Bug 129419 - [GTK] Wrong GL context when destroying textures
Summary: [GTK] Wrong GL context when destroying textures
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-27 01:50 PST by Iago Toral
Modified: 2019-06-12 20:57 PDT (History)
7 users (show)

See Also:


Attachments
Patch (9.21 KB, patch)
2014-02-27 02:03 PST, Iago Toral
mcatanzaro: review-
mcatanzaro: commit-queue-
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Iago Toral 2014-02-27 01:50:02 PST
Destroying a WebPage can trigger destruction of GL textures (via GraphicsContext3D) and we should make sure that the right GL context is bound when this happens. When closing a tab in Epiphany, it can happen that the wrong context is bound when textures are destroyed this way.

In theory, GraphicsContext3D should prevent this since it calls makeContextCurrent before executing GL commands, however, this only works when GraphicsContext3DPrivate is created with renderStyle GraphicsContext3D::RenderOffscreen. When renderStyle is GraphicsContext3D::RenderToCurrentGLContext GraphicsContext3D will be created with the currently bound GL context but won't hold a reference to it so its makeContextCurrent calls translate to no-op leaving it up to the client code to ensure that the right GL context is bound every time that the GraphicsContext3D instance is used.

This does not currently happen and thus destroying textures as part of the WebPage tear down process can produce removal of GL textures from the wrong GL context. This does not have a visible impact since all our GL contexts have a sharing context that makes sure that they all share the namespace and hence the objects, but it is a problem when we don't have a valid sharing context (which is a temporary situation for me while I am working on Wayland support). Even if having a common sharing context for all our GL contexts prevents this from actually being harmful, it is a bug that can affect new developments like the one I am doing right now and when it happens it can be hard to track down, so I think it is worth fixing.

I think the best solution for this is to have GraphicsContext3D hold a reference to the active context in use when it is created also with renderStyle GraphicsContext3D::RenderToCurrentGLContext. Actually, the Nix port was doing this before, I guess because they ran into this problem at some point. I'll attach a patch to do this shortly.
Comment 1 Iago Toral 2014-02-27 02:03:20 PST
Created attachment 225350 [details]
Patch
Comment 2 Martin Robinson 2014-02-27 08:28:15 PST
Do you have the callstack for this failure? I hope we can fix it without adding another abstraction over EGL and GLX. We already have plenty of those in the source tree. :) The other potential issue I see here is that whether to use EGL or GLX is a runtime decision, not a compile-time one.
Comment 3 Iago Toral 2014-02-27 23:26:02 PST
The risk I see with a different approach to fixing the problem is that we may be taking an error-prone path by having clients be responsible of always binding the right GL context before any GraphicsContext3D GL operation is done. Actually, it kind of feels wrong considering that GraphicsContext3D is already calling makeContextCurrent to take care of this, but I trust your judgment here better than mine :). I agree that the number of abstractions related with the GL context is already important. Doing a run-time decision between EGL and GLX is easy though.

A least one other way to fix this that I tried was to to invalidate the LayerTreeHost instance ASAP in WebPage::close (before FrameLoader::detachFromParent). That works because it will bind and then destroy the GL context before anything else is destroyed. It would be a one line patch, so let me know if you prefer that solution better and I'll provide the patch.

For reference, this is the stack trace leading to the problem:

#0  _mesa_delete_texture_object (ctx=0x2158de8, texObj=0x2c07880) at main/texobj.c:224
#1  0x00007fc01f3a4e74 in intelDeleteTextureObject (ctx=0x2158de8, texObj=0x2c07880) at intel_tex.c:56
#2  0x00007fc01f15cfc7 in _mesa_reference_texobj_ (ptr=0x7fff27a5ffc0, tex=0x0) at main/texobj.c:392
#3  0x00007fc01f15c5d3 in _mesa_reference_texobj (ptr=0x7fff27a5ffc0, tex=0x0) at main/texobj.h:81
#4  0x00007fc01f15e35a in _mesa_DeleteTextures (n=1, textures=0x7fff27a6001c) at main/texobj.c:1193
#5  0x00007fc0905bc09b in glDeleteTextures (n=1, textures=0x7fff27a6001c) at ../../../src/mapi/glapi/glapi_mapi_tmp.h:3810
#6  0x00007fc094da20a6 in WebCore::GraphicsContext3D::deleteTexture(unsigned int) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#7  0x00007fc094a1b604 in WebCore::BitmapTextureGL::~BitmapTextureGL() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#8  0x00007fc094a1b619 in WebCore::BitmapTextureGL::~BitmapTextureGL() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#9  0x00007fc094a3307d in WTF::Vector<WebCore::TextureMapperTile, 0ul, WTF::CrashOnOverflow>::shrink(unsigned long) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#10 0x00007fc094a331a7 in WebCore::TextureMapperTiledBackingStore::~TextureMapperTiledBackingStore() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#11 0x00007fc094a2fce6 in WebCore::TextureMapperLayer::~TextureMapperLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#12 0x00007fc094a2fd79 in WebCore::TextureMapperLayer::~TextureMapperLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#13 0x00007fc094a26431 in WebCore::GraphicsLayerTextureMapper::~GraphicsLayerTextureMapper() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#14 0x00007fc094a26479 in WebCore::GraphicsLayerTextureMapper::~GraphicsLayerTextureMapper() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#15 0x00007fc0948f4751 in WebCore::RenderLayerBacking::destroyGraphicsLayers() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#16 0x00007fc0948f6029 in WebCore::RenderLayerBacking::~RenderLayerBacking() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#17 0x00007fc0948f6159 in WebCore::RenderLayerBacking::~RenderLayerBacking() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#18 0x00007fc0948e7141 in WebCore::RenderLayer::clearBacking(bool) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#19 0x00007fc0948e729a in WebCore::RenderLayer::~RenderLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#20 0x00007fc0948e74f9 in WebCore::RenderLayer::~RenderLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#21 0x00007fc094927ec1 in WebCore::RenderObject::willBeDestroyed() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#22 0x00007fc09492d1ed in WebCore::RenderObject::destroy() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#23 0x00007fc0949dae7e in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#24 0x00007fc0949dad9b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#25 0x00007fc0949dadfb in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#26 0x00007fc0949dad9b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#27 0x00007fc0949dadfb in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#28 0x00007fc0949dad9b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#29 0x00007fc0949dadfb in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#30 0x00007fc0949dad9b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#31 0x00007fc0949dadfb in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#32 0x00007fc0949dad9b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#33 0x00007fc0949dadfb in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#34 0x00007fc0949dad9b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#35 0x00007fc0949dadfb in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#36 0x00007fc0943f52d7 in WebCore::Document::destroyRenderTree() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#37 0x00007fc0944000c5 in WebCore::Document::prepareForDestruction() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#38 0x00007fc0947bedc8 in WebCore::Frame::setView(WTF::PassRefPtr<WebCore::FrameView>) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#39 0x00007fc0947297d3 in WebCore::FrameLoader::detachFromParent() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#40 0x00007fc0941e6df5 in WebKit::WebPage::close() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#41 0x00007fc094210b54 in WebKit::WebPage::didReceiveWebPageMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#42 0x00007fc0952fec7b in CoreIPC::MessageReceiverMap::dispatchMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#43 0x00007fc0941f1e16 in WebKit::WebProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#44 0x00007fc0952f8e2b in CoreIPC::Connection::dispatchMessage(std::unique_ptr<CoreIPC::MessageDecoder, std::default_delete<CoreIPC::MessageDecoder> >) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#45 0x00007fc0952f8f73 in CoreIPC::Connection::dispatchOneMessage() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#46 0x00007fc0935076d8 in WTF::RunLoop::performWork() () from /home/itoral/Devel/Gnome/bin/lib64/libjavascriptcoregtk-3.0.so.0
#47 0x00007fc093514459 in WTF::RunLoop::queueWork(WTF::RunLoop*) () from /home/itoral/Devel/Gnome/bin/lib64/libjavascriptcoregtk-3.0.so.0
#48 0x00007fc090153d7b in g_idle_dispatch (source=0x7fc03c0022e0, callback=0x7fc093514450 <WTF::RunLoop::queueWork(WTF::RunLoop*)>, user_data=0x7fc087352d90) at gmain.c:5280
#49 0x00007fc0901514e0 in g_main_dispatch (context=0xcf7ac0) at gmain.c:3066
#50 0x00007fc09015220e in g_main_context_dispatch (context=0xcf7ac0) at gmain.c:3641
#51 0x00007fc0901523fe in g_main_context_iterate (context=0xcf7ac0, block=1, dispatch=1, self=0xce1920) at gmain.c:3712
#52 0x00007fc09015282e in g_main_loop_run (loop=0xd14590) at gmain.c:3906
#53 0x00007fc094176b2d in WebProcessMainGtk () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#54 0x00007fc093874de5 in __libc_start_main (main=0x400750 <main>, argc=2, ubp_av=0x7fff27a60a18, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, 
    stack_end=0x7fff27a60a08) at libc-start.c:260
#55 0x000000000040077e in _start ()
Comment 4 Martin Robinson 2014-03-04 10:40:01 PST
Okay. I think your original approach is the way to go, but I hope we can find a way to do it without adding another class. :/
Comment 5 Iago Toral 2014-03-05 04:06:32 PST
(In reply to comment #4)
> Okay. I think your original approach is the way to go, but I hope we can find a way to do it without adding another class. :/

Unfortunately my patch seems to work well always when going through EGL but when going with the GLX path it seems that some times it does not work, so this solution is not 100% reliable in all cases.

I guess this still needs more investigation.
Comment 6 Iago Toral 2014-03-05 05:16:34 PST
(In reply to comment #5)
> (In reply to comment #4)
> > Okay. I think your original approach is the way to go, but I hope we can find a way to do it without adding another class. :/
> 
> Unfortunately my patch seems to work well always when going through EGL but when going with the GLX path it seems that some times it does not work, so this solution is not 100% reliable in all cases.
> 
> I guess this still needs more investigation.

Found the reason:

The problem is that the tear down sequence in WebPage::close goes so that WebCore::FrameLoader::detachFromParent() is called first (this will produce destruction of GL objects via GraphicsContext3D) and then the drawing area is destroyed (which invalidates the layer tree host).

I was working under the assumption that this tear down sequence is always like that and hence making sure that only the destruction of the layer tree host's context would destroy the actual GL context (that is, the pixmaps, surfaces, etc) but in some unusual circumstances it looks like LayerTreeHostGtk::invalidate can be called before WebPage::close. This happens due to a timer like this:

#1  0x00007fb9e4fdb9a3 in WebKit::DrawingAreaImpl::exitAcceleratedCompositingMode() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#2  0x00007fb9e431f5e2 in WTF::RunLoop::TimerBase::timerFiredCallback(WTF::RunLoop::TimerBase*) () from /home/itoral/Devel/Gnome/bin/lib64/libjavascriptcoregtk-3.0.so.0
#3  0x00007fb9e0f5e206 in g_timeout_dispatch (source=0x37d0310, callback=0x7fb9e431f5c0 <WTF::RunLoop::TimerBase::timerFiredCallback(WTF::RunLoop::TimerBase*)>, 
    user_data=0x3502d30) at gmain.c:4450
#4  0x00007fb9e0f5c4e0 in g_main_dispatch (context=0xf50ac0) at gmain.c:3066
#5  0x00007fb9e0f5d20e in g_main_context_dispatch (context=0xf50ac0) at gmain.c:3641

This creates a problem because we can only allow the underlying GL context to be really destroyed when we know for sure that both the layer tree host and the GraphicsContext3D are done with it which, according to this, can happen in any order.

I think the way to fix this would be to make the GLContext instance used by both the layer tree host and the GraphicsContext3D a RefPtr instead of an OwnPtr. I think this would allow us to just use the same GLContext instance for both and make sure it won't be destroyed until both objects are done with it. This would require to change the signature of the GLContext::create*() functions.

Martin, what do you think?
Comment 7 Martin Robinson 2014-03-05 07:49:03 PST
(In reply to comment #6)

> I think the way to fix this would be to make the GLContext instance used by both the layer tree host and the GraphicsContext3D a RefPtr instead of an OwnPtr. I think this would allow us to just use the same GLContext instance for both and make sure it won't be destroyed until both objects are done with it. This would require to change the signature of the GLContext::create*() functions.

It seems a bit suspicious that the GraphicsContext3D is destroyed before the layer tree host. What owns the graphics context?
Comment 8 Iago Toral 2014-03-06 00:19:03 PST
(In reply to comment #7)
> (In reply to comment #6)
> 
> > I think the way to fix this would be to make the GLContext instance used by both the layer tree host and the GraphicsContext3D a RefPtr instead of an OwnPtr. I think this would allow us to just use the same GLContext instance for both and make sure it won't be destroyed until both objects are done with it. This would require to change the signature of the GLContext::create*() functions.
> 
> It seems a bit suspicious that the GraphicsContext3D is destroyed before the layer tree host. What owns the graphics context?

The TextureMapperGL has a reference to a GraphicsContext3D that it creates in its constructor, but it is a RefPtr.

TextureMapperGLData, which is also created in the TextureMapperGL constuctor, seems to hold another RefPtr to the same pointer of the graphics context.

Then all the instances of BitmapTextureGL created with the texture mapper also have a RefPtr to the GraphicsContext3D instance.

Typically, the GraphicsContext3D is destroyed with the texture mapper like this:

#0  0x00007fa1241580d0 in WebCore::GraphicsContext3DPrivate::~GraphicsContext3DPrivate() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#1  0x00007fa124157bd6 in WebCore::GraphicsContext3D::~GraphicsContext3D() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#2  0x00007fa123a31408 in WebCore::TextureMapperGL::~TextureMapperGL() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#3  0x00007fa123a31449 in WebCore::TextureMapperGL::~TextureMapperGL() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#4  0x00007fa12320c6b0 in WebKit::LayerTreeHostGtk::invalidate() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#5  0x00007fa1231e0199 in WebKit::DrawingAreaImpl::~DrawingAreaImpl() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#6  0x00007fa1231e0289 in WebKit::DrawingAreaImpl::~DrawingAreaImpl() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#7  0x00007fa1231f915d in WebKit::WebPage::close() () from /home/itoral/Devel

However, this can also happen some times:

#0  0x00007fa1241580d0 in WebCore::GraphicsContext3DPrivate::~GraphicsContext3DPrivate() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#1  0x00007fa124157bd6 in WebCore::GraphicsContext3D::~GraphicsContext3D() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#2  0x00007fa123a2d827 in WebCore::BitmapTextureGL::~BitmapTextureGL() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#3  0x00007fa123a2d8f9 in WebCore::BitmapTextureGL::~BitmapTextureGL() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#4  0x00007fa123a4533d in WTF::Vector<WebCore::TextureMapperTile, 0ul, WTF::CrashOnOverflow>::shrink(unsigned long) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#5  0x00007fa123a45467 in WebCore::TextureMapperTiledBackingStore::~TextureMapperTiledBackingStore() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#6  0x00007fa123a41fa6 in WebCore::TextureMapperLayer::~TextureMapperLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#7  0x00007fa123a42039 in WebCore::TextureMapperLayer::~TextureMapperLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#8  0x00007fa123a386f1 in WebCore::GraphicsLayerTextureMapper::~GraphicsLayerTextureMapper() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#9  0x00007fa123a38739 in WebCore::GraphicsLayerTextureMapper::~GraphicsLayerTextureMapper() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#10 0x00007fa1239069f1 in WebCore::RenderLayerBacking::destroyGraphicsLayers() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#11 0x00007fa1239082c9 in WebCore::RenderLayerBacking::~RenderLayerBacking() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#12 0x00007fa1239083f9 in WebCore::RenderLayerBacking::~RenderLayerBacking() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#13 0x00007fa1238f93e1 in WebCore::RenderLayer::clearBacking(bool) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#14 0x00007fa1238f953a in WebCore::RenderLayer::~RenderLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#15 0x00007fa1238f9799 in WebCore::RenderLayer::~RenderLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#16 0x00007fa12393a161 in WebCore::RenderObject::willBeDestroyed() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#17 0x00007fa12393f48d in WebCore::RenderObject::destroy() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#18 0x00007fa1239ed11e in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#19 0x00007fa1239ed03b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#20 0x00007fa1239ed09b in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#21 0x00007fa1239ed03b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#22 0x00007fa1239ed09b in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#23 0x00007fa1239ed03b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#24 0x00007fa1239ed09b in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#25 0x00007fa1239ed03b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#26 0x00007fa1239ed09b in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#27 0x00007fa1239ed03b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#28 0x00007fa1239ed09b in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#29 0x00007fa1239ed03b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#30 0x00007fa1239ed09b in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#31 0x00007fa123407577 in WebCore::Document::destroyRenderTree() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#32 0x00007fa123412365 in WebCore::Document::prepareForDestruction() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#33 0x00007fa1237d1068 in WebCore::Frame::setView(WTF::PassRefPtr<WebCore::FrameView>) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#34 0x00007fa12373ba73 in WebCore::FrameLoader::detachFromParent() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#35 0x00007fa1231f9125 in WebKit::WebPage::close() () from /home/itoral/Devel

The error situation, which is a crash in the driver when trying to make current a context that is no longer valid, happens with this stack:

#0  0x00007f2c00c0b22b in intel_prepare_render (brw=0x302c4b0) at brw_context.c:1117
#1  0x00007f2c00c0ae42 in intelMakeCurrent (driContextPriv=0x2ff66d0, driDrawPriv=0x2fe75e0, driReadPriv=0x2fe75e0) at brw_context.c:964
#2  0x00007f2c00b8348b in driBindContext (pcp=0x2ff66d0, pdp=0x2fe75e0, prp=0x2fe75e0) at dri_util.c:543
#3  0x00007f2c81d0a3a9 in dri2_bind_context (context=0x4639810, old=0x7f2c81d444e0 <dummyContext>, draw=41949698, read=41949698) at dri2_glx.c:162
#4  0x00007f2c81cd044d in MakeContextCurrent (dpy=0x1bf6740, draw=41949698, read=41949698, gc_user=0x4639810) at glxcurrent.c:259
#5  0x00007f2c81cd056e in glXMakeCurrent (dpy=0x1bf6740, draw=41949698, gc=0x4639810) at glxcurrent.c:293
#6  0x00007f2c86a4edd3 in WebCore::GLContextGLX::makeContextCurrent() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#7  0x00007f2c864fa341 in WebCore::GraphicsContext3D::deleteTexture(unsigned int) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#8  0x00007f2c861738e4 in WebCore::BitmapTextureGL::~BitmapTextureGL() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#9  0x00007f2c861738f9 in WebCore::BitmapTextureGL::~BitmapTextureGL() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#10 0x00007f2c8618b33d in WTF::Vector<WebCore::TextureMapperTile, 0ul, WTF::CrashOnOverflow>::shrink(unsigned long) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#11 0x00007f2c8618b467 in WebCore::TextureMapperTiledBackingStore::~TextureMapperTiledBackingStore() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#12 0x00007f2c86187fa6 in WebCore::TextureMapperLayer::~TextureMapperLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#13 0x00007f2c86188039 in WebCore::TextureMapperLayer::~TextureMapperLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#14 0x00007f2c8617e6f1 in WebCore::GraphicsLayerTextureMapper::~GraphicsLayerTextureMapper() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#15 0x00007f2c8617e739 in WebCore::GraphicsLayerTextureMapper::~GraphicsLayerTextureMapper() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#16 0x00007f2c8604c9f1 in WebCore::RenderLayerBacking::destroyGraphicsLayers() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#17 0x00007f2c8604e2c9 in WebCore::RenderLayerBacking::~RenderLayerBacking() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#18 0x00007f2c8604e3f9 in WebCore::RenderLayerBacking::~RenderLayerBacking() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#19 0x00007f2c8603f3e1 in WebCore::RenderLayer::clearBacking(bool) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#20 0x00007f2c8603f53a in WebCore::RenderLayer::~RenderLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#21 0x00007f2c8603f799 in WebCore::RenderLayer::~RenderLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#22 0x00007f2c86080161 in WebCore::RenderObject::willBeDestroyed() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#23 0x00007f2c8608548d in WebCore::RenderObject::destroy() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#24 0x00007f2c8613311e in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#25 0x00007f2c8613303b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#26 0x00007f2c8613309b in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#27 0x00007f2c8613303b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
   from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#28 0x00007f2c8613309b in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#29 0x00007f2c85b4d577 in WebCore::Document::destroyRenderTree() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#30 0x00007f2c85b58365 in WebCore::Document::prepareForDestruction() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#31 0x00007f2c85f17068 in WebCore::Frame::setView(WTF::PassRefPtr<WebCore::FrameView>) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#32 0x00007f2c85e81a73 in WebCore::FrameLoader::detachFromParent() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#33 0x00007f2c8593f125 in WebKit::WebPage::close() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25

And as far as I can see, when this happens the texture mapper was already destroyed (I suppose because of that timer function I mentioned in a previous comment), but it looks like some BitmapTextureGL objects still lived, keeping a reference to the GraphicsContext3D preventing its destruction, hence leading to the problem.

I don't know if this behavior is expected or is a bug.
Comment 9 Michael Catanzaro 2016-01-02 09:34:25 PST
Comment on attachment 225350 [details]
Patch

I don't understand OpenGL, but I do understand that this:

"The problem is that the tear down sequence in WebPage::close goes so that WebCore::FrameLoader::detachFromParent() is called first (this will produce destruction of GL objects via GraphicsContext3D) and then the drawing area is destroyed (which invalidates the layer tree host)."

Means you've decided this patch is not ready. :) Removing from request queue.
Comment 10 Maxime Coste 2019-06-12 20:57:07 PDT
This triggers a crash here, with the following callstack:

#0  0x00007f02a32eae69 in glDeleteTextures () from /lib64/libGL.so.1
#1  0x00007f02a86f4ece in WebCore::BitmapTextureGL::~BitmapTextureGL (this=0x7f01dda6d210, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/texmap/BitmapTextureGL.cpp:291
#2  0x00007f02a86f4f59 in WebCore::BitmapTextureGL::~BitmapTextureGL (this=0x7f01dda6d210, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/texmap/BitmapTextureGL.cpp:288
#3  0x00007f02a73509e6 in WTF::RefCounted<WebCore::BitmapTexture>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:142
#4  WTF::RefCounted<WebCore::BitmapTexture>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:142
#5  WTF::derefIfNotNull<WebCore::BitmapTexture> (ptr=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:44
#6  WTF::RefPtr<WebCore::BitmapTexture, WTF::DumbPtrTraits<WebCore::BitmapTexture> >::~RefPtr (this=0x7f01ea017790, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:69
#7  WebCore::TextureMapperTile::~TextureMapperTile (this=0x7f01ea017788, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/texmap/TextureMapperTile.h:42
#8  WebCore::CoordinatedBackingStoreTile::~CoordinatedBackingStoreTile (this=0x7f01ea017788, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedBackingStore.h:38
#9  WTF::KeyValuePair<unsigned int, WebCore::CoordinatedBackingStoreTile>::~KeyValuePair (this=0x7f01ea017780, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/KeyValuePair.h:33
#10 WTF::HashTable<unsigned int, WTF::KeyValuePair<unsigned int, WebCore::CoordinatedBackingStoreTile>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned int, WebCore::CoordinatedBackingStoreTile> >, WTF::IntHash<unsigned int>, WTF::HashMap<unsigned int, WebCore::CoordinatedBackingStoreTile, WTF::IntHash<unsigned int>, WTF::HashTraits<unsigned int>, WTF::HashTraits<WebCore::CoordinatedBackingStoreTile> >::KeyValuePairTraits, WTF::HashTraits<unsigned int> >::deallocateTable (size=<optimized out>, table=0x7f01ea017600)
    at DerivedSources/ForwardingHeaders/wtf/HashTable.h:1178
#11 WTF::HashTable<unsigned int, WTF::KeyValuePair<unsigned int, WebCore::CoordinatedBackingStoreTile>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned int, WebCore::CoordinatedBackingStoreTile> >, WTF::IntHash<unsigned int>, WTF::HashMap<unsigned int, WebCore::CoordinatedBackingStoreTile, WTF::IntHash<unsigned int>, WTF::HashTraits<unsigned int>, WTF::HashTraits<WebCore::CoordinatedBackingStoreTile> >::KeyValuePairTraits, WTF::HashTraits<unsigned int> >::~HashTable (this=0x7f01e28c7078, __in_chrg=<optimized out>)
    at DerivedSources/ForwardingHeaders/wtf/HashTable.h:362
#12 WTF::HashMap<unsigned int, WebCore::CoordinatedBackingStoreTile, WTF::IntHash<unsigned int>, WTF::HashTraits<unsigned int>, WTF::HashTraits<WebCore::CoordinatedBackingStoreTile> >::~HashMap (this=0x7f01e28c7078, __in_chrg=<optimized out>)
    at DerivedSources/ForwardingHeaders/wtf/HashMap.h:35
#13 WebCore::CoordinatedBackingStore::~CoordinatedBackingStore (this=0x7f01e28c7060, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedBackingStore.h:63
#14 WebCore::CoordinatedBackingStore::~CoordinatedBackingStore (this=0x7f01e28c7060, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedBackingStore.h:63
#15 0x00007f02a7359ec6 in WTF::RefCounted<WebCore::CoordinatedBackingStore>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:142
#16 WTF::RefCounted<WebCore::CoordinatedBackingStore>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:142
#17 WTF::derefIfNotNull<WebCore::CoordinatedBackingStore> (ptr=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:44
#18 WTF::RefPtr<WebCore::CoordinatedBackingStore, WTF::DumbPtrTraits<WebCore::CoordinatedBackingStore> >::~RefPtr (this=0x224ee30, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:69
#19 Nicosia::BackingStoreTextureMapperImpl::CompositionState::~CompositionState (this=0x224ee30, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/texmap/NicosiaBackingStoreTextureMapperImpl.h:100
#20 Nicosia::BackingStoreTextureMapperImpl::~BackingStoreTextureMapperImpl (this=0x224ede0, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/texmap/NicosiaBackingStoreTextureMapperImpl.h:43
#21 0x00007f02a7359ee9 in Nicosia::BackingStoreTextureMapperImpl::~BackingStoreTextureMapperImpl (this=0x224ede0, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/texmap/NicosiaBackingStoreTextureMapperImpl.h:43
#22 0x00007f02a7358369 in Nicosia::BackingStore::~BackingStore (this=0x7f01da988780, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:303
#23 0x00007f02a7358906 in WTF::ThreadSafeRefCounted<Nicosia::BackingStore, (WTF::DestructionThread)0>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:71
#24 WTF::ThreadSafeRefCounted<Nicosia::BackingStore, (WTF::DestructionThread)0>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:71
#25 WTF::derefIfNotNull<Nicosia::BackingStore> (ptr=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:44
#26 WTF::RefPtr<Nicosia::BackingStore, WTF::DumbPtrTraits<Nicosia::BackingStore> >::~RefPtr (this=0x7f0250a6c1d8, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:69
#27 Nicosia::CompositionLayer::LayerState::~LayerState (this=0x7f0250a6c030, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:89
#28 Nicosia::CompositionLayer::{unnamed type#1}::~CompositionLayer() (this=0x7f0250a6c030, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:271
#29 Nicosia::CompositionLayer::~CompositionLayer (this=0x7f0250a6c000, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:70
#30 0x00007f02a7358e29 in Nicosia::CompositionLayer::~CompositionLayer (this=0x7f0250a6c000, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:70
#31 0x00007f02a7358ce6 in WTF::ThreadSafeRefCounted<Nicosia::PlatformLayer, (WTF::DestructionThread)0>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:71
#32 WTF::ThreadSafeRefCounted<Nicosia::PlatformLayer, (WTF::DestructionThread)0>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:71
#33 WTF::derefIfNotNull<Nicosia::CompositionLayer> (ptr=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:44
#34 WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> >::~RefPtr (this=0x7f01f2ad3f00, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:69
#35 WTF::VectorDestructor<true, WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> > >::destruct (end=0x7f01f2ad3f18, begin=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:64
#36 WTF::VectorTypeOperations<WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> > >::destruct (end=0x7f01f2ad3f18, begin=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:243
#37 WTF::Vector<WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> >, 0ul, WTF::CrashOnOverflow, 16ul>::~Vector (this=0x7f0210144550, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:675
#38 Nicosia::CompositionLayer::LayerState::~LayerState (this=0x7f02101443d0, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:89
#39 Nicosia::CompositionLayer::{unnamed type#1}::~CompositionLayer() (this=0x7f0210144030, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:271
#40 Nicosia::CompositionLayer::~CompositionLayer (this=0x7f0210144000, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:70
#41 0x00007f02a7358e29 in Nicosia::CompositionLayer::~CompositionLayer (this=0x7f0210144000, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:70
#42 0x00007f02a7358c46 in WTF::ThreadSafeRefCounted<Nicosia::PlatformLayer, (WTF::DestructionThread)0>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:71
#43 WTF::ThreadSafeRefCounted<Nicosia::PlatformLayer, (WTF::DestructionThread)0>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:71
#44 WTF::derefIfNotNull<Nicosia::CompositionLayer> (ptr=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:44
#45 WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> >::~RefPtr (this=0x7f012ced3320, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:69
#46 WTF::VectorDestructor<true, WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> > >::destruct (end=0x7f012ced3328, begin=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:64
#47 WTF::VectorTypeOperations<WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> > >::destruct (end=0x7f012ced3328, begin=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:243
#48 WTF::Vector<WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> >, 0ul, WTF::CrashOnOverflow, 16ul>::~Vector (this=0x7f021f4919b0, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:675
#49 Nicosia::CompositionLayer::LayerState::~LayerState (this=0x7f021f491830, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:89
#50 Nicosia::CompositionLayer::{unnamed type#1}::~CompositionLayer() (this=0x7f021f491830, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:271
#51 Nicosia::CompositionLayer::~CompositionLayer (this=0x7f021f491800, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:70
#52 0x00007f02a7358e29 in Nicosia::CompositionLayer::~CompositionLayer (this=0x7f021f491800, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:70
#53 0x00007f02a7358c46 in WTF::ThreadSafeRefCounted<Nicosia::PlatformLayer, (WTF::DestructionThread)0>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:71
#54 WTF::ThreadSafeRefCounted<Nicosia::PlatformLayer, (WTF::DestructionThread)0>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:71
#55 WTF::derefIfNotNull<Nicosia::CompositionLayer> (ptr=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:44
#56 WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> >::~RefPtr (this=0x7f012ced3318, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:69
#57 WTF::VectorDestructor<true, WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> > >::destruct (end=0x7f012ced3320, begin=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:64
#58 WTF::VectorTypeOperations<WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> > >::destruct (end=0x7f012ced3320, begin=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:243
#59 WTF::Vector<WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> >, 0ul, WTF::CrashOnOverflow, 16ul>::~Vector (this=0x7f01e8de41b0, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:675
#60 Nicosia::CompositionLayer::LayerState::~LayerState (this=0x7f01e8de4030, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:89
#61 Nicosia::CompositionLayer::{unnamed type#1}::~CompositionLayer() (this=0x7f01e8de4030, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:271
#62 Nicosia::CompositionLayer::~CompositionLayer (this=0x7f01e8de4000, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:70
#63 0x00007f02a7358e29 in Nicosia::CompositionLayer::~CompositionLayer (this=0x7f01e8de4000, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:70
#64 0x00007f02a7358c46 in WTF::ThreadSafeRefCounted<Nicosia::PlatformLayer, (WTF::DestructionThread)0>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:71
#65 WTF::ThreadSafeRefCounted<Nicosia::PlatformLayer, (WTF::DestructionThread)0>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:71
#66 WTF::derefIfNotNull<Nicosia::CompositionLayer> (ptr=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:44
#67 WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> >::~RefPtr (this=0x7f012ced3310, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:69
#68 WTF::VectorDestructor<true, WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> > >::destruct (end=0x7f012ced3318, begin=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:64
#69 WTF::VectorTypeOperations<WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> > >::destruct (end=0x7f012ced3318, begin=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:243
#70 WTF::Vector<WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> >, 0ul, WTF::CrashOnOverflow, 16ul>::~Vector (this=0x7f01e8de47b0, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:675
#71 Nicosia::CompositionLayer::LayerState::~LayerState (this=0x7f01e8de4630, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:89
#72 Nicosia::CompositionLayer::{unnamed type#1}::~CompositionLayer() (this=0x7f01e8de4630, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:271
#73 Nicosia::CompositionLayer::~CompositionLayer (this=0x7f01e8de4600, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:70
#74 0x00007f02a7358e29 in Nicosia::CompositionLayer::~CompositionLayer (this=0x7f01e8de4600, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:70
#75 0x00007f02a7358c46 in WTF::ThreadSafeRefCounted<Nicosia::PlatformLayer, (WTF::DestructionThread)0>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:71
#76 WTF::ThreadSafeRefCounted<Nicosia::PlatformLayer, (WTF::DestructionThread)0>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:71
#77 WTF::derefIfNotNull<Nicosia::CompositionLayer> (ptr=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:44
#78 WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> >::~RefPtr (this=0x7f01fa298510, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:69
#79 WTF::VectorDestructor<true, WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> > >::destruct (end=0x7f01fa298520, begin=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:64
#80 WTF::VectorTypeOperations<WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> > >::destruct (end=0x7f01fa298520, begin=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:243
#81 WTF::Vector<WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> >, 0ul, WTF::CrashOnOverflow, 16ul>::~Vector (this=0x7f0250a5b9b0, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:675
#82 Nicosia::CompositionLayer::LayerState::~LayerState (this=0x7f0250a5b830, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:89
#83 Nicosia::CompositionLayer::{unnamed type#1}::~CompositionLayer() (this=0x7f0250a5b830, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:271
#84 Nicosia::CompositionLayer::~CompositionLayer (this=0x7f0250a5b800, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:70
#85 0x00007f02a7358e29 in Nicosia::CompositionLayer::~CompositionLayer (this=0x7f0250a5b800, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:70
#86 0x00007f02a7358c46 in WTF::ThreadSafeRefCounted<Nicosia::PlatformLayer, (WTF::DestructionThread)0>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:71
#87 WTF::ThreadSafeRefCounted<Nicosia::PlatformLayer, (WTF::DestructionThread)0>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:71
#88 WTF::derefIfNotNull<Nicosia::CompositionLayer> (ptr=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:44
#89 WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> >::~RefPtr (this=0x7f012ced3308, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:69
#90 WTF::VectorDestructor<true, WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> > >::destruct (end=0x7f012ced3310, begin=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:64
#91 WTF::VectorTypeOperations<WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> > >::destruct (end=0x7f012ced3310, begin=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:243
#92 WTF::Vector<WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> >, 0ul, WTF::CrashOnOverflow, 16ul>::~Vector (this=0x7f01dd6673b0, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:675
#93 Nicosia::CompositionLayer::LayerState::~LayerState (this=0x7f01dd667230, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:89
#94 Nicosia::CompositionLayer::{unnamed type#1}::~CompositionLayer() (this=0x7f01dd667230, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:271
#95 Nicosia::CompositionLayer::~CompositionLayer (this=0x7f01dd667200, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:70
#96 0x00007f02a7358e29 in Nicosia::CompositionLayer::~CompositionLayer (this=0x7f01dd667200, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:70
#97 0x00007f02a735976b in WTF::ThreadSafeRefCounted<Nicosia::PlatformLayer, (WTF::DestructionThread)0>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:71
#98 WTF::ThreadSafeRefCounted<Nicosia::PlatformLayer, (WTF::DestructionThread)0>::deref (this=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:71
#99 WTF::derefIfNotNull<Nicosia::CompositionLayer> (ptr=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:44
#100 WTF::RefPtr<Nicosia::CompositionLayer, WTF::DumbPtrTraits<Nicosia::CompositionLayer> >::~RefPtr (this=0x7f0212cb4278, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:69
#101 Nicosia::Scene::State::~State (this=0x7f0212cb4258, __in_chrg=<optimized out>) at ../Source/WebCore/platform/graphics/nicosia/NicosiaScene.h:49
#102 0x00007f02a73202c1 in WebKit::CompositingCoordinator::{unnamed type#1}::~CompositingCoordinator() (this=0x7f0212cb4250, __in_chrg=<optimized out>) at ../Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.h:121
#103 WebKit::CompositingCoordinator::~CompositingCoordinator (this=0x7f0212cb4210, __in_chrg=<optimized out>) at ../Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp:62
#104 0x00007f02a732074a in WebKit::LayerTreeHost::~LayerTreeHost (this=0x7f0212cb41c8, __in_chrg=<optimized out>) at /usr/include/c++/8/bits/unique_ptr.h:347
#105 0x00007f02a7320a35 in std::default_delete<WebKit::LayerTreeHost>::operator() (this=<optimized out>, __ptr=0x7f0212cb41c8) at /usr/include/c++/8/bits/unique_ptr.h:75
#106 std::default_delete<WebKit::LayerTreeHost>::operator() (this=0x7f0292c77080, __ptr=0x7f0212cb41c8) at /usr/include/c++/8/bits/unique_ptr.h:75
#107 std::unique_ptr<WebKit::LayerTreeHost, std::default_delete<WebKit::LayerTreeHost> >::reset (__p=0x7f0212cb41c8, this=0x7f0292c77080) at /usr/include/c++/8/bits/unique_ptr.h:382
#108 std::unique_ptr<WebKit::LayerTreeHost, std::default_delete<WebKit::LayerTreeHost> >::operator=(decltype(nullptr)) (this=0x7f0292c77080) at /usr/include/c++/8/bits/unique_ptr.h:318
#109 WebKit::DrawingAreaCoordinatedGraphics::discardPreviousLayerTreeHost (this=0x7f0292c77000) at ../Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp:487
#110 0x00007f02a6238e43 in WTF::RunLoop::TimerBase::<lambda(gpointer)>::operator() (__closure=0x0, userData=0x7f0292c77088) at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:171
#111 WTF::RunLoop::TimerBase::<lambda(gpointer)>::_FUN(gpointer) () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:177
#112 0x00007f02a25d406d in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#113 0x00007f02a25d4438 in ?? () from /lib64/libglib-2.0.so.0
#114 0x00007f02a25d4762 in g_main_loop_run () from /lib64/libglib-2.0.so.0
#115 0x00007f02a6239270 in WTF::RunLoop::run () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:96
#116 0x00007f02a732e998 in WebKit::AuxiliaryProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=<optimized out>, argv=0x7ffcde3aa338) at ../Source/WebKit/Shared/unix/AuxiliaryProcessMain.h:47
#117 0x00007f02a1ddc413 in __libc_start_main () from /lib64/libc.so.6
#118 0x0000000000400a5e in _start ()

Dump of assembler code for function glDeleteTextures:
   0x00007f02a32eae60 <+0>:	mov    %fs:0xfffffffffffffbb8,%rax
=> 0x00007f02a32eae69 <+9>:	jmpq   *0xa38(%rax)

rax is zero here, as indicated by the %fs register usage, this is a thread local access, so I assume this is accessing the active GL context function table and it is currently null, which would mean we have no active GL context, likely because we deactivated it earlier in that stack of destructor calls.

This happens on http://svn.webkit.org/repository/webkit/trunk@246340