Bug 159918

Summary: [GTK][Threaded Compositor] Web Process crash when the page is closed before the web view is realized
Product: WebKit Reporter: Carlos Garcia Campos <cgarcia>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: berto, bugs-noreply, commit-queue, gustavo, mcatanzaro, mrobinson
Priority: P2 Keywords: Gtk
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 154066    
Attachments:
Description Flags
Patch mcatanzaro: review+

Description Carlos Garcia Campos 2016-07-19 06:02:29 PDT 
When the web view is unrealized we send a sync message to the web process to destroy the native surface handle for compositing, and then we actually destroy the redirected window. But if the page is closed explicitly before the web view is unrealized, the drawing area proxy is destroyed so that when the web view is unrealized we can't notify the web process that keeps trying to render to a now deleted window handle. that produces a BasdDrawable X error and the web process crashes.

The program 'WebKitWebProcess' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadDrawable (invalid Pixmap or Window parameter)'.
  (Details: serial 213 error_code 9 request_code 154 (DRI2) minor_code 3)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the GDK_SYNCHRONIZE environment
   variable to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)

Thread 11 (Thread 0x7f1c6f07a700 (LWP 8225)):
#0  0x00007f1ce6b19303 in _g_log_abort (breakpoint=1) at gmessages.c:325
#1  g_logv (log_domain=0x7f1ce336966e "Gdk", log_level=G_LOG_LEVEL_ERROR, format=<optimized out>, args=args@entry=0x7f1c6f079248) at gmessages.c:1080
#2  0x00007f1ce6b19462 in g_log (log_domain=log_domain@entry=0x7f1ce336966e "Gdk", log_level=log_level@entry=G_LOG_LEVEL_ERROR, format=format@entry=0x7f1ce3386f74 "%s") at gmessages.c:1119
#3  0x00007f1ce332dc30 in _gdk_x11_display_error_event (display=display@entry=0x12cf020, error=error@entry=0x7f1c6f0793f0) at gdkdisplay-x11.c:2576
#4  0x00007f1ce333b3a1 in gdk_x_error (xdisplay=0x12c2c20, error=0x7f1c6f0793f0) at gdkmain-x11.c:307
#5  0x00007f1ce4fe846d in _XError () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#6  0x00007f1ce4fe53a7 in ?? () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#7  0x00007f1ce4fe5465 in ?? () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#8  0x00007f1ce4fe6420 in _XReply () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#9  0x00007f1ce9e4d2fa in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#10 0x00007f1ce9e4d637 in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#11 0x00007f1c853284bb in ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#12 0x00007f1c853289c1 in ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#13 0x00007f1c85328aab in ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#14 0x00007f1c852d8236 in ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#15 0x00007f1ce9e4f0cb in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#16 0x00007f1ce9e25415 in glXMakeCurrentReadSGI () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#17 0x00007f1cedf7d1c9 in WebCore::GLContextGLX::makeContextCurrent() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#18 0x00007f1ced00b6d4 in WebKit::ThreadedCompositor::tryEnsureGLContext() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#19 0x00007f1ced00b793 in WebKit::ThreadedCompositor::renderLayerTree() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#20 0x00007f1ced00a3d2 in WebKit::CompositingRunLoop::updateTimerFired() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#21 0x00007f1ceb94a1fa in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#22 0x00007f1ce6b12b8a in g_main_dispatch (context=0x7f1c68000900) at gmain.c:3154
#23 g_main_context_dispatch (context=context@entry=0x7f1c68000900) at gmain.c:3769
#24 0x00007f1ce6b12f08 in g_main_context_iterate (context=0x7f1c68000900, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3840
#25 0x00007f1ce6b13222 in g_main_loop_run (loop=0x7f1c68001240) at gmain.c:4034
#26 0x00007f1ceb94a5a0 in WTF::RunLoop::run() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#27 0x00007f1ced00bcbd in WebKit::ThreadedCompositor::runCompositingThread() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#28 0x00007f1ceb917b15 in WTF::threadEntryPoint(void*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#29 0x00007f1ceb9477aa in WTF::wtfThreadEntryPoint(void*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#30 0x00007f1cea415464 in start_thread (arg=0x7f1c6f07a700) at pthread_create.c:333
#31 0x00007f1ce1cf730d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 1 (Thread 0x7f1cef1fcac0 (LWP 8153)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007f1ce257f79c in std::condition_variable::wait(std::unique_lock<std::mutex>&) () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#2  0x00007f1ceb914d78 in WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#3  0x00007f1ced00af7f in WebKit::CompositingRunLoop::performTaskSync(WTF::Function<void ()>&&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007f1ced00ca59 in WebKit::ThreadedCompositor::didChangeViewportSize(WebCore::IntSize const&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#5  0x00007f1cecff74fc in WebKit::AcceleratedDrawingArea::updateBackingStoreState(unsigned long, bool, float, WebCore::IntSize const&, WebCore::IntSize const&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#6  0x00007f1cecffa0eb in WebKit::DrawingAreaImpl::updateBackingStoreState(unsigned long, bool, float, WebCore::IntSize const&, WebCore::IntSize const&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#7  0x00007f1ced061283 in WebKit::DrawingArea::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#8  0x00007f1cecd2dc29 in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::MessageDecoder&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#9  0x00007f1cece62d36 in WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#10 0x00007f1cecd2a0a6 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#11 0x00007f1cecd2aa03 in IPC::Connection::dispatchOneMessage() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#12 0x00007f1ceb916cc2 in WTF::RunLoop::performWork() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#13 0x00007f1ceb949cd9 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#14 0x00007f1ce6b12b8a in g_main_dispatch (context=0x12e2da0) at gmain.c:3154
#15 g_main_context_dispatch (context=context@entry=0x12e2da0) at gmain.c:3769
#16 0x00007f1ce6b12f08 in g_main_context_iterate (context=0x12e2da0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3840
#17 0x00007f1ce6b13222 in g_main_loop_run (loop=0x1a90510) at gmain.c:4034
#18 0x00007f1ceb94a509 in WTF::RunLoop::run() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#19 0x00007f1cecf12818 in WebKit::WebPage::runModal() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#20 0x00007f1ced8922dd in WebCore::Chrome::runModal() const () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#21 0x00007f1ced8a9811 in WebCore::DOMWindow::showModalDialog(WTF::String const&, WTF::String const&, WebCore::DOMWindow&, WebCore::DOMWindow&, std::function<void (WebCore::DOMWindow&)>) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#22 0x00007f1ced25520c in WebCore::JSDOMWindow::showModalDialog(JSC::ExecState&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#23 0x00007f1cee2cf013 in WebCore::jsDOMWindowInstanceFunctionShowModalDialog(JSC::ExecState*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#24 0x00007f1c87fff028 in ?? ()
#25 0x00007ffe1c13ac20 in ?? ()
#26 0x00007f1ceb58790b in llint_entry () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
Comment 1 Carlos Garcia Campos 2016-07-19 06:05:47 PDT 
Created attachment 283994 [details]
Patch
Comment 2 WebKit Commit Bot 2016-07-19 06:08:23 PDT 
Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See http://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API
Comment 3 Carlos Garcia Campos 2016-07-20 23:42:54 PDT 
Committed r203493: <http://trac.webkit.org/changeset/203493>