<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - PlatformDisplayWayland is super crashy"
href="https://bugs.webkit.org/show_bug.cgi?id=157973">157973</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>PlatformDisplayWayland is super crashy
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>Other
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>WebKit Gtk
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>mcatanzaro@igalia.com
</td>
</tr>
<tr>
<th>CC</th>
<td>bugs-noreply@webkitgtk.org
</td>
</tr></table>
<p>
<div>
<pre>We crash very often in the destructor of PlatformDisplayWayland when it runs in an exit handler. The effect is that the web process corresponding to a closed Epiphany tab crashes quite regularly immediately after closing tab. Normally when issues like this happen I just switch to use of NeverDestroyed, but I'm not sure if that's correct in this case.
Incredibly enough, this is also somehow causing test-ephy-bookmarks to crash when run under Wayland:
$ jhbuild run valgrind ./test-ephy-bookmarks
==16259== Memcheck, a memory error detector
==16259== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==16259== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==16259== Command: ./test-ephy-bookmarks
==16259==
--16259-- warning: DiCfSI 0xa13c1e0 .. 0xa617b6f is huge; length = 5093776 (libwebkit2gtk-4.0.so.37)
==16259== Warning: set address range perms: large range [0x395d9000, 0x795db000) (noaccess)
/src/bookmarks/ephy-bookmarks/create: OK
/src/bookmarks/ephy-bookmarks/add: OK
/src/bookmarks/ephy-bookmarks/set_address: OK
==16259== Invalid write of size 4
==16259== at 0x18E2586F: _eglError (eglcurrent.c:240)
==16259== by 0x18E1F110: eglTerminate (eglapi.c:531)
==16259== by 0xC2D8344: WebCore::PlatformDisplay::terminateEGLDisplay() (PlatformDisplay.cpp:168)
==16259== by 0xC2D81C7: WebCore::PlatformDisplay::~PlatformDisplay() (PlatformDisplay.cpp:118)
==16259== by 0xC1E2B4B: WebCore::PlatformDisplayWayland::~PlatformDisplayWayland() (PlatformDisplayWayland.cpp:108)
==16259== by 0xC1E2B67: WebCore::PlatformDisplayWayland::~PlatformDisplayWayland() (PlatformDisplayWayland.cpp:118)
==16259== by 0xC2D8E9B: std::default_delete<WebCore::PlatformDisplay>::operator()(WebCore::PlatformDisplay*) const (unique_ptr.h:76)
==16259== by 0xC2D8952: std::unique_ptr<WebCore::PlatformDisplay, std::default_delete<WebCore::PlatformDisplay> >::~unique_ptr() (unique_ptr.h:236)
==16259== by 0x17748947: __run_exit_handlers (exit.c:82)
==16259== by 0x17748994: exit (exit.c:104)
==16259== by 0x1772F737: (below main) (libc-start.c:323)
==16259== Address 0x2909bf00 is 0 bytes inside a block of size 40 free'd
==16259== at 0x4C2CD5A: free (vg_replace_malloc.c:530)
==16259== by 0x18E253C1: _eglFiniTSD (eglcurrent.c:80)
==16259== by 0x18E267CA: _eglAtExit (eglglobals.c:68)
==16259== by 0x17748947: __run_exit_handlers (exit.c:82)
==16259== by 0x17748994: exit (exit.c:104)
==16259== by 0x1772F737: (below main) (libc-start.c:323)
==16259== Block was alloc'd at
==16259== at 0x4C2DA60: calloc (vg_replace_malloc.c:711)
==16259== by 0x18E253F6: _eglCreateThreadInfo (eglcurrent.c:124)
==16259== by 0x18E253F6: _eglGetCurrentThread.part.1 (eglcurrent.c:171)
==16259== by 0x18E25915: _eglGetCurrentThread (eglcurrent.c:151)
==16259== by 0x18E25915: _eglError (eglcurrent.c:235)
==16259== by 0x18E2163F: eglInitialize (eglapi.c:521)
==16259== by 0xC2D828E: WebCore::PlatformDisplay::initializeEGLDisplay() (PlatformDisplay.cpp:146)
==16259== by 0xC1E2A0C: WebCore::PlatformDisplayWayland::PlatformDisplayWayland(wl_display*) (PlatformDisplayWayland.cpp:95)
==16259== by 0xC1E28AC: WebCore::PlatformDisplayWayland::create() (PlatformDisplayWayland.cpp:67)
==16259== by 0xC2D8067: WebCore::PlatformDisplay::createPlatformDisplay() (PlatformDisplay.cpp:79)
==16259== by 0xC2D80D1: WebCore::PlatformDisplay::sharedDisplay()::{lambda()#1}::operator()() const (PlatformDisplay.cpp:101)
==16259== by 0xC2D85D9: void std::_Bind_simple<WebCore::PlatformDisplay::sharedDisplay()::{lambda()#1} ()>::_M_invoke<>(std::_Index_tuple<>) (functional:1400)
==16259== by 0xC2D8576: std::_Bind_simple<WebCore::PlatformDisplay::sharedDisplay()::{lambda()#1} ()>::operator()() (functional:1389)
==16259== by 0xC2D84C0: void std::__once_call_impl<std::_Bind_simple<WebCore::PlatformDisplay::sharedDisplay()::{lambda()#1} ()> >() (mutex:587)
==16259==
LEAK: 1 WebProcessPool
==16259==
==16259== HEAP SUMMARY:
==16259== in use at exit: 1,850,660 bytes in 12,382 blocks
==16259== total heap usage: 43,709 allocs, 31,327 frees, 7,469,918 bytes allocated
==16259==
==16259== LEAK SUMMARY:
==16259== definitely lost: 600 bytes in 3 blocks
==16259== indirectly lost: 1,089,886 bytes in 3,789 blocks
==16259== possibly lost: 6,096 bytes in 29 blocks
==16259== still reachable: 690,526 bytes in 8,026 blocks
==16259== of which reachable via heuristic:
==16259== length64 : 4,064 bytes in 71 blocks
==16259== newarray : 2,128 bytes in 53 blocks
==16259== suppressed: 0 bytes in 0 blocks
==16259== Rerun with --leak-check=full to see details of leaked memory
==16259==
==16259== For counts of detected and suppressed errors, rerun with: -v
==16259== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>