Opened 18 months ago
Closed 10 months ago
#18118 closed bug (fixed)
WebPositive - crash on quit (HaikuWebKit master)
| Reported by: | vidrep | Owned by: | pulkomandy |
|---|---|---|---|
| Priority: | normal | Milestone: | R1/beta5 |
| Component: | Kits/Web Kit | Version: | R1/beta4 |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Platform: | All |
Description
hrev56627 x86_64
HaikuWebKit 1.9.1 WebKit 615.1.10 (master)
Crash on quit. Not sure if it's related to earlier reports.
Debug report attached
Attachments (3)
Change History (19)
by , 18 months ago
| Attachment: | WebPositive-1966-debug-04-12-2022-18-11-51.report added |
|---|
comment:1 by , 18 months ago
comment:2 by , 18 months ago
| Component: | Applications/WebPositive → Kits/Web Kit |
|---|
comment:3 by , 18 months ago
Might be interesting to look at in what order we call destructors if you think WebKit is not the problem.
comment:4 by , 18 months ago
| Milestone: | Unscheduled → R1/beta4 |
|---|
The involved code:
https://github.com/webkit/webkit/blob/main/Source/WebCore/platform/Timer.cpp
timer destructor calls stop() stop() calls setNextFireTime setNextFireTime accesses threadGlobalData (which is being destroyed)
It looks like this would not happen if the timer is already stopped. So maybe it's must missing code to stop the timer before destruction of the global data? Now we have to find which timer it is...
comment:5 by , 18 months ago
I started to look at the code, and globaldata uses a default destructor, that should destroy timer before itself if I understand correctly, but somehow, it does the opposite? According to specs .dtors should be called in reverse order, so to me this looks like a potential bug there.
comment:6 by , 18 months ago
Perhaps as test just implement the globaldata destructor with correct order and see if it works?
comment:7 by , 18 months ago
I don't reproduce this by just starting and exiting the browser. Any specific site you are visiting when this happens?
comment:8 by , 18 months ago
Just had the same crash in Epiphany on quit in WebCore::ThreadTimers::setSharedTimer.
comment:9 by , 17 months ago
| Milestone: | R1/beta4 → Unscheduled |
|---|
I don't think this is urgent enough to delay the beta. If it happens in WebKitGTK also that points to a common cause, I suppose.
comment:11 by , 13 months ago
I had a crash on quit a few days before PulkoMandy made his last comment. Should it happen again I’ll attach a debug report.
comment:12 by , 13 months ago
I had a WebPositive crash on shutdown HaikuWebKit 1.9.4 WebKit 616.1.7. Excerpt of syslog attached
by , 13 months ago
| Attachment: | syslog.txt added |
|---|
comment:13 by , 13 months ago
Crashed again today. Sorry I was unable to give you a debug report last time. There's one this time (attached).
by , 13 months ago
| Attachment: | WebPositive-1504-debug-05-05-2023-23-53-03.report added |
|---|
comment:14 by , 10 months ago
This can be reproduced with DumpRenderTree when it times out (for example running LayoutTests/accessibility/activation-of-input-field-inside-other-element.html).
Unfortunately this prevents running the test suite very far, because if multiple instances of DumpRenderTree crash at the same time, Debugger will try to generate bug reports for each of them, and will deadlock.
comment:15 by , 10 months ago
Should be fixed with https://github.com/haiku/haikuwebkit/commit/2ad576ac592fde9d4ecf613dfc534b377ed81244 (HaikuWebKit 1.9.7)
comment:16 by , 10 months ago
| Milestone: | Unscheduled → R1/beta5 |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
I have already seen this stacktrace where the destructor for ThreadGlobalData ends up trying to create a new ThreadGlobalData:
Not sure what to do about it however, we don't have much Haiku-specific code involved in that area... and I had not reproduced this problem in a while after doing some other (unrelated) changes.