[Webkit-unassigned] [Bug 157973] New: PlatformDisplayWayland is super crashy

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat May 21 09:59:16 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=157973

            Bug ID: 157973
           Summary: PlatformDisplayWayland is super crashy
    Classification: Unclassified
           Product: WebKit
           Version: Other
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com
                CC: bugs-noreply at webkitgtk.org

We crash very often in the destructor of PlatformDisplayWayland when it runs in an exit handler. The effect is that the web process corresponding to a closed Epiphany tab crashes quite regularly immediately after closing tab. Normally when issues like this happen I just switch to use of NeverDestroyed, but I'm not sure if that's correct in this case.

Incredibly enough, this is also somehow causing test-ephy-bookmarks to crash when run under Wayland:

$ jhbuild run valgrind ./test-ephy-bookmarks
==16259== Memcheck, a memory error detector
==16259== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==16259== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==16259== Command: ./test-ephy-bookmarks
==16259== 
--16259-- warning: DiCfSI 0xa13c1e0 .. 0xa617b6f is huge; length = 5093776 (libwebkit2gtk-4.0.so.37)
==16259== Warning: set address range perms: large range [0x395d9000, 0x795db000) (noaccess)
/src/bookmarks/ephy-bookmarks/create: OK
/src/bookmarks/ephy-bookmarks/add: OK
/src/bookmarks/ephy-bookmarks/set_address: OK
==16259== Invalid write of size 4
==16259==    at 0x18E2586F: _eglError (eglcurrent.c:240)
==16259==    by 0x18E1F110: eglTerminate (eglapi.c:531)
==16259==    by 0xC2D8344: WebCore::PlatformDisplay::terminateEGLDisplay() (PlatformDisplay.cpp:168)
==16259==    by 0xC2D81C7: WebCore::PlatformDisplay::~PlatformDisplay() (PlatformDisplay.cpp:118)
==16259==    by 0xC1E2B4B: WebCore::PlatformDisplayWayland::~PlatformDisplayWayland() (PlatformDisplayWayland.cpp:108)
==16259==    by 0xC1E2B67: WebCore::PlatformDisplayWayland::~PlatformDisplayWayland() (PlatformDisplayWayland.cpp:118)
==16259==    by 0xC2D8E9B: std::default_delete<WebCore::PlatformDisplay>::operator()(WebCore::PlatformDisplay*) const (unique_ptr.h:76)
==16259==    by 0xC2D8952: std::unique_ptr<WebCore::PlatformDisplay, std::default_delete<WebCore::PlatformDisplay> >::~unique_ptr() (unique_ptr.h:236)
==16259==    by 0x17748947: __run_exit_handlers (exit.c:82)
==16259==    by 0x17748994: exit (exit.c:104)
==16259==    by 0x1772F737: (below main) (libc-start.c:323)
==16259==  Address 0x2909bf00 is 0 bytes inside a block of size 40 free'd
==16259==    at 0x4C2CD5A: free (vg_replace_malloc.c:530)
==16259==    by 0x18E253C1: _eglFiniTSD (eglcurrent.c:80)
==16259==    by 0x18E267CA: _eglAtExit (eglglobals.c:68)
==16259==    by 0x17748947: __run_exit_handlers (exit.c:82)
==16259==    by 0x17748994: exit (exit.c:104)
==16259==    by 0x1772F737: (below main) (libc-start.c:323)
==16259==  Block was alloc'd at
==16259==    at 0x4C2DA60: calloc (vg_replace_malloc.c:711)
==16259==    by 0x18E253F6: _eglCreateThreadInfo (eglcurrent.c:124)
==16259==    by 0x18E253F6: _eglGetCurrentThread.part.1 (eglcurrent.c:171)
==16259==    by 0x18E25915: _eglGetCurrentThread (eglcurrent.c:151)
==16259==    by 0x18E25915: _eglError (eglcurrent.c:235)
==16259==    by 0x18E2163F: eglInitialize (eglapi.c:521)
==16259==    by 0xC2D828E: WebCore::PlatformDisplay::initializeEGLDisplay() (PlatformDisplay.cpp:146)
==16259==    by 0xC1E2A0C: WebCore::PlatformDisplayWayland::PlatformDisplayWayland(wl_display*) (PlatformDisplayWayland.cpp:95)
==16259==    by 0xC1E28AC: WebCore::PlatformDisplayWayland::create() (PlatformDisplayWayland.cpp:67)
==16259==    by 0xC2D8067: WebCore::PlatformDisplay::createPlatformDisplay() (PlatformDisplay.cpp:79)
==16259==    by 0xC2D80D1: WebCore::PlatformDisplay::sharedDisplay()::{lambda()#1}::operator()() const (PlatformDisplay.cpp:101)
==16259==    by 0xC2D85D9: void std::_Bind_simple<WebCore::PlatformDisplay::sharedDisplay()::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (functional:1400)
==16259==    by 0xC2D8576: std::_Bind_simple<WebCore::PlatformDisplay::sharedDisplay()::{lambda()#1} ()>::operator()() (functional:1389)
==16259==    by 0xC2D84C0: void std::__once_call_impl<std::_Bind_simple<WebCore::PlatformDisplay::sharedDisplay()::{lambda()#1} ()> >() (mutex:587)
==16259== 
LEAK: 1 WebProcessPool
==16259== 
==16259== HEAP SUMMARY:
==16259==     in use at exit: 1,850,660 bytes in 12,382 blocks
==16259==   total heap usage: 43,709 allocs, 31,327 frees, 7,469,918 bytes allocated
==16259== 
==16259== LEAK SUMMARY:
==16259==    definitely lost: 600 bytes in 3 blocks
==16259==    indirectly lost: 1,089,886 bytes in 3,789 blocks
==16259==      possibly lost: 6,096 bytes in 29 blocks
==16259==    still reachable: 690,526 bytes in 8,026 blocks
==16259==                       of which reachable via heuristic:
==16259==                         length64           : 4,064 bytes in 71 blocks
==16259==                         newarray           : 2,128 bytes in 53 blocks
==16259==         suppressed: 0 bytes in 0 blocks
==16259== Rerun with --leak-check=full to see details of leaked memory
==16259== 
==16259== For counts of detected and suppressed errors, rerun with: -v
==16259== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160521/ea80d2d2/attachment.html>

More information about the webkit-unassigned mailing list