GdkDrag crashing, should drag animation timeout source be removed?
We have this crash in WebKitTestRunner, from the look of it, it seems that some test is doing dnd, it ends before the gdk_drag_anim_timeout
source gets removed, and I suspect that WK cleans up the Drag object, while the timeout source is still in the main loop. Later on, WebKitTestRunner is iterating the mainloop manually, and the source gets dispatched, but the drag object doesn't exist anymore, causing a crash.
I am not entirely sure this actually what's happening, but from looking at gdkdrag-x11.c, I wonder whether the finalize
method should call g_source_remove() on the timeout source?
Here is the relevant part of the stacktrace, sorry but it has no symbols:
[New LWP 91076]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/app/webkit/WebKitBuild/Release/bin/WebKitTestRunner --localhost-alias web-plat'.
Program terminated with signal SIGBUS, Bus error.
#0 0x00007f06506855d2 in gdk_frame_clock_get_frame_time (frame_clock=0x55a3b9e314a0) at ../gdk/gdkframeclock.c:282
282 g_return_val_if_fail (GDK_IS_FRAME_CLOCK (frame_clock), 0);
[Current thread is 1 (Thread 0x7f064b5fa9c0 (LWP 89937))]
Thread 1 (Thread 0x7f064b5fa9c0 (LWP 89937)):
#0 0x00007f06506855d2 in gdk_frame_clock_get_frame_time (frame_clock=0x55a3b9e314a0) at ../gdk/gdkframeclock.c:282
#1 0x00007f06506d43fe in gdk_drag_anim_timeout (data=0x55a3c1127ac0, data@entry=<error reading variable: value has been optimized out>) at ../gdk/x11/gdkdrag-x11.c:1760
#2 0x00007f0659fdbbdf in g_timeout_dispatch (source=source@entry=0x55a3c4502020, callback=<optimized out>, user_data=<optimized out>) at ../glib/gmain.c:5054
#3 0x00007f0659fdb527 in g_main_dispatch (context=0x55a3b14444f0) at ../glib/gmain.c:3460
#4 g_main_context_dispatch (context=0x55a3b14444f0) at ../glib/gmain.c:4200
#5 0x00007f065a038888 in g_main_context_iterate.constprop.0 (context=0x55a3b14444f0, block=<optimized out>, dispatch=1, self=<optimized out>) at ../glib/gmain.c:4276
#6 0x00007f0659fdad7f in g_main_loop_run (loop=0x55a3b1cc4910) at ../glib/gmain.c:4479
#7 0x00007f0654afec00 in WTF::RunLoop::run() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-6.0.so.1
#8 0x000055a3af5adff1 in WTR::TestController::platformRunUntil(bool&, WTF::Seconds) ()
#9 0x000055a3af571e48 in WTR::TestController::resetContentExtensions() ()
#10 0x000055a3af582964 in WTR::TestController::resetStateToConsistentValues(WTR::TestOptions const&, WTR::TestController::ResetStage) ()
#11 0x000055a3af5945bd in WTR::TestInvocation::invoke() ()
#12 0x000055a3af578fb7 in WTR::TestController::runTest(char const*) ()
#13 0x000055a3af579271 in WTR::TestController::runTestingServerLoop() ()
#14 0x000055a3af579898 in WTR::TestController::TestController(int, char const**) ()
#15 0x000055a3af5b03ea in main ()
The full stacktrace is here: https://build.webkit.org/results/GTK-Linux-64-bit-Release-GTK4-Tests/268120@main%20(29704)/fast/events/before-input-events-prevent-inline-text-direction-crash-log.txt