Bug 131439

Summary:

[WK2] WebProcess crashes, when closing window after opening page by means of context menu

Product:

WebKit

Reporter:

Maciej Florek <m.florek>

Component:

WebKit2

Assignee:

Hyowon Kim <hw1008.kim>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, hw1008.kim, thorton

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none

Maciej Florek

Reported 2014-04-09 07:42:09 PDT

When running Minibrowser in shared process mode, after opening page in new window by means of "Open link in new window" context menu option, after closing any of two windows, WebProcess crashes. Stack trace: Program received signal SIGSEGV, Segmentation fault. 0x00007fec3700076a in WebKit::PageOverlayController::notifyFlushRequired(WebCore::GraphicsLayer const*) () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/WebPage/PageOverlayController.cpp:259 259 m_webPage->drawingArea()->scheduleCompositingLayerFlush(); bt #0 0x00007fec3700076a in WebKit::PageOverlayController::notifyFlushRequired(WebCore::GraphicsLayer const*) () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/WebPage/PageOverlayController.cpp:259 #1 0x00007fec30c028d7 in WebCore::CoordinatedGraphicsLayer::notifyFlushRequired() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:55 #2 0x00007fec30c02912 in WebCore::CoordinatedGraphicsLayer::didChangeLayerState() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:64 #3 0x00007fec30c0647d in WebCore::CoordinatedGraphicsLayer::purgeBackingStores() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:1056 #4 0x00007fec30bf3a3f in WebCore::CompositingCoordinator::purgeBackingStores() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebCore/platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:369 #5 0x00007fec30bf24d2 in WebCore::CompositingCoordinator::~CompositingCoordinator() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebCore/platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:48 #6 0x00007fec30bf261c in WebCore::CompositingCoordinator::~CompositingCoordinator() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebCore/platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:53 #7 0x00007fec370d7186 in std::default_delete<WebCore::CompositingCoordinator>::operator()(WebCore::CompositingCoordinator*) const () at /usr/include/c++/4.8/bits/unique_ptr.h:67 #8 0x00007fec370d6d85 in std::unique_ptr<WebCore::CompositingCoordinator, std::default_delete<WebCore::CompositingCoordinator> >::~unique_ptr() () at /usr/include/c++/4.8/bits/unique_ptr.h:184 #9 0x00007fec370d5bfe in WebKit::CoordinatedLayerTreeHost::~CoordinatedLayerTreeHost() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:55 #10 0x00007fec370d5c3a in WebKit::CoordinatedLayerTreeHost::~CoordinatedLayerTreeHost() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:57 #11 0x00007fec36ffeaa0 in WTF::RefCounted<WebKit::LayerTreeHost>::deref() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WTF/wtf/RefCounted.h:146 #12 0x00007fec370d5012 in void WTF::derefIfNotNull<WebKit::LayerTreeHost>(WebKit::LayerTreeHost*) () at /home/mflorek/webkit-local-efl/webkit.org/Source/WTF/wtf/PassRefPtr.h:39 #13 0x00007fec370d4c8b in WTF::RefPtr<WebKit::LayerTreeHost>::~RefPtr() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WTF/wtf/RefPtr.h:55 #14 0x00007fec370d1eaa in WebKit::CoordinatedDrawingArea::~CoordinatedDrawingArea() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedDrawingArea.cpp:47 #15 0x00007fec370d1f1a in WebKit::CoordinatedDrawingArea::~CoordinatedDrawingArea() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedDrawingArea.cpp:51 #16 0x00007fec37029b32 in std::default_delete<WebKit::DrawingArea>::operator()(WebKit::DrawingArea*) const () at /usr/include/c++/4.8/bits/unique_ptr.h:67 #17 0x00007fec3702a606 in std::unique_ptr<WebKit::DrawingArea, std::default_delete<WebKit::DrawingArea> >::reset(WebKit::DrawingArea*) () at /usr/include/c++/4.8/bits/unique_ptr.h:262 #18 0x00007fec370279b3 in std::unique_ptr<WebKit::DrawingArea, std::default_delete<WebKit::DrawingArea> >::operator=(decltype(nullptr)) () at /usr/include/c++/4.8/bits/unique_ptr.h:213 #19 0x00007fec370163c7 in WebKit::WebPage::close() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/WebPage/WebPage.cpp:902 #20 0x00007fec3713dab2 in _ZN3IPC22callMemberFunctionImplIN6WebKit7WebPageEMS2_FvvESt5tupleIJEEJEEEvPT_T0_OT1_St14index_sequenceIJXspT2_EEE () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/Platform/IPC/HandleMessage.h:16 #21 0x00007fec3713c418 in _ZN3IPC18callMemberFunctionIN6WebKit7WebPageEMS2_FvvESt5tupleIJEESt19make_index_sequenceILm0EEEEvOT1_PT_T0_ () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/Platform/IPC/HandleMessage.h:22 #22 0x00007fec37139abe in void IPC::handleMessage<Messages::WebPage::Close, WebKit::WebPage, void (WebKit::WebPage::*)()>(IPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)()) () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/Platform/IPC/HandleMessage.h:117 #23 0x00007fec37135c80 in WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection*, IPC::MessageDecoder&) () at /home/mflorek/webkit-local-efl/webkit.org/WebKitBuild/Debug/DerivedSources/WebKit2/WebPageMessageReceiver.cpp:479 #24 0x00007fec3701f711 in WebKit::WebPage::didReceiveMessage(IPC::Connection*, IPC::MessageDecoder&) () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/WebPage/WebPage.cpp:3267 #25 0x00007fec36d9534c in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection*, IPC::MessageDecoder&) () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/Platform/IPC/MessageReceiverMap.cpp:87 #26 0x00007fec36f3650d in WebKit::WebProcess::didReceiveMessage(IPC::Connection*, IPC::MessageDecoder&) () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/WebProcess.cpp:594 #27 0x00007fec36d83b9a in IPC::Connection::dispatchMessage(IPC::MessageDecoder&) () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/Platform/IPC/Connection.cpp:770 #28 0x00007fec36d83c66 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/Platform/IPC/Connection.cpp:791 #29 0x00007fec36d83e27 in IPC::Connection::dispatchOneMessage() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/Platform/IPC/Connection.cpp:817 #30 0x00007fec36d946ed in WTF::FunctionWrapper<void (IPC::Connection::*)()>::operator()(IPC::Connection*) () at /home/mflorek/webkit-local-efl/webkit.org/Source/WTF/wtf/Functional.h:218 #31 0x00007fec36d94460 in WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (IPC::Connection::*)()>, void (IPC::Connection*)>::operator()() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WTF/wtf/Functional.h:496 #32 0x00007fec36d7325f in WTF::Function<void ()>::operator()() const () at /home/mflorek/webkit-local-efl/webkit.org/Source/WTF/wtf/Functional.h:704 #33 0x00007fec36d71c15 in std::_Function_handler<void (), WTF::Function<void ()> >::_M_invoke(std::_Any_data const&) () at /usr/include/c++/4.8/functional:2071 #34 0x00007fec36d668ee in std::function<void ()>::operator()() const () at /usr/include/c++/4.8/functional:2468 #35 0x00007fec37146730 in WTF::RunLoop::performWork() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WTF/wtf/RunLoop.cpp:119 #36 0x00007fec3714789a in WTF::RunLoop::wakeUpEvent(void*, void*, unsigned int) () at /home/mflorek/webkit-local-efl/webkit.org/Source/WTF/wtf/efl/RunLoopEfl.cpp:68 #37 0x00007fec2c623497 in _ecore_pipe_read () from /home/mflorek/webkit-local-efl/webkit.org/WebKitBuild/Dependencies/Root/lib64/libecore.so.1 #38 0x00007fec2c622571 in _ecore_main_loop_iterate_internal () from /home/mflorek/webkit-local-efl/webkit.org/WebKitBuild/Dependencies/Root/lib64/libecore.so.1 #39 0x00007fec2c6229b7 in ecore_main_loop_begin () from /home/mflorek/webkit-local-efl/webkit.org/WebKitBuild/Dependencies/Root/lib64/libecore.so.1 #40 0x00007fec3714782b in WTF::RunLoop::run() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WTF/wtf/efl/RunLoopEfl.cpp:51 #41 0x00007fec370d9b71 in WebProcessMainEfl () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:126 #42 0x0000000000400850 in main ()

Attachments
Patch (1.72 KB, patch) 2014-04-11 18:20 PDT, Hyowon Kim	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Hyowon Kim

Comment 1 2014-04-10 23:40:16 PDT

Hi, Maciej Florek. Can I take over this bug?

Maciej Florek

Comment 2 2014-04-11 01:04:20 PDT

(In reply to comment #1) > Hi, Maciej Florek. Can I take over this bug? Sure, go ahead.

Hyowon Kim

Comment 3 2014-04-11 18:20:49 PDT

Created attachment 229190 [details] Patch

WebKit Commit Bot

Comment 4 2014-04-11 18:56:32 PDT

Comment on attachment 229190 [details] Patch Clearing flags on attachment: 229190 Committed r167178: <http://trac.webkit.org/changeset/167178>

WebKit Commit Bot

Comment 5 2014-04-11 18:56:35 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.