Bug 167575

Summary: [Threaded Compositor] Crash in GraphicsContext3D::deleteTexture when destroying TextureMapperPlatformLayerProxy
Product: WebKit Reporter: Carlos Garcia Campos <cgarcia>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, cmarcelo, commit-queue, kondapallykalyan, luiz, noam
Priority: P2 Keywords: Gtk
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch zan: review+

Description Carlos Garcia Campos 2017-01-29 23:50:16 PST 
Yes, TextureMapperPlatformLayerProxy again. I think we should clear all the buffers on invalidate() to ensure we don't have textures alive after CoordinatedGraphicsScene::purgeGLResources(). I couldn't reproduce it myself, though, but I saw this in the bots:

Thread 1 (Thread 0x7f5d2f74b940 (LWP 17733)):
#0  glDeleteTextures () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/mapi/glapi/glapi_mapi_tmp.h:3965
#1  0x00007f5d3f994cf6 in WebCore::GraphicsContext3D::deleteTexture(unsigned int) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#2  0x00007f5d3f94a8a4 in WebCore::BitmapTextureGL::~BitmapTextureGL() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#3  0x00007f5d3f94a8c9 in WebCore::BitmapTextureGL::~BitmapTextureGL() [clone .localalias.51] () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007f5d3f95a10f in WebCore::TextureMapperPlatformLayerProxy::~TextureMapperPlatformLayerProxy() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#5  0x00007f5d3f95a269 in WebCore::TextureMapperPlatformLayerProxy::~TextureMapperPlatformLayerProxy() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#6  0x00007f5d3f90ad9a in WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#7  0x00007f5d3f908a0b in WebCore::MediaPlayerPrivateGStreamer::~MediaPlayerPrivateGStreamer() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#8  0x00007f5d3f908b79 in WebCore::MediaPlayerPrivateGStreamer::~MediaPlayerPrivateGStreamer() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#9  0x00007f5d3f3b1809 in WebCore::MediaPlayer::~MediaPlayer() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#10 0x00007f5d3f3b18a9 in WebCore::MediaPlayer::~MediaPlayer() [clone .localalias.91] () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#11 0x00007f5d3eff2e35 in WebCore::HTMLMediaElement::clearMediaPlayer(WebCore::HTMLMediaElementEnums::DelayedActionType) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#12 0x00007f5d3eff6ab1 in WebCore::HTMLMediaElement::stop() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#13 0x00007f5d3ee6e0bb in WebCore::ScriptExecutionContext::stopActiveDOMObjects() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#14 0x00007f5d3edfa900 in WebCore::Document::stopActiveDOMObjects() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#15 0x00007f5d3edfa9d0 in WebCore::Document::prepareForDestruction() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#16 0x00007f5d3f266782 in WebCore::Frame::setView(WTF::RefPtr<WebCore::FrameView>&&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#17 0x00007f5d3f2690ba in WebCore::Frame::createView(WebCore::IntSize const&, WebCore::Color const&, bool, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#18 0x00007f5d3e7d47ad in WebKit::WebFrameLoaderClient::transitionToCommittedForNewPage() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#19 0x00007f5d3f16750d in WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#20 0x00007f5d3f167653 in WebCore::FrameLoader::commitProvisionalLoad() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#21 0x00007f5d3f1485d5 in WebCore::DocumentLoader::finishedLoading(double) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#22 0x00007f5d3f148a2d in WebCore::DocumentLoader::maybeLoadEmpty() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#23 0x00007f5d3f14a7e8 in WebCore::DocumentLoader::startLoadingMainResource() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#24 0x00007f5d3f167ff8 in WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WebCore::FormState*, bool, WebCore::AllowNavigationToInvalidURL) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#25 0x00007f5d3f190af0 in WebCore::PolicyCallback::call(bool) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#26 0x00007f5d3f197cd7 in WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#27 0x00007f5d3e7dc02a in WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(WebCore::NavigationAction const&, WebCore::ResourceRequest const&, WebCore::FormState*, std::function<void (WebCore::PolicyAction)>) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#28 0x00007f5d3f19702c in WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, bool, WebCore::DocumentLoader*, WebCore::FormState*, std::function<void (WebCore::ResourceRequest const&, WebCore::FormState*, bool)>) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#29 0x00007f5d3f1683b0 in WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WebCore::FormState*, WebCore::AllowNavigationToInvalidURL) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#30 0x00007f5d3f16a60a in WebCore::FrameLoader::load(WebCore::FrameLoadRequest const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#31 0x00007f5d3e800e85 in WebKit::WebPage::loadRequest(WebKit::LoadParameters const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#32 0x00007f5d3ea10597 in void IPC::handleMessage<Messages::WebPage::LoadRequest, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::LoadParameters const&)>(IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::LoadParameters const&)) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#33 0x00007f5d3ea0e6ff in WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#34 0x00007f5d3e6095ef in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#35 0x00007f5d3e750a26 in WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#36 0x00007f5d3e6053ab in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#37 0x00007f5d3e6060a8 in IPC::Connection::dispatchOneMessage() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#38 0x00007f5d3c608382 in WTF::RunLoop::performWork() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#39 0x00007f5d3c640349 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#40 0x00007f5d37f6aecd in g_main_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3122
#41 g_main_context_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3737
#42 0x00007f5d37f6b268 in g_main_context_iterate () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3808
#43 0x00007f5d37f6b582 in g_main_loop_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:4002
#44 0x00007f5d3c640c00 in WTF::RunLoop::run() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#45 0x00007f5d3e9a70b2 in WebProcessMainUnix () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#46 0x00007f5d359dcb45 in __libc_start_main (main=0x400bf0 <main>, argc=2, argv=0x7fff8b1d25d8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff8b1d25c8) at libc-start.c:287
#47 0x0000000000400c45 in _start ()
Comment 1 Carlos Garcia Campos 2017-01-29 23:52:51 PST 
Created attachment 300090 [details]
Patch
Comment 2 Carlos Garcia Campos 2017-01-30 00:49:01 PST 
Committed r211358: <http://trac.webkit.org/changeset/211358>