[Webkit-unassigned] [Bug 161842] New: [GTK] Crash of WebProcess on the last WebView disconnect (take two)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Sep 10 12:35:18 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=161842

            Bug ID: 161842
           Summary: [GTK] Crash of WebProcess on the last WebView
                    disconnect (take two)
    Classification: Unclassified
           Product: WebKit
           Version: Other
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com
                CC: bugs-noreply at webkitgtk.org

It's probably a regression from r205544. Every web process crashes when Epiphany is closed, in terminate:

pure virtual method called
terminate called without an active exception

Internet says "pure virtual method called" means we probably tried to call a virtual method from a constructor or destructor; in this case, it's obviously a destructor. To debug, I added this terminate handler in ChildProcess::initialize:

    std::set_terminate([] { CRASH(); });

So now I see a backtrace, it occurs in the destructor of the GLContextXL, which runs during the destructor of PlatformDisplayX11:

1   0x7f0f35e7308a /home/mcatanzaro/src/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x1e) [0x7f0f35e7308a]
2   0x7f0f3baa284f /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x4a8f84f) [0x7f0f3baa284f]
3   0x7f0f3baa285d /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x4a8f85d) [0x7f0f3baa285d]
4   0x7f0f29b81196 /lib64/libstdc++.so.6(+0x8f196) [0x7f0f29b81196]
5   0x7f0f29b811e1 /lib64/libstdc++.so.6(+0x8f1e1) [0x7f0f29b811e1]
6   0x7f0f29b81d5f /lib64/libstdc++.so.6(+0x8fd5f) [0x7f0f29b81d5f]
7   0x7f0f3bde0e77 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF14TypeCastTraitsIKN7WebCore18PlatformDisplayX11EKNS1_15PlatformDisplayELb0EE6isTypeERS5_+0x23) [0x7f0f3bde0e77]
8   0x7f0f3bde0c70 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF14TypeCastTraitsIKN7WebCore18PlatformDisplayX11EKNS1_15PlatformDisplayELb0EE8isOfTypeERS5_+0x18) [0x7f0f3bde0c70]
9   0x7f0f3bde0a57 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF2isIN7WebCore18PlatformDisplayX11ENS1_15PlatformDisplayEEEbRT0_+0x18) [0x7f0f3bde0a57]
10  0x7f0f3bde0051 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF8downcastIN7WebCore18PlatformDisplayX11ENS1_15PlatformDisplayEEERNS_15match_constnessIT0_T_E4typeERS5_+0x18) [0x7f0f3bde0051]
11  0x7f0f3d80b576 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore12GLContextGLXD1Ev+0x74) [0x7f0f3d80b576]
12  0x7f0f3d80b5f8 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore12GLContextGLXD0Ev+0x18) [0x7f0f3d80b5f8]
13  0x7f0f3c002878 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNKSt14default_deleteIN7WebCore9GLContextEEclEPS1_+0x2e) [0x7f0f3c002878]
14  0x7f0f3c001537 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNSt10unique_ptrIN7WebCore9GLContextESt14default_deleteIS1_EED1Ev+0x47) [0x7f0f3c001537]
15  0x7f0f3d85a997 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore15PlatformDisplayD1Ev+0x5f) [0x7f0f3d85a997]
16  0x7f0f3d8331ca /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18PlatformDisplayX11D1Ev+0x76) [0x7f0f3d8331ca]
17  0x7f0f3d8331e6 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore18PlatformDisplayX11D0Ev+0x18) [0x7f0f3d8331e6]
18  0x7f0f3d85bbb6 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNKSt14default_deleteIN7WebCore15PlatformDisplayEEclEPS1_+0x2e) [0x7f0f3d85bbb6]
19  0x7f0f3d85b377 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNSt10unique_ptrIN7WebCore15PlatformDisplayESt14default_deleteIS1_EED1Ev+0x47) [0x7f0f3d85b377]
20  0x7f0f292491e8 /lib64/libc.so.6(+0x391e8) [0x7f0f292491e8]
21  0x7f0f29249235 /lib64/libc.so.6(+0x39235) [0x7f0f29249235]
22  0x7f0f3ba6c661 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection24didFailToSendSyncMessageEv+0x25) [0x7f0f3ba6c661]
23  0x7f0f3ba69fdb /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection15sendSyncMessageEmSt10unique_ptrINS_7EncoderESt14default_deleteIS2_EENSt6chrono8durationIlSt5ratioILl1ELl1000EEEEN3WTF9OptionSetINS_14SendSyncOptionEEE+0xe5) [0x7f0f3ba69fdb]
24  0x7f0f3bd0a788 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection8sendSyncIN8Messages15WebProcessProxy15ShouldTerminateEEEbOT_ONS5_5ReplyEmNSt6chrono8durationIlSt5ratioILl1ELl1000EEEEN3WTF9OptionSetINS_14SendSyncOptionEEE+0x120) [0x7f0f3bd0a788]
25  0x7f0f3bd013f8 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit10WebProcess15shouldTerminateEv+0xc0) [0x7f0f3bd013f8]
26  0x7f0f3baa2ccd /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit12ChildProcess21terminationTimerFiredEv+0x23) [0x7f0f3baa2ccd]
27  0x7f0f3baa2c48 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit12ChildProcess17enableTerminationEv+0x80) [0x7f0f3baa2c48]
28  0x7f0f3bd01334 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit10WebProcess13removeWebPageEm+0x8e) [0x7f0f3bd01334]
29  0x7f0f3be72116 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit7WebPage5closeEv+0x46a) [0x7f0f3be72116]
30  0x7f0f3c1dc173 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC22callMemberFunctionImplIN6WebKit7WebPageEMS2_FvvESt5tupleIJEEJEEEvPT_T0_OT1_St16integer_sequenceImJXspT2_EEE+0x65) [0x7f0f3c1dc173]
31  0x7f0f3c1da874 /home/mcatanzaro/src/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC18callMemberFunctionIN6WebKit7WebPageEMS2_FvvESt5tupleIJEESt16integer_sequenceImJEEEEvOT1_PT_T0_+0x41) [0x7f0f3c1da874]

Specifically, in GLContextGLX::~GLContextGLX, in this downcast:

downcast<PlatformDisplayX11>(m_display)

But the PlatformDisplayX11 portion of this PlatformDisplay has already been destroyed; we're currently executing its destructor. I don't know how to fix it, but this code only exists to work around a bug in the nvidia proprietary driver, which might not even exist anymore, so my inclination is to just remove it.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160910/f9aa65e6/attachment.html>

More information about the webkit-unassigned mailing list