169184 – [GTK] Crash in WebKit::CompositingCoordinator::setViewOverlayRootLayer

Bug 169184 - [GTK] Crash in WebKit::CompositingCoordinator::setViewOverlayRootLayer

Summary: [GTK] Crash in WebKit::CompositingCoordinator::setViewOverlayRootLayer

Status:	RESOLVED DUPLICATE of bug 171161

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKitGTK (show other bugs)
Version:	WebKit Nightly Build
Hardware:	PC Linux

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-03-05 11:10 PST by Michael Catanzaro
Modified:	2017-08-31 00:34 PDT (History)
CC List:	6 users (show)

See Also:	https://bugzilla.redhat.com/show_bug.cgi?id=1429225 https://bugzilla.redhat.com/show_bug.cgi?id=1461128 https://bugzilla.redhat.com/show_bug.cgi?id=1464648

Attachments
Alternate backtrace (97.93 KB, text/plain) 2017-08-30 21:49 PDT, Michael Catanzaro	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Catanzaro 2017-03-05 11:10:13 PST

Web inspector crash in WebKit::CompositingCoordinator::setViewOverlayRootLayer. Truncated backtrace:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fdcbe388352 in std::__atomic_base<int>::operator-- (this=0x7fdcc03a5878 <vtable for WTF::Function<void ()>::CallableWrapper<IPC::Connection::sendMessage(std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >, WTF::OptionSet<IPC::SendOption>)::{lambda()#1}>+24>) at /usr/include/c++/6.3.1/bits/atomic_base.h:304
304	      { return __atomic_sub_fetch(&_M_i, 1, memory_order_seq_cst); }
[Current thread is 1 (Thread 0x7fdcc06c6ac0 (LWP 17265))]

Thread 1 (Thread 0x7fdcc06c6ac0 (LWP 17265)):
#0  0x00007fdcbe388352 in std::__atomic_base<int>::operator--() (this=0x7fdcc03a5878 <vtable for WTF::Function<void ()>::CallableWrapper<IPC::Connection::sendMessage(std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >, WTF::OptionSet<IPC::SendOption>)::{lambda()#1}>+24>) at /usr/include/c++/6.3.1/bits/atomic_base.h:304
#1  0x00007fdcbe388352 in WTF::ThreadSafeRefCountedBase::derefBase() (this=0x7fdcc03a5878 <vtable for WTF::Function<void ()>::CallableWrapper<IPC::Connection::sendMessage(std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >, WTF::OptionSet<IPC::SendOption>)::{lambda()#1}>+24>) at /usr/src/debug/webkitgtk-2.14.5/Source/WTF/wtf/ThreadSafeRefCounted.h:63
#2  0x00007fdcbe388352 in WTF::ThreadSafeRefCounted<IPC::Connection::WorkQueueMessageReceiver>::deref() (this=0x7fdcc03a5878 <vtable for WTF::Function<void ()>::CallableWrapper<IPC::Connection::sendMessage(std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >, WTF::OptionSet<IPC::SendOption>)::{lambda()#1}>+24>) at /usr/src/debug/webkitgtk-2.14.5/Source/WTF/wtf/ThreadSafeRefCounted.h:78
#3  0x00007fdcbe388352 in WTF::derefIfNotNull<IPC::Connection::WorkQueueMessageReceiver>(IPC::Connection::WorkQueueMessageReceiver*) (ptr=<optimized out>) at /usr/src/debug/webkitgtk-2.14.5/Source/WTF/wtf/PassRefPtr.h:40
#4  0x00007fdcbe388352 in WTF::RefPtr<IPC::Connection::WorkQueueMessageReceiver>::~RefPtr() (this=0x7fdc2d9e1810, __in_chrg=<optimized out>) at /usr/src/debug/webkitgtk-2.14.5/Source/WTF/wtf/RefPtr.h:62
#5  0x00007fdcbe388352 in IPC::Connection::<lambda()>::~<lambda> (this=0x7fdc2d9e1808, __in_chrg=<optimized out>) at /usr/src/debug/webkitgtk-2.14.5/Source/WebKit2/Platform/IPC/Connection.cpp:609
#6  0x00007fdcbe388352 in WTF::Function<void()>::CallableWrapper<IPC::Connection::processIncomingMessage(std::unique_ptr<IPC::Decoder>)::<lambda()> >::~CallableWrapper (this=0x7fdc2d9e1800, __in_chrg=<optimized out>) at /usr/src/debug/webkitgtk-2.14.5/Source/WTF/wtf/Function.h:91
#7  0x00007fdcbe388352 in WTF::Function<void()>::CallableWrapper<IPC::Connection::processIncomingMessage(std::unique_ptr<IPC::Decoder>)::<lambda()> >::~CallableWrapper(void) (this=0x7fdc2d9e1800, __in_chrg=<optimized out>) at /usr/src/debug/webkitgtk-2.14.5/Source/WTF/wtf/Function.h:91
#8  0x00007fdcbe656000 in WebKit::CompositingCoordinator::setViewOverlayRootLayer(WebCore::GraphicsLayer*) (this=0x7fdc53596878, graphicsLayer=0x7fdc4120f800) at /usr/src/debug/webkitgtk-2.14.5/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp:88
#9  0x00007fdcbf11d493 in WebCore::RenderLayerCompositor::attachRootLayer(WebCore::RenderLayerCompositor::RootLayerAttachment) (this=this@entry=0x7fdca9f8b720, attachment=attachment@entry=WebCore::RenderLayerCompositor::RootLayerAttachedViaChromeClient) at /usr/src/debug/webkitgtk-2.14.5/Source/WebCore/rendering/RenderLayerCompositor.cpp:3545
#10 0x00007fdcbf11f916 in WebCore::RenderLayerCompositor::ensureRootLayer() (this=this@entry=0x7fdca9f8b720) at /usr/src/debug/webkitgtk-2.14.5/Source/WebCore/rendering/RenderLayerCompositor.cpp:3475
        expectedAttachment = WebCore::RenderLayerCompositor::RootLayerAttachedViaChromeClient

See the downstream bug for the full backtrace.

Comment 1 BJ Burg 2017-03-05 17:31:27 PST

This is a rendering / compositing bug. Web Inspector seems to be the test case.

Comment 2 Michael Catanzaro 2017-08-30 21:49:24 PDT

Created attachment 319448 [details]
Alternate backtrace

Comment 3 Miguel Gomez 2017-08-31 00:34:54 PDT

This seems to be the same crash that happens in https://bugs.webkit.org/show_bug.cgi?id=171161. Should be fixed in ToT.

*** This bug has been marked as a duplicate of bug 171161 ***