Bug 167547

Summary: [Threaded Compositor] Crash when detaching the CoordinatedGraphicsScene
Product: WebKit Reporter: Carlos Garcia Campos <cgarcia>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply
Priority: P2 Keywords: Gtk
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch mcatanzaro: review+

Description Carlos Garcia Campos 2017-01-28 01:48:59 PST
Seen in the bots too, but I couldn't reproduce it.

Thread 1 (Thread 0x7f3f56ffd700 (LWP 3664)):
#0  0x00007f3ff49eb032 in WebKit::CoordinatedGraphicsScene::commitSceneState(WebCore::CoordinatedGraphicsState const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#1  0x00007f3ff49e7541 in WebKit::CoordinatedGraphicsScene::syncRemoteContent() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#2  0x00007f3ff49e7a10 in WebKit::CoordinatedGraphicsScene::paintToCurrentGLContext(WebCore::TransformationMatrix const&, float, WebCore::FloatRect const&, WebCore::Color const&, bool, WebCore::FloatPoint const&, unsigned int) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#3  0x00007f3ff49f0c1e in WebKit::ThreadedCompositor::renderLayerTree() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007f3ff49ed942 in WebKit::CompositingRunLoop::updateTimerFired() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#5  0x00007f3ff267d8aa in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#6  0x00007f3fedfa8ecd in g_main_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3122
#7  g_main_context_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3737
#8  0x00007f3fedfa9268 in g_main_context_iterate () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3808
#9  0x00007f3fedfa9582 in g_main_loop_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:4002
#10 0x00007f3ff267dc50 in WTF::RunLoop::run() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#11 0x00007f3ff267cab3 in std::_Function_handler<void (), WTF::WorkQueue::platformInitialize(char const*, WTF::WorkQueue::Type, WTF::WorkQueue::QOS)::{lambda()#1}>::_M_invoke(std::_Any_data const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#12 0x00007f3ff2646395 in WTF::threadEntryPoint(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#13 0x00007f3ff267b10a in WTF::wtfThreadEntryPoint(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#14 0x00007f3fef7f30a4 in start_thread (arg=0x7f3f56ffd700) at pthread_create.c:309
#15 0x00007f3febae187d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 21 (Thread 0x7f3fe5789940 (LWP 3029)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007f3ff267b77b in WTF::ThreadCondition::timedWait(WTF::Mutex&, double) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#2  0x00007f3ff2642f43 in WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#3  0x00007f3ff49ef09b in WebKit::CompositingRunLoop::performTaskSync(WTF::Function<void ()>&&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007f3ff49f070c in WebKit::ThreadedCompositor::invalidate() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#5  0x00007f3ff49fa350 in WebKit::ThreadedCoordinatedLayerTreeHost::invalidate() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#6  0x00007f3ff49dc9bb in WebKit::DrawingAreaImpl::exitAcceleratedCompositingMode() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#7  0x00007f3ff267d8aa in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#8  0x00007f3fedfa8ecd in g_main_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3122
#9  g_main_context_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3737
#10 0x00007f3fedfa9268 in g_main_context_iterate () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3808
#11 0x00007f3fedfa9582 in g_main_loop_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:4002
#12 0x00007f3ff267dc50 in WTF::RunLoop::run() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#13 0x00007f3ff49e31e2 in WebProcessMainUnix () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#14 0x00007f3feba1ab45 in __libc_start_main (main=0x400bf0 <main>, argc=2, argv=0x7ffccae14558, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffccae14548) at libc-start.c:287
#15 0x0000000000400c45 in _start ()
Comment 1 Carlos Garcia Campos 2017-01-28 01:52:50 PST
Created attachment 300014 [details]
Patch

Speculative fix, since I couldn't reproduce it.
Comment 2 Carlos Garcia Campos 2017-01-28 23:18:22 PST
Committed r211348: <http://trac.webkit.org/changeset/211348>