Bug 89809

Summary:

REGRESSION(r121058): Patch causes plugins tests to crash in GTK debug builds (Requested by zdobersek on #webkit).

Product:

WebKit

Reporter:

WebKit Review Bot <webkit.review.bot>

Component:

New Bugs

Assignee:

WebKit Review Bot <webkit.review.bot>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

barraclough, mhahnenberg, zan

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

Bug Blocks:

89123

Attachments:

Description	Flags
ROLLOUT of r121058	none

Description WebKit Review Bot 2012-06-23 06:28:21 PDT

http://trac.webkit.org/changeset/121058 broke the build:
Patch causes plugins tests to crash in GTK debug builds (Requested by zdobersek on #webkit).

This is an automatic bug report generated by the sheriff-bot. If this bug
report was created because of a flaky test, please file a bug for the flaky
test (if we don't already have one on file) and dup this bug against that bug
so that we can track how often these flaky tests case pain.

"Only you can prevent forest fires." -- Smokey the Bear

Comment 1 WebKit Review Bot 2012-06-23 06:29:08 PDT

Created attachment 149174 [details]
ROLLOUT of r121058

Any committer can land this patch automatically by marking it commit-queue+.  The commit-queue will build and test the patch before landing to ensure that the rollout will be successful.  This process takes approximately 15 minutes.

If you would like to land the rollout faster, you can use the following command:

  webkit-patch land-attachment ATTACHMENT_ID

where ATTACHMENT_ID is the ID of this attachment.

Comment 2 Zan Dobersek 2012-06-23 06:37:12 PDT

Crashes are occurring on the GTK Linux 64-bit debug builder: http://build.webkit.org/builders/GTK%20Linux%2064-bit%20Debug

Crashes seem to occur in two different ways:

Crash log for DumpRenderTree (pid 13288):

[New LWP 13288]
[New LWP 13290]
[New LWP 13292]
[Thread debugging using libthread_db enabled]
Core was generated by `/home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/Programs/DumpR'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f2cfbcdaaac in JSC::Bindings::RootObject::globalObject (this=0x0) at ../../Source/WebCore/bridge/runtime_root.cpp:173
173	    ASSERT(m_isValid);

...

Thread 1 (Thread 0x7f2d009b0900 (LWP 13288)):
#0  0x00007f2cfbcdaaac in JSC::Bindings::RootObject::globalObject (this=0x0) at ../../Source/WebCore/bridge/runtime_root.cpp:173
#1  0x00007f2cfbcbf70d in JSC::Bindings::CClass::fieldNamed (this=0x26cde10, propertyName=..., instance=0x2721e00) at ../../Source/WebCore/bridge/c/c_class.cpp:116
#2  0x00007f2cfbcd8ebc in JSC::Bindings::RuntimeObject::getOwnPropertySlot (cell=0x7f2cae5cd940, exec=0x7f2cae5f0038, propertyName=..., slot=...) at ../../Source/WebCore/bridge/runtime_object.cpp:137
#3  0x00007f2d002a51fa in JSC::JSCell::fastGetOwnPropertySlot (this=0x7f2cae5cd940, exec=0x7f2cae5f0038, propertyName=..., slot=...) at ../../Source/JavaScriptCore/runtime/JSObject.h:584
#4  0x00007f2d002a523e in JSC::JSObject::getPropertySlot (this=0x7f2cae5cd940, exec=0x7f2cae5f0038, propertyName=..., slot=...) at ../../Source/JavaScriptCore/runtime/JSObject.h:609
#5  0x00007f2d0054a6a6 in JSC::JSObject::hasProperty (this=0x7f2cae5cd940, exec=0x7f2cae5f0038, propertyName=...) at ../../Source/JavaScriptCore/runtime/JSObject.cpp:256
#6  0x00007f2cfbc5eb63 in WebCore::runtimeObjectCustomGetOwnPropertySlot (exec=0x7f2cae5f0038, propertyName=..., slot=..., element=0x7f2cae5cd980) at ../../Source/WebCore/bindings/js/JSPluginElementFunctions.cpp:119
#7  0x00007f2cfbc462f4 in WebCore::JSHTMLEmbedElement::getOwnPropertySlotDelegate (this=0x7f2cae5cd980, exec=0x7f2cae5f0038, propertyName=..., slot=...) at ../../Source/WebCore/bindings/js/JSHTMLEmbedElementCustom.cpp:38
#8  0x00007f2cfcbc8f05 in WebCore::JSHTMLEmbedElement::getOwnPropertySlot (cell=0x7f2cae5cd980, exec=0x7f2cae5f0038, propertyName=..., slot=...) at DerivedSources/WebCore/JSHTMLEmbedElement.cpp:138
#9  0x00007f2d002a51fa in JSC::JSCell::fastGetOwnPropertySlot (this=0x7f2cae5cd980, exec=0x7f2cae5f0038, propertyName=..., slot=...) at ../../Source/JavaScriptCore/runtime/JSObject.h:584
#10 0x00007f2d0039b4db in JSC::JSValue::get (this=0x7fff4e70cf30, exec=0x7f2cae5f0038, propertyName=..., slot=...) at ../../Source/JavaScriptCore/runtime/JSObject.h:827
#11 0x00007f2d0047f626 in JSC::LLInt::llint_slow_path_get_by_id (exec=0x7f2cae5f0038, pc=0x2729870) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:877
#12 0x00007f2d00488ddf in llint_op_get_by_id () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/.libs/libjavascriptcoregtk-3.0.so.0
#13 0x00007fff4e70cfd0 in ?? ()
#14 0x00007f2d0029f992 in JSC::Register::operator= (this=0x1fd3b88, v=...) at ../../Source/JavaScriptCore/interpreter/Register.h:116
#15 0x00007f2d00436114 in JSC::JITCode::execute (this=0x7f2cae5e3da8, registerFile=0x1fd3b88, callFrame=0x7f2cae5f0038, globalData=0x202c520) at ../../Source/JavaScriptCore/jit/JITCode.h:133
#16 0x00007f2d0043225c in JSC::Interpreter::execute (this=0x1fd3b70, program=0x7f2cae5e3d80, callFrame=0x7f2cae5aeea0, scopeChain=0x7f2cae5ce5c0, thisObj=0x7f2cae5cffc0) at ../../Source/JavaScriptCore/interpreter/Interpreter.cpp:1231
#17 0x00007f2d00505424 in JSC::evaluate (exec=0x7f2cae5aeea0, scopeChain=0x7f2cae5ce5c0, source=..., thisValue=..., returnedException=0x7fff4e70e690) at ../../Source/JavaScriptCore/runtime/Completion.cpp:75
#18 0x00007f2cfbc4c97f in WebCore::JSMainThreadExecState::evaluate (exec=0x7f2cae5aeea0, chain=0x7f2cae5ce5c0, source=..., thisValue=..., exception=0x7fff4e70e690) at ../../Source/WebCore/bindings/js/JSMainThreadExecState.h:77
#19 0x00007f2cfbc8fe4b in WebCore::ScriptController::evaluateInWorld (this=0x1fabce8, sourceCode=..., world=0x1fd0aa0) at ../../Source/WebCore/bindings/js/ScriptController.cpp:145
#20 0x00007f2cfbc8ff58 in WebCore::ScriptController::evaluate (this=0x1fabce8, sourceCode=...) at ../../Source/WebCore/bindings/js/ScriptController.cpp:162
#21 0x00007f2cfbf5b026 in WebCore::ScriptElement::executeScript (this=0x271f320, sourceCode=...) at ../../Source/WebCore/dom/ScriptElement.cpp:295
#22 0x00007f2cfbf5aaa9 in WebCore::ScriptElement::prepareScript (this=0x271f320, scriptStartPosition=..., supportLegacyTypes=WebCore::ScriptElement::DisallowLegacyTypeInTypeAttribute) at ../../Source/WebCore/dom/ScriptElement.cpp:240
#23 0x00007f2cfc13d81a in WebCore::HTMLScriptRunner::runScript (this=0x270a310, script=0x271f2b0, scriptStartPosition=...) at ../../Source/WebCore/html/parser/HTMLScriptRunner.cpp:296
#24 0x00007f2cfc13ce39 in WebCore::HTMLScriptRunner::execute (this=0x270a310, scriptElement=..., scriptStartPosition=...) at ../../Source/WebCore/html/parser/HTMLScriptRunner.cpp:170
#25 0x00007f2cfc12ee5e in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder (this=0x270ea70) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:207
#26 0x00007f2cfc12ef1b in WebCore::HTMLDocumentParser::canTakeNextToken (this=0x270ea70, mode=WebCore::HTMLDocumentParser::AllowYield, session=...) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:225
#27 0x00007f2cfc12f355 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x270ea70, mode=WebCore::HTMLDocumentParser::AllowYield) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:263
#28 0x00007f2cfc12ecad in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x270ea70, mode=WebCore::HTMLDocumentParser::AllowYield) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:177
#29 0x00007f2cfc12f8fe in WebCore::HTMLDocumentParser::append (this=0x270ea70, source=...) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:370
#30 0x00007f2cfbe89622 in WebCore::DecodedDataDocumentParser::flush (this=0x270ea70, writer=0x26f6940) at ../../Source/WebCore/dom/DecodedDataDocumentParser.cpp:60
#31 0x00007f2cfc2dca7d in WebCore::DocumentWriter::end (this=0x26f6940) at ../../Source/WebCore/loader/DocumentWriter.cpp:238
#32 0x00007f2cfc2d057d in WebCore::DocumentLoader::finishedLoading (this=0x26f6880) at ../../Source/WebCore/loader/DocumentLoader.cpp:299
#33 0x00007f2cfc3227df in WebCore::MainResourceLoader::didFinishLoading (this=0x20553d0, finishTime=0) at ../../Source/WebCore/loader/MainResourceLoader.cpp:544
#34 0x00007f2cfc32f1f3 in WebCore::ResourceLoader::didFinishLoading (this=0x20553d0, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:435
#35 0x00007f2cfc4f1fce in WebCore::readCallback (source=0x201d240, asyncResult=0x20265f0, data=0x265ec20) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:864
#36 0x00007f2cf9baaa3c in async_ready_callback_wrapper () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0
#37 0x00007f2cf9bc65f6 in g_simple_async_result_complete () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0
#38 0x00007f2cf9bc67c2 in complete_in_idle_cb_for_thread () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0
#39 0x00007f2cf99f2ad2 in g_idle_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#40 0x00007f2cf99f0359 in g_main_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#41 0x00007f2cf99f1003 in g_main_context_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#42 0x00007f2cf99f11ed in g_main_context_iterate () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#43 0x00007f2cf99f1623 in g_main_loop_run () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#44 0x00007f2cfa2e6843 in gtk_main () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgtk-3.so.0
#45 0x000000000045f858 in runTest (testPathOrURL=...) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:706
#46 0x000000000045eec1 in runTestingServerLoop () at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:491
#47 0x0000000000461eec in main (argc=2, argv=0x7fff4e70fb58) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:1388



Crash log for DumpRenderTree (pid 13462):

[New LWP 13462]
[New LWP 13465]
[New LWP 13466]
[Thread debugging using libthread_db enabled]
Core was generated by `/home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/Programs/DumpR'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007effb18223f2 in JSC::Heap::unprotect (this=0x1020e80, k=...) at ../../Source/JavaScriptCore/heap/Heap.cpp:335
335	    ASSERT(m_globalData->apiLock().currentThreadIsHoldingLock());

...

Thread 1 (Thread 0x7effb1dc3900 (LWP 13462)):
#0  0x00007effb18223f2 in JSC::Heap::unprotect (this=0x1020e80, k=...) at ../../Source/JavaScriptCore/heap/Heap.cpp:335
#1  0x00007effad0edd16 in JSC::gcUnprotect (val=0x7eff5f9db100) at ../../Source/JavaScriptCore/runtime/Protect.h:37
#2  0x00007effad0ed9ac in JSC::Bindings::RootObject::gcUnprotect (this=0x17b6b70, jsObject=0x7eff5f9db100) at ../../Source/WebCore/bridge/runtime_root.cpp:155
#3  0x00007effad0e1b51 in jsDeallocate (npObj=0x1783400) at ../../Source/WebCore/bridge/NP_jsobject.cpp:128
#4  0x00007effad0ea1d0 in _NPN_DeallocateObject (obj=0x1783400) at ../../Source/WebCore/bridge/npruntime.cpp:158
#5  0x00007effad0ea155 in _NPN_ReleaseObject (obj=0x1783400) at ../../Source/WebCore/bridge/npruntime.cpp:148
#6  0x00007eff60e801ac in pluginLogWithWindowObject (windowObject=0x17abc50, instance=0x17b71a8, message=0x7fffdcc8fcd0 "PLUGIN: NPP_Destroy") at ../../Tools/DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp:60
#7  0x00007eff60e80409 in pluginLogWithArguments (instance=0x17b71a8, format=0x7eff60e87eee "NPP_Destroy", args=0x7fffdcc90510) at ../../Tools/DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp:88
#8  0x00007eff60e804f9 in pluginLog (instance=0x17b71a8, format=0x7eff60e87eee "NPP_Destroy") at ../../Tools/DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp:97
#9  0x00007eff60e850b0 in NPP_Destroy (instance=0x17b71a8, save=0x7fffdcc906c8) at ../../Tools/DumpRenderTree/TestNetscapePlugIn/main.cpp:318
#10 0x00007effad95de23 in WebCore::PluginView::stop (this=0x17b6f90) at ../../Source/WebCore/plugins/PluginView.cpp:379
#11 0x00007effad95d83e in WebCore::PluginView::~PluginView (this=0x17b6f90, __in_chrg=<optimized out>) at ../../Source/WebCore/plugins/PluginView.cpp:299
#12 0x00007effaced699a in WTF::RefCounted<WebCore::Widget>::deref (this=0x17b6f98) at ../../Source/WTF/wtf/RefCounted.h:190
#13 0x00007effad09a3af in WTF::derefIfNotNull<WebCore::Widget> (ptr=0x17b6f90) at ../../Source/WTF/wtf/PassRefPtr.h:52
#14 0x00007effad09a27f in WTF::RefPtr<WebCore::Widget>::~RefPtr (this=0x17869d0, __in_chrg=<optimized out>) at ../../Source/WTF/wtf/RefPtr.h:56
#15 0x00007effadb44b42 in std::pair<WTF::RefPtr<WebCore::Widget>, WebCore::FrameView*>::~pair (this=0x17869d0, __in_chrg=<optimized out>) at /usr/include/c++/4.4/bits/stl_pair.h:68
#16 0x00007effadb44b8d in WTF::HashTable<WTF::RefPtr<WebCore::Widget>, std::pair<WTF::RefPtr<WebCore::Widget>, WebCore::FrameView*>, WTF::PairFirstExtractor<std::pair<WTF::RefPtr<WebCore::Widget>, WebCore::FrameView*> >, WTF::PtrHash<WTF::RefPtr<WebCore::Widget> >, WTF::PairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::Widget> >, WTF::HashTraits<WebCore::FrameView*> >, WTF::HashTraits<WTF::RefPtr<WebCore::Widget> > >::deallocateTable (table=0x1786920, size=64) at ../../Source/WTF/wtf/HashTable.h:949
#17 0x00007effadb44350 in WTF::HashTable<WTF::RefPtr<WebCore::Widget>, std::pair<WTF::RefPtr<WebCore::Widget>, WebCore::FrameView*>, WTF::PairFirstExtractor<std::pair<WTF::RefPtr<WebCore::Widget>, WebCore::FrameView*> >, WTF::PtrHash<WTF::RefPtr<WebCore::Widget> >, WTF::PairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::Widget> >, WTF::HashTraits<WebCore::FrameView*> >, WTF::HashTraits<WTF::RefPtr<WebCore::Widget> > >::~HashTable (this=0x7fffdcc908b0, __in_chrg=<optimized out>) at ../../Source/WTF/wtf/HashTable.h:327
#18 0x00007effadb44084 in WTF::HashMap<WTF::RefPtr<WebCore::Widget>, WebCore::FrameView*, WTF::PtrHash<WTF::RefPtr<WebCore::Widget> >, WTF::HashTraits<WTF::RefPtr<WebCore::Widget> >, WTF::HashTraits<WebCore::FrameView*> >::~HashMap (this=0x7fffdcc908b0, __in_chrg=<optimized out>) at ../../Source/WTF/wtf/HashMap.h:40
#19 0x00007effadb420aa in WebCore::RenderWidget::resumeWidgetHierarchyUpdates () at ../../Source/WebCore/rendering/RenderWidget.cpp:82
#20 0x00007effad304bb7 in WebCore::Element::detach (this=0x17a8320) at ../../Source/WebCore/dom/Element.cpp:986
#21 0x00007effad296e87 in WebCore::ContainerNode::detachChildren (this=0x17793e0) at ../../Source/WebCore/dom/ContainerNode.h:204
#22 0x00007effad29501c in WebCore::ContainerNode::detach (this=0x17793e0) at ../../Source/WebCore/dom/ContainerNode.cpp:673
#23 0x00007effad2b3c74 in WebCore::Document::detach (this=0x17793e0) at ../../Source/WebCore/dom/Document.cpp:2126
#24 0x00007effad2b3d18 in WebCore::Document::prepareForDestruction (this=0x17793e0) at ../../Source/WebCore/dom/Document.cpp:2147
#25 0x00007effad7c2a20 in WebCore::Frame::setView (this=0x17783c0, view=...) at ../../Source/WebCore/page/Frame.cpp:268
#26 0x00007effad6ff40e in WebCore::FrameLoader::detachFromParent (this=0x1778458) at ../../Source/WebCore/loader/FrameLoader.cpp:2347
#27 0x00007effacf0c71a in webkit_web_view_dispose (object=0xf862b0) at ../../Source/WebKit/gtk/webkit/webkitwebview.cpp:1358
#28 0x00007effaaf168cb in g_object_unref () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgobject-2.0.so.0
#29 0x00007effaaf171cd in g_value_object_free_value () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgobject-2.0.so.0
#30 0x00007effaaf33cfc in g_value_unset () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgobject-2.0.so.0
#31 0x00007effaaf276da in g_signal_emit_valist () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgobject-2.0.so.0
#32 0x00007effaaf27944 in g_signal_emit_by_name () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgobject-2.0.so.0
#33 0x00007effaceb4639 in WebKit::emitCloseWebViewSignalLater (view=0xf862b0) at ../../Source/WebKit/gtk/WebCoreSupport/ChromeClientGtk.cpp:271
#34 0x00007effaae05105 in g_timeout_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#35 0x00007effaae03359 in g_main_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#36 0x00007effaae04003 in g_main_context_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#37 0x00007effaae041ed in g_main_context_iterate () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#38 0x00007effaae04623 in g_main_loop_run () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#39 0x00007effab6f9843 in gtk_main () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgtk-3.so.0
#40 0x000000000045f858 in runTest (testPathOrURL=...) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:706
#41 0x000000000045eec1 in runTestingServerLoop () at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:491
#42 0x0000000000461eec in main (argc=2, argv=0x7fffdcc91b78) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:1388

Comment 3 Zan Dobersek 2012-06-23 06:41:47 PDT

Comment on attachment 149174 [details]
ROLLOUT of r121058

Clearing flags on attachment: 149174

Committed r121098: <http://trac.webkit.org/changeset/121098>

Comment 4 Zan Dobersek 2012-06-23 06:41:54 PDT

All reviewed patches have been landed.  Closing bug.