94699 – [GTK] Crash when finalizing WebKitWebView

Bug 94699 - [GTK] Crash when finalizing WebKitWebView

Summary: [GTK] Crash when finalizing WebKitWebView

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKitGTK (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-08-22 06:14 PDT by Xan Lopez
Modified:	2012-08-22 08:53 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Workaround (3.15 KB, patch) 2012-08-22 06:27 PDT, Carlos Garcia Campos	no flags	Details \| Formatted Diff \| Diff
Updated patch (2.60 KB, patch) 2012-08-22 08:22 PDT, Carlos Garcia Campos	mrobinson: review+ mrobinson: commit-queue-	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Xan Lopez 2012-08-22 06:14:27 PDT

Seems related to the last AC/overlay patches. This happens with AC disabled too.

Program received signal SIGSEGV, Segmentation fault.
glBindFramebufferEXT () at glapi_x86-64.S:31759
31759		movq	6688(%rax), %r11
(gdb) bt
#0  glBindFramebufferEXT () at glapi_x86-64.S:31759
#1  0x00007ffff7ade18d in WebCore::GLContextGLX::~GLContextGLX() () from /home/xan/gnome/lib64/libwebkitgtk-3.0.so.0
#2  0x00007ffff7ade259 in WebCore::GLContextGLX::~GLContextGLX() () from /home/xan/gnome/lib64/libwebkitgtk-3.0.so.0
#3  0x00007ffff7adf2b9 in WebCore::RedirectedXCompositeWindow::~RedirectedXCompositeWindow() () from /home/xan/gnome/lib64/libwebkitgtk-3.0.so.0
#4  0x00007ffff6a5ff03 in WebKit::AcceleratedCompositingContext::~AcceleratedCompositingContext() () from /home/xan/gnome/lib64/libwebkitgtk-3.0.so.0
#5  0x00007ffff6a5ff29 in WebKit::AcceleratedCompositingContext::~AcceleratedCompositingContext() () from /home/xan/gnome/lib64/libwebkitgtk-3.0.so.0
#6  0x00007ffff6a9a811 in webkit_web_view_finalize(_GObject*) () from /home/xan/gnome/lib64/libwebkitgtk-3.0.so.0
#7  0x0000000000478062 in ephy_web_view_finalize (object=0x5a32020) at ../../embed/ephy-web-view.c:1093
#8  0x00007ffff51f078c in g_object_unref (_object=0x5a32020) at gobject.c:3023
#9  0x00007ffff51eb70a in g_object_run_dispose (object=0x5a32020) at gobject.c:1063
#10 0x00007ffff5b769b0 in gtk_widget_destroy (widget=0x5a32020) at gtkwidget.c:3952
#11 0x00007ffff589d918 in gtk_bin_forall (container=0x4d11b80, include_internals=0, callback=0x7ffff5b768f9 <gtk_widget_destroy>, callback_data=0x0) at gtkbin.c:170
#12 0x00007ffff5a6a6dc in gtk_scrolled_window_forall (container=0x4d11b80, include_internals=0, callback=0x7ffff5b768f9 <gtk_widget_destroy>, callback_data=0x0) at gtkscrolledwindow.c:1598
#13 0x00007ffff5903503 in gtk_container_foreach (container=0x4d11b80, callback=0x7ffff5b768f9 <gtk_widget_destroy>, callback_data=0x0) at gtkcontainer.c:2088
#14 0x00007ffff5901b77 in gtk_container_destroy (widget=0x4d11b80) at gtkcontainer.c:1377
#15 0x00007ffff5a698a9 in gtk_scrolled_window_destroy (widget=0x4d11b80) at gtkscrolledwindow.c:1263
#16 0x00007ffff51e7288 in g_cclosure_marshal_VOID__VOID (closure=0x4e6460, return_value=0x0, n_param_values=1, param_values=0x7fffffff9ac0, invocation_hint=0x7fffffff99f0, marshal_data=0x7ffff5a696a9) at gmarshal.c:85
#17 0x00007ffff51e4995 in g_type_class_meta_marshal (closure=0x4e6460, return_value=0x0, n_param_values=1, param_values=0x7fffffff9ac0, invocation_hint=0x7fffffff99f0, marshal_data=0x98) at gclosure.c:970
#18 0x00007ffff51e42e0 in g_closure_invoke (closure=0x4e6460, return_value=0x0, n_param_values=1, param_values=0x7fffffff9ac0, invocation_hint=0x7fffffff99f0) at gclosure.c:777
#19 0x00007ffff5201e35 in signal_emit_unlocked_R (node=0x4ef230, detail=0, instance=0x4d11b80, emission_return=0x0, instance_and_params=0x7fffffff9ac0) at gsignal.c:3667
#20 0x00007ffff5200c14 in g_signal_emit_valist (instance=0x4d11b80, signal_id=3, detail=0, var_args=0x7fffffff9de8) at gsignal.c:3300
#21 0x00007ffff520115d in g_signal_emit (instance=0x4d11b80, signal_id=3, detail=0) at gsignal.c:3356
#22 0x00007ffff5b83187 in gtk_widget_dispose (object=0x4d11b80) at gtkwidget.c:10267
#23 0x00007ffff51eb6fe in g_object_run_dispose (object=0x4d11b80) at gobject.c:1061
#24 0x00007ffff5b769b0 in gtk_widget_destroy (widget=0x4d11b80) at gtkwidget.c:3952
#25 0x00007ffff5a1cb2d in gtk_overlay_forall (overlay=0x3975e90, include_internals=0, callback=0x7ffff5b768f9 <gtk_widget_destroy>, callback_data=0x0) at gtkoverlay.c:568
#26 0x00007ffff5903503 in gtk_container_foreach (container=0x3975e90, callback=0x7ffff5b768f9 <gtk_widget_destroy>, callback_data=0x0) at gtkcontainer.c:2088
#27 0x00007ffff5901b77 in gtk_container_destroy (widget=0x3975e90) at gtkcontainer.c:1377
#28 0x00007ffff51e7288 in g_cclosure_marshal_VOID__VOID (closure=0x4e6460, return_value=0x0, n_param_values=1, param_values=0x7fffffffa310, invocation_hint=0x7fffffffa240, marshal_data=0x7ffff5901a90) at gmarshal.c:85
#29 0x00007ffff51e4995 in g_type_class_meta_marshal (closure=0x4e6460, return_value=0x0, n_param_values=1, param_values=0x7fffffffa310, invocation_hint=0x7fffffffa240, marshal_data=0x98) at gclosure.c:970
#30 0x00007ffff51e42e0 in g_closure_invoke (closure=0x4e6460, return_value=0x0, n_param_values=1, param_values=0x7fffffffa310, invocation_hint=0x7fffffffa240) at gclosure.c:777
#31 0x00007ffff5201e35 in signal_emit_unlocked_R (node=0x4ef230, detail=0, instance=0x3975e90, emission_return=0x0, instance_and_params=0x7fffffffa310) at gsignal.c:3667
#32 0x00007ffff5200c14 in g_signal_emit_valist (instance=0x3975e90, signal_id=3, detail=0, var_args=0x7fffffffa638) at gsignal.c:3300
#33 0x00007ffff520115d in g_signal_emit (instance=0x3975e90, signal_id=3, detail=0) at gsignal.c:3356
#34 0x00007ffff5b83187 in gtk_widget_dispose (object=0x3975e90) at gtkwidget.c:10267
#35 0x00007ffff51eb6fe in g_object_run_dispose (object=0x3975e90) at gobject.c:1061
#36 0x00007ffff5b769b0 in gtk_widget_destroy (widget=0x3975e90) at gtkwidget.c:3952
#37 0x00007ffff5a222c8 in gtk_paned_forall (container=0x5a2f000, include_internals=0, callback=0x7ffff5b768f9 <gtk_widget_destroy>, callback_data=0x0) at gtkpaned.c:1956
#38 0x00007ffff5903503 in gtk_container_foreach (container=0x5a2f000, callback=0x7ffff5b768f9 <gtk_widget_destroy>, callback_data=0x0) at gtkcontainer.c:2088
#39 0x00007ffff5901b77 in gtk_container_destroy (widget=0x5a2f000) at gtkcontainer.c:1377
#40 0x00007ffff51e7288 in g_cclosure_marshal_VOID__VOID (closure=0x4e6460, return_value=0x0, n_param_values=1, param_values=0x7fffffffab50, invocation_hint=0x7fffffffaa80, marshal_data=0x7ffff5901a90) at gmarshal.c:85
#41 0x00007ffff51e4995 in g_type_class_meta_marshal (closure=0x4e6460, return_value=0x0, n_param_values=1, param_values=0x7fffffffab50, invocation_hint=0x7fffffffaa80, marshal_data=0x98) at gclosure.c:970
#42 0x00007ffff51e42e0 in g_closure_invoke (closure=0x4e6460, return_value=0x0, n_param_values=1, param_values=0x7fffffffab50, invocation_hint=0x7fffffffaa80) at gclosure.c:777
#43 0x00007ffff5201e35 in signal_emit_unlocked_R (node=0x4ef230, detail=0, instance=0x5a2f000, emission_return=0x0, instance_and_params=0x7fffffffab50) at gsignal.c:3667
#44 0x00007ffff5200c14 in g_signal_emit_valist (instance=0x5a2f000, signal_id=3, detail=0, var_args=0x7fffffffae78) at gsignal.c:3300
#45 0x00007ffff520115d in g_signal_emit (instance=0x5a2f000, signal_id=3, detail=0) at gsignal.c:3356
#46 0x00007ffff5b83187 in gtk_widget_dispose (object=0x5a2f000) at gtkwidget.c:10267
#47 0x00007ffff51eb6fe in g_object_run_dispose (object=0x5a2f000) at gobject.c:1061
#48 0x00007ffff5b769b0 in gtk_widget_destroy (widget=0x5a2f000) at gtkwidget.c:3952
#49 0x00007ffff58a52dc in gtk_box_forall (container=0x56e71a0, include_internals=0, callback=0x7ffff5b768f9 <gtk_widget_destroy>, callback_data=0x0) at gtkbox.c:1865
#50 0x00007ffff5903503 in gtk_container_foreach (container=0x56e71a0, callback=0x7ffff5b768f9 <gtk_widget_destroy>, callback_data=0x0) at gtkcontainer.c:2088
#51 0x00007ffff5901b77 in gtk_container_destroy (widget=0x56e71a0) at gtkcontainer.c:1377
#52 0x00007ffff51e7288 in g_cclosure_marshal_VOID__VOID (closure=0x4e6460, return_value=0x0, n_param_values=1, param_values=0x7fffffffb3a0, invocation_hint=0x7fffffffb2d0, marshal_data=0x7ffff5901a90) at gmarshal.c:85
#53 0x00007ffff51e4995 in g_type_class_meta_marshal (closure=0x4e6460, return_value=0x0, n_param_values=1, param_values=0x7fffffffb3a0, invocation_hint=0x7fffffffb2d0, marshal_data=0x98) at gclosure.c:970
#54 0x00007ffff51e42e0 in g_closure_invoke (closure=0x4e6460, return_value=0x0, n_param_values=1, param_values=0x7fffffffb3a0, invocation_hint=0x7fffffffb2d0) at gclosure.c:777
#55 0x00007ffff5201e35 in signal_emit_unlocked_R (node=0x4ef230, detail=0, instance=0x56e71a0, emission_return=0x0, instance_and_params=0x7fffffffb3a0) at gsignal.c:3667
#56 0x00007ffff5200c14 in g_signal_emit_valist (instance=0x56e71a0, signal_id=3, detail=0, var_args=0x7fffffffb6c8) at gsignal.c:3300
#57 0x00007ffff520115d in g_signal_emit (instance=0x56e71a0, signal_id=3, detail=0) at gsignal.c:3356
#58 0x00007ffff5b83187 in gtk_widget_dispose (object=0x56e71a0) at gtkwidget.c:10267
#59 0x000000000046db91 in ephy_embed_dispose (object=0x56e71a0) at ../../embed/ephy-embed.c:394
#60 0x00007ffff51eb6fe in g_object_run_dispose (object=0x56e71a0) at gobject.c:1061
#61 0x00007ffff5b769b0 in gtk_widget_destroy (widget=0x56e71a0) at gtkwidget.c:3952
#62 0x0000000000435f44 in notebook_page_close_request_cb (notebook=0x67a010, embed=0x56e71a0, window=0x656010) at ../../src/ephy-window.c:2988
#63 0x00007ffff51e8f21 in g_cclosure_marshal_VOID__OBJECTv (closure=0x5321d0, return_value=0x0, instance=0x67a010, args=0x7fffffffbd30, marshal_data=0x0, n_params=1, param_types=0x678e60) at gmarshal.c:1312
#64 0x00007ffff51e45c4 in _g_closure_invoke_va (closure=0x5321d0, return_value=0x0, instance=0x67a010, args=0x7fffffffbd30, n_params=1, param_types=0x678e60) at gclosure.c:840
#65 0x00007ffff51fffac in g_signal_emit_valist (instance=0x67a010, signal_id=206, detail=0, var_args=0x7fffffffbd30) at gsignal.c:3211
#66 0x00007ffff52012bb in g_signal_emit_by_name (instance=0x67a010, detailed_signal=0x4a7bed "tab-close-request") at gsignal.c:3393
#67 0x0000000000440ac3 in window_cmd_file_close_window (action=0x63f730, window=0x656010) at ../../src/window-commands.c:717
#68 0x00007ffff51e7288 in g_cclosure_marshal_VOID__VOID (closure=0x665870, return_value=0x0, n_param_values=1, param_values=0x7fffffffc0b0, invocation_hint=0x7fffffffbfe0, marshal_data=0x0) at gmarshal.c:85
#69 0x00007ffff51e42e0 in g_closure_invoke (closure=0x665870, return_value=0x0, n_param_values=1, param_values=0x7fffffffc0b0, invocation_hint=0x7fffffffbfe0) at gclosure.c:777
#70 0x00007ffff5201996 in signal_emit_unlocked_R (node=0x664200, detail=0, instance=0x63f730, emission_return=0x0, instance_and_params=0x7fffffffc0b0) at gsignal.c:3551
#71 0x00007ffff5200c14 in g_signal_emit_valist (instance=0x63f730, signal_id=201, detail=0, var_args=0x7fffffffc3d8) at gsignal.c:3300
#72 0x00007ffff520115d in g_signal_emit (instance=0x63f730, signal_id=201, detail=0) at gsignal.c:3356
#73 0x00007ffff587dbd3 in _gtk_action_emit_activate (action=0x63f730) at gtkaction.c:801
#74 0x00007ffff587fd31 in closure_accel_activate (closure=0x665d90, return_value=0x7fffffffc630, n_param_values=4, param_values=0x7fffffffc730, invocation_hint=0x7fffffffc660, marshal_data=0x0) at gtkaction.c:1638
#75 0x00007ffff51e42e0 in g_closure_invoke (closure=0x665d90, return_value=0x7fffffffc630, n_param_values=4, param_values=0x7fffffffc730, invocation_hint=0x7fffffffc660) at gclosure.c:777
#76 0x00007ffff5201996 in signal_emit_unlocked_R (node=0x64c770, detail=2351, instance=0x640700, emission_return=0x7fffffffc8b0, instance_and_params=0x7fffffffc730) at gsignal.c:3551
#77 0x00007ffff5200caa in g_signal_emit_valist (instance=0x640700, signal_id=189, detail=2351, var_args=0x7fffffffca98) at gsignal.c:3310
#78 0x00007ffff520115d in g_signal_emit (instance=0x640700, signal_id=189, detail=2351) at gsignal.c:3356
#79 0x00007ffff5876b97 in gtk_accel_group_activate (accel_group=0x640700, accel_quark=2351, acceleratable=0x656010, accel_key=119, accel_mods=GDK_CONTROL_MASK) at gtkaccelgroup.c:914
#80 0x00007ffff5876cb1 in gtk_accel_groups_activate (object=0x656010, accel_key=119, accel_mods=GDK_CONTROL_MASK) at gtkaccelgroup.c:952
#81 0x00007ffff5b9e9db in gtk_window_activate_key (window=0x656010, event=0x49d89c0) at gtkwindow.c:9501
#82 0x00007ffff5b98e2a in gtk_window_key_press_event (widget=0x656010, event=0x49d89c0) at gtkwindow.c:6079
#83 0x0000000000431baa in ephy_window_key_press_event (widget=0x656010, event=0x49d89c0) at ../../src/ephy-window.c:942
#84 0x00007ffff59d00f4 in _gtk_marshal_BOOLEAN__BOXED (closure=0x4f9cc0, return_value=0x7fffffffcf40, n_param_values=2, param_values=0x7fffffffd040, invocation_hint=0x7fffffffcf70, marshal_data=0x431905) at gtkmarshalers.c:85
#85 0x00007ffff51e4995 in g_type_class_meta_marshal (closure=0x4f9cc0, return_value=0x7fffffffcf40, n_param_values=2, param_values=0x7fffffffd040, invocation_hint=0x7fffffffcf70, marshal_data=0x1b0) at gclosure.c:970
#86 0x00007ffff51e42e0 in g_closure_invoke (closure=0x4f9cc0, return_value=0x7fffffffcf40, n_param_values=2, param_values=0x7fffffffd040, invocation_hint=0x7fffffffcf70) at gclosure.c:777
#87 0x00007ffff5201b12 in signal_emit_unlocked_R (node=0x4f9d10, detail=0, instance=0x656010, emission_return=0x7fffffffd190, instance_and_params=0x7fffffffd040) at gsignal.c:3589
#88 0x00007ffff5200caa in g_signal_emit_valist (instance=0x656010, signal_id=36, detail=0, var_args=0x7fffffffd378) at gsignal.c:3310
#89 0x00007ffff520115d in g_signal_emit (instance=0x656010, signal_id=36, detail=0) at gsignal.c:3356
#90 0x00007ffff5b7b5dc in gtk_widget_event_internal (widget=0x656010, event=0x49d89c0) at gtkwidget.c:6298
#91 0x00007ffff5b7ac2c in gtk_widget_event (widget=0x656010, event=0x49d89c0) at gtkwidget.c:5955
#92 0x00007ffff59cfec1 in propagate_event (widget=0x656010, event=0x49d89c0, captured=0, topmost=0x0) at gtkmain.c:2479
#93 0x00007ffff59cffd9 in gtk_propagate_event (widget=0x656010, event=0x49d89c0) at gtkmain.c:2525
#94 0x00007ffff59ceaa8 in gtk_main_do_event (event=0x49d89c0) at gtkmain.c:1713
#95 0x00007ffff560493a in _gdk_event_emit (event=0x49d89c0) at gdkevents.c:69
#96 0x00007ffff563cf9c in gdk_event_source_dispatch (source=0x541f10, callback=0, user_data=0x0) at gdkeventsource.c:358
#97 0x00007ffff50d9b14 in g_main_dispatch (context=0x51d400) at gmain.c:2707
#98 0x00007ffff50da6aa in g_main_context_dispatch (context=0x51d400) at gmain.c:3211
#99 0x00007ffff50da88d in g_main_context_iterate (context=0x51d400, block=1, dispatch=1, self=0x6140f0) at gmain.c:3282
#100 0x00007ffff50da951 in g_main_context_iteration (context=0x51d400, may_block=1) at gmain.c:3343
#101 0x00007ffff52eb077 in g_application_run (application=0x639080, argc=1, argv=0x7fffffffd9f8) at gapplication.c:1607
#102 0x000000000042e71a in main (argc=1, argv=0x7fffffffd9f8) at ../../src/ephy-main.c:493
(gdb)

Comment 1 Carlos Garcia Campos 2012-08-22 06:18:49 PDT

I can't reproduce the crash, so it might be a driver issue or a bug in any of the dependencies.

Comment 2 Carlos Garcia Campos 2012-08-22 06:27:54 PDT

Created attachment 159921 [details]
Workaround

This patch doesn't fix the issue, since I can't reproduce it, but at least it will fix the crash if AC is never enabled (which is actually the common case in wk1)

Comment 3 Carlos Garcia Campos 2012-08-22 06:28:29 PDT

Xan, could you confirm the patch fixes the crash for you in ephy?

Comment 4 Xan Lopez 2012-08-22 06:54:12 PDT

(In reply to comment #3)
> Xan, could you confirm the patch fixes the crash for you in ephy?

This fixes the crash reported in this bug, yep

Comment 5 Martin Robinson 2012-08-22 08:05:34 PDT

Comment on attachment 159921 [details]
Workaround

Hrm. This will cause the window to be created and destroyed in situations like going back and forth in history, so I don't think the comment is correct.

Comment 6 Martin Robinson 2012-08-22 08:15:35 PDT

Comment on attachment 159921 [details]
Workaround

View in context: https://bugs.webkit.org/attachment.cgi?id=159921&action=review

> Source/WebKit/gtk/WebCoreSupport/AcceleratedCompositingContextGL.cpp:-244
> -        // Shrink the offscreen window to save memory while accelerated compositing is turned off.
> -        m_redirectedWindow->resize(IntSize(1, 1));
> +        m_redirectedWindow = nullptr;
>          m_rootLayer = nullptr;
>          m_nonCompositedContentLayer = nullptr;
>          m_textureMapper = nullptr;
>          return;
>      }
>  
> -    if (graphicsLayer && !enabled())
> -        m_redirectedWindow->resize(getWebViewSize(m_webView));
> -

Instead of destroying the redirected window here, I think it'd be be safer to resize it. This is important because it's quite common to change the root compositing layer to null and then back. For instance this happens when moving back and forward between pages. This will still avoid creating the redirected window when AC is never used.

Comment 7 Carlos Garcia Campos 2012-08-22 08:20:00 PDT

(In reply to comment #5)
> (From update of attachment 159921 [details])
> Hrm. This will cause the window to be created and destroyed in situations like going back and forth in history, so I don't think the comment is correct.

Ah!, ok, I thought it only happened when A was enabled/disabled. I'll update the patch then.

Comment 8 Carlos Garcia Campos 2012-08-22 08:22:32 PDT

Created attachment 159940 [details]
Updated patch

Comment 9 Martin Robinson 2012-08-22 08:24:00 PDT

Comment on attachment 159940 [details]
Updated patch

View in context: https://bugs.webkit.org/attachment.cgi?id=159940&action=review

> Source/WebKit/gtk/WebCoreSupport/AcceleratedCompositingContextGL.cpp:-244
> -    if (graphicsLayer && !enabled())
> -        m_redirectedWindow->resize(getWebViewSize(m_webView));
> -

I believe this is still required because we need to kick the old window to the proper size.

Comment 10 Carlos Garcia Campos 2012-08-22 08:30:05 PDT

(In reply to comment #9)
> (From update of attachment 159940 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=159940&action=review
> 
> > Source/WebKit/gtk/WebCoreSupport/AcceleratedCompositingContextGL.cpp:-244
> > -    if (graphicsLayer && !enabled())
> > -        m_redirectedWindow->resize(getWebViewSize(m_webView));
> > -
> 
> I believe this is still required because we need to kick the old window to the proper size.

This already happens, when graphicsLayer != NULL, which is always teh case here because there's an early return when it's NULL, initalize() is called. If already enabled initialize returns early, but if not enabled, if the window already exists it's resized.

Comment 11 Carlos Garcia Campos 2012-08-22 08:53:04 PDT

Committed r126307: <http://trac.webkit.org/changeset/126307>