Bug 167575

Summary:

[Threaded Compositor] Crash in GraphicsContext3D::deleteTexture when destroying TextureMapperPlatformLayerProxy

Product:

WebKit

Reporter:

Carlos Garcia Campos <cgarcia>

Component:

WebKitGTK

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bugs-noreply, cmarcelo, commit-queue, kondapallykalyan, luiz, noam

Priority:

Keywords:

Gtk

Version:

WebKit Local Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	zan: review+

Carlos Garcia Campos

Reported 2017-01-29 23:50:16 PST

Yes, TextureMapperPlatformLayerProxy again. I think we should clear all the buffers on invalidate() to ensure we don't have textures alive after CoordinatedGraphicsScene::purgeGLResources(). I couldn't reproduce it myself, though, but I saw this in the bots: Thread 1 (Thread 0x7f5d2f74b940 (LWP 17733)): #0 glDeleteTextures () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/mapi/glapi/glapi_mapi_tmp.h:3965 #1 0x00007f5d3f994cf6 in WebCore::GraphicsContext3D::deleteTexture(unsigned int) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #2 0x00007f5d3f94a8a4 in WebCore::BitmapTextureGL::~BitmapTextureGL() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #3 0x00007f5d3f94a8c9 in WebCore::BitmapTextureGL::~BitmapTextureGL() [clone .localalias.51] () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #4 0x00007f5d3f95a10f in WebCore::TextureMapperPlatformLayerProxy::~TextureMapperPlatformLayerProxy() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #5 0x00007f5d3f95a269 in WebCore::TextureMapperPlatformLayerProxy::~TextureMapperPlatformLayerProxy() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #6 0x00007f5d3f90ad9a in WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #7 0x00007f5d3f908a0b in WebCore::MediaPlayerPrivateGStreamer::~MediaPlayerPrivateGStreamer() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #8 0x00007f5d3f908b79 in WebCore::MediaPlayerPrivateGStreamer::~MediaPlayerPrivateGStreamer() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #9 0x00007f5d3f3b1809 in WebCore::MediaPlayer::~MediaPlayer() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #10 0x00007f5d3f3b18a9 in WebCore::MediaPlayer::~MediaPlayer() [clone .localalias.91] () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #11 0x00007f5d3eff2e35 in WebCore::HTMLMediaElement::clearMediaPlayer(WebCore::HTMLMediaElementEnums::DelayedActionType) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #12 0x00007f5d3eff6ab1 in WebCore::HTMLMediaElement::stop() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #13 0x00007f5d3ee6e0bb in WebCore::ScriptExecutionContext::stopActiveDOMObjects() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #14 0x00007f5d3edfa900 in WebCore::Document::stopActiveDOMObjects() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #15 0x00007f5d3edfa9d0 in WebCore::Document::prepareForDestruction() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #16 0x00007f5d3f266782 in WebCore::Frame::setView(WTF::RefPtr<WebCore::FrameView>&&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #17 0x00007f5d3f2690ba in WebCore::Frame::createView(WebCore::IntSize const&, WebCore::Color const&, bool, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #18 0x00007f5d3e7d47ad in WebKit::WebFrameLoaderClient::transitionToCommittedForNewPage() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #19 0x00007f5d3f16750d in WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #20 0x00007f5d3f167653 in WebCore::FrameLoader::commitProvisionalLoad() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #21 0x00007f5d3f1485d5 in WebCore::DocumentLoader::finishedLoading(double) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #22 0x00007f5d3f148a2d in WebCore::DocumentLoader::maybeLoadEmpty() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #23 0x00007f5d3f14a7e8 in WebCore::DocumentLoader::startLoadingMainResource() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #24 0x00007f5d3f167ff8 in WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WebCore::FormState*, bool, WebCore::AllowNavigationToInvalidURL) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #25 0x00007f5d3f190af0 in WebCore::PolicyCallback::call(bool) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #26 0x00007f5d3f197cd7 in WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #27 0x00007f5d3e7dc02a in WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(WebCore::NavigationAction const&, WebCore::ResourceRequest const&, WebCore::FormState*, std::function<void (WebCore::PolicyAction)>) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #28 0x00007f5d3f19702c in WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, bool, WebCore::DocumentLoader*, WebCore::FormState*, std::function<void (WebCore::ResourceRequest const&, WebCore::FormState*, bool)>) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #29 0x00007f5d3f1683b0 in WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WebCore::FormState*, WebCore::AllowNavigationToInvalidURL) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #30 0x00007f5d3f16a60a in WebCore::FrameLoader::load(WebCore::FrameLoadRequest const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #31 0x00007f5d3e800e85 in WebKit::WebPage::loadRequest(WebKit::LoadParameters const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #32 0x00007f5d3ea10597 in void IPC::handleMessage<Messages::WebPage::LoadRequest, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::LoadParameters const&)>(IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::LoadParameters const&)) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #33 0x00007f5d3ea0e6ff in WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #34 0x00007f5d3e6095ef in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #35 0x00007f5d3e750a26 in WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #36 0x00007f5d3e6053ab in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #37 0x00007f5d3e6060a8 in IPC::Connection::dispatchOneMessage() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #38 0x00007f5d3c608382 in WTF::RunLoop::performWork() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #39 0x00007f5d3c640349 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #40 0x00007f5d37f6aecd in g_main_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3122 #41 g_main_context_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3737 #42 0x00007f5d37f6b268 in g_main_context_iterate () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3808 #43 0x00007f5d37f6b582 in g_main_loop_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:4002 #44 0x00007f5d3c640c00 in WTF::RunLoop::run() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #45 0x00007f5d3e9a70b2 in WebProcessMainUnix () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #46 0x00007f5d359dcb45 in __libc_start_main (main=0x400bf0 <main>, argc=2, argv=0x7fff8b1d25d8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff8b1d25c8) at libc-start.c:287 #47 0x0000000000400c45 in _start ()

Attachments
Patch (1.92 KB, patch) 2017-01-29 23:52 PST, Carlos Garcia Campos	zan: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Carlos Garcia Campos

Comment 1 2017-01-29 23:52:51 PST

Created attachment 300090 [details] Patch

Carlos Garcia Campos

Comment 2 2017-01-30 00:49:01 PST

Committed r211358: <http://trac.webkit.org/changeset/211358>

Note You need to log in before you can comment on or make changes to this bug.