Bug 233933

Summary: [WPE] Crash under WebProcessProxy::setIsInProcessCache when closing web view in debug builds
Product: WebKit Reporter: Krzysztof Konopko <kris>
Component: WPE WebKitAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, aperez, bugs-noreply, cdumez, darin, ggaren, kris, mcatanzaro, youennf
Priority: P2    
Version: WebKit Local Build   
Hardware: All   
OS: Linux   
Attachments:
Description Flags
Patch none

Description Krzysztof Konopko 2021-12-07 09:41:02 PST 
The following crash can be easily reproduced when running regular (WPE) tests in debug builds on the mainline WebKit branch:

#0  0x00007f4d2a500bc4 in WTFCrash () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#1  0x00007f4d2a500bd5 in WTFIsDebuggerAttached () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#2  0x00007f4d272cc4e7 in WTF::ThreadSafeRefCountedBase::ref() const () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#3  0x00007f4d281b3246 in WTF::DefaultRefDerefTraits<WebKit::WebProcessPool>::refIfNotNull(WebKit::WebProcessPool*) () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#4  0x00007f4d2819d11f in WTF::RefPtr<WebKit::WebProcessPool, WTF::RawPtrTraits<WebKit::WebProcessPool>, WTF::DefaultRefDerefTraits<WebKit::WebProcessPool> >::RefPtr(WebKit::WebProcessPool*) ()
    at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#5  0x00007f4d28184dd3 in WTF::RefPtr<WebKit::WebProcessPool, WTF::RawPtrTraits<WebKit::WebProcessPool>, WTF::DefaultRefDerefTraits<WebKit::WebProcessPool> >::operator=(WebKit::WebProcessPool*) ()
    at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#6  0x00007f4d28166bea in WebKit::WebProcessProxy::WeakOrStrongPtr<WebKit::WebProcessPool>::updateStrongReference() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#7  0x00007f4d2813a896 in WebKit::WebProcessProxy::WeakOrStrongPtr<WebKit::WebProcessPool>::setIsWeak(WebKit::WebProcessProxy::IsWeak) () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#8  0x00007f4d280c6fd9 in WebKit::WebProcessProxy::setIsInProcessCache(bool) () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#9  0x00007f4d280b9edf in WebKit::WebProcessCache::CachedProcess::~CachedProcess() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#10 0x00007f4d2815de48 in std::default_delete<WebKit::WebProcessCache::CachedProcess>::operator()(WebKit::WebProcessCache::CachedProcess*) const () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#11 0x00007f4d281314f2 in std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> >::~unique_ptr() ()
    at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#12 0x00007f4d2815dbf2 in WTF::KeyValuePair<WebCore::RegistrableDomain, std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> > >::~KeyValuePair() ()
    at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#13 0x00007f4d2815dc5a in WTF::HashTable<WebCore::RegistrableDomain, WTF::KeyValuePair<WebCore::RegistrableDomain, std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::RegistrableDomain, std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> > > >, WTF::DefaultHash<WebCore::RegistrableDomain>, WTF::HashMap<WebCore::RegistrableDomain, std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> >, WTF::DefaultHash<WebCore::RegistrableDomain>, WTF::HashTraits<WebCore::RegistrableDomain>, WTF::HashTraits<std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WebCore::RegistrableDomain> >::deallocateTable(WTF::KeyValuePair<WebCore::RegistrableDomain, std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> > >*) () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#14 0x00007f4d2815ecce in WTF::HashTable<WebCore::RegistrableDomain, WTF::KeyValuePair<WebCore::RegistrableDomain, std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::RegistrableDomain, std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> > > >, WTF::DefaultHash<WebCore::RegistrableDomain>, WTF::HashMap<WebCore::RegistrableDomain, std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> >, WTF::DefaultHash<WebCore::RegistrableDomain>, WTF::HashTraits<WebCore::RegistrableDomain>, WTF::HashTraits<std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WebCore::RegistrableDomain> >::clear() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#15 0x00007f4d28131d62 in WTF::HashMap<WebCore::RegistrableDomain, std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> >, WTF::DefaultHash<WebCore::RegistrableDomain>, WTF::HashTraits<WebCore::RegistrableDomain>, WTF::HashTraits<std::unique_ptr<WebKit::WebProcessCache::CachedProcess, std::default_delete<WebKit::WebProcessCache::CachedProcess> > >, WTF::HashTableTraits>::clear() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#16 0x00007f4d280b91df in WebKit::WebProcessCache::clear() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#17 0x00007f4d280bae2f in WebKit::WebProcessPool::~WebProcessPool() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#18 0x00007f4d280bb56c in WebKit::WebProcessPool::~WebProcessPool() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#19 0x00007f4d273028e4 in WTF::ThreadSafeRefCounted<API::Object, (WTF::DestructionThread)0>::deref() const::{lambda()#1}::operator()() const () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#20 0x00007f4d2730292b in WTF::ThreadSafeRefCounted<API::Object, (WTF::DestructionThread)0>::deref() const () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#21 0x00007f4d2779473f in WTF::Ref<WebKit::WebProcessPool, WTF::RawPtrTraits<WebKit::WebProcessPool> >::~Ref() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#22 0x00007f4d280b7f0a in WebKit::WebProcessCache::addProcessIfPossible(WTF::Ref<WebKit::WebProcessProxy, WTF::RawPtrTraits<WebKit::WebProcessProxy> >&&)::{lambda(bool)#1}::~Ref() ()
    at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#23 0x00007f4d280ef958 in WTF::Detail::CallableWrapper<WebKit::WebProcessCache::addProcessIfPossible(WTF::Ref<WebKit::WebProcessProxy, WTF::RawPtrTraits<WebKit::WebProcessProxy> >&&)::{lambda(bool)#1}, void, bool>::~CallableWrapper() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#24 0x00007f4d280ef980 in WTF::Detail::CallableWrapper<WebKit::WebProcessCache::addProcessIfPossible(WTF::Ref<WebKit::WebProcessProxy, WTF::RawPtrTraits<WebKit::WebProcessProxy> >&&)::{lambda(bool)#1}, void, bool>::~CallableWrapper() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#25 0x00007f4d273cc8c2 in std::default_delete<WTF::Detail::CallableWrapperBase<void, bool> >::operator()(WTF::Detail::CallableWrapperBase<void, bool>*) const ()
    at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#26 0x00007f4d273bb788 in std::unique_ptr<WTF::Detail::CallableWrapperBase<void, bool>, std::default_delete<WTF::Detail::CallableWrapperBase<void, bool> > >::~unique_ptr() ()
    at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#27 0x00007f4d273b00da in WTF::Function<void (bool)>::~Function() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#28 0x00007f4d27a97c66 in WTF::CompletionHandler<void (bool)>::operator()(bool) () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#29 0x00007f4d280ce3ee in WebKit::WebProcessProxy::isResponsive(WTF::CompletionHandler<void (bool)>&&)::{lambda()#2}::operator()() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#30 0x00007f4d2810adc4 in WTF::Detail::CallableWrapper<WebKit::WebProcessProxy::isResponsive(WTF::CompletionHandler<void (bool)>&&)::{lambda()#2}, void>::call() ()
    at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#31 0x00007f4d2733f2be in WTF::Function<void ()>::operator()() const () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#32 0x00007f4d2733f22b in WTF::CompletionHandler<void ()>::operator()() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#33 0x00007f4d27fc0c60 in WebKit::AuxiliaryProcessProxy::checkForResponsiveness(WTF::CompletionHandler<void ()>&&, WebKit::AuxiliaryProcessProxy::UseLazyStop)::{lambda()#1}::operator()()::{lambda()#1}::operator()() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#34 0x00007f4d27fcd094 in WTF::Detail::CallableWrapper<WebKit::AuxiliaryProcessProxy::checkForResponsiveness(WTF::CompletionHandler<void ()>&&, WebKit::AuxiliaryProcessProxy::UseLazyStop)::{lambda()#1}::operator()()::{lambda()#1}, void>::call() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#35 0x00007f4d2733f2be in WTF::Function<void ()>::operator()() const () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#36 0x00007f4d2a54ff19 in WTF::RunLoop::performWork() () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#37 0x00007f4d2a5f2f02 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::operator()(void*) const () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#38 0x00007f4d2a5f2f26 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#39 0x00007f4d2a5f2e95 in WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::operator()(_GSource*, int (*)(void*), void*) const () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#40 0x00007f4d2a5f2ee3 in WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) () at /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0
#41 0x00007f4d3849c294 in g_main_dispatch (context=0x55bf7b18d4e0) at ../glib/gmain.c:3381
#42 g_main_context_dispatch (context=0x55bf7b18d4e0) at ../glib/gmain.c:4099
#43 0x00007f4d3849c638 in g_main_context_iterate (context=0x55bf7b18d4e0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4175
#44 0x00007f4d3849c943 in g_main_loop_run (loop=0x55bf7b1dc3c0) at ../glib/gmain.c:4373
#45 0x000055bf7a1558d9 in WebViewTest::waitUntilLoadFinished() ()
#46 0x000055bf7a140524 in testWebViewIsPlayingAudio(IsPlayingAudioWebViewTest*, void const*) ()
#47 0x00007f4d384c5ca6 in test_case_run (tc=0x55bf7b1896c0) at ../glib/gtestutils.c:2900
#48 g_test_run_suite_internal (suite=suite@entry=0x55bf7b188ca0, path=path@entry=0x0) at ../glib/gtestutils.c:2988
#49 0x00007f4d384c59cb in g_test_run_suite_internal (suite=suite@entry=0x55bf7b188c80, path=path@entry=0x0) at ../glib/gtestutils.c:3005
#50 0x00007f4d384c59cb in g_test_run_suite_internal (suite=suite@entry=0x55bf7b188c40, path=path@entry=0x0) at ../glib/gtestutils.c:3005
#51 0x00007f4d384c617a in g_test_run_suite (suite=suite@entry=0x55bf7b188c40) at ../glib/gtestutils.c:3082
#52 0x00007f4d384c61a1 in g_test_run () at ../glib/gtestutils.c:2200
#53 0x000055bf7a14de48 in main ()
Comment 1 Chris Dumez 2021-12-09 10:35:54 PST 
Created attachment 446564 [details]
Patch
Comment 2 Geoffrey Garen 2021-12-09 10:43:56 PST 
Comment on attachment 446564 [details]
Patch

r=me
Comment 3 Adrian Perez 2021-12-09 13:00:47 PST 
Nice, thanks for fixing this! =)
Comment 4 EWS 2021-12-09 13:15:19 PST 
Committed r286800 (245040@main): <https://commits.webkit.org/245040@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 446564 [details].