Bug 148429

Summary: IconDatabase: syncThreadMainLoop() is unlocking m_syncLock twice when thread termination is requested
Product: WebKit Reporter: Carlos Garcia Campos <cgarcia>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, fpizlo, japhet, zan
Priority: P2 Keywords: Gtk, Regression
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Carlos Garcia Campos
Reported 2015-08-25 06:26:05 PDT
The test is crashing, but favicons seem to work fine in the MiniBrowser, so maybe it's something that only happens in unit tests because things happen faster or something like that. TEST: ./Tools/gtk/../../WebKitBuild/Debug/bin/TestWebKitAPI/WebKit2Gtk/TestWebKitFaviconDatabase... (pid=7842) /webkit2/WebKitFaviconDatabase/favicon-database-test: ERROR: Failed to start load for icon at url http://127.0.0.1:55922/favicon.ico ../../Source/WebCore/loader/icon/IconLoader.cpp(71) : void WebCore::IconLoader::startLoading() ASSERTION FAILED: oldByteValue == isHeldBit || oldByteValue == (isHeldBit | hasParkedBit) ../../Source/WTF/wtf/Lock.cpp(84) : void WTF::LockBase::unlockSlow() 1 0x2ae6e18c3fb3 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x1e) [0x2ae6e18c3fb3] 2 0x2ae6e18cb02d /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF8LockBase10unlockSlowEv+0x51) [0x2ae6e18cb02d] 3 0x419548 ./Tools/gtk/../../WebKitBuild/Debug/bin/TestWebKitAPI/WebKit2Gtk/TestWebKitFaviconDatabase(_ZN3WTF8LockBase6unlockEv+0x42) [0x419548] 4 0x2ae6e7c59a23 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore12IconDatabase18syncThreadMainLoopEv+0x3a1) [0x2ae6e7c59a23] 5 0x2ae6e7c578ad /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore12IconDatabase22iconDatabaseSyncThreadEv+0x37f) [0x2ae6e7c578ad] 6 0x2ae6e7c5752c /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore12IconDatabase27iconDatabaseSyncThreadStartEPv+0x20) [0x2ae6e7c5752c] 7 0x2ae6e18dc87e /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x169487e) [0x2ae6e18dc87e] 8 0x2ae6e18dca2e /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x1694a2e) [0x2ae6e18dca2e] 9 0x2ae6e14b219a /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZNKSt8functionIFvvEEclEv+0x32) [0x2ae6e14b219a] 10 0x2ae6e18dc760 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x1694760) [0x2ae6e18dc760] 11 0x2ae6e190e4c8 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x16c64c8) [0x2ae6e190e4c8] 12 0x2ae6ee71b0a4 /lib/x86_64-linux-gnu/libpthread.so.0(+0x80a4) [0x2ae6ee71b0a4] 13 0x2ae6f2e1d04d /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x2ae6f2e1d04d] FAIL GTester: last random seed: R02S27cc8ffcc8374f3422c8149248e1d12d (pid=7864) FAIL: ./Tools/gtk/../../WebKitBuild/Debug/bin/TestWebKitAPI/WebKit2Gtk/TestWebKitFaviconDatabase It's an assertion, but also crashes in Release builds, I got this bt: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff937fe700 (LWP 24134)] 0x00007ffff1a910cc in WTFCrash () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 (gdb) bt #0 0x00007ffff1a910cc in WTFCrash () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #1 0x00007ffff1a96645 in WTF::LockBase::unlockSlow() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #2 0x00007ffff313e4ef in WTF::LockBase::unlock() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #3 0x00007ffff3af6212 in WebCore::IconDatabase::syncThreadMainLoop() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #4 0x00007ffff3af72c4 in WebCore::IconDatabase::iconDatabaseSyncThread() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #5 0x00007ffff1aa15a5 in WTF::threadEntryPoint(void*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #6 0x00007ffff1ace4fa in WTF::wtfThreadEntryPoint(void*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #7 0x00007ffff0ab70a4 in start_thread (arg=0x7fff937fe700) at pthread_create.c:309 #8 0x00007fffeae0107d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
Attachments
Patch (1.82 KB, patch)
2015-08-25 08:46 PDT, Carlos Garcia Campos 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Carlos Garcia Campos
Comment 1 2015-08-25 06:45:14 PDT
Crash happens when clearing the database in IconDatabase::removeAllIcons().
Filip Pizlo
Comment 2 2015-08-25 07:50:52 PDT
This assertion indicates that the caller (syncTheeadMainLoop?) is unlocking a lock that wasn't locked. This manifests as a regression because the old locks had no such assertion, but probably this has been a problem in this code for a long time.
Carlos Garcia Campos
Comment 3 2015-08-25 08:40:38 PDT
Indeed, the new lock is just revealing a bug that has been there probably forever. This not GTK specific and not a regression either. I'll submit a patch.
Carlos Garcia Campos
Comment 4 2015-08-25 08:46:13 PDT
Created attachment 259846 [details] Patch
WebKit Commit Bot
Comment 5 2015-08-25 12:16:24 PDT
Comment on attachment 259846 [details] Patch Clearing flags on attachment: 259846 Committed r188931: <http://trac.webkit.org/changeset/188931>
WebKit Commit Bot
Comment 6 2015-08-25 12:16:30 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.