This crash was observed when running http/tests/security/mixedContent/insecure-image-with-securecookie-block.html. Not updating expectations because it seems rare. Thread 1 (Thread 0x7fc2417fe700 (LWP 8194)): #0 0x00007fc2c8607730 in _ZN7WebCore9GLContext7versionEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #1 0x00007fc2c78a1555 in _ZN7WebCore19TextureMapperGLDataD2Ev () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #2 0x00007fc2c78a17eb in _ZN7WebCore15TextureMapperGLD2Ev () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #3 0x00007fc2c78a1849 in _ZN7WebCore15TextureMapperGLD0Ev () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #4 0x00007fc2c772e292 in _ZN6WebKit24CoordinatedGraphicsScene16purgeGLResourcesEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #5 0x00007fc2c7735271 in _ZN3WTF8FunctionIFvvEE15CallableWrapperIZN6WebKit18ThreadedCompositor10invalidateEvEUlvE_E4callEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #6 0x00007fc2c7735db3 in _ZN3WTF8FunctionIFvvEE15CallableWrapperIZN6WebKit18CompositingRunLoop15performTaskSyncEOS2_EUlvE_E4callEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #7 0x00007fc2c55e1f97 in _ZN3WTF7RunLoop11performWorkEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #8 0x00007fc2c56188c9 in _ZZN3WTF7RunLoopC4EvENUlPvE_4_FUNES1_ () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #9 0x00007fc2c11b881a in g_main_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmain.c:3148 #10 g_main_context_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmain.c:3813 #11 0x00007fc2c11b8ba8 in g_main_context_iterate () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmain.c:3886 #12 0x00007fc2c11b8ec2 in g_main_loop_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmain.c:4082 #13 0x00007fc2c56192c0 in _ZN3WTF7RunLoop3runEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #14 0x00007fc2c55e371b in _ZN3WTF6Thread10entryPointEPNS0_16NewThreadContextE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #15 0x00007fc2c5617699 in _ZN3WTFL19wtfThreadEntryPointEPv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #16 0x00007fc2c2971494 in start_thread (arg=0x7fc2417fe700) at pthread_create.c:333 #17 0x00007fc2be40793f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
(In reply to Michael Catanzaro from comment #0) > This crash was observed when running > http/tests/security/mixedContent/insecure-image-with-securecookie-block.html. Sorry, that's wrong, it was actually media/video-initially-hidden-volume-slider-up.html.
(In reply to Michael Catanzaro from comment #1) > (In reply to Michael Catanzaro from comment #0) > > This crash was observed when running > > http/tests/security/mixedContent/insecure-image-with-securecookie-block.html. > > Sorry, that's wrong, it was actually > media/video-initially-hidden-volume-slider-up.html. Actually I thin you were right initially. According to https://build.webkit.org/results/GTK%20Linux%2064-bit%20Release%20(Tests)/r228441%20(5465)/results.html the trace belongs to http/tests/security/mixedContent/insecure-image-with-securecookie-block.html. media/video-initially-hidden-volume-slider-up.html has a different trace related to an X error.
From what I've gathered so far, what happens here is that the AcceleratedDrawingArea has left AC mode (probably due to some previous tests, as it happened 5 seconds ago), and the timer to destroy the previous layerTreeHost kicks in, which is what invalidates the ThreadedCompositor and causes the call to purgeGLResources() in the CoordinatedGraphicsScene. The crash happens because there's no current gl context, which is needed in the destructor of TextureMapperGL. What I haven't discovered yet is how we can reach a situation where there's no current gl context in the compositor thread. The context is created and made current in the ThreadedCompositor constructor, and made current again with each call to renderLayertTree(), and that worked at least once cause otherwise the TextureMapperGL wouldn't have been created. There should always been a current context on that thread from that point on. After that, the context is only destroyed: * in the invalidate() call just after purgeGLResouces(). As it's deleted after the call, it should not cause a crash. If, by any chance, invalidate() was called 2 times in a row, the second time there wouldn't be a TextureMappreGL to delete, so there wouldn't be a crash either. * when setting an empty nativeSurfaceHandleForCompositing: this is only used when not using a redirected window and it's not the case. * in the ThreadedCompositor destructor which would be triggered by the ThreadedCoordinatedLayerTreeHost destructor. But in this case the scene would be deleted as well, so there wouldn't a TextureMapper instance to cause the crash.
*** This bug has been marked as a duplicate of bug 184040 ***