Bug 164912

Summary: REGRESSION(r205734): [GTK][Stable] Crash clearing GLContextGLX contexts in exit handler
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, cgarcia, mcatanzaro
Priority: P2    
Version: WebKit Nightly Build   
Hardware: PC   
OS: Linux   
See Also: https://bugzilla.redhat.com/show_bug.cgi?id=1394600
https://bugzilla.redhat.com/show_bug.cgi?id=1396829
https://bugzilla.redhat.com/show_bug.cgi?id=1401202
https://bugs.webkit.org/show_bug.cgi?id=165522
https://bugzilla.redhat.com/show_bug.cgi?id=1403502
https://bugzilla.redhat.com/show_bug.cgi?id=1398270

Description Michael Catanzaro 2016-11-18 04:36:36 PST 
Web process crash clearing active GLContextGLX contexts in exit handler:

Thread 1 (Thread 0x7fec5bca0ac0 (LWP 5832)):
#0  0x00007fec4d2d8809 in ?? ()
No symbol table info available.
#1  0x00007fec5aa3c775 in WebCore::GLContextGLX::clear (this=0x7fec45770000) at /usr/src/debug/webkitgtk-2.14.1/Source/WebCore/platform/graphics/glx/GLContextGLX.cpp:225
No locals.
#2  0x00007fec5aa3c823 in WebCore::<lambda()>::<lambda()>::operator() (__closure=0x0) at /usr/src/debug/webkitgtk-2.14.1/Source/WebCore/platform/graphics/glx/GLContextGLX.cpp:51
        context = <optimized out>
        __for_range = <optimized out>
#3  WebCore::<lambda()>::<lambda()>::_FUN(void) () at /usr/src/debug/webkitgtk-2.14.1/Source/WebCore/platform/graphics/glx/GLContextGLX.cpp:52
No locals.
#4  0x00007fec4d9d8258 in __run_exit_handlers (status=0, listp=0x7fec4dd5b5d8 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true) at exit.c:82
        atfct = <optimized out>
        onfct = <optimized out>
        cxafct = <optimized out>
        f = <optimized out>
#5  0x00007fec4d9d82a5 in __GI_exit (status=<optimized out>) at exit.c:104
No locals.
#6  0x00007fec4d9bf738 in __libc_start_main (main=0x55bf30187c40 <main(int, char**)>, argc=2, argv=0x7fff9d5f8cb8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff9d5f8ca8) at ../csu/libc-start.c:323
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 1908855912825480146, 94279634025584, 140735833672880, 0, 0, 5691640466447918034, 5682246756743504850}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fff9d5f8cd0, 0x7fec5bd88128}, data = {prev = 0x0, cleanup = 0x0, canceltype = -1654682416}}}
        not_first_call = <optimized out>
#7  0x000055bf30187c99 in _start ()

Carlos Garcia already removed this function in trunk, so it should only be a problem in stable. We should probably take the fix that went into trunk instead of trying to do something "safer" in stable.
Comment 1 Michael Catanzaro 2016-11-18 04:37:16 PST 
Note: I have 518 reports of this crash.
Comment 2 Michael Catanzaro 2016-11-18 04:37:51 PST 
(In reply to comment #1)
> Note: I have 518 reports of this crash.

Hm, actually I don't trust that number, it looks like a bug report system bug.
Comment 3 Michael Catanzaro 2016-11-20 09:43:48 PST 
(In reply to comment #0)
> Carlos Garcia already removed this function in trunk, so it should only be a
> problem in stable. We should probably take the fix that went into trunk
> instead of trying to do something "safer" in stable.

Not quite. It never existed in trunk, it was added only in the 2.14 branch in r205734, as a "safer" way to fix the bug in the stable branch. This was bug #161605.

We should revert r205734 and take r205544 for 2.14.3 instead.
Comment 4 Carlos Garcia Campos 2016-12-27 02:34:41 PST 
Fixed in 2.14 see r210154 and r210155