Bug 29293

Summary: [GTK] Crash when visiting http://flipper.googlelabs.com/
Product: WebKit Reporter: Priit Laes (IRC: plaes) <plaes>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Critical CC: eric, gustavo
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
proposed fix and acompanying layout test xan.lopez: review+, gustavo: commit-queue-

Description Priit Laes (IRC: plaes) 2009-09-15 22:33:27 PDT 
With epiphany and webkit-gtk-1.1.14

#0  0x00007fac65c5ba4f in __libc_waitpid (pid=26708, stat_loc=0x7fff95297c70, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41
#1  0x00007fac6620f7f9 in IA__g_spawn_sync (working_directory=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>, 
    flags=<value optimized out>, child_setup=<value optimized out>, user_data=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=0x0, 
    error=0x7fff95297df8) at gspawn.c:386
#2  0x00007fac6620fb09 in IA__g_spawn_command_line_sync (command_line=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=0x0, 
    error=0x7fff95297df8) at gspawn.c:700
#3  0x00007fac55996ba3 in bugbuddy_segv_handle (signum=<value optimized out>) at gnome-breakpad.cc:369
#4  <signal handler called>
#5  WebCore::MediaPlayerPrivate::supportsType (type=@0x7fff952983a0, codecs=<value optimized out>) at ./WebCore/platform/text/StringImpl.h:112
#6  0x00007fac6a05d443 in chooseBestEngineForTypeAndCodecs (type=@0x7fff952983a0, codecs=<value optimized out>) at WebCore/platform/graphics/MediaPlayer.cpp:174
#7  0x00007fac6a05d7c6 in WebCore::MediaPlayer::supportsType (contentType=<value optimized out>) at WebCore/platform/graphics/MediaPlayer.cpp:462
#8  0x00007fac69cbd130 in WebCore::DOMImplementation::createDocument (type=@0x7fac4e487198, frame=0x7fac4e487000, inViewSourceMode=<value optimized out>)
    at WebCore/dom/DOMImplementation.cpp:351
#9  0x00007fac69e52205 in WebCore::FrameLoader::begin (this=0x7fac4e487050, url=@0x7fac4e4871e0, dispatch=false, origin=0x0) at WebCore/loader/FrameLoader.cpp:912
#10 0x00007fac69e5ec42 in WebCore::FrameLoader::receivedFirstData (this=0x0) at WebCore/loader/FrameLoader.cpp:854
#11 0x00007fac69e5efb4 in WebCore::FrameLoader::setEncoding (this=0x7fac4e487050, name=@0x7fff952986a0, userChosen=false) at WebCore/loader/FrameLoader.cpp:1784
#12 0x00007fac69a5fff0 in WebKit::FrameLoaderClient::committedLoad (this=0x7fac4fd5e460, loader=0x7fac4dfea380, data=0x0, length=0)
    at WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:148
#13 0x00007fac69e5fb98 in WebCore::FrameLoader::finishedLoadingDocument (this=0x7fac4e487050, loader=0x7fac4dfea380) at WebCore/loader/FrameLoader.cpp:3207
#14 0x00007fac69e3a0a8 in WebCore::DocumentLoader::finishedLoading (this=0x7fac4dfea380) at WebCore/loader/DocumentLoader.cpp:329
#15 0x00007fac69e544af in WebCore::FrameLoader::finishedLoading (this=0x7fac4e487050) at WebCore/loader/FrameLoader.cpp:3141
#16 0x00007fac69e649dd in WebCore::MainResourceLoader::didFinishLoading (this=0x7fac503c0480) at WebCore/loader/MainResourceLoader.cpp:371
#17 0x00007fac6a1db6e6 in finishedCallback (session=<value optimized out>, msg=0x2fdc8f0, data=<value optimized out>)
    at WebCore/platform/network/soup/ResourceHandleSoup.cpp:324
#18 0x00007fac679fb43d in final_finished (req=0x2fdc8f0, user_data=<value optimized out>) at soup-session-async.c:381
#19 0x00007fac6648c66a in IA__g_closure_invoke (closure=0x34c8110, return_value=0x0, n_param_values=<value optimized out>, param_values=0x30cef00, 
    invocation_hint=0x7fff952989c0) at gclosure.c:767
#20 0x00007fac664a2e7b in signal_emit_unlocked_R (node=0x2800a50, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, 
    instance_and_params=<value optimized out>) at gsignal.c:3317
#21 0x00007fac664a3d2c in IA__g_signal_emit_valist (instance=0x2fdc8f0, signal_id=<value optimized out>, detail=0, var_args=0x7fff95298bb0) at gsignal.c:2980
#22 0x00007fac664a4273 in IA__g_signal_emit (instance=0x0, signal_id=0, detail=264) at gsignal.c:3037
#23 0x00007fac679f1e5f in soup_message_io_finished (msg=0x2fdc8f0) at soup-message-io.c:176
#24 0x00007fac6648c66a in IA__g_closure_invoke (closure=0x3121700, return_value=0x0, n_param_values=<value optimized out>, param_values=0x1ff18e0, 
    invocation_hint=0x7fff95298de0) at gclosure.c:767
#25 0x00007fac664a287f in signal_emit_unlocked_R (node=0x29e56b0, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, 
    instance_and_params=<value optimized out>) at gsignal.c:3247
#26 0x00007fac664a3d2c in IA__g_signal_emit_valist (instance=0x2db9000, signal_id=<value optimized out>, detail=0, var_args=0x7fff95298fd0) at gsignal.c:2980
#27 0x00007fac664a4273 in IA__g_signal_emit (instance=0x0, signal_id=0, detail=264) at gsignal.c:3037
#28 0x00007fac679fd401 in socket_read_watch (chan=<value optimized out>, cond=0, user_data=<value optimized out>) at soup-socket.c:1189
#29 0x00007fac661d85ad in IA__g_main_context_dispatch (context=0x1df9240) at gmain.c:1960
#30 0x00007fac661dbf68 in g_main_context_iterate (context=0x1df9240, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>)
    at gmain.c:2591
#31 0x00007fac661dc3c5 in IA__g_main_loop_run (loop=0x1e8ecb0) at gmain.c:2799
#32 0x00007fac6902c3e7 in IA__gtk_main () at gtkmain.c:1205
#33 0x00000000004331ed in main (argc=1, argv=0x7fff9529a478) at ephy-main.c:782

Thread 2 (Thread 0x7fac5357b910 (LWP 23119)):
#0  0x00007fac65993451 in nanosleep () from /lib/libc.so.6
No symbol table info available.
#1  0x00007fac65993277 in __sleep (seconds=<value optimized out>) at ../sysdeps/unix/sysv/linux/sleep.c:138
	ts = {tv_sec = 0, tv_nsec = 597511378}
	set = {__val = {65536, 0 <repeats 15 times>}}
	oset = {__val = {0, 0, 4294967296, 140378510232840, 140378510335240, 140378109358096, 140378510334384, 140378418511065, 0, 0, 140378415038736, 140378510327808, 
    0, 4294967295, 0, 19096896}}
	result = 4294967295
#2  0x00007fac69b32077 in WTF::TCMalloc_PageHeap::scavengerThread (this=0x7fac6a9aeaa0) at JavaScriptCore/wtf/FastMalloc.cpp:2295
No locals.
#3  0x00007fac69b32109 in WTF::TCMalloc_PageHeap::runScavengerThread (context=0x7fac5357b000) at JavaScriptCore/wtf/FastMalloc.cpp:1429
No locals.
#4  0x00007fac65c542e7 in start_thread (arg=<value optimized out>) at pthread_create.c:297
	__res = <value optimized out>
	pd = (struct pthread *) 0x7fac5357b910
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140378109360400, -4862234975235988441, 140378418568864, 140378109358496, 0, 4096, 4890198509226304551, 
        4890087343061345319}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
	not_first_call = <value optimized out>
	robust = <value optimized out>
#5  0x00007fac659c438d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#6  0x0000000000000000 in ?? ()
No symbol table info available.

Thread 1 (Thread 0x7fac6b3c4770 (LWP 23118)):
#0  0x00007fac65c5ba4f in __libc_waitpid (pid=26708, stat_loc=0x7fff95297c70, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41
	oldtype = 0
	result = <value optimized out>
#1  0x00007fac6620f7f9 in IA__g_spawn_sync (working_directory=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>, 
    flags=<value optimized out>, child_setup=<value optimized out>, user_data=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=0x0, 
    error=0x7fff95297df8) at gspawn.c:386
	outpipe = -1
	errpipe = -1
	pid = 26708
	fds = {__fds_bits = {0, 16, 16, 0, 47386328, 140735695912440, 50836096, 47386304, 3, 0, 47386328, 140378424427309, 140735695912056, 140735695912048, 
    140735695912168, 0}}
	ret = -512
	outstr = (GString *) 0x0
	errstr = (GString *) 0x0
	failed = 0
	status = <value optimized out>
	__PRETTY_FUNCTION__ = "IA__g_spawn_sync"
#2  0x00007fac6620fb09 in IA__g_spawn_command_line_sync (command_line=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=0x0, 
    error=0x7fff95297df8) at gspawn.c:700
	retval = 0
	argv = (gchar **) 0x2d30ec0
	__PRETTY_FUNCTION__ = "IA__g_spawn_command_line_sync"
#3  0x00007fac55996ba3 in bugbuddy_segv_handle (signum=<value optimized out>) at gnome-breakpad.cc:369
	in_segv = 1
#4  <signal handler called>
No locals.
#5  WebCore::MediaPlayerPrivate::supportsType (type=@0x7fff952983a0, codecs=<value optimized out>) at ./WebCore/platform/text/StringImpl.h:112
No locals.
#6  0x00007fac6a05d443 in chooseBestEngineForTypeAndCodecs (type=@0x7fff952983a0, codecs=<value optimized out>) at WebCore/platform/graphics/MediaPlayer.cpp:174
	engineSupport = <value optimized out>
	ndx = 0
	engines = <value optimized out>
	engine = (WebCore::MediaPlayerFactory *) 0x0
	supported = WebCore::MediaPlayer::IsNotSupported
	count = 1
#7  0x00007fac6a05d7c6 in WebCore::MediaPlayer::supportsType (contentType=<value optimized out>) at WebCore/platform/graphics/MediaPlayer.cpp:462
	type = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x0}}
	codecs = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x0}}
	engine = <value optimized out>
#8  0x00007fac69cbd130 in WebCore::DOMImplementation::createDocument (type=@0x7fac4e487198, frame=0x7fac4e487000, inViewSourceMode=<value optimized out>)
    at WebCore/dom/DOMImplementation.cpp:351
	pluginData = (class WebCore::PluginData *) 0x7fac4eab7880
#9  0x00007fac69e52205 in WebCore::FrameLoader::begin (this=0x7fac4e487050, url=@0x7fac4e4871e0, dispatch=false, origin=0x0) at WebCore/loader/FrameLoader.cpp:912
	ref = {m_string = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x6}}, m_isValid = false, m_protocolInHTTPFamily = false, m_schemeEnd = 32684, 
  m_userStart = 1319861242, m_userEnd = 32684, m_passwordEnd = 1389835384, m_hostEnd = 32684, m_portEnd = 6, m_pathAfterLastSlash = 0, m_pathEnd = 1773364820, 
  m_queryEnd = 32684, m_fragmentEnd = 5}
	settings = <value optimized out>
#10 0x00007fac69e5ec42 in WebCore::FrameLoader::receivedFirstData (this=0x0) at WebCore/loader/FrameLoader.cpp:854
	delay = <value optimized out>
	url = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x7fac664b8230}}
#11 0x00007fac69e5efb4 in WebCore::FrameLoader::setEncoding (this=0x7fac4e487050, name=@0x7fff952986a0, userChosen=false) at WebCore/loader/FrameLoader.cpp:1784
No locals.
#12 0x00007fac69a5fff0 in WebKit::FrameLoaderClient::committedLoad (this=0x7fac4fd5e460, loader=0x7fac4dfea380, data=0x0, length=0)
    at WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:148
	encoding = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x0}}
	userChosen = 8
	frameLoader = (WebCore::FrameLoader *) 0x7fac4e487050
#13 0x00007fac69e5fb98 in WebCore::FrameLoader::finishedLoadingDocument (this=0x7fac4e487050, loader=0x7fac4dfea380) at WebCore/loader/FrameLoader.cpp:3207
	responseMIMEType = (const WebCore::String &) @0x7fac4dfea708: {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x0}}
	mainResource = <value optimized out>
	userChosenEncoding = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x0}}
#14 0x00007fac69e3a0a8 in WebCore::DocumentLoader::finishedLoading (this=0x7fac4dfea380) at WebCore/loader/DocumentLoader.cpp:329
	loader = (WebCore::FrameLoader *) 0x1ff
#15 0x00007fac69e544af in WebCore::FrameLoader::finishedLoading (this=0x7fac4e487050) at WebCore/loader/FrameLoader.cpp:3141
No locals.
#16 0x00007fac69e649dd in WebCore::MainResourceLoader::didFinishLoading (this=0x7fac503c0480) at WebCore/loader/MainResourceLoader.cpp:371
No locals.
#17 0x00007fac6a1db6e6 in finishedCallback (session=<value optimized out>, msg=0x2fdc8f0, data=<value optimized out>)
    at WebCore/platform/network/soup/ResourceHandleSoup.cpp:324
	d = (class WebCore::ResourceHandleInternal *) 0x7fac50fe4800
	client = (class WebCore::ResourceHandleClient *) 0x7fac503c0480
#18 0x00007fac679fb43d in final_finished (req=0x2fdc8f0, user_data=<value optimized out>) at soup-session-async.c:381
	item = (SoupMessageQueueItem *) 0x7fac48003180
	session = (SoupSession *) 0x1df98e0
#19 0x00007fac6648c66a in IA__g_closure_invoke (closure=0x34c8110, return_value=0x0, n_param_values=<value optimized out>, param_values=0x30cef00, 
    invocation_hint=0x7fff952989c0) at gclosure.c:767
	marshal = (GClosureMarshal) 0x7fac66499510 <IA__g_cclosure_marshal_VOID__VOID>
	marshal_data = (gpointer) 0x2a
	__PRETTY_FUNCTION__ = "IA__g_closure_invoke"
#20 0x00007fac664a2e7b in signal_emit_unlocked_R (node=0x2800a50, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, 
    instance_and_params=<value optimized out>) at gsignal.c:3317
	tmp = <value optimized out>
	handler = (Handler *) 0x7fac4804d4d0
	accumulator = (SignalAccumulator *) 0x0
	emission = {next = 0x7fff95298dd0, instance = 0x2fdc8f0, ihint = {signal_id = 411, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, 
  chain_type = 4}
	class_closure = (GClosure *) 0x2800a00
	handler_list = (Handler *) 0x34bf360
	return_accu = <value optimized out>
	accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, 
      v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
	signal_id = 411
	max_sequential_handler_number = 61061
	return_value_altered = 1
#21 0x00007fac664a3d2c in IA__g_signal_emit_valist (instance=0x2fdc8f0, signal_id=<value optimized out>, detail=0, var_args=0x7fff95298bb0) at gsignal.c:2980
	signal_return_type = 4
	param_values = <value optimized out>
	node = (SignalNode *) 0x2800a50
	i = <value optimized out>
	n_params = <value optimized out>
	__PRETTY_FUNCTION__ = "IA__g_signal_emit_valist"
#22 0x00007fac664a4273 in IA__g_signal_emit (instance=0x0, signal_id=0, detail=264) at gsignal.c:3037
	var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff95298c90, reg_save_area = 0x7fff95298bd0}}
#23 0x00007fac679f1e5f in soup_message_io_finished (msg=0x2fdc8f0) at soup-message-io.c:176
No locals.
#24 0x00007fac6648c66a in IA__g_closure_invoke (closure=0x3121700, return_value=0x0, n_param_values=<value optimized out>, param_values=0x1ff18e0, 
    invocation_hint=0x7fff95298de0) at gclosure.c:767
	marshal = (GClosureMarshal) 0x7fac66499510 <IA__g_cclosure_marshal_VOID__VOID>
	marshal_data = (gpointer) 0x2a
	__PRETTY_FUNCTION__ = "IA__g_closure_invoke"
#25 0x00007fac664a287f in signal_emit_unlocked_R (node=0x29e56b0, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, 
    instance_and_params=<value optimized out>) at gsignal.c:3247
	tmp = <value optimized out>
	handler = (Handler *) 0x34c50d0
	accumulator = (SignalAccumulator *) 0x0
	emission = {next = 0x0, instance = 0x2db9000, ihint = {signal_id = 414, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4}
	class_closure = (GClosure *) 0x2763f40
	handler_list = (Handler *) 0x34c50d0
	return_accu = <value optimized out>
	accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, 
      v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
	signal_id = 414
	max_sequential_handler_number = 61061
	return_value_altered = 0
#26 0x00007fac664a3d2c in IA__g_signal_emit_valist (instance=0x2db9000, signal_id=<value optimized out>, detail=0, var_args=0x7fff95298fd0) at gsignal.c:2980
	signal_return_type = 4
	param_values = <value optimized out>
	node = (SignalNode *) 0x29e56b0
	i = <value optimized out>
	n_params = <value optimized out>
	__PRETTY_FUNCTION__ = "IA__g_signal_emit_valist"
#27 0x00007fac664a4273 in IA__g_signal_emit (instance=0x0, signal_id=0, detail=264) at gsignal.c:3037
	var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff952990b0, reg_save_area = 0x7fff95298ff0}}
#28 0x00007fac679fd401 in socket_read_watch (chan=<value optimized out>, cond=0, user_data=<value optimized out>) at soup-socket.c:1189
	sock = (SoupSocket *) 0x2db9000
#29 0x00007fac661d85ad in IA__g_main_context_dispatch (context=0x1df9240) at gmain.c:1960
No locals.
#30 0x00007fac661dbf68 in g_main_context_iterate (context=0x1df9240, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>)
    at gmain.c:2591
	max_priority = 300
	timeout = 0
	some_ready = 1
	nfds = 15
	allocated_nfds = 1713277328
	fds = <value optimized out>
	__PRETTY_FUNCTION__ = "g_main_context_iterate"
#31 0x00007fac661dc3c5 in IA__g_main_loop_run (loop=0x1e8ecb0) at gmain.c:2799
	self = (GThread *) 0x1dbe0b0
	__PRETTY_FUNCTION__ = "IA__g_main_loop_run"
#32 0x00007fac6902c3e7 in IA__gtk_main () at gtkmain.c:1205
	tmp_list = (GList *) 0x1e36640
	functions = (GList *) 0x0
	init = (GtkInitFunction *) 0x1e6cb20
	loop = (GMainLoop *) 0x1e8ecb0
#33 0x00000000004331ed in main (argc=1, argv=0x7fff9529a478) at ephy-main.c:782
	option_context = <value optimized out>
	option_group = <value optimized out>
	proxy = <value optimized out>
	error = (GError *) 0x0
	user_time = 694348453
0x00007fac65c5ba4f	41	in ../sysdeps/unix/sysv/linux/waitpid.c
The program is running.  Quit anyway (and detach it)? (y or n) [answered Y; input not from terminal]
Comment 1 Gustavo Noronha (kov) 2009-09-16 06:00:55 PDT 
Created attachment 39643 [details]
proposed fix and acompanying layout test
Comment 2 Xan Lopez 2009-09-16 06:17:26 PDT 
Comment on attachment 39643 [details]
proposed fix and acompanying layout test

r=me
Comment 3 Gustavo Noronha (kov) 2009-09-16 06:40:56 PDT 
Landed as r48413.

Notice that we are not redirecting on that page, even with this fix. I opened a separate bug about this: https://bugs.webkit.org/show_bug.cgi?id=29299
Comment 4 Eric Seidel (no email) 2009-09-17 00:49:53 PDT 
The test is broken on Tiger, see bug 29329.