45256 2010-09-06 04:13:50 -0700 Web Inspector: Tests crash on Qt bots revealed by r66720 2010-09-06 10:21:10 -0700 1 1 1 Unclassified WebKit Web Inspector (Deprecated) 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 44230 1 ossy webkit-unassigned bweinstein joepeck keishi loislo pfeldman pmuellr rik timothy tonikitoo yurys oldest_to_newest 274541 0 ossy 2010-09-06 04:13:50 -0700 After http://trac.webkit.org/changeset/66720 there are some flakey crashes on Qt Linux Release bot. :/ Fortunately I reproduced the crash on our 64 bit relase and debug bots, where 50-60 tests crash always. $ WebKitTools/Scripts/run-webkit-tests --debug -exit-after-n-crashes 1 fast/dom/location-new-window-no-crash.html -> crashed Exiting early after 1 crashes and 0 timeouts. 4946 tests run. $ gdb WebKitBuild/Debug/bin/DumpRenderTree core #0 0x00007fd89917f702 in WebCore::InspectorFrontendClientQt::inspectorClientDestroyed (this=0x908e5a0a39be2ed) at ../../../WebKit/qt/WebCoreSupport/InspectorClientQt.cpp:344 344 m_inspectorClient = 0; (gdb) bt #0 0x00007fd89917f702 in WebCore::InspectorFrontendClientQt::inspectorClientDestroyed (this=0x908e5a0a39be2ed) at ../../../WebKit/qt/WebCoreSupport/InspectorClientQt.cpp:344 #1 0x00007fd89917f73e in WebCore::InspectorClientQt::inspectorDestroyed (this=0x739810) at ../../../WebKit/qt/WebCoreSupport/InspectorClientQt.cpp:104 #2 0x00007fd898d3e9f6 in WebCore::InspectorController::inspectedPageDestroyed (this=0x739b30) at ../../../WebCore/inspector/InspectorController.cpp:212 #3 0x00007fd898eadab4 in ~Page (this=0x739840) at ../../../WebCore/page/Page.cpp:211 #4 0x00007fd8991a9357 in ~QWebPagePrivate (this=0x739350) at ../../../WebKit/qt/Api/qwebpage.cpp:319 #5 0x00007fd8991a98be in ~QWebPage (this=0x7391d0) at ../../../WebKit/qt/Api/qwebpage.cpp:1891 #6 0x0000000000428de3 in ~WebPage (this=0x7391d0) at /home/oszi/WebKit/WebKitTools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:168 #7 0x00007fd8991abf9a in QWebViewPrivate::detachCurrentPage (this=0x6f2080) at ../../../WebKit/qt/Api/qwebview.cpp:372 #8 0x00007fd8991accd9 in ~QWebViewPrivate (this=0x6f2080) at ../../../WebKit/qt/Api/qwebview.cpp:60 #9 0x00007fd8991acdce in ~QWebView (this=0x738cc0) at ../../../WebKit/qt/Api/qwebview.cpp:329 #10 0x0000000000425b73 in ~DumpRenderTree (this=0x7fffffffea80) at /home/oszi/WebKit/WebKitTools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:505 #11 0x000000000043b0a3 in main (argc=2, argv=0x7fffffffecb8) at /home/oszi/WebKit/WebKitTools/DumpRenderTree/qt/main.cpp:171 Yury, Pavel, any idea how to fix it? 274556 1 ossy 2010-09-06 04:44:35 -0700 Additionally I tried to rollout http://trac.webkit.org/changeset/66720 locally, and after that I didn't get any crashes. Guys, could we fix it quickly? Or should we rollout until fix make sheriffbot not to SPAM innocent peoples. 274572 2 yurys 2010-09-06 05:51:02 -0700 (In reply to comment #1) > Additionally I tried to rollout http://trac.webkit.org/changeset/66720 locally, and after that I didn't get any crashes. > > Guys, could we fix it quickly? Or should we rollout > until fix make sheriffbot not to SPAM innocent peoples. Let me look into it. It didn't crash locally. It was 32 bit virtual machine though. 274576 3 ossy 2010-09-06 06:03:14 -0700 (In reply to comment #2) > Let me look into it. It didn't crash locally. It was 32 bit virtual machine though. Qt Linux Release bot is a 32 bit machine too. Unfortunately it isn't trivial to reproduce on it, because sometimes works, sometimes not. See http://build.webkit.org/waterfall?show=Qt%20Linux%20Release That's why sheriffbot make some SPAM. 274584 4 yurys 2010-09-06 06:22:10 -0700 (In reply to comment #3) > (In reply to comment #2) > > Let me look into it. It didn't crash locally. It was 32 bit virtual machine though. > > Qt Linux Release bot is a 32 bit machine too. Unfortunately > it isn't trivial to reproduce on it, because sometimes works, > sometimes not. See http://build.webkit.org/waterfall?show=Qt%20Linux%20Release > > That's why sheriffbot make some SPAM. Ok, it seems that destructor ~InspectorFrontendClientQt is called without preceding call to InspectorFrontendClientQt::destroyInspectorView. I'm going to commit a patch that should prove it. 274646 5 tonikitoo 2010-09-06 08:27:55 -0700 It also affects the QtTestBrowser (QtWebkit's launcher) 274648 6 ossy 2010-09-06 08:29:40 -0700 (In reply to comment #4) > Ok, it seems that destructor ~InspectorFrontendClientQt is called without preceding call to InspectorFrontendClientQt::destroyInspectorView. I'm going to commit a patch that should prove it. Landed in http://trac.webkit.org/changeset/66824 , but unfortunately still crash. 274658 7 ossy 2010-09-06 09:05:54 -0700 I can reproduced it on 32 bit too: #0 0xf676a9c8 in WebCore::InspectorFrontendClientQt::inspectorClientDestroyed (this=0xffffffff) at ../../../WebKit/qt/WebCoreSupport/InspectorClientQt.cpp:351 351 m_inspectorClient = 0; (gdb) bt #0 0xf676a9c8 in WebCore::InspectorFrontendClientQt::inspectorClientDestroyed (this=0xffffffff) at ../../../WebKit/qt/WebCoreSupport/InspectorClientQt.cpp:351 #1 0xf676aa06 in WebCore::InspectorClientQt::inspectorDestroyed (this=0x815f018) at ../../../WebKit/qt/WebCoreSupport/InspectorClientQt.cpp:104 #2 0xf631b5a7 in WebCore::InspectorController::inspectedPageDestroyed (this=0x81691c8) at ../../../WebCore/inspector/InspectorController.cpp:212 #3 0xf648afd5 in ~Page (this=0x8168ad0) at ../../../WebCore/page/Page.cpp:211 #4 0xf6794c3a in ~QWebPagePrivate (this=0x8168df0) at ../../../WebKit/qt/Api/qwebpage.cpp:319 #5 0xf6795152 in ~QWebPage (this=0xf27017e0) at ../../../WebKit/qt/Api/qwebpage.cpp:1891 #6 0x0806948c in ~WebPage (this=0xf27017e0) at /home/oszi/WebKit/WebKitTools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:168 #7 0xf679759e in QWebViewPrivate::detachCurrentPage (this=0xf2700538) at ../../../WebKit/qt/Api/qwebview.cpp:372 #8 0xf67982d7 in ~QWebViewPrivate (this=0xf2700538) at ../../../WebKit/qt/Api/qwebview.cpp:60 #9 0xf67983de in ~QWebView (this=0xf27005c0) at ../../../WebKit/qt/Api/qwebview.cpp:329 #10 0x080664b3 in ~DumpRenderTree (this=0xffffc614) at /home/oszi/WebKit/WebKitTools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:505 #11 0x0807a8b8 in main (argc=2, argv=0xffffc744) at /home/oszi/WebKit/WebKitTools/DumpRenderTree/qt/main.cpp:171 It seems m_frontendClient is invalid for some reason. (this=0xffffffff) void InspectorClientQt::inspectorDestroyed() { if (m_frontendClient) m_frontendClient->inspectorClientDestroyed(); ---> crash!!! (InspectorClientQt.cpp:104) delete this; } 274670 8 66652 ossy 2010-09-06 09:36:26 -0700 Created attachment 66652 proposed fix I tested locally, it fixed all crashes 274671 9 66652 tonikitoo 2010-09-06 09:37:33 -0700 Comment on attachment 66652 proposed fix r=me 274672 10 66652 ossy 2010-09-06 09:42:38 -0700 Comment on attachment 66652 proposed fix Clearing flags on attachment: 66652 Committed r66835: <http://trac.webkit.org/changeset/66835> 274673 11 ossy 2010-09-06 09:42:48 -0700 All reviewed patches have been landed. Closing bug. 274692 12 yurys 2010-09-06 10:21:10 -0700 (In reply to comment #11) > All reviewed patches have been landed. Closing bug. Thanks for fixing this! The idea of missing initializer just came to my mind when I was driving home. I wonder why there is no such warning in g++. 66652 2010-09-06 09:36:26 -0700 2010-09-06 09:42:38 -0700 proposed fix 1.patch text/plain 1159 ossy SW5kZXg6IFdlYktpdC9xdC9XZWJDb3JlU3VwcG9ydC9JbnNwZWN0b3JDbGllbnRRdC5jcHAKPT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PQotLS0gV2ViS2l0L3F0L1dlYkNvcmVTdXBwb3J0L0luc3BlY3RvckNsaWVudFF0LmNw cAkocmV2aXNpb24gNjY4MzQpCisrKyBXZWJLaXQvcXQvV2ViQ29yZVN1cHBvcnQvSW5zcGVjdG9y Q2xpZW50UXQuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC05Niw2ICs5Niw3IEBACiBJbnNwZWN0b3JD bGllbnRRdDo6SW5zcGVjdG9yQ2xpZW50UXQoUVdlYlBhZ2UqIHBhZ2UpCiAgICAgOiBtX2luc3Bl Y3RlZFdlYlBhZ2UocGFnZSkKICAgICAsIG1fZnJvbnRlbmRXZWJQYWdlKDApCisgICAgLCBtX2Zy b250ZW5kQ2xpZW50KDApCiB7fQogCiB2b2lkIEluc3BlY3RvckNsaWVudFF0OjppbnNwZWN0b3JE ZXN0cm95ZWQoKQpJbmRleDogV2ViS2l0L3F0L0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBXZWJL aXQvcXQvQ2hhbmdlTG9nCShyZXZpc2lvbiA2NjgzNCkKKysrIFdlYktpdC9xdC9DaGFuZ2VMb2cJ KHdvcmtpbmcgY29weSkKQEAgLTEsMyArMSwxMyBAQAorMjAxMC0wOS0wNiAgQ3NhYmEgT3N6dHJv Z29uw6FjICA8b3NzeUB3ZWJraXQub3JnPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAo T09QUyEpLgorCisgICAgICAgIFdlYiBJbnNwZWN0b3I6IFRlc3RzIGNyYXNoIG9uIFF0IGJvdHMg cmV2ZWFsZWQgYnkgcjY2NzIwCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3df YnVnLmNnaT9pZD00NTI1NgorCisgICAgICAgICogV2ViQ29yZVN1cHBvcnQvSW5zcGVjdG9yQ2xp ZW50UXQuY3BwOgorICAgICAgICAoV2ViQ29yZTo6SW5zcGVjdG9yQ2xpZW50UXQ6Okluc3BlY3Rv ckNsaWVudFF0KTogbV9mcm9udGVuZENsaWVudCBtdXN0IGJlIGluaXRpYWxpemVkIGJ5IGNvbnN0 cnVjdG9yCisKIDIwMTAtMDktMDYgIFl1cnkgU2VtaWtoYXRza3kgIDx5dXJ5c0BjaHJvbWl1bS5v cmc+CiAKICAgICAgICAgVW5yZXZpZXdlZC4gQXR0ZW1wdCB0byBmaXggcmFuZG9tIHRlc3QgY3Jh c2hlcyBhZnRlciByNjY3MjAuCg==