160244 – [Wayland] PlatformDisplay crash when calling wl_proxy_destroy in exit handler

Bug 160244 - [Wayland] PlatformDisplay crash when calling wl_proxy_destroy in exit handler

Summary: [Wayland] PlatformDisplay crash when calling wl_proxy_destroy in exit handler

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKitGTK (show other bugs)
Version:	Other
Hardware:	PC Linux

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:	81456
	Show dependency tree / graph

Reported:	2016-07-27 06:52 PDT by Michael Catanzaro
Modified:	2016-09-02 22:52 PDT (History)
CC List:	4 users (show)

See Also:	https://bugzilla.redhat.com/show_bug.cgi?id=1357119 https://bugzilla.redhat.com/show_bug.cgi?id=1325815 https://bugzilla.redhat.com/show_bug.cgi?id=1364284 https://bugzilla.redhat.com/show_bug.cgi?id=1330116

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Catanzaro 2016-07-27 06:52:10 PDT

I have one report (meaning it's very rare) of a crash when the PlatformDisplayWayland destructor is called in an exit handler, inside wl_proxy_destroy:

Thread 1 (Thread 0x7f3bca75dac0 (LWP 3269)):
#0  wl_proxy_destroy (proxy=0x7f3b00000000) at src/wayland-client.c:438
        display = <optimized out>
#1  0x00007f3bc968d8e0 in wl_webkitgtk_destroy (wl_webkitgtk=<optimized out>) at /usr/src/debug/webkitgtk-2.12.3/x86_64-redhat-linux-gnu/DerivedSources/WebCore/WebKitGtkWaylandClientProtocol.h:70
No locals.
#2  WebCore::PlatformDisplayWayland::~PlatformDisplayWayland (this=0x7f3b42aa06c0, __in_chrg=<optimized out>) at /usr/src/debug/webkitgtk-2.12.3/Source/WebCore/platform/graphics/wayland/PlatformDisplayWayland.cpp:111
No locals.
#3  0x00007f3bc968d929 in WebCore::PlatformDisplayWayland::~PlatformDisplayWayland (this=0x7f3b42aa06c0, __in_chrg=<optimized out>) at /usr/src/debug/webkitgtk-2.12.3/Source/WebCore/platform/graphics/wayland/PlatformDisplayWayland.cpp:118
No locals.
#4  0x00007f3bbe52a1e8 in __run_exit_handlers (status=status@entry=0, listp=0x7f3bbe8ad5d8 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true) at exit.c:82
        atfct = <optimized out>
        onfct = <optimized out>
        cxafct = <optimized out>
        f = <optimized out>
#5  0x00007f3bbe52a235 in __GI_exit (status=status@entry=0) at exit.c:104
No locals.
#6  0x00007f3bc86346b3 in IPC::Connection::didFailToSendSyncMessage (this=this@entry=0x7f3bb4de9000) at /usr/src/debug/webkitgtk-2.12.3/Source/WebKit2/Platform/IPC/Connection.cpp:873
No locals.

Note it's triggered by didFailToSendSyncMessage. Full backtrace downstream.

Comment 1 Michael Catanzaro 2016-07-27 06:56:06 PDT

I take that back, we have 13 reports of this. Still relatively rare.

I forgot to mention, this is very similar to bug #157973.

Comment 2 Michael Catanzaro 2016-08-05 07:55:44 PDT

Got two users who report this can be triggered by using Epiphany's bookmarks import feature. (Yeah....) It also crashes GNOME shell.

Comment 3 Michael Catanzaro 2016-08-05 08:01:25 PDT

Note that using exit-time destructors like this is a violation of our programming guidelines, and why we have NeverDestroyed.

Comment 4 Michael Catanzaro 2016-08-17 01:12:08 PDT

(In reply to comment #1)
> I take that back, we have 13 reports of this. Still relatively rare.

Now we're up to 271 reports

Comment 5 Carlos Garcia Campos 2016-08-17 01:14:51 PDT

This could be fixed by patch attached to bug #115803, since PlatformDisplayWayland no longer creates a wl_webkitgtk object.

Comment 6 Carlos Garcia Campos 2016-09-02 22:52:14 PDT

Please, reopen this if it still fails after r205116