Bug 131439 - [WK2] WebProcess crashes, when closing window after opening page by means of context menu
Summary: [WK2] WebProcess crashes, when closing window after opening page by means of ...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Hyowon Kim
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-09 07:42 PDT by Maciej Florek
Modified: 2014-04-11 18:56 PDT (History)
3 users (show)

See Also:

Attachments
Patch (1.72 KB, patch)
2014-04-11 18:20 PDT, Hyowon Kim 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Maciej Florek 2014-04-09 07:42:09 PDT 
When running Minibrowser in shared process mode, after opening page in new window by means of "Open link in new window" context menu option, after closing any of two windows, WebProcess crashes.

Stack trace:

Program received signal SIGSEGV, Segmentation fault.
0x00007fec3700076a in WebKit::PageOverlayController::notifyFlushRequired(WebCore::GraphicsLayer const*) ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/WebPage/PageOverlayController.cpp:259
259	    m_webPage->drawingArea()->scheduleCompositingLayerFlush();
bt
#0  0x00007fec3700076a in WebKit::PageOverlayController::notifyFlushRequired(WebCore::GraphicsLayer const*) ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/WebPage/PageOverlayController.cpp:259
#1  0x00007fec30c028d7 in WebCore::CoordinatedGraphicsLayer::notifyFlushRequired() ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:55
#2  0x00007fec30c02912 in WebCore::CoordinatedGraphicsLayer::didChangeLayerState() ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:64
#3  0x00007fec30c0647d in WebCore::CoordinatedGraphicsLayer::purgeBackingStores() ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:1056
#4  0x00007fec30bf3a3f in WebCore::CompositingCoordinator::purgeBackingStores() ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebCore/platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:369
#5  0x00007fec30bf24d2 in WebCore::CompositingCoordinator::~CompositingCoordinator() ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebCore/platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:48
#6  0x00007fec30bf261c in WebCore::CompositingCoordinator::~CompositingCoordinator() ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebCore/platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:53
#7  0x00007fec370d7186 in std::default_delete<WebCore::CompositingCoordinator>::operator()(WebCore::CompositingCoordinator*) const ()
    at /usr/include/c++/4.8/bits/unique_ptr.h:67
#8  0x00007fec370d6d85 in std::unique_ptr<WebCore::CompositingCoordinator, std::default_delete<WebCore::CompositingCoordinator> >::~unique_ptr() ()
    at /usr/include/c++/4.8/bits/unique_ptr.h:184
#9  0x00007fec370d5bfe in WebKit::CoordinatedLayerTreeHost::~CoordinatedLayerTreeHost() ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:55
#10 0x00007fec370d5c3a in WebKit::CoordinatedLayerTreeHost::~CoordinatedLayerTreeHost() ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:57
#11 0x00007fec36ffeaa0 in WTF::RefCounted<WebKit::LayerTreeHost>::deref() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WTF/wtf/RefCounted.h:146
#12 0x00007fec370d5012 in void WTF::derefIfNotNull<WebKit::LayerTreeHost>(WebKit::LayerTreeHost*) ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WTF/wtf/PassRefPtr.h:39
#13 0x00007fec370d4c8b in WTF::RefPtr<WebKit::LayerTreeHost>::~RefPtr() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WTF/wtf/RefPtr.h:55
#14 0x00007fec370d1eaa in WebKit::CoordinatedDrawingArea::~CoordinatedDrawingArea() ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedDrawingArea.cpp:47
#15 0x00007fec370d1f1a in WebKit::CoordinatedDrawingArea::~CoordinatedDrawingArea() ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedDrawingArea.cpp:51
#16 0x00007fec37029b32 in std::default_delete<WebKit::DrawingArea>::operator()(WebKit::DrawingArea*) const () at /usr/include/c++/4.8/bits/unique_ptr.h:67
#17 0x00007fec3702a606 in std::unique_ptr<WebKit::DrawingArea, std::default_delete<WebKit::DrawingArea> >::reset(WebKit::DrawingArea*) ()
    at /usr/include/c++/4.8/bits/unique_ptr.h:262
#18 0x00007fec370279b3 in std::unique_ptr<WebKit::DrawingArea, std::default_delete<WebKit::DrawingArea> >::operator=(decltype(nullptr)) ()
    at /usr/include/c++/4.8/bits/unique_ptr.h:213
#19 0x00007fec370163c7 in WebKit::WebPage::close() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/WebPage/WebPage.cpp:902
#20 0x00007fec3713dab2 in _ZN3IPC22callMemberFunctionImplIN6WebKit7WebPageEMS2_FvvESt5tupleIJEEJEEEvPT_T0_OT1_St14index_sequenceIJXspT2_EEE ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/Platform/IPC/HandleMessage.h:16
#21 0x00007fec3713c418 in _ZN3IPC18callMemberFunctionIN6WebKit7WebPageEMS2_FvvESt5tupleIJEESt19make_index_sequenceILm0EEEEvOT1_PT_T0_ ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/Platform/IPC/HandleMessage.h:22
#22 0x00007fec37139abe in void IPC::handleMessage<Messages::WebPage::Close, WebKit::WebPage, void (WebKit::WebPage::*)()>(IPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)()) () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/Platform/IPC/HandleMessage.h:117
#23 0x00007fec37135c80 in WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection*, IPC::MessageDecoder&) ()
    at /home/mflorek/webkit-local-efl/webkit.org/WebKitBuild/Debug/DerivedSources/WebKit2/WebPageMessageReceiver.cpp:479
#24 0x00007fec3701f711 in WebKit::WebPage::didReceiveMessage(IPC::Connection*, IPC::MessageDecoder&) ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/WebPage/WebPage.cpp:3267
#25 0x00007fec36d9534c in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection*, IPC::MessageDecoder&) ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/Platform/IPC/MessageReceiverMap.cpp:87
#26 0x00007fec36f3650d in WebKit::WebProcess::didReceiveMessage(IPC::Connection*, IPC::MessageDecoder&) ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/WebProcess.cpp:594
#27 0x00007fec36d83b9a in IPC::Connection::dispatchMessage(IPC::MessageDecoder&) ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/Platform/IPC/Connection.cpp:770
#28 0x00007fec36d83c66 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/Platform/IPC/Connection.cpp:791
#29 0x00007fec36d83e27 in IPC::Connection::dispatchOneMessage() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/Platform/IPC/Connection.cpp:817
#30 0x00007fec36d946ed in WTF::FunctionWrapper<void (IPC::Connection::*)()>::operator()(IPC::Connection*) ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WTF/wtf/Functional.h:218
#31 0x00007fec36d94460 in WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (IPC::Connection::*)()>, void (IPC::Connection*)>::operator()() ()
    at /home/mflorek/webkit-local-efl/webkit.org/Source/WTF/wtf/Functional.h:496
#32 0x00007fec36d7325f in WTF::Function<void ()>::operator()() const () at /home/mflorek/webkit-local-efl/webkit.org/Source/WTF/wtf/Functional.h:704
#33 0x00007fec36d71c15 in std::_Function_handler<void (), WTF::Function<void ()> >::_M_invoke(std::_Any_data const&) () at /usr/include/c++/4.8/functional:2071
#34 0x00007fec36d668ee in std::function<void ()>::operator()() const () at /usr/include/c++/4.8/functional:2468
#35 0x00007fec37146730 in WTF::RunLoop::performWork() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WTF/wtf/RunLoop.cpp:119
#36 0x00007fec3714789a in WTF::RunLoop::wakeUpEvent(void*, void*, unsigned int) () at /home/mflorek/webkit-local-efl/webkit.org/Source/WTF/wtf/efl/RunLoopEfl.cpp:68
#37 0x00007fec2c623497 in _ecore_pipe_read () from /home/mflorek/webkit-local-efl/webkit.org/WebKitBuild/Dependencies/Root/lib64/libecore.so.1
#38 0x00007fec2c622571 in _ecore_main_loop_iterate_internal () from /home/mflorek/webkit-local-efl/webkit.org/WebKitBuild/Dependencies/Root/lib64/libecore.so.1
#39 0x00007fec2c6229b7 in ecore_main_loop_begin () from /home/mflorek/webkit-local-efl/webkit.org/WebKitBuild/Dependencies/Root/lib64/libecore.so.1
#40 0x00007fec3714782b in WTF::RunLoop::run() () at /home/mflorek/webkit-local-efl/webkit.org/Source/WTF/wtf/efl/RunLoopEfl.cpp:51
#41 0x00007fec370d9b71 in WebProcessMainEfl () at /home/mflorek/webkit-local-efl/webkit.org/Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:126
#42 0x0000000000400850 in main ()
Comment 1 Hyowon Kim 2014-04-10 23:40:16 PDT 
Hi, Maciej Florek. Can I take over this bug?
Comment 2 Maciej Florek 2014-04-11 01:04:20 PDT 
(In reply to comment #1)
> Hi, Maciej Florek. Can I take over this bug?

Sure, go ahead.
Comment 3 Hyowon Kim 2014-04-11 18:20:49 PDT 
Created attachment 229190 [details]
Patch
Comment 4 WebKit Commit Bot 2014-04-11 18:56:32 PDT 
Comment on attachment 229190 [details]
Patch

Clearing flags on attachment: 229190

Committed r167178: <http://trac.webkit.org/changeset/167178>
Comment 5 WebKit Commit Bot 2014-04-11 18:56:35 PDT 
All reviewed patches have been landed.  Closing bug.