RESOLVED FIXED 148429
IconDatabase: syncThreadMainLoop() is unlocking m_syncLock twice when thread termination is requested 
https://bugs.webkit.org/show_bug.cgi?id=148429
Summary IconDatabase: syncThreadMainLoop() is unlocking m_syncLock twice when thread ...
Carlos Garcia Campos
Reported 2015-08-25 06:26:05 PDT
The test is crashing, but favicons seem to work fine in the MiniBrowser, so maybe it's something that only happens in unit tests because things happen faster or something like that. TEST: ./Tools/gtk/../../WebKitBuild/Debug/bin/TestWebKitAPI/WebKit2Gtk/TestWebKitFaviconDatabase... (pid=7842) /webkit2/WebKitFaviconDatabase/favicon-database-test: ERROR: Failed to start load for icon at url http://127.0.0.1:55922/favicon.ico ../../Source/WebCore/loader/icon/IconLoader.cpp(71) : void WebCore::IconLoader::startLoading() ASSERTION FAILED: oldByteValue == isHeldBit || oldByteValue == (isHeldBit | hasParkedBit) ../../Source/WTF/wtf/Lock.cpp(84) : void WTF::LockBase::unlockSlow() 1 0x2ae6e18c3fb3 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x1e) [0x2ae6e18c3fb3] 2 0x2ae6e18cb02d /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF8LockBase10unlockSlowEv+0x51) [0x2ae6e18cb02d] 3 0x419548 ./Tools/gtk/../../WebKitBuild/Debug/bin/TestWebKitAPI/WebKit2Gtk/TestWebKitFaviconDatabase(_ZN3WTF8LockBase6unlockEv+0x42) [0x419548] 4 0x2ae6e7c59a23 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore12IconDatabase18syncThreadMainLoopEv+0x3a1) [0x2ae6e7c59a23] 5 0x2ae6e7c578ad /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore12IconDatabase22iconDatabaseSyncThreadEv+0x37f) [0x2ae6e7c578ad] 6 0x2ae6e7c5752c /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore12IconDatabase27iconDatabaseSyncThreadStartEPv+0x20) [0x2ae6e7c5752c] 7 0x2ae6e18dc87e /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x169487e) [0x2ae6e18dc87e] 8 0x2ae6e18dca2e /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x1694a2e) [0x2ae6e18dca2e] 9 0x2ae6e14b219a /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZNKSt8functionIFvvEEclEv+0x32) [0x2ae6e14b219a] 10 0x2ae6e18dc760 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x1694760) [0x2ae6e18dc760] 11 0x2ae6e190e4c8 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x16c64c8) [0x2ae6e190e4c8] 12 0x2ae6ee71b0a4 /lib/x86_64-linux-gnu/libpthread.so.0(+0x80a4) [0x2ae6ee71b0a4] 13 0x2ae6f2e1d04d /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x2ae6f2e1d04d] FAIL GTester: last random seed: R02S27cc8ffcc8374f3422c8149248e1d12d (pid=7864) FAIL: ./Tools/gtk/../../WebKitBuild/Debug/bin/TestWebKitAPI/WebKit2Gtk/TestWebKitFaviconDatabase It's an assertion, but also crashes in Release builds, I got this bt: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff937fe700 (LWP 24134)] 0x00007ffff1a910cc in WTFCrash () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 (gdb) bt #0 0x00007ffff1a910cc in WTFCrash () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #1 0x00007ffff1a96645 in WTF::LockBase::unlockSlow() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #2 0x00007ffff313e4ef in WTF::LockBase::unlock() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #3 0x00007ffff3af6212 in WebCore::IconDatabase::syncThreadMainLoop() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #4 0x00007ffff3af72c4 in WebCore::IconDatabase::iconDatabaseSyncThread() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #5 0x00007ffff1aa15a5 in WTF::threadEntryPoint(void*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #6 0x00007ffff1ace4fa in WTF::wtfThreadEntryPoint(void*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #7 0x00007ffff0ab70a4 in start_thread (arg=0x7fff937fe700) at pthread_create.c:309 #8 0x00007fffeae0107d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
Attachments
Patch (1.82 KB, patch)
2015-08-25 08:46 PDT, Carlos Garcia Campos 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Carlos Garcia Campos
Comment 1 2015-08-25 06:45:14 PDT
Crash happens when clearing the database in IconDatabase::removeAllIcons().
Filip Pizlo
Comment 2 2015-08-25 07:50:52 PDT
This assertion indicates that the caller (syncTheeadMainLoop?) is unlocking a lock that wasn't locked. This manifests as a regression because the old locks had no such assertion, but probably this has been a problem in this code for a long time.
Carlos Garcia Campos
Comment 3 2015-08-25 08:40:38 PDT
Indeed, the new lock is just revealing a bug that has been there probably forever. This not GTK specific and not a regression either. I'll submit a patch.
Carlos Garcia Campos
Comment 4 2015-08-25 08:46:13 PDT
Created attachment 259846 [details] Patch
WebKit Commit Bot
Comment 5 2015-08-25 12:16:24 PDT
Comment on attachment 259846 [details] Patch Clearing flags on attachment: 259846 Committed r188931: <http://trac.webkit.org/changeset/188931>
WebKit Commit Bot
Comment 6 2015-08-25 12:16:30 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.