I'm getting this crash on trunk@267957 when using NVidia binary drivers: #0 WebCore::GLContextGLX::createPbufferContext(WebCore::PlatformDisplay&, __GLXcontextRec*) (platformDisplay=..., sharingContext=0x0) at ../../Source/WebCore/platform/graphics/glx/GLContextGLX.cpp:232 #1 0x00007f85bdd7541d in WebCore::GLContextGLX::createSharingContext(WebCore::PlatformDisplay&) (platformDisplay=...) at ../../Source/WebCore/platform/graphics/glx/GLContextGLX.cpp:295 #2 0x00007f85bdd1e5cf in WebCore::GLContext::createSharingContext(WebCore::PlatformDisplay&) (display=...) at ../../Source/WebCore/platform/graphics/GLContext.cpp:115 #3 0x00007f85bdd1fc73 in WebCore::PlatformDisplay::sharingGLContext() (this=0x7f85a1dd0000) at ../../Source/WebCore/platform/graphics/PlatformDisplay.cpp:179 #4 0x00007f85bdd752df in WebCore::GLContextGLX::createContext(unsigned long, WebCore::PlatformDisplay&) (window=192937988, platformDisplay=...) at ../../Source/WebCore/platform/graphics/glx/GLContextGLX.cpp:283 #5 0x00007f85bdd1e415 in WebCore::GLContext::createContextForWindow(unsigned long, WebCore::PlatformDisplay*) (windowHandle=192937988, platformDisplay=0x7f85a1dd0000) at ../../Source/WebCore/platform/graphics/GLContext.cpp:89 #6 0x00007f85bab4e220 in WebKit::ThreadedCompositor::createGLContext() (this=0x7f853a4f1780) at ../../Source/WebKit/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:87 #7 0x00007f85bab4dec9 in operator()() const (__closure=0x7f853a4e04b8) at ../../Source/WebKit/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:73 #8 0x00007f85bab53e36 in WTF::Detail::CallableWrapper<WebKit::ThreadedCompositor::ThreadedCompositor(WebKit::ThreadedCompositor::Client&, WebKit::ThreadedDisplayRefreshMonitor::Client&, WebCore::PlatformDisplayID, const WebCore::IntSize&, float, WebCore::TextureMapper::PaintFlags)::<lambda()>, void>::call(void) (this=0x7f853a4e04b0) at DerivedSources/ForwardingHeaders/wtf/Function.h:52 #9 0x00007f85ba034adb in WTF::Function<void ()>::operator()() const (this=0x7f853a4e04d8) at DerivedSources/ForwardingHeaders/wtf/Function.h:83 #10 0x00007f85bab4d7c3 in operator()() const (__closure=0x7f853a4e04d0) at ../../Source/WebKit/Shared/CoordinatedGraphics/threadedcompositor/CompositingRunLoop.cpp:90 #11 0x00007f85bab53e56 in WTF::Detail::CallableWrapper<WebKit::CompositingRunLoop::performTaskSync(WTF::Function<void()>&&)::<lambda()>, void>::call(void) (this=0x7f853a4e04c8) at DerivedSources/ForwardingHeaders/wtf/Function.h:52 #12 0x00007f85ba034adb in WTF::Function<void ()>::operator()() const (this=0x7f853a3fe940) at DerivedSources/ForwardingHeaders/wtf/Function.h:83 #13 0x00007f85abb12e7f in WTF::RunLoop::performWork() (this=0x7f853a4d8000) at ../../Source/WTF/wtf/RunLoop.cpp:123 #14 0x00007f85abb9c7ea in operator()(gpointer) const (__closure=0x0, userData=0x7f853a4d8000) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:80 #15 0x00007f85abb9c80e in _FUN(gpointer) () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:82 #16 0x00007f85abb9c77d in operator()(GSource*, GSourceFunc, gpointer) const (__closure=0x0, source=0x7f8540005c10, callback=0x7f85abb9c7f1 <_FUN(gpointer)>, userData=0x7f853a4d8000) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:53 #17 0x00007f85abb9c7cb in _FUN(GSource*, GSourceFunc, gpointer) () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:56 #18 0x00007f85a4c1304f in g_main_dispatch (context=0x7f854000b2a0) at ../glib/gmain.c:3325 #19 g_main_context_dispatch (context=0x7f854000b2a0) at ../glib/gmain.c:4016 #20 0x00007f85a4c133f8 in g_main_context_iterate (context=0x7f854000b2a0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4092 #21 0x00007f85a4c13713 in g_main_loop_run (loop=0x7f8540008800) at ../glib/gmain.c:4290 #22 0x00007f85abb9cd94 in WTF::RunLoop::run() () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:108 #23 0x00007f85bab4d3dd in operator()() const (__closure=0x7f853a4e04a0) at ../../Source/WebKit/Shared/CoordinatedGraphics/threadedcompositor/CompositingRunLoop.cpp:49 #24 0x00007f85bab53eb6 in WTF::Detail::CallableWrapper<WebKit::createRunLoop()::<lambda()>, void>::call(void) (this=0x7f853a4e0498) at DerivedSources/ForwardingHeaders/wtf/Function.h:52 --Type <RET> for more, q to quit, c to continue without paging-- #25 0x00007f85ba034adb in WTF::Function<void ()>::operator()() const (this=0x7f853a3fec30) at DerivedSources/ForwardingHeaders/wtf/Function.h:83 #26 0x00007f85abb18aa3 in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) (newThreadContext=0x7f853a4e4410) at ../../Source/WTF/wtf/Threading.cpp:179 #27 0x00007f85abba7f7b in WTF::wtfThreadEntryPoint(void*) (context=0x7f853a4e4410) at ../../Source/WTF/wtf/posix/ThreadingPOSIX.cpp:213 #28 0x00007f85a5d074d2 in start_thread (arg=<optimized out>) at pthread_create.c:477 #29 0x00007f85a387d4d3 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 The crash wasn't present on trunk@266718. After debugging it with rr, I realized that the call to glXChooseFBConfig() returns early in my specific case, leaving returnedElements untouched and uninitialized[1], usually with a value different from zero. This causes the wrong branch to be taken and triggers the crash, as the configs variable is holding a null pointer. This problem might be related or be a subset of the issue reported in https://bugs.webkit.org/show_bug.cgi?id=199666#c2 [1] https://github.com/WebKit/webkit/blob/9fb817f9a912a7860499f63fd9661f399511c3fe/Source/WebCore/platform/graphics/glx/GLContextGLX.cpp#L224
Created attachment 410535 [details] Patch
Good catch, by the way!
Committed r268000: <https://trac.webkit.org/changeset/268000> All reviewed patches have been landed. Closing bug and clearing flags on attachment 410535 [details].