159922 2016-07-19 08:30:47 -0700 [Threaded Compositor] Web Process crash when the layer tree host is destroyed 2016-07-20 05:18:43 -0700 1 1 1 Unclassified WebKit WebKit2 WebKit Local Build Unspecified Unspecified RESOLVED FIXED P2 Normal --- 154066 1 cgarcia webkit-unassigned oldest_to_newest 1212373 0 cgarcia 2016-07-19 08:30:47 -0700 It happens when the layer tree host is destroyed after the didChangeVisibleRect is scheduled to be run in the main thread, but before it's actually dispatched. In that case the threaded compositor client points to a deleted object and crashes when trying to dereference it. 1212374 1 284007 cgarcia 2016-07-19 08:34:06 -0700 Created attachment 284007 Patch 1212685 2 284007 svillar 2016-07-20 01:07:09 -0700 Comment on attachment 284007 Patch Don't we have a test to reproduce the crash? 1212686 3 cgarcia 2016-07-20 01:09:58 -0700 (In reply to comment #2) > Comment on attachment 284007 [details] > Patch > > Don't we have a test to reproduce the crash? Yes, several tests crashed because of this, I found this issue running the layout tests indeed, but I don't remember which tests failed. Same for bug #159918 1212705 4 cgarcia 2016-07-20 05:18:43 -0700 Committed r203449: <http://trac.webkit.org/changeset/203449> 284007 2016-07-19 08:34:06 -0700 2016-07-20 01:07:09 -0700 Patch wk2-tc-crash2.diff text/plain 5210 cgarcia ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZwppbmRleCAzOTc1MzcxLi4zOGI5NTdjIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0 Mi9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCkBAIC0xLDUgKzEsMjcg QEAKIDIwMTYtMDctMTkgIENhcmxvcyBHYXJjaWEgQ2FtcG9zICA8Y2dhcmNpYUBpZ2FsaWEuY29t PgogCisgICAgICAgIFtUaHJlYWRlZCBDb21wb3NpdG9yXSBXZWIgUHJvY2VzcyBjcmFzaCB3aGVu IHRoZSBsYXllciB0cmVlIGhvc3QgaXMgZGVzdHJveWVkCisgICAgICAgIGh0dHBzOi8vYnVncy53 ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNTk5MjIKKworICAgICAgICBSZXZpZXdlZCBieSBO T0JPRFkgKE9PUFMhKS4KKworICAgICAgICBJdCBoYXBwZW5zIHdoZW4gdGhlIGxheWVyIHRyZWUg aG9zdCBpcyBkZXN0cm95ZWQgYWZ0ZXIgdGhlIGRpZENoYW5nZVZpc2libGVSZWN0IGlzIHNjaGVk dWxlZCB0byBiZSBydW4gaW4gdGhlCisgICAgICAgIG1haW4gdGhyZWFkLCBidXQgYmVmb3JlIGl0 J3MgYWN0dWFsbHkgZGlzcGF0Y2hlZC4gSW4gdGhhdCBjYXNlIHRoZSB0aHJlYWRlZCBjb21wb3Np dG9yIGNsaWVudCBwb2ludHMgdG8gYQorICAgICAgICBkZWxldGVkIG9iamVjdCBhbmQgY3Jhc2hl cyB3aGVuIHRyeWluZyB0byBkZXJlZmVyZW5jZSBpdC4KKworICAgICAgICAqIFNoYXJlZC9Db29y ZGluYXRlZEdyYXBoaWNzL3RocmVhZGVkY29tcG9zaXRvci9UaHJlYWRlZENvbXBvc2l0b3IuY3Bw OgorICAgICAgICAoV2ViS2l0OjpUaHJlYWRlZENvbXBvc2l0b3I6On5UaHJlYWRlZENvbXBvc2l0 b3IpOiBBZGQgYW4gYXNzZXJ0IHRvIGVuc3VyZSBpbnZhbGlkYXRlIGlzIGFsd2F5cyBjYWxsZWQg YmVmb3JlCisgICAgICAgIHRoZSBvYmplY3QgaXMgZGVsZXRlZC4KKyAgICAgICAgKFdlYktpdDo6 VGhyZWFkZWRDb21wb3NpdG9yOjppbnZhbGlkYXRlKTogVGVybWluYXRlIHRoZSBjb21wb3NpdGlu ZyB0aHJlYWQgYW5kIG51bGxpZnkgdGhlIGNsaWVudC4KKyAgICAgICAgKFdlYktpdDo6VGhyZWFk ZWRDb21wb3NpdG9yOjpkaWRDaGFuZ2VWaXNpYmxlUmVjdCk6IFJldHVybiBlYXJseSBpZiB0aGUg Y2xpZW50IGlzIG51bGwgd2hlbiB0aGUgdGFzayBpcworICAgICAgICBkaXNwYXRjaGVkIGluIHRo ZSBtYWluIHRocmVhZC4KKyAgICAgICAgKiBTaGFyZWQvQ29vcmRpbmF0ZWRHcmFwaGljcy90aHJl YWRlZGNvbXBvc2l0b3IvVGhyZWFkZWRDb21wb3NpdG9yLmg6IEFkZCBpbnZhbGlkYXRlKCkuCisg ICAgICAgICogV2ViUHJvY2Vzcy9XZWJQYWdlL0Nvb3JkaW5hdGVkR3JhcGhpY3MvVGhyZWFkZWRD b29yZGluYXRlZExheWVyVHJlZUhvc3QuY3BwOgorICAgICAgICAoV2ViS2l0OjpUaHJlYWRlZENv b3JkaW5hdGVkTGF5ZXJUcmVlSG9zdDo6aW52YWxpZGF0ZSk6IEludmFsaWRhdGUgdGhlIFRocmVh ZGVkQ29tcG9zaXRvciBhbmQgY2hhaW4gdXAuCisgICAgICAgICogV2ViUHJvY2Vzcy9XZWJQYWdl L0Nvb3JkaW5hdGVkR3JhcGhpY3MvVGhyZWFkZWRDb29yZGluYXRlZExheWVyVHJlZUhvc3QuaDoK KworMjAxNi0wNy0xOSAgQ2FybG9zIEdhcmNpYSBDYW1wb3MgIDxjZ2FyY2lhQGlnYWxpYS5jb20+ CisKICAgICAgICAgW0dUS11bVGhyZWFkZWQgQ29tcG9zaXRvcl0gV2ViIFByb2Nlc3MgY3Jhc2gg d2hlbiB0aGUgcGFnZSBpcyBjbG9zZWQgYmVmb3JlIHRoZSB3ZWIgdmlldyBpcyByZWFsaXplZAog ICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTU5OTE4CiAK ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9Db29yZGluYXRlZEdyYXBoaWNzL3Ro cmVhZGVkY29tcG9zaXRvci9UaHJlYWRlZENvbXBvc2l0b3IuY3BwIGIvU291cmNlL1dlYktpdDIv U2hhcmVkL0Nvb3JkaW5hdGVkR3JhcGhpY3MvdGhyZWFkZWRjb21wb3NpdG9yL1RocmVhZGVkQ29t cG9zaXRvci5jcHAKaW5kZXggOGJhZDFiNC4uNjk3NDk2YiAxMDA2NDQKLS0tIGEvU291cmNlL1dl YktpdDIvU2hhcmVkL0Nvb3JkaW5hdGVkR3JhcGhpY3MvdGhyZWFkZWRjb21wb3NpdG9yL1RocmVh ZGVkQ29tcG9zaXRvci5jcHAKKysrIGIvU291cmNlL1dlYktpdDIvU2hhcmVkL0Nvb3JkaW5hdGVk R3JhcGhpY3MvdGhyZWFkZWRjb21wb3NpdG9yL1RocmVhZGVkQ29tcG9zaXRvci5jcHAKQEAgLTU2 LDcgKzU2LDEzIEBAIFRocmVhZGVkQ29tcG9zaXRvcjo6VGhyZWFkZWRDb21wb3NpdG9yKENsaWVu dCogY2xpZW50KQogCiBUaHJlYWRlZENvbXBvc2l0b3I6On5UaHJlYWRlZENvbXBvc2l0b3IoKQog eworICAgIEFTU0VSVCghbV9jbGllbnQpOworfQorCit2b2lkIFRocmVhZGVkQ29tcG9zaXRvcjo6 aW52YWxpZGF0ZSgpCit7CiAgICAgdGVybWluYXRlQ29tcG9zaXRpbmdUaHJlYWQoKTsKKyAgICBt X2NsaWVudCA9IG51bGxwdHI7CiB9CiAKIHZvaWQgVGhyZWFkZWRDb21wb3NpdG9yOjpzZXROYXRp dmVTdXJmYWNlSGFuZGxlRm9yQ29tcG9zaXRpbmcodWludDY0X3QgaGFuZGxlKQpAQCAtMTgyLDcg KzE4OCw4IEBAIHZvaWQgVGhyZWFkZWRDb21wb3NpdG9yOjpzY2hlZHVsZURpc3BsYXlJbW1lZGlh dGVseSgpCiB2b2lkIFRocmVhZGVkQ29tcG9zaXRvcjo6ZGlkQ2hhbmdlVmlzaWJsZVJlY3QoKQog ewogICAgIFJ1bkxvb3A6Om1haW4oKS5kaXNwYXRjaChbdGhpcywgcHJvdGVjdGVkVGhpcyA9IG1h a2VSZWYoKnRoaXMpLCB2aXNpYmxlUmVjdCA9IG1fdmlld3BvcnRDb250cm9sbGVyLT52aXNpYmxl Q29udGVudHNSZWN0KCksIHNjYWxlID0gbV92aWV3cG9ydENvbnRyb2xsZXItPnBhZ2VTY2FsZUZh Y3RvcigpXSB7Ci0gICAgICAgIG1fY2xpZW50LT5zZXRWaXNpYmxlQ29udGVudHNSZWN0KHZpc2li bGVSZWN0LCBGbG9hdFBvaW50Ojp6ZXJvKCksIHNjYWxlKTsKKyAgICAgICAgaWYgKG1fY2xpZW50 KQorICAgICAgICAgICAgbV9jbGllbnQtPnNldFZpc2libGVDb250ZW50c1JlY3QodmlzaWJsZVJl Y3QsIEZsb2F0UG9pbnQ6Onplcm8oKSwgc2NhbGUpOwogICAgIH0pOwogCiAgICAgc2NoZWR1bGVE aXNwbGF5SW1tZWRpYXRlbHkoKTsKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9D b29yZGluYXRlZEdyYXBoaWNzL3RocmVhZGVkY29tcG9zaXRvci9UaHJlYWRlZENvbXBvc2l0b3Iu aCBiL1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9Db29yZGluYXRlZEdyYXBoaWNzL3RocmVhZGVkY29t cG9zaXRvci9UaHJlYWRlZENvbXBvc2l0b3IuaAppbmRleCBjYzc0ZDc4Li5kZGU0YmVhIDEwMDY0 NAotLS0gYS9Tb3VyY2UvV2ViS2l0Mi9TaGFyZWQvQ29vcmRpbmF0ZWRHcmFwaGljcy90aHJlYWRl ZGNvbXBvc2l0b3IvVGhyZWFkZWRDb21wb3NpdG9yLmgKKysrIGIvU291cmNlL1dlYktpdDIvU2hh cmVkL0Nvb3JkaW5hdGVkR3JhcGhpY3MvdGhyZWFkZWRjb21wb3NpdG9yL1RocmVhZGVkQ29tcG9z aXRvci5oCkBAIC03Niw2ICs3Niw4IEBAIHB1YmxpYzoKICAgICB2b2lkIHNjcm9sbFRvKGNvbnN0 IFdlYkNvcmU6OkludFBvaW50Jik7CiAgICAgdm9pZCBzY3JvbGxCeShjb25zdCBXZWJDb3JlOjpJ bnRTaXplJik7CiAKKyAgICB2b2lkIGludmFsaWRhdGUoKTsKKwogcHJpdmF0ZToKICAgICBUaHJl YWRlZENvbXBvc2l0b3IoQ2xpZW50Kik7CiAKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL1dl YlByb2Nlc3MvV2ViUGFnZS9Db29yZGluYXRlZEdyYXBoaWNzL1RocmVhZGVkQ29vcmRpbmF0ZWRM YXllclRyZWVIb3N0LmNwcCBiL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvV2ViUGFnZS9Db29y ZGluYXRlZEdyYXBoaWNzL1RocmVhZGVkQ29vcmRpbmF0ZWRMYXllclRyZWVIb3N0LmNwcAppbmRl eCA1OTEzODBiLi4xNzUyMDU1IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNz L1dlYlBhZ2UvQ29vcmRpbmF0ZWRHcmFwaGljcy9UaHJlYWRlZENvb3JkaW5hdGVkTGF5ZXJUcmVl SG9zdC5jcHAKKysrIGIvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9XZWJQYWdlL0Nvb3JkaW5h dGVkR3JhcGhpY3MvVGhyZWFkZWRDb29yZGluYXRlZExheWVyVHJlZUhvc3QuY3BwCkBAIC01NCw2 ICs1NCwxMiBAQCBUaHJlYWRlZENvb3JkaW5hdGVkTGF5ZXJUcmVlSG9zdDo6VGhyZWFkZWRDb29y ZGluYXRlZExheWVyVHJlZUhvc3QoV2ViUGFnZSYgd2ViUAogewogfQogCit2b2lkIFRocmVhZGVk Q29vcmRpbmF0ZWRMYXllclRyZWVIb3N0OjppbnZhbGlkYXRlKCkKK3sKKyAgICBtX2NvbXBvc2l0 b3ItPmludmFsaWRhdGUoKTsKKyAgICBDb29yZGluYXRlZExheWVyVHJlZUhvc3Q6OmludmFsaWRh dGUoKTsKK30KKwogdm9pZCBUaHJlYWRlZENvb3JkaW5hdGVkTGF5ZXJUcmVlSG9zdDo6c2Nyb2xs Tm9uQ29tcG9zaXRlZENvbnRlbnRzKGNvbnN0IFdlYkNvcmU6OkludFJlY3QmIHJlY3QpCiB7CiAg ICAgbV9jb21wb3NpdG9yLT5zY3JvbGxUbyhyZWN0LmxvY2F0aW9uKCkpOwpkaWZmIC0tZ2l0IGEv U291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9XZWJQYWdlL0Nvb3JkaW5hdGVkR3JhcGhpY3MvVGhy ZWFkZWRDb29yZGluYXRlZExheWVyVHJlZUhvc3QuaCBiL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nl c3MvV2ViUGFnZS9Db29yZGluYXRlZEdyYXBoaWNzL1RocmVhZGVkQ29vcmRpbmF0ZWRMYXllclRy ZWVIb3N0LmgKaW5kZXggZjMzZGZhNS4uYTk5NTMzZiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktp dDIvV2ViUHJvY2Vzcy9XZWJQYWdlL0Nvb3JkaW5hdGVkR3JhcGhpY3MvVGhyZWFkZWRDb29yZGlu YXRlZExheWVyVHJlZUhvc3QuaAorKysgYi9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL1dlYlBh Z2UvQ29vcmRpbmF0ZWRHcmFwaGljcy9UaHJlYWRlZENvb3JkaW5hdGVkTGF5ZXJUcmVlSG9zdC5o CkBAIC01OSw2ICs1OSw4IEBAIHByaXZhdGU6CiAgICAgdm9pZCBjb250ZW50c1NpemVDaGFuZ2Vk KGNvbnN0IFdlYkNvcmU6OkludFNpemUmKSBvdmVycmlkZTsKICAgICB2b2lkIGRpZENoYW5nZVZp ZXdwb3J0UHJvcGVydGllcyhjb25zdCBXZWJDb3JlOjpWaWV3cG9ydEF0dHJpYnV0ZXMmKSBvdmVy cmlkZTsKIAorICAgIHZvaWQgaW52YWxpZGF0ZSgpIG92ZXJyaWRlOworCiAjaWYgUExBVEZPUk0o R1RLKQogICAgIHZvaWQgc2V0TmF0aXZlU3VyZmFjZUhhbmRsZUZvckNvbXBvc2l0aW5nKHVpbnQ2 NF90KSBvdmVycmlkZTsKICNlbmRpZgo=