Bug 148429

Summary: IconDatabase: syncThreadMainLoop() is unlocking m_syncLock twice when thread termination is requested
Product: WebKit Reporter: Carlos Garcia Campos <cgarcia>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, fpizlo, japhet, zan
Priority: P2 Keywords: Gtk, Regression
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Carlos Garcia Campos 2015-08-25 06:26:05 PDT 
The test is crashing, but favicons seem to work fine in the MiniBrowser, so maybe it's something that only happens in unit tests because things happen faster or something like that.

TEST: ./Tools/gtk/../../WebKitBuild/Debug/bin/TestWebKitAPI/WebKit2Gtk/TestWebKitFaviconDatabase... (pid=7842)

  /webkit2/WebKitFaviconDatabase/favicon-database-test:                ERROR: Failed to start load for icon at url http://127.0.0.1:55922/favicon.ico

../../Source/WebCore/loader/icon/IconLoader.cpp(71) : void WebCore::IconLoader::startLoading()

ASSERTION FAILED: oldByteValue == isHeldBit || oldByteValue == (isHeldBit | hasParkedBit)

../../Source/WTF/wtf/Lock.cpp(84) : void WTF::LockBase::unlockSlow()

1   0x2ae6e18c3fb3 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x1e) [0x2ae6e18c3fb3]

2   0x2ae6e18cb02d /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF8LockBase10unlockSlowEv+0x51) [0x2ae6e18cb02d]

3   0x419548 ./Tools/gtk/../../WebKitBuild/Debug/bin/TestWebKitAPI/WebKit2Gtk/TestWebKitFaviconDatabase(_ZN3WTF8LockBase6unlockEv+0x42) [0x419548]

4   0x2ae6e7c59a23 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore12IconDatabase18syncThreadMainLoopEv+0x3a1) [0x2ae6e7c59a23]

5   0x2ae6e7c578ad /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore12IconDatabase22iconDatabaseSyncThreadEv+0x37f) [0x2ae6e7c578ad]

6   0x2ae6e7c5752c /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore12IconDatabase27iconDatabaseSyncThreadStartEPv+0x20) [0x2ae6e7c5752c]

7   0x2ae6e18dc87e /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x169487e) [0x2ae6e18dc87e]

8   0x2ae6e18dca2e /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x1694a2e) [0x2ae6e18dca2e]

9   0x2ae6e14b219a /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZNKSt8functionIFvvEEclEv+0x32) [0x2ae6e14b219a]

10  0x2ae6e18dc760 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x1694760) [0x2ae6e18dc760]

11  0x2ae6e190e4c8 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x16c64c8) [0x2ae6e190e4c8]

12  0x2ae6ee71b0a4 /lib/x86_64-linux-gnu/libpthread.so.0(+0x80a4) [0x2ae6ee71b0a4]

13  0x2ae6f2e1d04d /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x2ae6f2e1d04d]

FAIL

GTester: last random seed: R02S27cc8ffcc8374f3422c8149248e1d12d

(pid=7864)

FAIL: ./Tools/gtk/../../WebKitBuild/Debug/bin/TestWebKitAPI/WebKit2Gtk/TestWebKitFaviconDatabase

It's an assertion, but also crashes in Release builds, I got this bt:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff937fe700 (LWP 24134)]
0x00007ffff1a910cc in WTFCrash () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
(gdb) bt
#0  0x00007ffff1a910cc in WTFCrash () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#1  0x00007ffff1a96645 in WTF::LockBase::unlockSlow() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#2  0x00007ffff313e4ef in WTF::LockBase::unlock() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#3  0x00007ffff3af6212 in WebCore::IconDatabase::syncThreadMainLoop() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007ffff3af72c4 in WebCore::IconDatabase::iconDatabaseSyncThread() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#5  0x00007ffff1aa15a5 in WTF::threadEntryPoint(void*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#6  0x00007ffff1ace4fa in WTF::wtfThreadEntryPoint(void*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#7  0x00007ffff0ab70a4 in start_thread (arg=0x7fff937fe700) at pthread_create.c:309
#8  0x00007fffeae0107d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
Comment 1 Carlos Garcia Campos 2015-08-25 06:45:14 PDT 
Crash happens when clearing the database in IconDatabase::removeAllIcons().
Comment 2 Filip Pizlo 2015-08-25 07:50:52 PDT 
This assertion indicates that the caller (syncTheeadMainLoop?) is unlocking a lock that wasn't locked. This manifests as a regression because the old locks had no such assertion, but probably this has been a problem in this code for a long time.
Comment 3 Carlos Garcia Campos 2015-08-25 08:40:38 PDT 
Indeed, the new lock is just revealing a bug that has been there probably forever. This not GTK specific and not a regression either. I'll submit a patch.
Comment 4 Carlos Garcia Campos 2015-08-25 08:46:13 PDT 
Created attachment 259846 [details]
Patch
Comment 5 WebKit Commit Bot 2015-08-25 12:16:24 PDT 
Comment on attachment 259846 [details]
Patch

Clearing flags on attachment: 259846

Committed r188931: <http://trac.webkit.org/changeset/188931>
Comment 6 WebKit Commit Bot 2015-08-25 12:16:30 PDT 
All reviewed patches have been landed.  Closing bug.