52569 2011-01-17 04:59:40 -0800 [Qt][WK2] Crash due to double destruction of QSharedMemory 2011-01-17 05:29:12 -0800 1 1 1 Unclassified WebKit WebKit2 528+ (Nightly build) PC All RESOLVED FIXED P2 Normal --- 1 kbalazs webkit-unassigned oldest_to_newest 335259 0 kbalazs 2011-01-17 04:59:40 -0800 Some layout tests are crashing because of a bug associated with the CleanupHandler. For example fast/forms/form-associated-element-crash.html produce the following backtrace: Program received signal SIGSEGV, Segmentation fault. 0x080c9f50 in ?? () (gdb) bt 10 #0 0x080c9f50 in ?? () #1 0xb70e3925 in WTF::RefCounted<WebKit::SharedMemory>::deref (this=0x80ef9e8) at ../../../../Source/JavaScriptCore/wtf/RefCounted.h:139 #2 0xb70e3961 in WTF::derefIfNotNull<WebKit::SharedMemory> (ptr=0x80ef9e8) at ../../../../Source/JavaScriptCore/wtf/PassRefPtr.h:59 #3 0xb70e39ad in WTF::RefPtr<WebKit::SharedMemory>::~RefPtr (this=0x80ccee8, __in_chrg=<value optimized out>) at ../../../../Source/JavaScriptCore/wtf/RefPtr.h:57 #4 0xb70f6097 in WebKit::VisitedLinkTable::~VisitedLinkTable (this=0x80ccee8, __in_chrg=<value optimized out>) at ../../../../Source/WebKit2/Shared/VisitedLinkTable.cpp:42 #5 0xb714a50a in WebKit::VisitedLinkProvider::~VisitedLinkProvider (this=0x80cced8, __in_chrg=<value optimized out>) at ../../../../Source/WebKit2/UIProcess/VisitedLinkProvider.h:40 #6 0xb7140dd5 in WebKit::WebContext::~WebContext (this=0x80cce70, __in_chrg=<value optimized out>) at ../../../../Source/WebKit2/UIProcess/WebContext.cpp:120 ... This is the symptom of deleting the QSharedMemory twice. The following happens in this scenario in time oriented order: 1. QApplication stopping => 2. CleanupHandler deletes the QSharedMemory in the slot connected to QApplication::aboutToQuit 3. Destructor of SharedMemory is reached through the destruction of the TestController. The code that was preventing from this behavior was removed by http://trac.webkit.org/changeset/74967 because of my wrong assumption that it is not needed anymore. 335262 1 79158 kbalazs 2011-01-17 05:06:44 -0800 Created attachment 79158 Patch 335265 2 79158 kling 2011-01-17 05:23:31 -0800 Comment on attachment 79158 Patch r=me 335266 3 79158 kbalazs 2011-01-17 05:29:04 -0800 Comment on attachment 79158 Patch Clearing flags on attachment: 79158 Committed r75935: <http://trac.webkit.org/changeset/75935> 335267 4 kbalazs 2011-01-17 05:29:12 -0800 All reviewed patches have been landed. Closing bug. 79158 2011-01-17 05:06:44 -0800 2011-01-17 05:29:04 -0800 Patch bug-52569-20110117130643.patch text/plain 3366 kbalazs ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZwppbmRleCA4M2MwODI5ZTM5NGVlNWZmOWQ3ODQ4Yzg5MDJiOTQyZTJjZGZkOGZlLi4w OTE4NTE0MjllNjk0NjkyMzA5NGM4N2VkMDQ1MzE2MWJkMWIzMzVmIDEwMDY0NAotLS0gYS9Tb3Vy Y2UvV2ViS2l0Mi9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCkBAIC0x LDMgKzEsMjIgQEAKKzIwMTEtMDEtMTcgIEJhbGF6cyBLZWxlbWVuICA8a2JhbGF6c0B3ZWJraXQu b3JnPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFtR dF1bV0syXSBDcmFzaCBkdWUgdG8gZG91YmxlIGRlc3RydWN0aW9uIG9mIFFTaGFyZWRNZW1vcnkK KyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTUyNTY5CisK KyAgICAgICAgQXZvaWQgZGVsZXRpbmcgdGhlIFFTaGFyZWRNZW1vcnkgdHdpY2UuCisgICAgICAg ICogUGxhdGZvcm0vcXQvU2hhcmVkTWVtb3J5UXQuY3BwOgorICAgICAgICAoV2ViS2l0OjpTaGFy ZWRNZW1vcnk6On5TaGFyZWRNZW1vcnkpOgorICAgICAgICAqIFNoYXJlZC9xdC9DbGVhbnVwSGFu ZGxlci5jcHA6CisgICAgICAgIFJlbmFtZWQgbV9pbkRlbGV0ZU9iamVjdHMgdG8gbV9oYXNTdGFy dGVkRGVsZXRpbmcgYW5kCisgICAgICAgIGFkZGVkIGEgZ2V0dGVyIGZvciBpdC4KKyAgICAgICAg KFdlYktpdDo6Q2xlYW51cEhhbmRsZXI6OkNsZWFudXBIYW5kbGVyKToKKyAgICAgICAgKFdlYktp dDo6Q2xlYW51cEhhbmRsZXI6OmRlbGV0ZU9iamVjdHMpOgorICAgICAgICAqIFNoYXJlZC9xdC9D bGVhbnVwSGFuZGxlci5oOgorICAgICAgICAoV2ViS2l0OjpDbGVhbnVwSGFuZGxlcjo6dW5tYXJr KToKKyAgICAgICAgKFdlYktpdDo6Q2xlYW51cEhhbmRsZXI6Omhhc1N0YXJ0ZWREZWxldGluZyk6 CisKIDIwMTEtMDEtMTUgIEFkYW0gQmFydGggIDxhYmFydGhAd2Via2l0Lm9yZz4KIAogICAgICAg ICBSdWJiZXItc3RhbXBlZCBieSBFcmljIFNlaWRlbC4KZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJL aXQyL1BsYXRmb3JtL3F0L1NoYXJlZE1lbW9yeVF0LmNwcCBiL1NvdXJjZS9XZWJLaXQyL1BsYXRm b3JtL3F0L1NoYXJlZE1lbW9yeVF0LmNwcAppbmRleCAwOGY1Njk1NmQ2MDA0OTIwZWIyMGQ1MzUw NDg3MDkyNjAxZTg3MzhhLi5mNWZlY2ZjZWUyOTk1MWUxZmM4M2Q1N2Q5MjgwNjc0NTU2MmYzYzE5 IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0Mi9QbGF0Zm9ybS9xdC9TaGFyZWRNZW1vcnlRdC5j cHAKKysrIGIvU291cmNlL1dlYktpdDIvUGxhdGZvcm0vcXQvU2hhcmVkTWVtb3J5UXQuY3BwCkBA IC0xNDQsNiArMTQ0LDkgQEAgUGFzc1JlZlB0cjxTaGFyZWRNZW1vcnk+IFNoYXJlZE1lbW9yeTo6 Y3JlYXRlKGNvbnN0IEhhbmRsZSYgaGFuZGxlLCBQcm90ZWN0aW9uIHAKIAogU2hhcmVkTWVtb3J5 Ojp+U2hhcmVkTWVtb3J5KCkKIHsKKyAgICBpZiAoQ2xlYW51cEhhbmRsZXI6Omluc3RhbmNlKCkt Pmhhc1N0YXJ0ZWREZWxldGluZygpKQorICAgICAgICByZXR1cm47CisKICAgICBDbGVhbnVwSGFu ZGxlcjo6aW5zdGFuY2UoKS0+dW5tYXJrKG1faW1wbCk7CiAgICAgZGVsZXRlIG1faW1wbDsKIH0K ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9xdC9DbGVhbnVwSGFuZGxlci5jcHAg Yi9Tb3VyY2UvV2ViS2l0Mi9TaGFyZWQvcXQvQ2xlYW51cEhhbmRsZXIuY3BwCmluZGV4IGMwMzNj YmE0N2NhOWEwNWI3N2QxOWExMjkyYzk3YmQ2NTgyNTIzOTguLjc0YzFkNGM2OTdjNTI4YTFmOTA0 Nzg5YzQwODBlM2Q1ZWZmNDdhZDkgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9x dC9DbGVhbnVwSGFuZGxlci5jcHAKKysrIGIvU291cmNlL1dlYktpdDIvU2hhcmVkL3F0L0NsZWFu dXBIYW5kbGVyLmNwcApAQCAtMzYsNyArMzYsNyBAQCBuYW1lc3BhY2UgV2ViS2l0IHsKIENsZWFu dXBIYW5kbGVyKiBDbGVhbnVwSGFuZGxlcjo6dGhlSW5zdGFuY2UgPSAwOwogCiBDbGVhbnVwSGFu ZGxlcjo6Q2xlYW51cEhhbmRsZXIoKQotICAgIDogbV9pbkRlbGV0ZU9iamVjdHMoZmFsc2UpCisg ICAgOiBtX2hhc1N0YXJ0ZWREZWxldGluZyhmYWxzZSkKIHsKICAgICBtb3ZlVG9UaHJlYWQocUFw cC0+dGhyZWFkKCkpOyAvLyBFbnN1cmUgdGhhdCB3ZSBhcmUgYWN0aW5nIG9uIHRoZSBtYWluIHRo cmVhZC4KICAgICBjb25uZWN0KHFBcHAsIFNJR05BTChhYm91dFRvUXVpdCgpKSwgU0xPVChkZWxl dGVPYmplY3RzKCkpLCBRdDo6RGlyZWN0Q29ubmVjdGlvbik7CkBAIC01MCw3ICs1MCw3IEBAIHZv aWQgQ2xlYW51cEhhbmRsZXI6OnNpZ1Rlcm1IYW5kbGVyKGludCkKIAogdm9pZCBDbGVhbnVwSGFu ZGxlcjo6ZGVsZXRlT2JqZWN0cygpCiB7Ci0gICAgbV9pbkRlbGV0ZU9iamVjdHMgPSB0cnVlOwor ICAgIG1faGFzU3RhcnRlZERlbGV0aW5nID0gdHJ1ZTsKICAgICBmb3IgKHVuc2lnbmVkIGkgPSAw OyBpIDwgbV9vYmplY3RzLnNpemUoKTsgKytpKQogICAgICAgICBtX29iamVjdHNbaV0tPmRlbGV0 ZUxhdGVyKCk7CiB9CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9TaGFyZWQvcXQvQ2xlYW51 cEhhbmRsZXIuaCBiL1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9xdC9DbGVhbnVwSGFuZGxlci5oCmlu ZGV4IGNhOTRhNWM4MzBiMjM1Mjk2NGZjYTVjNWUxZDFhNDJiMWE1ZDg5NzYuLmFmZDc3MjM1NjUx OGY0YzAxNTA3MmNjMzViNzc4MTE0NDcwMDcyMmYgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQy L1NoYXJlZC9xdC9DbGVhbnVwSGFuZGxlci5oCisrKyBiL1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9x dC9DbGVhbnVwSGFuZGxlci5oCkBAIC01MSwxMSArNTEsMTMgQEAgcHVibGljOgogCiAgICAgdm9p ZCB1bm1hcmsoUU9iamVjdCogb2JqZWN0KQogICAgIHsKLSAgICAgICAgaWYgKG1faW5EZWxldGVP YmplY3RzKQorICAgICAgICBpZiAobV9oYXNTdGFydGVkRGVsZXRpbmcpCiAgICAgICAgICAgICBy ZXR1cm47CiAgICAgICAgIG1fb2JqZWN0cy5yZW1vdmVPbmUob2JqZWN0KTsKICAgICB9CiAKKyAg ICBib29sIGhhc1N0YXJ0ZWREZWxldGluZygpIGNvbnN0IHsgcmV0dXJuIG1faGFzU3RhcnRlZERl bGV0aW5nOyB9CisKIHByaXZhdGUgc2xvdHM6CiAgICAgdm9pZCBkZWxldGVPYmplY3RzKCk7CiAK QEAgLTY2LDcgKzY4LDcgQEAgcHJpdmF0ZToKICAgICBDbGVhbnVwSGFuZGxlcigpOwogCiAgICAg UUxpc3Q8UU9iamVjdCo+IG1fb2JqZWN0czsKLSAgICBib29sIG1faW5EZWxldGVPYmplY3RzOwor ICAgIGJvb2wgbV9oYXNTdGFydGVkRGVsZXRpbmc7CiB9OwogCiB9IC8vIG5hbWVzcGFjZSBXZWJL aXQK