Bug 233933

Summary:

[WPE] Crash under WebProcessProxy::setIsInProcessCache when closing web view in debug builds

Product:

WebKit

Reporter:

Krzysztof Konopko <kris>

Component:

WPE WebKit

Assignee:

Chris Dumez <cdumez>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, aperez, bugs-noreply, cdumez, darin, ggaren, kris, mcatanzaro, youennf

Priority:

Version:

WebKit Local Build

Hardware:

All

OS:

Linux

Attachments:

Description	Flags
Patch	none

Krzysztof Konopko

Reported 2021-12-07 09:41:02 PST

The following crash can be easily reproduced when running regular (WPE) tests in debug builds on the mainline WebKit branch: #0 0x00007f4d2a500bc4 in WTFCrash () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #1 0x00007f4d2a500bd5 in WTFIsDebuggerAttached () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #2 0x00007f4d272cc4e7 in WTF::ThreadSafeRefCountedBase::ref() const () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #3 0x00007f4d281b3246 in WTF::DefaultRefDerefTraits<WebKit::WebProcessPool>::refIfNotNull(WebKit::WebProcessPool*) () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #4 0x00007f4d2819d11f in WTF::RefPtr<WebKit::WebProcessPool, WTF::RawPtrTraits<WebKit::WebProcessPool>, WTF::DefaultRefDerefTraits<WebKit::WebProcessPool> >::RefPtr(WebKit::WebProcessPool*) () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #5 0x00007f4d28184dd3 in WTF::RefPtr<WebKit::WebProcessPool, WTF::RawPtrTraits<WebKit::WebProcessPool>, WTF::DefaultRefDerefTraits<WebKit::WebProcessPool> >::operator=(WebKit::WebProcessPool*) () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #6 0x00007f4d28166bea in WebKit::WebProcessProxy::WeakOrStrongPtr<WebKit::WebProcessPool>::updateStrongReference() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #7 0x00007f4d2813a896 in WebKit::WebProcessProxy::WeakOrStrongPtr<WebKit::WebProcessPool>::setIsWeak(WebKit::WebProcessProxy::IsWeak) () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #8 0x00007f4d280c6fd9 in WebKit::WebProcessProxy::setIsInProcessCache(bool) () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #9 0x00007f4d280b9edf in WebKit::WebProcessCache::CachedProcess::~CachedProcess() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #10 0x00007f4d2815de48 in std::default_delete<WebKit::WebProcessCache::CachedProcess>::operator()(WebKit::WebProcessCache::CachedProcess*) const () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #11 0x00007f4d281314f2 in std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> >::~unique_ptr() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #12 0x00007f4d2815dbf2 in WTF::KeyValuePair<WebCore::RegistrableDomain, std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> > >::~KeyValuePair() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #13 0x00007f4d2815dc5a in WTF::HashTable<WebCore::RegistrableDomain, WTF::KeyValuePair<WebCore::RegistrableDomain, std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::RegistrableDomain, std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> > > >, WTF::DefaultHash<WebCore::RegistrableDomain>, WTF::HashMap<WebCore::RegistrableDomain, std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> >, WTF::DefaultHash<WebCore::RegistrableDomain>, WTF::HashTraits<WebCore::RegistrableDomain>, WTF::HashTraits<std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WebCore::RegistrableDomain> >::deallocateTable(WTF::KeyValuePair<WebCore::RegistrableDomain, std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> > >*) () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #14 0x00007f4d2815ecce in WTF::HashTable<WebCore::RegistrableDomain, WTF::KeyValuePair<WebCore::RegistrableDomain, std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::RegistrableDomain, std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> > > >, WTF::DefaultHash<WebCore::RegistrableDomain>, WTF::HashMap<WebCore::RegistrableDomain, std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> >, WTF::DefaultHash<WebCore::RegistrableDomain>, WTF::HashTraits<WebCore::RegistrableDomain>, WTF::HashTraits<std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WebCore::RegistrableDomain> >::clear() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #15 0x00007f4d28131d62 in WTF::HashMap<WebCore::RegistrableDomain, std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> >, WTF::DefaultHash<WebCore::RegistrableDomain>, WTF::HashTraits<WebCore::RegistrableDomain>, WTF::HashTraits<std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> > >, WTF::HashTableTraits>::clear() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #16 0x00007f4d280b91df in WebKit::WebProcessCache::clear() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #17 0x00007f4d280bae2f in WebKit::WebProcessPool::~WebProcessPool() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #18 0x00007f4d280bb56c in WebKit::WebProcessPool::~WebProcessPool() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #19 0x00007f4d273028e4 in WTF::ThreadSafeRefCounted<API::Object, (WTF::DestructionThread)0>::deref() const::{lambda()#1}::operator()() const () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #20 0x00007f4d2730292b in WTF::ThreadSafeRefCounted<API::Object, (WTF::DestructionThread)0>::deref() const () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #21 0x00007f4d2779473f in WTF::Ref<WebKit::WebProcessPool, WTF::RawPtrTraits<WebKit::WebProcessPool> >::~Ref() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #22 0x00007f4d280b7f0a in WebKit::WebProcessCache::addProcessIfPossible(WTF::Ref<WebKit::WebProcessProxy, WTF::RawPtrTraits<WebKit::WebProcessProxy> >&&)::{lambda(bool)#1}::~Ref() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #23 0x00007f4d280ef958 in WTF::Detail::CallableWrapper<WebKit::WebProcessCache::addProcessIfPossible(WTF::Ref<WebKit::WebProcessProxy, WTF::RawPtrTraits<WebKit::WebProcessProxy> >&&)::{lambda(bool)#1}, void, bool>::~CallableWrapper() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #24 0x00007f4d280ef980 in WTF::Detail::CallableWrapper<WebKit::WebProcessCache::addProcessIfPossible(WTF::Ref<WebKit::WebProcessProxy, WTF::RawPtrTraits<WebKit::WebProcessProxy> >&&)::{lambda(bool)#1}, void, bool>::~CallableWrapper() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #25 0x00007f4d273cc8c2 in std::default_delete<WTF::Detail::CallableWrapperBase<void, bool> >::operator()(WTF::Detail::CallableWrapperBase<void, bool>*) const () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #26 0x00007f4d273bb788 in std::unique_ptr<WTF::Detail::CallableWrapperBase<void, bool>, std::default_delete<WTF::Detail::CallableWrapperBase<void, bool> > >::~unique_ptr() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #27 0x00007f4d273b00da in WTF::Function<void (bool)>::~Function() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #28 0x00007f4d27a97c66 in WTF::CompletionHandler<void (bool)>::operator()(bool) () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #29 0x00007f4d280ce3ee in WebKit::WebProcessProxy::isResponsive(WTF::CompletionHandler<void (bool)>&&)::{lambda()#2}::operator()() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #30 0x00007f4d2810adc4 in WTF::Detail::CallableWrapper<WebKit::WebProcessProxy::isResponsive(WTF::CompletionHandler<void (bool)>&&)::{lambda()#2}, void>::call() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #31 0x00007f4d2733f2be in WTF::Function<void ()>::operator()() const () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #32 0x00007f4d2733f22b in WTF::CompletionHandler<void ()>::operator()() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #33 0x00007f4d27fc0c60 in WebKit::AuxiliaryProcessProxy::checkForResponsiveness(WTF::CompletionHandler<void ()>&&, WebKit::AuxiliaryProcessProxy::UseLazyStop)::{lambda()#1}::operator()()::{lambda()#1}::operator()() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #34 0x00007f4d27fcd094 in WTF::Detail::CallableWrapper<WebKit::AuxiliaryProcessProxy::checkForResponsiveness(WTF::CompletionHandler<void ()>&&, WebKit::AuxiliaryProcessProxy::UseLazyStop)::{lambda()#1}::operator()()::{lambda()#1}, void>::call() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #35 0x00007f4d2733f2be in WTF::Function<void ()>::operator()() const () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #36 0x00007f4d2a54ff19 in WTF::RunLoop::performWork() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #37 0x00007f4d2a5f2f02 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::operator()(void*) const () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #38 0x00007f4d2a5f2f26 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #39 0x00007f4d2a5f2e95 in WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::operator()(_GSource*, int (*)(void*), void*) const () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #40 0x00007f4d2a5f2ee3 in WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0 #41 0x00007f4d3849c294 in g_main_dispatch (context=0x55bf7b18d4e0) at ../glib/gmain.c:3381 #42 g_main_context_dispatch (context=0x55bf7b18d4e0) at ../glib/gmain.c:4099 #43 0x00007f4d3849c638 in g_main_context_iterate (context=0x55bf7b18d4e0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4175 #44 0x00007f4d3849c943 in g_main_loop_run (loop=0x55bf7b1dc3c0) at ../glib/gmain.c:4373 #45 0x000055bf7a1558d9 in WebViewTest::waitUntilLoadFinished() () #46 0x000055bf7a140524 in testWebViewIsPlayingAudio(IsPlayingAudioWebViewTest*, void const*) () #47 0x00007f4d384c5ca6 in test_case_run (tc=0x55bf7b1896c0) at ../glib/gtestutils.c:2900 #48 g_test_run_suite_internal (suite=suite@entry=0x55bf7b188ca0, path=path@entry=0x0) at ../glib/gtestutils.c:2988 #49 0x00007f4d384c59cb in g_test_run_suite_internal (suite=suite@entry=0x55bf7b188c80, path=path@entry=0x0) at ../glib/gtestutils.c:3005 #50 0x00007f4d384c59cb in g_test_run_suite_internal (suite=suite@entry=0x55bf7b188c40, path=path@entry=0x0) at ../glib/gtestutils.c:3005 #51 0x00007f4d384c617a in g_test_run_suite (suite=suite@entry=0x55bf7b188c40) at ../glib/gtestutils.c:3082 #52 0x00007f4d384c61a1 in g_test_run () at ../glib/gtestutils.c:2200 #53 0x000055bf7a14de48 in main ()

Attachments
Patch (4.32 KB, patch) 2021-12-09 10:35 PST, Chris Dumez	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2021-12-09 10:35:54 PST

Created attachment 446564 [details] Patch

Geoffrey Garen

Comment 2 2021-12-09 10:43:56 PST

Comment on attachment 446564 [details] Patch r=me

Adrian Perez

Comment 3 2021-12-09 13:00:47 PST

Nice, thanks for fixing this! =)

EWS

Comment 4 2021-12-09 13:15:19 PST

Committed r286800 (245040@main): <https://commits.webkit.org/245040@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 446564 [details].

Note You need to log in before you can comment on or make changes to this bug.