[Webkit-unassigned] [Bug 167545] New: [Threaded Compositor] Crash when deleting the compositor run loop

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Jan 28 01:01:55 PST 2017 

https://bugs.webkit.org/show_bug.cgi?id=167545

            Bug ID: 167545
           Summary: [Threaded Compositor] Crash when deleting the
                    compositor run loop
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: Gtk
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: cgarcia at igalia.com
                CC: bugs-noreply at webkitgtk.org

I've seen this in bots:

Thread 1 (Thread 0x7ff68447c940 (LWP 18142)):
#0  0x00007ff68a721067 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ff68a722448 in __GI_abort () at abort.c:89
#2  0x00007ff68ccc1105 in g_assertion_message () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gtestutils.c:2356
#3  0x00007ff68ccc118a in g_assertion_message_expr () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gtestutils.c:2371
#4  0x00007ff68cc8b1be in g_hash_table_lookup_node () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/ghash.c:373
#5  g_hash_table_remove_internal () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/ghash.c:1352
#6  0x00007ff68cc991a8 in g_source_unref_internal () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:2009
#7  0x00007ff6936e2b9d in WebKit::CompositingRunLoop::~CompositingRunLoop() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#8  0x00007ff6936e4734 in WebKit::ThreadedCompositor::invalidate() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#9  0x00007ff6936ee350 in WebKit::ThreadedCoordinatedLayerTreeHost::invalidate() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#10 0x00007ff6936d09bb in WebKit::DrawingAreaImpl::exitAcceleratedCompositingMode() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#11 0x00007ff6913718aa in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#12 0x00007ff68cc9becd in g_main_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3122
#13 g_main_context_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3737
#14 0x00007ff68cc9c268 in g_main_context_iterate () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3808
#15 0x00007ff68cc9c582 in g_main_loop_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:4002
#16 0x00007ff691371c50 in WTF::RunLoop::run() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#17 0x00007ff6936d71e2 in WebProcessMainUnix () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#18 0x00007ff68a70db45 in __libc_start_main (main=0x400bf0 <main>, argc=2, argv=0x7fff81f67e88, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff81f67e78) at libc-start.c:287
#19 0x0000000000400c45 in _start ()

The problem is that we are releasing the WorkQueue before the update timer that keeps a reference to the run loop, destroyed by the WorkQueue

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170128/66d02dc4/attachment-0001.html>

More information about the webkit-unassigned mailing list