Race-condition during scrolling thread creation
Created attachment 360572 [details] Patch
Attachment 360572 [details] did not pass style-queue: ERROR: Source/WebCore/page/scrolling/ScrollingThread.cpp:86: More than one command on the same line [whitespace/newline] [4] ERROR: Source/WebCore/page/scrolling/ScrollingThread.cpp:86: Missing space before { [whitespace/braces] [5] ERROR: Source/WebCore/page/scrolling/ScrollingThread.cpp:88: More than one command on the same line [whitespace/newline] [4] ERROR: Source/WebCore/page/scrolling/ScrollingThread.cpp:88: Missing space before { [whitespace/braces] [5] Total errors found: 4 in 2 files If any of these errors are false positives, please file a bug against check-webkit-style.
Here's the stacktrace, for context. The relevant threads are 1 (where m_mainLoop is null-dereferenced), 7 (frame #18), and 11 (frame #17): Thread 11 (LWP 730): #0 0x7543989c in sched_yield () at ../sysdeps/unix/syscall-template.S:84 #1 0x76baa5aa in bmalloc::StaticMutex::lockSlowCase ( this=0x76f67244 <bmalloc::PerProcess<bmalloc::PerHeapKind<bmalloc::Heap> >::s_mutex>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/bmalloc/bmalloc/StaticMutex.cpp:50 #2 0x76ba3fee in bmalloc::StaticMutex::lock ( this=0x76f67244 <bmalloc::PerProcess<bmalloc::PerHeapKind<bmalloc::Heap> >::s_mutex>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/bmalloc/bmalloc/StaticMutex.h:93 #3 std::lock_guard<bmalloc::StaticMutex>::lock_guard (__m=..., this=0x709fc814) at /usr/include/c++/7.3.0/bits/std_mutex.h:162 #4 bmalloc::Allocator::refillAllocatorSlowCase (this=this@entry=0x71bedb8c, allocator=..., sizeClass=sizeClass@entry=6) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/bmalloc/bmalloc/Allocator.cpp:156 #5 0x76ba419e in bmalloc::Allocator::refillAllocator (sizeClass=<optimized out>, allocator=..., this=0x71bedb8c) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/bmalloc/bmalloc/Allocator.cpp:165 #6 bmalloc::Allocator::allocateSlowCase (this=0x71bedb8c, size=<optimized out>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/bmalloc/bmalloc/Allocator.cpp:192 #7 0x76b72e7a in WTF::fastZeroedMalloc (n=n@entry=52) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/FastMalloc.cpp:80 #8 0x76b80ed6 in WTF::(anonymous namespace)::Hashtable::create (size=12) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/ParkingLot.cpp:220 #9 WTF::(anonymous namespace)::ensureHashtableSize (numThreads=1995817796) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/ParkingLot.cpp:379 #10 WTF::(anonymous namespace)::ThreadData::ThreadData (this=<optimized out>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/ParkingLot.cpp:436 #11 WTF::(anonymous namespace)::myThreadData () at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/ParkingLot.cpp:461 #12 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) ( address=0x76f5c348 <WebCore::ScrollingThread::singleton()::scrollingThread+4>, address@entry=0x7ff00000, validation=..., beforeSleep=..., timeout=...) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/ParkingLot.cpp:572 #13 0x7619429a in WTF::ParkingLot::parkConditionally<bool WTF::Condition::waitUntil<std::unique_lock<WTF::Lock> >(std::unique_lock<WTF::Lock>&, WTF::TimeWithDynamicClockType const&)::{lambda()#1}, bool WTF::Condition::waitUntil<std::unique_lock<WTF::Lock> >(std::unique_lock<WTF::Lock>&, WTF::TimeWithDynamicClockType const&)::{lambda()#2}>(void const*, bool WTF::Condition::waitUntil<std::unique_lock<WTF::Lock> >(std::unique_lock<WTF::Lock>&, WTF::TimeWithDynamicClockType const&)::{lambda()#1} const&, bool WTF::Condition::waitUntil<std::unique_lock<WTF::Lock> >(std::unique_lock<WTF::Lock>&, WTF::TimeWithDynamicClockType const&)::{lambda()#2} const&, WTF::TimeWithDynamicClockType const&) ( timeout=..., beforeSleep=..., validation=..., address=0x7ff00000) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/build/DerivedSources/ForwardingHeaders/wtf/ParkingLot.h:85 #14 WTF::Condition::waitUntil<std::unique_lock<WTF::Lock> > (timeout=..., lock=..., this=<optimized out>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/build/DerivedSources/ForwardingHeaders/wtf/Condition.h:76 #15 WTF::Condition::wait<std::unique_lock<WTF::Lock> > (lock=..., this=<optimized out>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/build/DerivedSources/ForwardingHeaders/wtf/Condition.h:122 #16 WTF::Condition::wait<std::unique_lock<WTF::Lock>, WebCore::ScrollingThread::createThreadIfNeeded()::<lambda()> > (predicate=..., lock=..., this=0x7ff00000) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/build/DerivedSources/ForwardingHeaders/wtf/Condition.h:129 #17 WebCore::ScrollingThread::createThreadIfNeeded ( this=0x76f5c344 <WebCore::ScrollingThread::singleton()::scrollingThread>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WebCore/page/scrolling/ScrollingThread.cpp:90 #18 0x7619640e in WebCore::ScrollingThread::dispatch(WTF::Function<void ()>&&) (function=...) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WebCore/page/scrolling/ScrollingThread.cpp:49 #19 0x7619911e in WebCore::ThreadedScrollingTree::tryToHandleWheelEvent (this=0x71a85000, wheelEvent=...) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WebCore/page/scrolling/ThreadedScrollingTree.cpp:60 #20 0x7593174a in WebKit::EventDispatcher::wheelEvent (this=0x71afa000, pageID=<optimized out>, wheelEvent=..., canRubberBandAtLeft=true, canRubberBandAtRight=true, canRubberBandAtTop=true, canRubberBandAtBottom=true) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WebKit/WebProcess/WebPage/EventDispatcher.cpp:129 #21 0x7599dc4a in IPC::callMemberFunctionImpl<WebKit::EventDispatcher, void (WebKit::EventDispatcher::*)(unsigned long long, WebKit::WebWheelEvent const&, bool, bool, bool, bool), std::tuple<unsigned long long, WebKit::WebWheelEvent, bool, bool, bool, bool>, 0u, 1u, 2u, 3u, 4u, 5u> (args=..., function= (void (WebKit::EventDispatcher::*)(WebKit::EventDispatcher * const, unsigned long long, const WebKit::WebWheelEvent &, bool, bool, bool, bool)) 0x547879c8, this adjustment 552306874, object=0x71afa000) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WebKit/Platform/IPC/HandleMessage.h:40 #22 IPC::callMemberFunction<WebKit::EventDispatcher, void (WebKit::EventDispatcher::*)(unsigned long long, WebKit::WebWheelEvent const&, bool, bool, bool, bool), std::tuple<unsigned long long, WebKit::WebWheelEvent, bool, bool, bool, bool>, std::integer_sequence<unsigned int, 0u, 1u, 2u, 3u, 4u, 5u> > (function= (void (WebKit::EventDispatcher::*)(WebKit::EventDispatcher * const, unsigned long long, const WebKit::WebWheelEvent &, bool, bool, bool, bool)) 0x547879c8, this adjustment 552306874, object=0x71afa000, args=...) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WebKit/Platform/IPC/HandleMessage.h:46 #23 IPC::handleMessage<Messages::EventDispatcher::WheelEvent, WebKit::EventDispatcher, void (WebKit::EventDispatcher::*)(unsigned long long, WebKit::WebWheelEvent const&, bool, bool, bool, bool)> (decoder=..., object=0x71afa000, function= (void (WebKit::EventDispatcher::*)(WebKit::EventDispatcher * const, unsigned long long, const WebKit::WebWheelEvent &, bool, bool, bool, bool)) 0x759315c9 <WebKit::EventDispatcher::wheelEvent(unsigned long long, WebKit::WebWheelEvent const&, bool, bool, bool, bool)>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WebKit/Platform/IPC/HandleMessage.h:126 #24 0x75804dce in IPC::Connection::dispatchWorkQueueMessageReceiverMessage (this=0x71aec000, workQueueMessageReceiver=..., decoder=...) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WebKit/Platform/IPC/Connection.cpp:299 #25 0x76b82afe in WTF::Function<void ()>::operator()() const (this=<synthetic pointer>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/Function.h:56 #26 WTF::RunLoop::performWork (this=0x71af3000) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/RunLoop.cpp:106 #27 0x76ba1458 in WTF::RunLoop::<lambda(gpointer)>::operator() (__closure=0x0, userData=<optimized out>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/glib/RunLoopGLib.cpp:68 #28 WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer) () at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/glib/RunLoopGLib.cpp:70 #29 0x75044140 in g_main_dispatch (context=0x700005b8) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:3234 #30 g_main_context_dispatch (context=context@entry=0x700005b8) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:3899 #31 0x750444c8 in g_main_context_iterate (context=0x700005b8, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:3972 #32 0x7504485c in g_main_loop_run (loop=0x70003838) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:4168 #33 0x76ba1b68 in WTF::RunLoop::run () at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/glib/RunLoopGLib.cpp:96 #34 0x76b836ea in WTF::Function<void ()>::operator()() const (this=<synthetic pointer>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/Function.h:56 #35 WTF::Thread::entryPoint (newThreadContext=0x71af8000) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/Threading.cpp:129 #36 0x76ba04a0 in WTF::wtfThreadEntryPoint (context=<optimized out>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/ThreadingPthreads.cpp:223 #37 0x74e3fe8c in start_thread (arg=0x709fd2e0) at /usr/src/debug/glibc/2.26-r0/git/nptl/pthread_create.c:465 #38 0x75453448 in ?? () at ../sysdeps/unix/sysv/linux/arm/clone.S:73 from ./lib/libc.so.6 Backtrace stopped: previous frame identical to this frame (corrupt stack?) Thread 10 (LWP 737): #0 0x75449b9c in __GI___poll (fds=0x6ec048f0, nfds=2, timeout=-1) at /usr/src/debug/glibc/2.26-r0/git/sysdeps/unix/sysv/linux/poll.c:29 #1 0x75044484 in g_main_context_poll (priority=<optimized out>, n_fds=2, fds=0x6ec048f0, timeout=<optimized out>, context=0x6ec005b8) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:4271 #2 g_main_context_iterate (context=0x6ec005b8, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:3967 #3 0x7504485c in g_main_loop_run (loop=0x6ec03838) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:4168 #4 0x76ba1b68 in WTF::RunLoop::run () at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/glib/RunLoopGLib.cpp:96 #5 0x76b836ea in WTF::Function<void ()>::operator()() const (this=<synthetic pointer>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/Function.h:56 #6 WTF::Thread::entryPoint (newThreadContext=0x71af8060) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/Threading.cpp:129 #7 0x76ba04a0 in WTF::wtfThreadEntryPoint (context=<optimized out>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/ThreadingPthreads.cpp:223 #8 0x74e3fe8c in start_thread (arg=0x6f5ff2e0) at /usr/src/debug/glibc/2.26-r0/git/nptl/pthread_create.c:465 Backtrace stopped: Cannot access memory at address 0x6eae7ff8 Thread 9 (LWP 760): #0 0x75449b9c in __GI___poll (fds=0x6380a990, nfds=2, timeout=-1) at /usr/src/debug/glibc/2.26-r0/git/sysdeps/unix/sysv/linux/poll.c:29 #1 0x75044484 in g_main_context_poll (priority=<optimized out>, n_fds=2, fds=0x6380a990, timeout=<optimized out>, context=0x63809210) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:4271 #2 g_main_context_iterate (context=0x63809210, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:3967 #3 0x7504485c in g_main_loop_run (loop=0x638092e0) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:4168 #4 0x7462f38c in gdbus_shared_thread_func (user_data=0x638091f8) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/gio/gdbusprivate.c:252 #5 0x7506db6c in g_thread_proxy (data=0xc18780) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gthread.c:784 #6 0x74e3fe8c in start_thread (arg=0x637ff2e0) at /usr/src/debug/glibc/2.26-r0/git/nptl/pthread_create.c:465 #7 0x75453448 in ?? () at ../sysdeps/unix/sysv/linux/arm/clone.S:73 from ./lib/libc.so.6 Backtrace stopped: previous frame identical to this frame (corrupt stack?) Thread 8 (LWP 758): #0 0x75449b9c in __GI___poll (fds=0xc1e1e8, nfds=1, timeout=-1) at /usr/src/debug/glibc/2.26-r0/git/sysdeps/unix/sysv/linux/poll.c:29 #1 0x75044484 in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0xc1e1e8, timeout=<optimized out>, context=0xc1e058) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:4271 #2 g_main_context_iterate (context=context@entry=0xc1e058, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:3967 #3 0x75044598 in g_main_context_iteration (context=0xc1e058, may_block=may_block@entry=1) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:4033 #4 0x750445d8 in glib_worker_main (data=<optimized out>) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:5824 #5 0x7506db6c in g_thread_proxy (data=0x75108874 <unix_signal_pending>) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gthread.c:784 #6 0x74e3fe8c in start_thread (arg=0x64bff2e0) at /usr/src/debug/glibc/2.26-r0/git/nptl/pthread_create.c:465 #7 0x75453448 in ?? () at ../sysdeps/unix/sysv/linux/arm/clone.S:73 from ./lib/libc.so.6 Backtrace stopped: previous frame identical to this frame (corrupt stack?) Thread 7 (LWP 944): #0 0x74e46eb0 in futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x71a5b0a8) at /usr/src/debug/glibc/2.26-r0/git/sysdeps/unix/sysv/linux/futex-internal.h:88 #1 __pthread_cond_wait_common (abstime=0x0, mutex=<optimized out>, cond=0x71a5b080) at /usr/src/debug/glibc/2.26-r0/git/nptl/pthread_cond_wait.c:502 #2 __pthread_cond_wait (cond=0x71a5b080, mutex=0x71a5b064) at /usr/src/debug/glibc/2.26-r0/git/nptl/pthread_cond_wait.c:655 #3 0x7441c408 in __gthread_cond_wait (__mutex=<optimized out>, __cond=__cond@entry=0x71a5b080) at /usr/src/debug/gcc-runtime/7.3.0-r0/gcc-7.3.0/build.arm-veld-linux-gnueabi.arm-veld-linux-gnueabi/arm-veld-linux-gnueabi/libstdc++-v3/include/arm-veld-linux-gnueabi/bits/gthr-default.h:864 #4 std::condition_variable::wait (this=this@entry=0x71a5b080, __lock=...) at ../../../../../../../../../../work-shared/gcc-7.3.0-r0/gcc-7.3.0/libstdc++-v3/src/c++11/condition_variable.cc:53 #5 0x76b8548a in WTF::WordLock::lockSlow (this=0x71af6008) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/WordLock.cpp:169 #6 0x76b8082c in WTF::WordLock::lock (this=<optimized out>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/WordLock.h:62 #7 WTF::(anonymous namespace)::lockHashtable () at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/ParkingLot.cpp:318 #8 0x76b80d46 in WTF::(anonymous namespace)::ensureHashtableSize (numThreads=0) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/ParkingLot.cpp:354 #9 WTF::(anonymous namespace)::ThreadData::ThreadData (this=0x71a5b000) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/ParkingLot.cpp:436 #10 WTF::(anonymous namespace)::myThreadData () at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/ParkingLot.cpp:461 #11 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) (address=0x6ed2e808, address@entry=0x76f5c349 <WebCore::ScrollingThread::singleton()::scrollingThread+5>, validation=..., beforeSleep=..., timeout=...) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/ParkingLot.cpp:572 #12 0x76b766e6 in WTF::ParkingLot::parkConditionally<WTF::ParkingLot::ParkResult WTF::ParkingLot::compareAndPark<unsigned char, unsigned char>(WTF::Atomic<unsigned char> const*, unsigned char)::{lambda()#1}, WTF::ParkingLot::ParkResult WTF::ParkingLot::compareAndPark<unsigned char, unsigned char>(WTF::Atomic<unsigned char> const*, unsigned char)::{lambda()#2}>(void const*, WTF::ParkingLot::ParkResult WTF::ParkingLot::compareAndPark<unsigned char, unsigned char>(WTF::Atomic<unsigned char> const*, unsigned char)::{lambda()#1} const&, WTF::ParkingLot::ParkResult WTF::ParkingLot::compareAndPark<unsigned char, unsigned char>(WTF::Atomic<unsigned char> const*, unsigned char)::{lambda()#2} const&, WTF::TimeWithDynamicClockType const&) (timeout=..., beforeSleep=..., validation=..., address=0x76f5c349 <WebCore::ScrollingThread::singleton()::scrollingThread+5>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/ParkingLot.h:85 #13 WTF::ParkingLot::compareAndPark<unsigned char, unsigned char> (expected=<optimized out>, address=0x76f5c349 <WebCore::ScrollingThread::singleton()::scrollingThread+5>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/ParkingLot.h:100 #14 WTF::LockAlgorithm<unsigned char, (unsigned char)1, (unsigned char)2, WTF::EmptyLockHooks<unsigned char> >::lockSlow (lock=...) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/LockAlgorithmInlines.h:83 #15 0x76b7658e in WTF::Lock::lockSlow ( this=this@entry=0x76f5c349 <WebCore::ScrollingThread::singleton()::scrollingThread+5>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/Lock.cpp:40 #16 0x7619af0a in WTF::Lock::lock (this=0x76f5c349 <WebCore::ScrollingThread::singleton()::scrollingThread+5>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/build/DerivedSources/ForwardingHeaders/wtf/Lock.h:60 #17 std::lock_guard<WTF::Lock>::lock_guard (__m=..., this=<synthetic pointer>) at /usr/include/c++/7.3.0/bits/std_mutex.h:162 #18 WebCore::ScrollingThread::initializeRunLoop ( this=0x76f5c344 <WebCore::ScrollingThread::singleton()::scrollingThread>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WebCore/page/scrolling/generic/ScrollingThreadGeneric.cpp:38 #19 0x76b836ea in WTF::Function<void ()>::operator()() const (this=<synthetic pointer>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/Function.h:56 #20 WTF::Thread::entryPoint (newThreadContext=0x71a62000) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/Threading.cpp:129 #21 0x76ba04a0 in WTF::wtfThreadEntryPoint (context=<optimized out>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/ThreadingPthreads.cpp:223 #22 0x74e3fe8c in start_thread (arg=0x625ff2e0) at /usr/src/debug/glibc/2.26-r0/git/nptl/pthread_create.c:465 Backtrace stopped: Cannot access memory at address 0x2c Thread 6 (LWP 726): #0 0x74e47358 in futex_abstimed_wait_cancelable (private=<optimized out>, abstime=0x723faca8, expected=0, futex_word=0x76f6b0f4 <bmalloc::SafePerProcessStorageTraits<bmalloc::Scavenger>::Storage::s_memory+60>) at /usr/src/debug/glibc/2.26-r0/git/sysdeps/unix/sysv/linux/futex-internal.h:205 #1 __pthread_cond_wait_common (abstime=0x723faca8, mutex=<optimized out>, cond=0x76f6b0c8 <bmalloc::SafePerProcessStorageTraits<bmalloc::Scavenger>::Storage::s_memory+16>) at /usr/src/debug/glibc/2.26-r0/git/nptl/pthread_cond_wait.c:539 #2 __pthread_cond_timedwait ( cond=0x76f6b0c8 <bmalloc::SafePerProcessStorageTraits<bmalloc::Scavenger>::Storage::s_memory+16>, mutex=0xb0c6c0, abstime=0x723faca8) at /usr/src/debug/glibc/2.26-r0/git/nptl/pthread_cond_wait.c:667 #3 0x76baa232 in __gthread_cond_timedwait (__abs_timeout=0x723facf8, __mutex=<optimized out>, __cond=0x76f6b0c8 <bmalloc::SafePerProcessStorageTraits<bmalloc::Scavenger>::Storage::s_memory+16>) at /usr/include/c++/7.3.0/arm-veld-linux-gnueabi/bits/gthr-default.h:871 #4 std::condition_variable::__wait_until_impl<std::chrono::duration<long long, std::ratio<1ll, 1000000000ll> > > ( __atime=..., __lock=<synthetic pointer>..., this=0x76f6b0c8 <bmalloc::SafePerProcessStorageTraits<bmalloc::Scavenger>::Storage::s_memory+16>) at /usr/include/c++/7.3.0/condition_variable:166 #5 std::condition_variable::wait_until<std::chrono::duration<long long, std::ratio<1ll, 1000000000ll> > > ( __atime=..., __lock=<synthetic pointer>..., this=0x76f6b0c8 <bmalloc::SafePerProcessStorageTraits<bmalloc::Scavenger>::Storage::s_memory+16>) at /usr/include/c++/7.3.0/condition_variable:106 #6 std::_V2::condition_variable_any::wait_until<std::unique_lock<bmalloc::Mutex>, std::chrono::_V2::system_clock, std::chrono::duration<long long, std::ratio<1ll, 1000000000ll> > > (__atime=..., __lock=<synthetic pointer>..., this=<optimized out>) at /usr/include/c++/7.3.0/condition_variable:274 #7 std::_V2::condition_variable_any::wait_until<std::unique_lock<bmalloc::Mutex>, std::chrono::_V2::system_clock, std::chrono::duration<long long int, std::ratio<1, 1000000000> >, bmalloc::Scavenger::threadRunLoop()::<lambda()> > ( __p=..., __atime=..., __lock=<synthetic pointer>..., this=<optimized out>) at /usr/include/c++/7.3.0/condition_variable:285 #8 std::_V2::condition_variable_any::wait_for<std::unique_lock<bmalloc::Mutex>, long long int, std::ratio<1, 1000>, bmalloc::Scavenger::threadRunLoop()::<lambda()> > (__rtime=<synthetic pointer>..., __p=..., __lock=<synthetic pointer>..., this=<optimized out>) at /usr/include/c++/7.3.0/condition_variable:300 #9 bmalloc::Scavenger::threadRunLoop ( this=0x76f6b0b8 <bmalloc::SafePerProcessStorageTraits<bmalloc::Scavenger>::Storage::s_memory>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/bmalloc/bmalloc/Scavenger.cpp:166 #10 0x7442247c in std::execute_native_thread_routine (__p=0xb0e980) at ../../../../../../../../../../work-shared/gcc-7.3.0-r0/gcc-7.3.0/libstdc++-v3/src/c++11/thread.cc:83 #11 0x74e3fe8c in start_thread (arg=0x723fb2e0) at /usr/src/debug/glibc/2.26-r0/git/nptl/pthread_create.c:465 #12 0x75453448 in ?? () at ../sysdeps/unix/sysv/linux/arm/clone.S:73 from ./lib/libc.so.6 Backtrace stopped: previous frame identical to this frame (corrupt stack?) Thread 5 (LWP 937): #0 0x75449b9c in __GI___poll (fds=0x62797aa0, nfds=2, timeout=-1) at /usr/src/debug/glibc/2.26-r0/git/sysdeps/unix/sysv/linux/poll.c:29 #1 0x75044484 in g_main_context_poll (priority=<optimized out>, n_fds=2, fds=0x62797aa0, timeout=<optimized out>, context=0x6380aa30) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:4271 #2 g_main_context_iterate (context=0x6380aa30, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:3967 #3 0x7504485c in g_main_loop_run (loop=0x6380a980) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:4168 #4 0x76ba1b68 in WTF::RunLoop::run () at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/glib/RunLoopGLib.cpp:96 #5 0x76b836ea in WTF::Function<void ()>::operator()() const (this=<synthetic pointer>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/Function.h:56 #6 WTF::Thread::entryPoint (newThreadContext=0x71aa9cc0) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/Threading.cpp:129 #7 0x76ba04a0 in WTF::wtfThreadEntryPoint (context=<optimized out>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/ThreadingPthreads.cpp:223 #8 0x74e3fe8c in start_thread (arg=0x641ff2e0) at /usr/src/debug/glibc/2.26-r0/git/nptl/pthread_create.c:465 #9 0x75453448 in ?? () at ../sysdeps/unix/sysv/linux/arm/clone.S:73 from ./lib/libc.so.6 Backtrace stopped: previous frame identical to this frame (corrupt stack?) Thread 4 (LWP 742): #0 0x7544b648 in ioctl () at ../sysdeps/unix/syscall-template.S:84 #1 0x726690e0 in gcoOS_DeviceControl () from ./usr/lib/libGAL.so #2 0x7266a8ec in gcoOS_WaitSignal () from ./usr/lib/libGAL.so #3 0x74132be8 in ?? () from ./usr/lib/libEGL.so.1 Backtrace stopped: previous frame identical to this frame (corrupt stack?) Thread 3 (LWP 757): #0 0x75449b9c in __GI___poll (fds=0x654044c8, nfds=2, timeout=-1) at /usr/src/debug/glibc/2.26-r0/git/sysdeps/unix/sysv/linux/poll.c:29 #1 0x75044484 in g_main_context_poll (priority=<optimized out>, n_fds=2, fds=0x654044c8, timeout=<optimized out>, context=0x654005b8) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:4271 #2 g_main_context_iterate (context=0x654005b8, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:3967 #3 0x7504485c in g_main_loop_run (loop=0x65403838) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:4168 #4 0x76ba1b68 in WTF::RunLoop::run () at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/glib/RunLoopGLib.cpp:96 #5 0x76b836ea in WTF::Function<void ()>::operator()() const (this=<synthetic pointer>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/Function.h:56 #6 WTF::Thread::entryPoint (newThreadContext=0x71af80c0) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/Threading.cpp:129 #7 0x76ba04a0 in WTF::wtfThreadEntryPoint (context=<optimized out>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/ThreadingPthreads.cpp:223 #8 0x74e3fe8c in start_thread (arg=0x65dff2e0) at /usr/src/debug/glibc/2.26-r0/git/nptl/pthread_create.c:465 #9 0x75453448 in ?? () at ../sysdeps/unix/sysv/linux/arm/clone.S:73 from ./lib/libc.so.6 Backtrace stopped: previous frame identical to this frame (corrupt stack?) Thread 2 (LWP 731): #0 0x75449b9c in __GI___poll (fds=0x6f603c80, nfds=1, timeout=-1) at /usr/src/debug/glibc/2.26-r0/git/sysdeps/unix/sysv/linux/poll.c:29 #1 0x75044484 in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x6f603c80, timeout=<optimized out>, context=0x6f6005b8) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:4271 #2 g_main_context_iterate (context=0x6f6005b8, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:3967 #3 0x7504485c in g_main_loop_run (loop=0x6f602ff0) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:4168 #4 0x76ba1b68 in WTF::RunLoop::run () at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/glib/RunLoopGLib.cpp:96 #5 0x76b836ea in WTF::Function<void ()>::operator()() const (this=<synthetic pointer>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/Function.h:56 #6 WTF::Thread::entryPoint (newThreadContext=0x71af8030) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/Threading.cpp:129 #7 0x76ba04a0 in WTF::wtfThreadEntryPoint (context=<optimized out>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/ThreadingPthreads.cpp:223 #8 0x74e3fe8c in start_thread (arg=0x6ffff2e0) at /usr/src/debug/glibc/2.26-r0/git/nptl/pthread_create.c:465 Backtrace stopped: Cannot access memory at address 0x6eae7ff8 Thread 1 (LWP 721): #0 0x7619af28 in WebCore::ScrollingThread::wakeUpRunLoop ( this=0x76f5c344 <WebCore::ScrollingThread::singleton()::scrollingThread>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WebCore/page/scrolling/generic/ScrollingThreadGeneric.cpp:48 #1 0x7619a2e4 in WebCore::ScrollingCoordinatorCoordinatedGraphics::commitTreeState (this=<optimized out>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WebCore/page/scrolling/coordinatedgraphics/ScrollingCoordinatorCoordinatedGraphics.cpp:89 #2 0x76ba18de in WTF::RunLoop::TimerBase::<lambda(gpointer)>::operator() (__closure=0x0, userData=0x71aae1d0) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/glib/RunLoopGLib.cpp:170 #3 WTF::RunLoop::TimerBase::<lambda(gpointer)>::_FUN(gpointer) () at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/glib/RunLoopGLib.cpp:176 #4 0x75044140 in g_main_dispatch (context=0xb0eaf8) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:3234 #5 g_main_context_dispatch (context=context@entry=0xb0eaf8) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:3899 #6 0x750444c8 in g_main_context_iterate (context=0xb0eaf8, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:3972 #7 0x7504485c in g_main_loop_run (loop=0xb100b8) at /usr/src/debug/glib-2.0/1_2.52.3-r0/glib-2.52.3/glib/gmain.c:4168 #8 0x76ba1b68 in WTF::RunLoop::run () at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WTF/wtf/glib/RunLoopGLib.cpp:96 #9 0x75a19588 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/wpewebkit/2.20.1-AUTOINC+68827a126c-r0/git/Source/WebKit/Shared/unix/ChildProcessMain.h:61 #10 0x75398b58 in __libc_start_main (main=0x8711 <main(int, char**)>, argc=4, argv=0x7ee3afe4, init=<optimized out>, fini=0x88f8 <__libc_csu_fini>, rtld_fini=0x76f7c6b0 <_dl_fini>, stack_end=0x7ee3afe4) at /usr/src/debug/glibc/2.26-r0/git/csu/libc-start.c:308 #11 0x00008784 in _start () at ../sysdeps/arm/start.S:124 Backtrace stopped: previous frame identical to this frame (corrupt stack?)
+darin, +ysuzuki, +sbarati for review.
Comment on attachment 360572 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=360572&action=review > Source/WebCore/page/scrolling/ScrollingThread.cpp:86 > + m_initializeRunLoopConditionVariable.wait(lock, [this]{ return m_threadRunLoop; }); Who notifies this condition?
Comment on attachment 360572 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=360572&action=review >> Source/WebCore/page/scrolling/ScrollingThread.cpp:86 >> + m_initializeRunLoopConditionVariable.wait(lock, [this]{ return m_threadRunLoop; }); > > Who notifies this condition? It's notified by ScrollingThread::initializeRunLoop() (see mac/ and generic/ implementations) right after the run loop is initialized. m_initializeRunLoopConditionVariable.notifyAll();
Comment on attachment 360572 [details] Patch Clearing flags on attachment: 360572 Committed r240841: <https://trac.webkit.org/changeset/240841>
All reviewed patches have been landed. Closing bug.
<rdar://problem/47731539>