148429 2015-08-25 06:26:05 -0700 IconDatabase: syncThreadMainLoop() is unlocking m_syncLock twice when thread termination is requested 2015-08-25 12:16:30 -0700 1 1 1 Unclassified WebKit WebCore Misc. WebKit Local Build Unspecified Unspecified RESOLVED FIXED Gtk, Regression P2 Normal --- 1 cgarcia webkit-unassigned commit-queue fpizlo japhet zan oldest_to_newest 1120580 0 cgarcia 2015-08-25 06:26:05 -0700 The test is crashing, but favicons seem to work fine in the MiniBrowser, so maybe it's something that only happens in unit tests because things happen faster or something like that. TEST: ./Tools/gtk/../../WebKitBuild/Debug/bin/TestWebKitAPI/WebKit2Gtk/TestWebKitFaviconDatabase... (pid=7842) /webkit2/WebKitFaviconDatabase/favicon-database-test: ERROR: Failed to start load for icon at url http://127.0.0.1:55922/favicon.ico ../../Source/WebCore/loader/icon/IconLoader.cpp(71) : void WebCore::IconLoader::startLoading() ASSERTION FAILED: oldByteValue == isHeldBit || oldByteValue == (isHeldBit | hasParkedBit) ../../Source/WTF/wtf/Lock.cpp(84) : void WTF::LockBase::unlockSlow() 1 0x2ae6e18c3fb3 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x1e) [0x2ae6e18c3fb3] 2 0x2ae6e18cb02d /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF8LockBase10unlockSlowEv+0x51) [0x2ae6e18cb02d] 3 0x419548 ./Tools/gtk/../../WebKitBuild/Debug/bin/TestWebKitAPI/WebKit2Gtk/TestWebKitFaviconDatabase(_ZN3WTF8LockBase6unlockEv+0x42) [0x419548] 4 0x2ae6e7c59a23 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore12IconDatabase18syncThreadMainLoopEv+0x3a1) [0x2ae6e7c59a23] 5 0x2ae6e7c578ad /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore12IconDatabase22iconDatabaseSyncThreadEv+0x37f) [0x2ae6e7c578ad] 6 0x2ae6e7c5752c /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore12IconDatabase27iconDatabaseSyncThreadStartEPv+0x20) [0x2ae6e7c5752c] 7 0x2ae6e18dc87e /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x169487e) [0x2ae6e18dc87e] 8 0x2ae6e18dca2e /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x1694a2e) [0x2ae6e18dca2e] 9 0x2ae6e14b219a /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZNKSt8functionIFvvEEclEv+0x32) [0x2ae6e14b219a] 10 0x2ae6e18dc760 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x1694760) [0x2ae6e18dc760] 11 0x2ae6e190e4c8 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x16c64c8) [0x2ae6e190e4c8] 12 0x2ae6ee71b0a4 /lib/x86_64-linux-gnu/libpthread.so.0(+0x80a4) [0x2ae6ee71b0a4] 13 0x2ae6f2e1d04d /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x2ae6f2e1d04d] FAIL GTester: last random seed: R02S27cc8ffcc8374f3422c8149248e1d12d (pid=7864) FAIL: ./Tools/gtk/../../WebKitBuild/Debug/bin/TestWebKitAPI/WebKit2Gtk/TestWebKitFaviconDatabase It's an assertion, but also crashes in Release builds, I got this bt: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff937fe700 (LWP 24134)] 0x00007ffff1a910cc in WTFCrash () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 (gdb) bt #0 0x00007ffff1a910cc in WTFCrash () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #1 0x00007ffff1a96645 in WTF::LockBase::unlockSlow() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #2 0x00007ffff313e4ef in WTF::LockBase::unlock() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #3 0x00007ffff3af6212 in WebCore::IconDatabase::syncThreadMainLoop() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #4 0x00007ffff3af72c4 in WebCore::IconDatabase::iconDatabaseSyncThread() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #5 0x00007ffff1aa15a5 in WTF::threadEntryPoint(void*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #6 0x00007ffff1ace4fa in WTF::wtfThreadEntryPoint(void*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #7 0x00007ffff0ab70a4 in start_thread (arg=0x7fff937fe700) at pthread_create.c:309 #8 0x00007fffeae0107d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 1120582 1 cgarcia 2015-08-25 06:45:14 -0700 Crash happens when clearing the database in IconDatabase::removeAllIcons(). 1120590 2 fpizlo 2015-08-25 07:50:52 -0700 This assertion indicates that the caller (syncTheeadMainLoop?) is unlocking a lock that wasn't locked. This manifests as a regression because the old locks had no such assertion, but probably this has been a problem in this code for a long time. 1120593 3 cgarcia 2015-08-25 08:40:38 -0700 Indeed, the new lock is just revealing a bug that has been there probably forever. This not GTK specific and not a regression either. I'll submit a patch. 1120594 4 259846 cgarcia 2015-08-25 08:46:13 -0700 Created attachment 259846 Patch 1120683 5 259846 commit-queue 2015-08-25 12:16:24 -0700 Comment on attachment 259846 Patch Clearing flags on attachment: 259846 Committed r188931: <http://trac.webkit.org/changeset/188931> 1120684 6 commit-queue 2015-08-25 12:16:30 -0700 All reviewed patches have been landed. Closing bug. 259846 2015-08-25 08:46:13 -0700 2015-08-25 12:16:24 -0700 Patch wcore-icon-database-crash.diff text/plain 1862 cgarcia ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZwppbmRleCBiODE1ZDJlLi4zNTgzYWJiIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29y ZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjMg QEAKKzIwMTUtMDgtMjUgIENhcmxvcyBHYXJjaWEgQ2FtcG9zICA8Y2dhcmNpYUBpZ2FsaWEuY29t PgorCisgICAgICAgIEljb25EYXRhYmFzZTogc3luY1RocmVhZE1haW5Mb29wKCkgaXMgdW5sb2Nr aW5nIG1fc3luY0xvY2sgdHdpY2Ugd2hlbiB0aHJlYWQgdGVybWluYXRpb24gaXMgcmVxdWVzdGVk CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNDg0MjkK KworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBUaGUgbG9j ayBpcyByZWxlYXNlZCBhbiBsb2NrZWQgb24gZXZlcnkgbG9vcCBpdGVyYXRpb24sIGFuZCB0aGVu CisgICAgICAgIHVubG9ja2VkIGFnYWluIGFmdGVyIHRoZSBsb29wLiBUaGVyZSdzIGFuIGVhcmx5 IGJyZWFrIGluIHRoZSBsb29wCisgICAgICAgIHdoZW4gdGhyZWFkIHRlcm1pbmF0aW9uIGlzIHJl cXVlc3RlZCB0aGF0IGhhcHBlbnMgYWZ0ZXIgdGhlIGxvY2sKKyAgICAgICAgaXMgcmVsZWFzZWQg YnV0IGJlZm9yZSBpcyBsb2NrZWQgYWdhaW4sIHNvIHRoYXQgdGhlIHVubG9jayBhZnRlcgorICAg ICAgICB0aGUgbG9vcCBpcyB0cnlpbmcgdG8gdW5sb2NrIHRoZSBsb2NrIGFnYWluLiBUaGlzIHdh cyBub3QgYQorICAgICAgICBwcm9ibGVtIGJlZm9yZSwgYnV0IHRoZSBuZXcgTG9jayBoYXMgYW4g YXNzZXJ0aW9uIHRvIGVuc3VyZSB0aGF0IGEKKyAgICAgICAgbG9jayBpcyBub3QgcmVsZWFzZWQg dHdpY2UuCisKKyAgICAgICAgKiBsb2FkZXIvaWNvbi9JY29uRGF0YWJhc2UuY3BwOgorICAgICAg ICAoV2ViQ29yZTo6SWNvbkRhdGFiYXNlOjpzeW5jVGhyZWFkTWFpbkxvb3ApOiBDbGVhbiB1cCB0 aGUgdGhyZWFkCisgICAgICAgIGFuZCByZXR1cm4gaW5zdGVhZCBvZiBicmVha2luZyB0aGUgbG9v cCB3aGVuIHRocmVhZCB0ZXJtaW5hdGlvbiBpcworICAgICAgICByZXF1ZXN0ZWQuCisKIDIwMTUt MDgtMTcgIEZpbGlwIFBpemxvICA8ZnBpemxvQGFwcGxlLmNvbT4KIAogICAgICAgICBSZXBsYWNl IGFsbCByZW1haW5pbmcgdXNlcyBvZiBXVEY6Ok11dGV4IHdpdGggV1RGOjpMb2NrCmRpZmYgLS1n aXQgYS9Tb3VyY2UvV2ViQ29yZS9sb2FkZXIvaWNvbi9JY29uRGF0YWJhc2UuY3BwIGIvU291cmNl L1dlYkNvcmUvbG9hZGVyL2ljb24vSWNvbkRhdGFiYXNlLmNwcAppbmRleCBmOWJjNDZlLi40OTlh MjM0IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9sb2FkZXIvaWNvbi9JY29uRGF0YWJhc2Uu Y3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL2xvYWRlci9pY29uL0ljb25EYXRhYmFzZS5jcHAKQEAg LTEzNjcsOCArMTM2NywxMCBAQCB2b2lkIEljb25EYXRhYmFzZTo6c3luY1RocmVhZE1haW5Mb29w KCkKICAgICAgICAgfQogICAgICAgICAKICAgICAgICAgLy8gVGhlbiwgaWYgdGhlIHRocmVhZCBz aG91bGQgYmUgcXVpdHRpbmcsIHF1aXQgbm93IQotICAgICAgICBpZiAobV90aHJlYWRUZXJtaW5h dGlvblJlcXVlc3RlZCkKLSAgICAgICAgICAgIGJyZWFrOworICAgICAgICBpZiAobV90aHJlYWRU ZXJtaW5hdGlvblJlcXVlc3RlZCkgeworICAgICAgICAgICAgY2xlYW51cFN5bmNUaHJlYWQoKTsK KyAgICAgICAgICAgIHJldHVybjsKKyAgICAgICAgfQogCiAgICAgICAgIHsKICAgICAgICAgICAg IExvY2tIb2xkZXIgbG9ja2VyKG1fdXJsQW5kSWNvbkxvY2spOwo=