Bug 167559

Summary:

[Threaded Compositor] Crash on WebCore::GLContext::version()

Product:

WebKit

Reporter:

Carlos Garcia Campos <cgarcia>

Component:

WebKit2

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bugs-noreply

Priority:

Keywords:

Gtk

Version:

WebKit Local Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	mcatanzaro: review+

Description Carlos Garcia Campos 2017-01-29 01:42:11 PST

This is happening because TextureMapperPlatformLayerProxy::compositorThreadUpdateTimerFired() is fired after the threaded compositor is deleted. CoordinatedGraphicsScene::purgeGLResources() should invalidate the proxies before clearing the map, and TextureMapperPlatformLayerProxy::invalidate( should delete the timer.

Thread 1 (Thread 0x7f1169316700 (LWP 11064)):
#0  0x00007f1207af67e0 in WebCore::GLContext::version() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#1  0x00007f1207afa074 in WebCore::GraphicsContext3D::getExtensions() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#2  0x00007f1207b0dba7 in WebCore::GraphicsContext3D::validateDepthStencil(char const*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#3  0x00007f1207af9adf in WebCore::GraphicsContext3D::GraphicsContext3D(WebCore::GraphicsContext3DAttributes, WebCore::HostWindow*, WebCore::GraphicsContext3D::RenderStyle) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007f1207af9fcc in WebCore::GraphicsContext3D::create(WebCore::GraphicsContext3DAttributes, WebCore::HostWindow*, WebCore::GraphicsContext3D::RenderStyle) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#5  0x00007f1207a86d9b in WebCore::MediaPlayerPrivateGStreamerBase::pushTextureToCompositor() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#6  0x00007f1207ad4e80 in WebCore::TextureMapperPlatformLayerProxy::compositorThreadUpdateTimerFired() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#7  0x00007f12047bb85a in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#8  0x00007f12000e5ecd in g_main_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3122
#9  g_main_context_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3737
#10 0x00007f12000e6268 in g_main_context_iterate () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3808
#11 0x00007f12000e6582 in g_main_loop_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:4002
#12 0x00007f12047bbc00 in WTF::RunLoop::run() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#13 0x00007f12047baa63 in std::_Function_handler<void (), WTF::WorkQueue::platformInitialize(char const*, WTF::WorkQueue::Type, WTF::WorkQueue::QOS)::{lambda()#1}>::_M_invoke(std::_Any_data const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#14 0x00007f1204784345 in WTF::threadEntryPoint(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#15 0x00007f12047b90ba in WTF::wtfThreadEntryPoint(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#16 0x00007f12019300a4 in start_thread (arg=0x7f1169316700) at pthread_create.c:309
#17 0x00007f11fdc1e87d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Comment 1 Carlos Garcia Campos 2017-01-29 01:45:04 PST

Created attachment 300063 [details]
Patch

Comment 2 Carlos Garcia Campos 2017-01-29 03:29:22 PST

Created attachment 300065 [details]
Patch

Comment 3 Carlos Garcia Campos 2017-01-29 21:57:08 PST

Committed r211357: <http://trac.webkit.org/changeset/211357>