161842 – [GTK] Crash of WebProcess on the last WebView disconnect (take two)

Bug 161842 - [GTK] Crash of WebProcess on the last WebView disconnect (take two)

Summary: [GTK] Crash of WebProcess on the last WebView disconnect (take two)

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKitGTK (show other bugs)
Version:	Other
Hardware:	PC Linux

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-09-10 12:35 PDT by Michael Catanzaro
Modified:	2016-09-12 23:14 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
Patch (8.31 KB, patch) 2016-09-12 02:12 PDT, Carlos Garcia Campos	mcatanzaro: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Catanzaro 2016-09-10 12:35:18 PDT

It's probably a regression from r205544. Every web process crashes when Epiphany is closed, in terminate:

pure virtual method called
terminate called without an active exception

Internet says "pure virtual method called" means we probably tried to call a virtual method from a constructor or destructor; in this case, it's obviously a destructor. To debug, I added this terminate handler in ChildProcess::initialize:

    std::set_terminate([] { CRASH(); });

So now I see a backtrace, it occurs in the destructor of the GLContextXL, which runs during the destructor of PlatformDisplayX11:

1   0x7f0f35e7308a /home/mcatanzaro/src/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x1e) [0x7f0f35e7308a]
2   0x7f0f3baa284f /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x4a8f84f) [0x7f0f3baa284f]
3   0x7f0f3baa285d /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x4a8f85d) [0x7f0f3baa285d]
4   0x7f0f29b81196 /lib64/libstdc++.so.6(+0x8f196) [0x7f0f29b81196]
5   0x7f0f29b811e1 /lib64/libstdc++.so.6(+0x8f1e1) [0x7f0f29b811e1]
6   0x7f0f29b81d5f /lib64/libstdc++.so.6(+0x8fd5f) [0x7f0f29b81d5f]
7   0x7f0f3bde0e77 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF14TypeCastTraitsIKN7WebCore18PlatformDisplayX11EKNS1_15PlatformDisplayELb0EE6isTypeERS5_+0x23) [0x7f0f3bde0e77]
8   0x7f0f3bde0c70 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF14TypeCastTraitsIKN7WebCore18PlatformDisplayX11EKNS1_15PlatformDisplayELb0EE8isOfTypeERS5_+0x18) [0x7f0f3bde0c70]
9   0x7f0f3bde0a57 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF2isIN7WebCore18PlatformDisplayX11ENS1_15PlatformDisplayEEEbRT0_+0x18) [0x7f0f3bde0a57]
10  0x7f0f3bde0051 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF8downcastIN7WebCore18PlatformDisplayX11ENS1_15PlatformDisplayEEERNS_15match_constnessIT0_T_E4typeERS5_+0x18) [0x7f0f3bde0051]
11  0x7f0f3d80b576 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore12GLContextGLXD1Ev+0x74) [0x7f0f3d80b576]
12  0x7f0f3d80b5f8 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore12GLContextGLXD0Ev+0x18) [0x7f0f3d80b5f8]
13  0x7f0f3c002878 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNKSt14default_deleteIN7WebCore9GLContextEEclEPS1_+0x2e) [0x7f0f3c002878]
14  0x7f0f3c001537 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNSt10unique_ptrIN7WebCore9GLContextESt14default_deleteIS1_EED1Ev+0x47) [0x7f0f3c001537]
15  0x7f0f3d85a997 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore15PlatformDisplayD1Ev+0x5f) [0x7f0f3d85a997]
16  0x7f0f3d8331ca /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18PlatformDisplayX11D1Ev+0x76) [0x7f0f3d8331ca]
17  0x7f0f3d8331e6 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18PlatformDisplayX11D0Ev+0x18) [0x7f0f3d8331e6]
18  0x7f0f3d85bbb6 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNKSt14default_deleteIN7WebCore15PlatformDisplayEEclEPS1_+0x2e) [0x7f0f3d85bbb6]
19  0x7f0f3d85b377 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNSt10unique_ptrIN7WebCore15PlatformDisplayESt14default_deleteIS1_EED1Ev+0x47) [0x7f0f3d85b377]
20  0x7f0f292491e8 /lib64/libc.so.6(+0x391e8) [0x7f0f292491e8]
21  0x7f0f29249235 /lib64/libc.so.6(+0x39235) [0x7f0f29249235]
22  0x7f0f3ba6c661 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection24didFailToSendSyncMessageEv+0x25) [0x7f0f3ba6c661]
23  0x7f0f3ba69fdb /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection15sendSyncMessageEmSt10unique_ptrINS_7EncoderESt14default_deleteIS2_EENSt6chrono8durationIlSt5ratioILl1ELl1000EEEEN3WTF9OptionSetINS_14SendSyncOptionEEE+0xe5) [0x7f0f3ba69fdb]
24  0x7f0f3bd0a788 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection8sendSyncIN8Messages15WebProcessProxy15ShouldTerminateEEEbOT_ONS5_5ReplyEmNSt6chrono8durationIlSt5ratioILl1ELl1000EEEEN3WTF9OptionSetINS_14SendSyncOptionEEE+0x120) [0x7f0f3bd0a788]
25  0x7f0f3bd013f8 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit10WebProcess15shouldTerminateEv+0xc0) [0x7f0f3bd013f8]
26  0x7f0f3baa2ccd /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit12ChildProcess21terminationTimerFiredEv+0x23) [0x7f0f3baa2ccd]
27  0x7f0f3baa2c48 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit12ChildProcess17enableTerminationEv+0x80) [0x7f0f3baa2c48]
28  0x7f0f3bd01334 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit10WebProcess13removeWebPageEm+0x8e) [0x7f0f3bd01334]
29  0x7f0f3be72116 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit7WebPage5closeEv+0x46a) [0x7f0f3be72116]
30  0x7f0f3c1dc173 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC22callMemberFunctionImplIN6WebKit7WebPageEMS2_FvvESt5tupleIJEEJEEEvPT_T0_OT1_St16integer_sequenceImJXspT2_EEE+0x65) [0x7f0f3c1dc173]
31  0x7f0f3c1da874 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC18callMemberFunctionIN6WebKit7WebPageEMS2_FvvESt5tupleIJEESt16integer_sequenceImJEEEEvOT1_PT_T0_+0x41) [0x7f0f3c1da874]

Specifically, in GLContextGLX::~GLContextGLX, in this downcast:

downcast<PlatformDisplayX11>(m_display)

But the PlatformDisplayX11 portion of this PlatformDisplay has already been destroyed; we're currently executing its destructor. I don't know how to fix it, but this code only exists to work around a bug in the nvidia proprietary driver, which might not even exist anymore, so my inclination is to just remove it.

Comment 1 Carlos Garcia Campos 2016-09-12 02:12:38 PDT

Created attachment 288560 [details]
Patch

I can't reproduce it, but this should fix the problem

Comment 2 Michael Catanzaro 2016-09-12 06:47:18 PDT

Comment on attachment 288560 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=288560&action=review

A bit awkward, but looks like it should work....

> Source/WebCore/ChangeLog:8
> +        The problem is that when PlatformDisplayX11 is destroyed, the sharing GL context is deleted and its desstructor

destructor

Comment 3 Carlos Garcia Campos 2016-09-12 23:14:57 PDT

Committed r205852: <http://trac.webkit.org/changeset/205852>