Bug 260856

Summary: [GTK] Another crash when terminating EGL displays in exit handler: "Couldn't find current GLX or EGL context."
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: braden, bugs-noreply, mcatanzaro
Priority: P2    
Version: WebKit Nightly Build   
Hardware: PC   
OS: Linux   
See Also: https://bugzilla.redhat.com/show_bug.cgi?id=2235574
https://bugs.webkit.org/show_bug.cgi?id=274389
https://bugzilla.redhat.com/show_bug.cgi?id=2332507
https://bugs.webkit.org/show_bug.cgi?id=279368
https://bugzilla.redhat.com/show_bug.cgi?id=2379857
https://bugzilla.redhat.com/show_bug.cgi?id=2325254
https://bugs.webkit.org/show_bug.cgi?id=298025

Michael Catanzaro
Reported 2023-08-29 06:42:43 PDT
Here's one more entry in our history of crashes when trying to destroy EGL displays in our exit handler: #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 tid = <optimized out> ret = 0 pd = <optimized out> old_mask = {__val = {140735778634240}} ret = <optimized out> #1 0x00007fcc462b08b3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78 No locals. #2 0x00007fcc4625fabe in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 ret = <optimized out> #3 0x00007fcc4624887f in __GI_abort () at abort.c:79 save_stage = 1 act = {__sigaction_handler = {sa_handler = 0x20, sa_sigaction = 0x20}, sa_mask = {__val = {872, 94670570367024, 94670570367024, 110, 1, 0, 2871196877827735040, 8589934592, 18446744073709551456, 2, 94670570367008, 872, 140515387250512, 140735778634464, 140515327341006, 140515328620192}}, sa_flags = 1178547808, sa_restorer = 0x7fff9a17bae0} #4 0x00007fcc4624879b in __assert_fail_base (fmt=0x7fcc463c4a98 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7fcc49be1750 "0 && \"Couldn't find current GLX or EGL context.\\n\"", file=file@entry=0x7fcc49be1841 "../src/dispatch_common.c", line=line@entry=872, function=function@entry=0x7fcc49be1ca0 <__PRETTY_FUNCTION__.0.lto_priv.0> "epoxy_get_proc_address") at assert.c:92 str = 0x561a35b7a830 "\252\313-T\037V" total = 4096 #5 0x00007fcc46258147 in __assert_fail (assertion=assertion@entry=0x7fcc49be1750 "0 && \"Couldn't find current GLX or EGL context.\\n\"", file=file@entry=0x7fcc49be1841 "../src/dispatch_common.c", line=line@entry=872, function=function@entry=0x7fcc49be1ca0 <__PRETTY_FUNCTION__.0.lto_priv.0> "epoxy_get_proc_address") at assert.c:101 No locals. #6 0x00007fcc49bbde4b in epoxy_get_proc_address (name=0x7fcc49bc605d <entrypoint_strings.lto_priv+1405> "glBindFramebuffer") at ../src/dispatch_common.c:872 egl_api = <optimized out> __PRETTY_FUNCTION__ = "epoxy_get_proc_address" #7 0x00007fcc49b6606a in epoxy_glBindFramebuffer_resolver () at src/gl_generated_dispatch.c:76680 providers = <optimized out> entrypoints = <optimized out> #8 epoxy_glBindFramebuffer_global_rewrite_ptr (target=36160, framebuffer=0) at src/gl_generated_dispatch.c:49049 No locals. #9 0x00007fcc4824fe2b in WebCore::GLContextEGL::~GLContextEGL (this=<optimized out>, this=<optimized out>) at /usr/src/debug/webkitgtk-2.40.5-1.fc38.x86_64/Source/WebCore/platform/graphics/egl/GLContextEGL.cpp:442 display = 0x561a35a3a8b0 display = <optimized out> #10 0x00007fcc48250055 in WebCore::GLContextEGL::~GLContextEGL (this=<optimized out>, this=<optimized out>) at /usr/src/debug/webkitgtk-2.40.5-1.fc38.x86_64/Source/WebCore/platform/graphics/egl/GLContextEGL.cpp:456 No locals. #11 0x00007fcc482352ff in std::default_delete<WebCore::GLContext>::operator() (__ptr=<optimized out>, this=<optimized out>, this=<optimized out>, __ptr=<optimized out>) at /usr/include/c++/13/bits/unique_ptr.h:93 No locals. #12 std::__uniq_ptr_impl<WebCore::GLContext, std::default_delete<WebCore::GLContext> >::reset (__p=<optimized out>, this=<optimized out>, this=<optimized out>, __p=<optimized out>) at /usr/include/c++/13/bits/unique_ptr.h:211 __old_p = <optimized out> __old_p = <optimized out> #13 std::unique_ptr<WebCore::GLContext, std::default_delete<WebCore::GLContext> >::reset (__p=<optimized out>, this=<optimized out>, this=<optimized out>, __p=<optimized out>) at /usr/include/c++/13/bits/unique_ptr.h:509 No locals. #14 std::unique_ptr<WebCore::GLContext, std::default_delete<WebCore::GLContext> >::operator=(decltype(nullptr)) (this=<optimized out>, this=<optimized out>) at /usr/include/c++/13/bits/unique_ptr.h:442 No locals. #15 WebCore::PlatformDisplay::clearSharingGLContext (this=0x7fcc0e004180) at /usr/src/debug/webkitgtk-2.40.5-1.fc38.x86_64/Source/WebCore/platform/graphics/PlatformDisplay.cpp:224 No locals. #16 WebCore::PlatformDisplay::terminateEGLDisplay (this=this@entry=0x7fcc0e004180) at /usr/src/debug/webkitgtk-2.40.5-1.fc38.x86_64/Source/WebCore/platform/graphics/PlatformDisplay.cpp:325 No locals. #17 0x00007fcc48235438 in operator() (__closure=0x0) at /usr/src/debug/webkitgtk-2.40.5-1.fc38.x86_64/Source/WebCore/platform/graphics/PlatformDisplay.cpp:312 display = 0x7fcc0e004180 #18 _FUN () at /usr/src/debug/webkitgtk-2.40.5-1.fc38.x86_64/Source/WebCore/platform/graphics/PlatformDisplay.cpp:314 No locals. #19 0x00007fcc462621a6 in __run_exit_handlers (status=0, listp=<optimized out>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:111 atfct = <optimized out> onfct = <optimized out> cxafct = <optimized out> arg = <optimized out> f = <optimized out> new_exitfn_called = 2464 cur = 0x561a35a03840 restart = <optimized out> #20 0x00007fcc462622ee in __GI_exit (status=<optimized out>) at exit.c:141 No locals. #21 0x00007fcc46f05a55 in WebKit::failedToGetNetworkProcessConnection () at /usr/src/debug/webkitgtk-2.40.5-1.fc38.x86_64/Source/WebKit/WebProcess/WebProcess.cpp:1162 No locals. See downstream bug https://bugzilla.redhat.com/show_bug.cgi?id=2235574 for the full backtrace.
Attachments
Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2024-12-15 18:13:35 PST
Still broken in 2.46.4
Michael Catanzaro
Comment 2 2025-07-18 06:38:23 PDT
We've also received two bug reports where instead of crashing, it deadlocks in WebCore::PlatformDisplay::invalidateSkiaGLContexts. My opinion hasn't changed here: we're not going to get this to work safely and should just stop trying to call terminateEGLDisplay. #14 0x00007f9bff3bdb5a in WTF::BinarySemaphore::wait (this=0x7ffe626b7e1d) at WTF/Headers/wtf/threads/BinarySemaphore.h:51 #15 WebCore::SkiaGLContext::invalidate (this=0x7f9bd160c870) at /usr/src/debug/webkitgtk-2.46.3-1.fc41.x86_64/Source/WebCore/platform/graphics/skia/PlatformDisplaySkia.cpp:140 semaphore = {m_isSet = false, m_lock = {static isHeldBit = 1 '\001', static hasParkedBit = 2 '\002', m_byte = {value = std::atomic<unsigned char> = { 0 '\000' }}}, m_condition = {m_hasWaiters = {value = std::atomic<bool> = { true }}}} #16 0x00007f9bff3ba599 in WebCore::PlatformDisplay::invalidateSkiaGLContexts()::$_0::operator()<WebCore::SkiaGLContext>(WebCore::SkiaGLContext&) const (context=..., this=<optimized out>) at /usr/src/debug/webkitgtk-2.46.3-1.fc41.x86_64/Source/WebCore/platform/graphics/skia/PlatformDisplaySkia.cpp:221 #17 WTF::ThreadSafeWeakHashSet<WebCore::SkiaGLContext>::forEach<WebCore::PlatformDisplay::invalidateSkiaGLContexts()::$_0>(WebCore::PlatformDisplay::invalidateSkiaGLContexts()::$_0 const&) const (this=0x7ffe626b7e78, callback=<optimized out>) at WTF/Headers/wtf/ThreadSafeWeakHashSet.h:184 item = @0x7f9b4a14c0f0: {static isRef = <optimized out>, m_ptr = 0x7f9bd160c870} __range3 = @0x7ffe626b7e68: {<WTF::VectorBuffer<WTF::Ref<WebCore::SkiaGLContext, WTF::RawPtrTraits<WebCore::SkiaGLContext>, WTF::DefaultRefDerefTraits<WebCore::SkiaGLContext> >, 0ul, WTF::FastMalloc>> = {<WTF::VectorBufferBase<WTF::Ref<WebCore::SkiaGLContext, WTF::RawPtrTraits<WebCore::SkiaGLContext>, WTF::DefaultRefDerefTraits<WebCore::SkiaGLContext> >, WTF::FastMalloc>> = {m_buffer = 0x7f9b4a14c0f0, m_capacity = 1, m_size = 1}, <No data fields>}, <No data fields>} __begin0 = 0x7f9b4a14c0f0 __end0 = <optimized out> __range3 = <optimized out> __begin0 = <optimized out> __end0 = <optimized out> item = <optimized out> #18 WebCore::PlatformDisplay::invalidateSkiaGLContexts (this=<optimized out>) at /usr/src/debug/webkitgtk-2.46.3-1.fc41.x86_64/Source/WebCore/platform/graphics/skia/PlatformDisplaySkia.cpp:220 contexts = {m_map = {m_impl = {static smallMaxLoadNumerator = 3, static smallMaxLoadDenominator = 4, static largeMaxLoadNumerator = 1, static largeMaxLoadDenominator = 2, static maxSmallTableCapacity = 1024, static minLoad = 6, static tableSizeOffset = -1, static tableSizeMaskOffset = -2, static keyCountOffset = -3, static deletedCountOffset = -4, static metadataSize = 16, {m_table = 0x7f9bd10193b0, m_tableForLLDB = 0x7f9bd10193b0}}}, m_operationCountSinceLastCleanup = 0, m_maxOperationCountWithoutCleanup = 2, m_lock = {static isHeldBit = 1 '\001', static hasParkedBit = 2 '\002', m_byte = {value = std::atomic<unsigned char> = { 0 '\000' }}}} #19 0x00007f9bff3018fc in WebCore::PlatformDisplay::clearSharingGLContext (this=0x7f9bd1008900) at /usr/src/debug/webkitgtk-2.46.3-1.fc41.x86_64/Source/WebCore/platform/graphics/PlatformDisplay.cpp:129 #20 WebCore::PlatformDisplay::terminateEGLDisplay (this=0x7f9bd1008900) at /usr/src/debug/webkitgtk-2.46.3-1.fc41.x86_64/Source/WebCore/platform/graphics/PlatformDisplay.cpp:160 #21 WebCore::PlatformDisplay::PlatformDisplay(std::unique_ptr<WebCore::GLDisplay, std::default_delete<WebCore::GLDisplay> >&&)::$_0::operator()() const (this=<optimized out>) at /usr/src/debug/webkitgtk-2.46.3-1.fc41.x86_64/Source/WebCore/platform/graphics/PlatformDisplay.cpp:106 display = 0x7f9bd1008900 display = <optimized out> #22 WebCore::PlatformDisplay::PlatformDisplay(std::unique_ptr<WebCore::GLDisplay, std::default_delete<WebCore::GLDisplay> >&&)::$_0::__invoke() () at /usr/src/debug/webkitgtk-2.46.3-1.fc41.x86_64/Source/WebCore/platform/graphics/PlatformDisplay.cpp:103 #23 0x00007f9bfcc2a461 in __run_exit_handlers (status=0, listp=0x7f9bfcdf6680 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:108 atfct = <optimized out> onfct = <optimized out> cxafct = <optimized out> arg = <optimized out> f = <optimized out> new_exitfn_called = 2475 cur = 0x55748bde5750 restart = <optimized out>
Michael Catanzaro
Comment 3 2025-08-29 07:38:50 PDT
Carlos said this might be fixed by https://github.com/WebKit/WebKit/pull/50002 but I guess we are not confident of this, so I'll leave this bug open.
Note You need to log in before you can comment on or make changes to this bug.