Bug 174789 - REGRESSION(r218629): [GTK] ASSERTION FAILED: m_eglDisplay == EGL_NO_DISPLAY in WebCore::PlatformDisplay::~PlatformDisplay
Summary: REGRESSION(r218629): [GTK] ASSERTION FAILED: m_eglDisplay == EGL_NO_DISPLAY i...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: Other
Hardware: PC Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-24 09:09 PDT by Michael Catanzaro
Modified: 2017-07-25 04:38 PDT (History)
4 users (show)

See Also:

Attachments
Patch (2.37 KB, patch)
2017-07-25 01:38 PDT, Carlos Garcia Campos 		zan: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Catanzaro 2017-07-24 09:09:06 PDT 
This is a recent regression. It occurs frequently when closing Epiphany, but not always. It always occurs when closing Epiphany while displaying https://duckduckgo.com.

ASSERTION FAILED: m_eglDisplay == EGL_NO_DISPLAY
../../Source/WebCore/platform/graphics/PlatformDisplay.cpp(159) : virtual WebCore::PlatformDisplay::~PlatformDisplay()

#0  0x00007fc997c49fdf in WTFCrash ()
    at ../../Source/WTF/wtf/Assertions.cpp:278
No locals.
#1  0x00007fc9a22f852d in (anonymous namespace)::PlatformDisplay::~PlatformDisplay (this=0x7fc925ad4090, __in_chrg=<optimized out>)
    at ../../Source/WebCore/platform/graphics/PlatformDisplay.cpp:159
No locals.
#2  0x00000000046c7c08 in (anonymous namespace)::PlatformDisplayWayland::~PlatformDisplayWayland (this=0x7fc925ad4090, __in_chrg=<optimized out>)
    at ../../Source/WebCore/platform/graphics/wayland/PlatformDisplayWayland.cpp:68
No locals.
#3  0x00000000046c7c24 in (anonymous namespace)::PlatformDisplayWayland::~PlatformDisplayWayland (this=0x7fc925ad4090, __in_chrg=<optimized out>)
    at ../../Source/WebCore/platform/graphics/wayland/PlatformDisplayWayland.cpp:72
No locals.
#4  0x00007fc9a22f8e6a in std::default_delete<WebCore::PlatformDisplay>::operator() (this=0x7fc9a70d51a8 <WebCore::PlatformDisplay::sharedDisplay()::display>, 
    __ptr=0x7fc925ad4090) at /usr/include/c++/7/bits/unique_ptr.h:78
No locals.
#5  0x00007fc9a22f8adb in std::unique_ptr<WebCore::PlatformDisplay, std::default_delete<WebCore::PlatformDisplay> >::~unique_ptr (
    this=0x7fc9a70d51a8 <WebCore::PlatformDisplay::sharedDisplay()::display>, 
    __in_chrg=<optimized out>) at /usr/include/c++/7/bits/unique_ptr.h:268
        __ptr = @0x7fc9a70d51a8: 0x7fc925ad4090
#6  0x00007fc98c2e5c38 in __run_exit_handlers (status=0, 
    listp=0x7fc98c6765b8 <__exit_funcs>, 
    run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true)
    at exit.c:83
        atfct = <optimized out>
        onfct = <optimized out>
        cxafct = <optimized out>
        f = <optimized out>
#7  0x00007fc98c2e5c8a in __GI_exit (status=<optimized out>) at exit.c:105
No locals.
#8  0x00007fc9a0476cb7 in IPC::Connection::didFailToSendSyncMessage (
    this=0x7fc9855ea000) at ../../Source/WebKit/Platform/IPC/Connection.cpp:884
No locals.
#9  0x00007fc9a0474c24 in IPC::Connection::sendSyncMessage (
    this=0x7fc9855ea000, syncRequestID=13, 
    encoder=std::unique_ptr<IPC::Encoder> containing 0x7fc92267e780, 
    timeout=..., sendSyncOptions=...)
    at ../../Source/WebKit/Platform/IPC/Connection.cpp:517
        locker = {<WTF::AbstractLocker> = {<No data fields>}, 
          m_lockable = 0x7fc9855ea110}
        __PRETTY_FUNCTION__ = "std::unique_ptr<IPC::Decoder> IPC::Connection::sendSyncMessage(uint64_t, std::unique_ptr<IPC::Encoder>, WTF::Seconds, WTF::OptionSet<IPC::SendSyncOption>)"
        protect = {static isRef = <optimized out>, m_ptr = 0x7ffd0c45d588}
        reply = std::unique_ptr<IPC::Decoder> containing 0x7fc92267e780
#10 0x00007fc9a073adc4 in IPC::Connection::sendSync<Messages::WebProcessProxy::ShouldTerminate> (this=0x7fc9855ea000, message=..., reply=..., destinationID=0, 
    timeout=..., sendSyncOptions=...)
    at ../../Source/WebKit/Platform/IPC/Connection.h:384
        syncRequestID = 13
        encoder = std::unique_ptr<IPC::Encoder> containing 0x0
        replyDecoder = std::unique_ptr<IPC::Decoder> containing 0x0
#11 0x00007fc9a0730cac in (anonymous namespace)::WebProcess::shouldTerminate (
    this=0x7b4e180) at ../../Source/WebKit/WebProcess/WebProcess.cpp:609
        __PRETTY_FUNCTION__ = "virtual bool WebKit::WebProcess::shouldTerminate()"
        shouldTerminate = false
#12 0x00007fc9a04a7827 in (anonymous namespace)::ChildProcess::terminationTimerFired (this=0x7b4e180) at ../../Source/WebKit/Shared/ChildProcess.cpp:164
No locals.
#13 0x00007fc9a04a77a2 in (anonymous namespace)::ChildProcess::enableTermination (this=0x7b4e180) at ../../Source/WebKit/Shared/ChildProcess.cpp:145
        __PRETTY_FUNCTION__ = "void WebKit::ChildProcess::enableTermination()"
#14 0x00007fc9a0730bec in (anonymous namespace)::WebProcess::removeWebPage (
    this=0x7b4e180, pageID=1)
    at ../../Source/WebKit/WebProcess/WebProcess.cpp:599
        __PRETTY_FUNCTION__ = "void WebKit::WebProcess::removeWebPage(uint64_t)"
#15 0x00007fc9a089d5dd in (anonymous namespace)::WebPage::close (
    this=0x7fc93a5fa600)
    at ../../Source/WebKit/WebProcess/WebPage/WebPage.cpp:1159
        isRunningModal = false
#16 0x00007fc9a0bf40b0 in IPC::callMemberFunctionImpl<WebKit::WebPage, void (WebKit::WebPage::*)(), std::tuple<> >((anonymous namespace)::WebPage *, void ((anonymous namespace)::WebPage::*)((anonymous namespace)::WebPage * const), std::tuple<> &&, std::index_sequence) (object=0x7fc93a5fa600, 
    function=(void ((anonymous namespace)::WebPage::*)((anonymous namespace)::WebPage * const)) 0x7fc9a089d0ea <(anonymous namespace)::WebPage::close()>, 
    args=...) at ../../Source/WebKit/Platform/IPC/HandleMessage.h:40
No locals.
#17 0x00007fc9a0bf2568 in IPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(), std::tuple<> >(std::tuple<> &&, (anonymous namespace)::WebPage *, void ((anonymous namespace)::WebPage::*)((anonymous namespace)::WebPage * const)) (args=..., object=0x7fc93a5fa600, 
    function=(void ((anonymous namespace)::WebPage::*)((anonymous namespace)::WebPage * const)) 0x7fc9a089d0ea <(anonymous namespace)::WebPage::close()>)
    at ../../Source/WebKit/Platform/IPC/HandleMessage.h:46
No locals.
#18 0x00007fc9a0bed571 in IPC::handleMessage<Messages::WebPage::Close, WebKit::WebPage, void (WebKit::WebPage::*)()> (decoder=..., object=0x7fc93a5fa600, 
    function=(void ((anonymous namespace)::WebPage::*)((anonymous namespace)::WebPage * const)) 0x7fc9a089d0ea <(anonymous namespace)::WebPage::close()>)
    at ../../Source/WebKit/Platform/IPC/HandleMessage.h:126
        __PRETTY_FUNCTION__ = "void IPC::handleMessage(IPC::Decoder&, C*, MF) [with T = Messages::WebPage::Close; C = WebKit::WebPage; MF = void (WebKit::WebPage::*)()]"
        arguments = empty std::tuple
#19 0x00007fc9a0be6f61 in (anonymous namespace)::WebPage::didReceiveWebPageMessage (this=0x7fc93a5fa600, connection=..., decoder=...)
    at DerivedSources/WebKit2/WebPageMessageReceiver.cpp:732
        __PRETTY_FUNCTION__ = "void WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&)"
#20 0x00007fc9a08a832c in (anonymous namespace)::WebPage::didReceiveMessage (
    this=0x7fc93a5fa600, connection=..., decoder=...)
    at ../../Source/WebKit/WebProcess/WebPage/WebPage.cpp:4158
No locals.
#21 0x00007fc9a048df1c in IPC::MessageReceiverMap::dispatchMessage (
    this=0x7b4e1f0, connection=..., decoder=...)
    at ../../Source/WebKit/Platform/IPC/MessageReceiverMap.cpp:123
        messageReceiver = 0x7fc93a5fa610
        __PRETTY_FUNCTION__ = "bool IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)"
#22 0x00007fc9a0730e0a in (anonymous namespace)::WebProcess::didReceiveMessage
    (this=0x7b4e180, connection=..., decoder=...)
    at ../../Source/WebKit/WebProcess/WebProcess.cpp:642
        __PRETTY_FUNCTION__ = "virtual void WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&)"
#23 0x00007fc9a0476df4 in IPC::Connection::dispatchMessage (
    this=0x7fc9855ea000, decoder=...)
    at ../../Source/WebKit/Platform/IPC/Connection.cpp:901
No locals.
#24 0x00007fc9a0476f67 in IPC::Connection::dispatchMessage (
    this=0x7fc9855ea000, 
    message=std::unique_ptr<IPC::Decoder> containing 0x7fc985564960)
    at ../../Source/WebKit/Platform/IPC/Connection.cpp:928
        oldDidReceiveInvalidMessage = false
#25 0x00007fc9a047715e in IPC::Connection::dispatchOneMessage (
    this=0x7fc9855ea000) at ../../Source/WebKit/Platform/IPC/Connection.cpp:959
        message = std::unique_ptr<IPC::Decoder> containing 0x0
#26 0x00007fc9a0476cda in IPC::Connection::<lambda()>::operator()(void) (
    __closure=0x7fc9855e15c8)
    at ../../Source/WebKit/Platform/IPC/Connection.cpp:895
        protectedThis = {static isRef = <optimized out>, 
          m_ptr = 0x7fc9855ea000}
#27 0x00007fc9a047d2c0 in WTF::Function<void()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder>)::<lambda()> >::call(void) (this=0x7fc9855e15c0) at ../../Source/WTF/wtf/Function.h:102
No locals.
#28 0x0000000002f79ed9 in WTF::Function<void()>::operator()(void) const (
    this=0x7ffd0c45f5f8) at ../../Source/WTF/wtf/Function.h:56
No locals.
#29 0x00007fc997c692aa in WTF::RunLoop::performWork (this=0x7fc9855fa100)
    at ../../Source/WTF/wtf/RunLoop.cpp:106
        function = {
          m_callableWrapper = std::unique_ptr<WTF::Function<void()>::CallableWrapperBase> containing 0x7fc9855e15c0}
        functionsToHandle = 2
#30 0x00007fc997cb3926 in WTF::RunLoop::<lambda(gpointer)>::operator()(gpointer) const (__closure=0x0, userData=0x7fc9855fa100)
    at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:68
No locals.
#31 0x00007fc997cb394a in WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer) ()
    at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:70
No locals.
#32 0x00007fc997cb38c6 in WTF::<lambda(GSource*, GSourceFunc, gpointer)>::operator()(GSource *, GSourceFunc, gpointer) const (__closure=0x0, source=0x7b4e0d0, 
    callback=0x7fc997cb392d <WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer)>, userData=0x7fc9855fa100) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:45
No locals.
#33 0x00007fc997cb38f5 in WTF::<lambda(GSource*, GSourceFunc, gpointer)>::_FUN(GSource *, GSourceFunc, gpointer) ()
    at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:46
No locals.
#34 0x00007fc9917c87de in g_main_dispatch (context=0x7abdbd0)
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gmain.c:3148
        dispatch = 0x7fc997cb38c8 <WTF::<lambda(GSource*, GSourceFunc, gpointer)>::_FUN(GSource *, GSourceFunc, gpointer)>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x7fc9855fa100
        callback = 0x7fc997cb392d <WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer)>
        cb_funcs = 0x7fc991aa0a40 <g_source_callback_funcs>
        cb_data = 0x7b4e040
        need_destroy = 0
        source = 0x7b4e0d0
        current = 0x7aef340
        i = 0
        __func__ = "g_main_dispatch"
#35 0x00007fc9917c967f in g_main_context_dispatch (context=0x7abdbd0)
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gmain.c:3813
No locals.
#36 0x00007fc9917c9863 in g_main_context_iterate (context=0x7abdbd0, block=1, 
    dispatch=1, self=0x7abf150)
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gmain.c:3886
        max_priority = 100
        timeout = 0
        some_ready = 1
        nfds = 4
        allocated_nfds = 4
        fds = 0x7b605e0
#37 0x00007fc9917c9c89 in g_main_loop_run (loop=0x7b4e0b0)
    at /home/mcatanzaro/Projects/GNOME/glib/glib/gmain.c:4082
        self = 0x7abf150
        __func__ = "g_main_loop_run"
#38 0x00007fc997cb3e14 in WTF::RunLoop::run ()
    at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:96
        runLoop = 
    @0x7fc9855fa100: {<WTF::FunctionDispatcher> = {<WTF::ThreadSafeRefCounted<WTF::FunctionDispatcher>> = {<WTF::ThreadSafeRefCountedBase> = {
                m_refCount = {<std::__atomic_base<unsigned int>> = {
                    static _S_alignment = 4, 
                    _M_i = 20}, <No data fields>}}, <No data fields>}, 
            _vptr.FunctionDispatcher = 0x7fc998d3f660 <vtable for WTF::RunLoop+16>}, m_functionQueueLock = {m_mutex = {__data = {__lock = 0, __count = 0, 
                __owner = 0, __nusers = 0, __kind = 512, __spins = 0, 
                __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, 
              __size = '\000' <repeats 17 times>, "\002", '\000' <repeats 21 times>, __align = 0}}, m_functionQueue = {m_start = 34, m_end = 38, 
            m_buffer = {<WTF::VectorBufferBase<WTF::Function<void()> >> = {
                m_buffer = 0x7fc9226bc000, m_capacity = 43, 
                m_size = 0}, <No data fields>}, m_iterators = 0x0}, 
          m_mainContext = {m_ptr = 0x7abdbd0}, 
          m_mainLoops = {<WTF::VectorBuffer<WTF::GRefPtr<_GMainLoop>, 0>> = {<WTF::VectorBufferBase<WTF::GRefPtr<_GMainLoop> >> = {m_buffer = 0x7fc9855fa180, 
                m_capacity = 16, 
                m_size = 1}, <No data fields>}, <No data fields>}, m_source = {
            m_ptr = 0x7b4e0d0}}
        mainContext = 0x7abdbd0
        __PRETTY_FUNCTION__ = "static void WTF::RunLoop::run()"
        innermostLoop = 0x7b4e0b0
        nestedMainLoop = 0x7ffd0c45f837
#39 0x00007fc9a0b3c5c3 in (anonymous namespace)::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7ffd0c45f9f8)
    at ../../Source/WebKit/Shared/unix/ChildProcessMain.h:61
        childMain = warning: RTTI symbol not found for class 'WebKit::WebProcessMain'

{<(anonymous namespace)::ChildProcessMainBase> = {<No data fields>}, <No data fields>}
#40 0x00007fc9a0b3c475 in (anonymous namespace)::WebProcessMainUnix (argc=2, 
    argv=0x7ffd0c45f9f8)
    at ../../Source/WebKit/WebProcess/gtk/WebProcessMainGtk.cpp:69
No locals.
#41 0x0000000002f4e7a2 in main (argc=2, argv=0x7ffd0c45f9f8)
    at ../../Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp:58
No locals.
Comment 1 Michael Catanzaro 2017-07-24 10:03:00 PDT 
For some reason the PlatformDisplay destructor is being run before shutDownEglDisplays is run in an exit handler. That should never happen because the exit handler is registered in PlatformDisplay::initializeEGLDisplay, which is not a static function: it cannot be called until after a PlatformDisplay has been created. So PlatformDisplay is always created first, that means its destructor should be registered first before shutDownEglDisplays is registered, and exit handlers are run like a stack, so it should be last-in, first out. That means shutDownEglDisplays should always execute first at exit time, before the destructor.

For some reason, that is no longer happening. I don't know why.

I would be very tempted to blame this on the switch to non-threadsafe statics, except that has not landed yet, so that cannot be to blame.
Comment 2 Carlos Garcia Campos 2017-07-25 01:34:55 PDT 
This regressed in r218629. Before r218629, the wayland nested compositor display was a singleton created on demand by AcceleratedSurfaceWayland, but now it's created unconditionally on web process creation when a valid display name is received from the UI process. The side effect of this is that now the shared display is created after the nested compositor display that is not a singleton anymore. The atexit used by PlatformDisplay to shutdown egl display assumes that it will be registered by the shared display. Since we switched to on demand AC mode, the shared display is only used in the web process when entering AC mode, that's why it only crashes when we have entered AC at least once. We just need to ensure that the shared display is created before the nested compositor display.
Comment 3 Carlos Garcia Campos 2017-07-25 01:38:27 PDT 
Created attachment 316360 [details]
Patch
Comment 4 Carlos Garcia Campos 2017-07-25 04:38:24 PDT 
Committed r219866: <http://trac.webkit.org/changeset/219866>