0700 I'm not too sure that making platformAddChild()/platformRemoveChild() asymmetric is a good idea. Hyatt would know better, but maybe it's best to add a null check for hostWindow() in both and to leave it at that. Either way, looks like this is exposing a bug elsewhere, possibly the new platform scrollbar code. 94215 6 camaradetux 2008-10-06 01:23:16 -0700 Just for the record, gmail's standard ui (so the heavy one) triggers the same crash when opening a mail conversation. The backtrace is the same up to 20. 94742 7 camaradetux 2008-10-09 09:07:38 -0700 And mininova too suffer from this, and apple.com (or store.apple.com), and google video, and ... and ... and ... In fact 75% of the websites can probably crash webkit provided the window is small enough (look at the backtraces : "Scrollbar") 94743 8 alp 2008-10-09 09:15:12 -0700 Landed in r37447. Think we'll need to look closely at the recent changes some time to make sure they're doing the right thing following the introduction of HostWindow etc. 94990 9 jmalonzo 2008-10-11 13:42:01 -0700 *** Bug 21240 has been marked as a duplicate of this bug. *** 95289 10 24106 jmalonzo 2008-10-14 07:33:50 -0700 Comment on attachment 24106 patch to use the child's parent if HostWindow is null Setting to r+ as Alp already r+'d it and patch already landed. 24106 2008-10-05 18:21:22 -0700 2008-10-14 07:33:50 -0700 patch to use the child's parent if HostWindow is null acid3-test80-gtk.patch text/plain 1649 jmalonzo ZGlmZiAtLWdpdCBhL1dlYkNvcmUvQ2hhbmdlTG9nIGIvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXgg NmQ2ZWM0Mi4uYWUyYTg1YiAxMDA2NDQKLS0tIGEvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvV2Vi Q29yZS9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxMyBAQAorMjAwOC0xMC0wNSAgSmFuIE1pY2hhZWwg QWxvbnpvICA8am1hbG9uem9Ad2Via2l0Lm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JP RFkgKE9PUFMhKQorCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNn aT9pZD0yMTM5MAorICAgICAgICBbR3RrXSBMaW51eC9HdGs6IEd0a0xhdW5jaGVyIGNyYXNoZXMg b24gQWNpZDMgKGJ1dCBhZnRlciB0ZXN0IDgwIHRoaXMgdGltZSkKKworICAgICAgICAqIHBsYXRm b3JtL2d0ay9TY3JvbGxWaWV3R3RrLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OlNjcm9sbFZpZXc6 OnBsYXRmb3JtUmVtb3ZlQ2hpbGQpOgorCiAyMDA4LTEwLTA1ICBMdWtlIEtlbm5ldGggQ2Fzc29u IExlaWdodG9uICA8bGtjbEBsa2NsLm5ldD4KIAogICAgICAgICBSZXZpZXdlZCBieSBEYXZpZCBI eWF0dC4KZGlmZiAtLWdpdCBhL1dlYkNvcmUvcGxhdGZvcm0vZ3RrL1Njcm9sbFZpZXdHdGsuY3Bw IGIvV2ViQ29yZS9wbGF0Zm9ybS9ndGsvU2Nyb2xsVmlld0d0ay5jcHAKaW5kZXggY2IyMmZlOC4u ZTEzMTZlZSAxMDA2NDQKLS0tIGEvV2ViQ29yZS9wbGF0Zm9ybS9ndGsvU2Nyb2xsVmlld0d0ay5j cHAKKysrIGIvV2ViQ29yZS9wbGF0Zm9ybS9ndGsvU2Nyb2xsVmlld0d0ay5jcHAKQEAgLTEzMSw4 ICsxMzEsMTcgQEAgdm9pZCBTY3JvbGxWaWV3OjpwbGF0Zm9ybUFkZENoaWxkKFdpZGdldCogY2hp bGQpCiAKIHZvaWQgU2Nyb2xsVmlldzo6cGxhdGZvcm1SZW1vdmVDaGlsZChXaWRnZXQqIGNoaWxk KQogewotICAgIGlmIChHVEtfV0lER0VUKGhvc3RXaW5kb3coKS0+cGxhdGZvcm1XaW5kb3coKSkg PT0gR1RLX1dJREdFVChjaGlsZC0+cGxhdGZvcm1XaWRnZXQoKSktPnBhcmVudCkKLSAgICAgICAg Z3RrX2NvbnRhaW5lcl9yZW1vdmUoR1RLX0NPTlRBSU5FUihob3N0V2luZG93KCktPnBsYXRmb3Jt V2luZG93KCkpLCBjaGlsZC0+cGxhdGZvcm1XaWRnZXQoKSk7CisgICAgR3RrV2lkZ2V0KiBwYXJl bnQ7CisKKyAgICAvLyBIb3N0V2luZG93IGNhbiBiZSBOVUxMIGhlcmUuIElmIHRoYXQncyB0aGUg Y2FzZQorICAgIC8vIGxldCdzIGdyYWIgdGhlIGNoaWxkJ3MgcGFyZW50IGluc3RlYWQuCisgICAg aWYgKGhvc3RXaW5kb3coKSkKKyAgICAgICAgcGFyZW50ID0gR1RLX1dJREdFVChob3N0V2luZG93 KCktPnBsYXRmb3JtV2luZG93KCkpOworICAgIGVsc2UKKyAgICAgICAgcGFyZW50ID0gR1RLX1dJ REdFVChjaGlsZC0+cGxhdGZvcm1XaWRnZXQoKS0+cGFyZW50KTsKKworICAgIGlmIChHVEtfSVNf Q09OVEFJTkVSKHBhcmVudCkgJiYgcGFyZW50ID09IGNoaWxkLT5wbGF0Zm9ybVdpZGdldCgpLT5w YXJlbnQpCisgICAgICAgIGd0a19jb250YWluZXJfcmVtb3ZlKEdUS19DT05UQUlORVIocGFyZW50 KSwgY2hpbGQtPnBsYXRmb3JtV2lkZ2V0KCkpOwogfQogCiBib29sIFNjcm9sbFZpZXc6OnBsYXRm b3JtSGFuZGxlSG9yaXpvbnRhbEFkanVzdG1lbnQoY29uc3QgSW50U2l6ZSYgc2Nyb2xsKQo=