Bug 108644

Summary: [gtk] Occasional segfault on navigation
Product: WebKit Reporter: Jonathon Jongsma (jonner) <jonathon>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: UNCONFIRMED ---    
Severity: Normal CC: bugs-noreply
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   

Description Jonathon Jongsma (jonner) 2013-02-01 08:51:59 PST 
Periodically when navigating back/forward with webkit ToT, I get segfaults.  It doesn't happen on many pages, but it seems to happen more frequently on some sites.  I can reproduce it pretty reliably by visiting http://videojs.com, starting the video, then clicking the 'docs' link at the top of the page (while the video is still playing), and then clicking the browser 'Back' button before the page is finished loading.

The trace is as follows:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff3d24316 in WTF::HashTable<unsigned long, unsigned long, WTF::IdentityExtractor, WTF::IntHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<unsigned long> >::checkKey<WTF::IdentityHashTranslator<WTF::IntHash<unsigned long> >, unsigned long> (
    this=0x18133f0, key=@0x7fffffffca40: 0) at ../Source/WTF/wtf/HashTable.h:588
588	        ASSERT(!HashTranslator::equal(KeyTraits::emptyValue(), key));
(gdb) bt
#0  0x00007ffff3d24316 in WTF::HashTable<unsigned long, unsigned long, WTF::IdentityExtractor, WTF::IntHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<unsigned long> >::checkKey<WTF::IdentityHashTranslator<WTF::IntHash<unsigned long> >, unsigned long> (this=0x18133f0, key=@0x7fffffffca40: 0) at ../Source/WTF/wtf/HashTable.h:588
#1  0x00007ffff3d241f9 in WTF::HashTable<unsigned long, unsigned long, WTF::IdentityExtractor, WTF::IntHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<unsigned long> >::lookup<WTF::IdentityHashTranslator<WTF::IntHash<unsigned long> >, unsigned long>
    (this=0x18133f0, key=@0x7fffffffca40: 0) at ../Source/WTF/wtf/HashTable.h:602
#2  0x00007ffff3d23f76 in WTF::HashTable<unsigned long, unsigned long, WTF::IdentityExtractor, WTF::IntHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<unsigned long> >::find<WTF::IdentityHashTranslator<WTF::IntHash<unsigned long> >, unsigned long> (
    this=0x18133f0, key=@0x7fffffffca40: 0) at ../Source/WTF/wtf/HashTable.h:985
#3  0x00007ffff3d237c7 in WTF::HashTable<unsigned long, unsigned long, WTF::IdentityExtractor, WTF::IntHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<unsigned long> >::find (this=0x18133f0, key=@0x7fffffffca40: 0)
    at ../Source/WTF/wtf/HashTable.h:402
#4  0x00007ffff3d231cd in WTF::HashSet<unsigned long, WTF::IntHash<unsigned long>, WTF::HashTraits<unsigned long> >::find (
    this=0x18133f0, value=@0x7fffffffca40: 0) at ../Source/WTF/wtf/HashSet.h:153
#5  0x00007ffff3d22c85 in WebKit::DocumentLoader::decreaseLoadCount (this=0x1812b30, identifier=0)
    at ../Source/WebKit/gtk/WebCoreSupport/DocumentLoaderGtk.cpp:96
#6  0x00007ffff3d3406e in WebKit::FrameLoaderClient::dispatchDidFinishLoading (this=0x892120, loader=0x1812b30, identifier=0)
    at ../Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:996
#7  0x00007ffff45c7134 in WebCore::ResourceLoadNotifier::dispatchDidFinishLoading (this=0x548b28, loader=0x1812b30, identifier=0, 
    finishTime=0) at ../Source/WebCore/loader/ResourceLoadNotifier.cpp:146
#8  0x00007ffff45b87c1 in WebCore::MainResourceLoader::didFinishLoading (this=0x919cd0, finishTime=0)
    at ../Source/WebCore/loader/MainResourceLoader.cpp:539
#9  0x00007ffff45b8a81 in WebCore::MainResourceLoader::notifyFinished (this=0x919cd0, resource=0x942010)
    at ../Source/WebCore/loader/MainResourceLoader.cpp:575
#10 0x00007ffff454aa5a in WebCore::CachedResource::didAddClient (this=0x942010, c=0x919cd0)
    at ../Source/WebCore/loader/cache/CachedResource.cpp:482
#11 0x00007ffff4546f5c in WebCore::CachedRawResource::didAddClient (this=0x942010, c=0x919cd0)
    at ../Source/WebCore/loader/cache/CachedRawResource.cpp:108
#12 0x00007ffff454bb8a in WebCore::CachedResource::switchClientsToRevalidatedResource (this=0x11440a0)
    at ../Source/WebCore/loader/cache/CachedResource.cpp:727
#13 0x00007ffff45351fb in WebCore::MemoryCache::revalidationSucceeded (this=0x941d90, revalidatingResource=0x11440a0, response=...)
    at ../Source/WebCore/loader/cache/MemoryCache.cpp:140
#14 0x00007ffff45cfa39 in WebCore::SubresourceLoader::didReceiveResponse (this=0x2e11500, response=...)
    at ../Source/WebCore/loader/SubresourceLoader.cpp:175
#15 0x00007ffff45c5ca1 in WebCore::ResourceLoader::didReceiveResponse (this=0x2e11500, response=...)
    at ../Source/WebCore/loader/ResourceLoader.cpp:445
#16 0x00007ffff4f4bda7 in WebCore::sendRequestCallback (result=0xa6ad40, data=0x162d8f0)
    at ../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:712
#17 0x00007ffff31568f4 in g_task_return_now (task=0xa6ad40) at gtask.c:1099
#18 0x00007ffff315714e in g_task_return (task=0xa6ad40, type=<optimized out>) at gtask.c:1152
#19 g_task_return (task=0xa6ad40, type=<optimized out>) at gtask.c:1120
#20 0x00007ffff329f6cc in http_input_stream_ready_cb (source=0x8550c0, result=0xa6abc0, user_data=user_data@entry=0xa6ad40)
    at soup-request-http.c:282
#21 0x00007ffff31568f4 in g_task_return_now (task=0xa6abc0) at gtask.c:1099
#22 0x00007ffff315714e in g_task_return (task=0xa6abc0, type=<optimized out>) at gtask.c:1152
#23 g_task_return (task=0xa6abc0, type=<optimized out>) at gtask.c:1120
#24 0x00007ffff32a2c62 in async_send_request_return_result (item=0xd86e00, stream=0x7fff34002340, error=<optimized out>)
    at soup-session.c:3386
#25 0x00007ffff32a7cf5 in send_async_maybe_complete (stream=0x7fff34002340, item=0xd86e00) at soup-session.c:3502
#26 try_run_until_read (item=item@entry=0xd86e00) at soup-session.c:3526
#27 0x00007ffff32a7d9d in read_ready_cb (msg=<optimized out>, user_data=0xd86e00) at soup-session.c:3513
#28 0x00007ffff7ea3575 in g_main_dispatch (context=0x45ca20) at gmain.c:2784
#29 g_main_context_dispatch (context=context@entry=0x45ca20) at gmain.c:3288
#30 0x00007ffff7ea38b8 in g_main_context_iterate (context=0x45ca20, block=block@entry=1, dispatch=dispatch@entry=1, 
    self=<optimized out>) at gmain.c:3359
#31 0x00007ffff7ea3d22 in g_main_loop_run (loop=0x972b20) at gmain.c:3553
#32 0x00007ffff34769b5 in gtk_main () at gtkmain.c:1161
#33 0x00000000004056b4 in main (argc=1, argv=0x7fffffffd728) at ../Tools/GtkLauncher/main.c:541
Comment 1 Jonathon Jongsma (jonner) 2013-02-01 08:57:58 PST 
apparently actually playing the video is not actually required.