Bug 167545

Summary: [Threaded Compositor] Crash when deleting the compositor run loop
Product: WebKit Reporter: Carlos Garcia Campos <cgarcia>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, commit-queue
Priority: P2 Keywords: Gtk
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch mcatanzaro: review+

Description Carlos Garcia Campos 2017-01-28 01:01:55 PST 
I've seen this in bots:

Thread 1 (Thread 0x7ff68447c940 (LWP 18142)):
#0  0x00007ff68a721067 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ff68a722448 in __GI_abort () at abort.c:89
#2  0x00007ff68ccc1105 in g_assertion_message () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gtestutils.c:2356
#3  0x00007ff68ccc118a in g_assertion_message_expr () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gtestutils.c:2371
#4  0x00007ff68cc8b1be in g_hash_table_lookup_node () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/ghash.c:373
#5  g_hash_table_remove_internal () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/ghash.c:1352
#6  0x00007ff68cc991a8 in g_source_unref_internal () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:2009
#7  0x00007ff6936e2b9d in WebKit::CompositingRunLoop::~CompositingRunLoop() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#8  0x00007ff6936e4734 in WebKit::ThreadedCompositor::invalidate() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#9  0x00007ff6936ee350 in WebKit::ThreadedCoordinatedLayerTreeHost::invalidate() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#10 0x00007ff6936d09bb in WebKit::DrawingAreaImpl::exitAcceleratedCompositingMode() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#11 0x00007ff6913718aa in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#12 0x00007ff68cc9becd in g_main_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3122
#13 g_main_context_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3737
#14 0x00007ff68cc9c268 in g_main_context_iterate () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3808
#15 0x00007ff68cc9c582 in g_main_loop_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:4002
#16 0x00007ff691371c50 in WTF::RunLoop::run() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#17 0x00007ff6936d71e2 in WebProcessMainUnix () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#18 0x00007ff68a70db45 in __libc_start_main (main=0x400bf0 <main>, argc=2, argv=0x7fff81f67e88, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff81f67e78) at libc-start.c:287
#19 0x0000000000400c45 in _start ()

The problem is that we are releasing the WorkQueue before the update timer that keeps a reference to the run loop, destroyed by the WorkQueue
Comment 1 Carlos Garcia Campos 2017-01-28 01:13:56 PST 
Created attachment 300012 [details]
Patch
Comment 2 WebKit Commit Bot 2017-01-28 01:15:56 PST 
Attachment 300012 [details] did not pass style-queue:


ERROR: Source/WebKit2/Shared/CoordinatedGraphics/threadedcompositor/CompositingRunLoop.cpp:126:  More than one command on the same line  [whitespace/newline] [4]
Total errors found: 1 in 2 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 3 Michael Catanzaro 2017-01-28 12:38:33 PST 
Comment on attachment 300012 [details]
Patch

:/
Comment 4 Carlos Garcia Campos 2017-01-28 23:17:05 PST 
Committed r211347: <http://trac.webkit.org/changeset/211347>