RESOLVED WORKSFORME Bug 246460
[GTK] Crash in Nicosia::CompositionLayer::updateState/accessPending 
https://bugs.webkit.org/show_bug.cgi?id=246460
Summary [GTK] Crash in Nicosia::CompositionLayer::updateState/accessPending
Michael Catanzaro
Reported 2022-10-13 08:10:32 PDT
I think this SIGSEGV is somehow a GTK 4 regression, because I don't remember seeing this with GTK 3: (gdb) bt #0 std::__atomic_base<unsigned char>::compare_exchange_weak(unsigned char&, unsigned char, std::memory_order, std::memory_order) (__m2=std::memory_order::acquire, __m1=std::memory_order::acquire, __i2=1 '\001', __i1=<synthetic pointer>: 0 '\000', this=0x18) at /usr/include/c++/12.1.0/bits/atomic_base.h:521 #1 std::__atomic_base<unsigned char>::compare_exchange_weak(unsigned char&, unsigned char, std::memory_order) (__m=std::memory_order::acquire, __i2=1 '\001', __i1=<synthetic pointer>: 0 '\000', this=0x18) at /usr/include/c++/12.1.0/bits/atomic_base.h:542 #2 WTF::Atomic<unsigned char>::compareExchangeWeak(unsigned char, unsigned char, std::memory_order) (order=std::memory_order::acquire, desired=1 '\001', expected=0 '\000', this=0x18) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/_builddir/WTF/Headers/wtf/Atomics.h:89 #3 WTF::LockAlgorithm<unsigned char, (unsigned char)1, (unsigned char)2, WTF::EmptyLockHooks<unsigned char> >::lockFastAssumingZero(WTF::Atomic<unsigned char>&) (lock=...) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/_builddir/WTF/Headers/wtf/LockAlgorithm.h:53 #4 WTF::Lock::lock() (this=0x18) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/_builddir/WTF/Headers/wtf/Lock.h:65 #5 WTF::Locker<WTF::Lock>::Locker(WTF::Lock&) (lock=..., this=<synthetic pointer>) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/_builddir/WTF/Headers/wtf/Lock.h:158 #6 Nicosia::CompositionLayer::updateState<WebCore::ScrollingTreeFixedNode::applyLayerPositions()::<lambda(Nicosia::CompositionLayer::LayerState&)> > (functor=<optimized out>, this=0x0) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:212 #7 WebCore::ScrollingTreeFixedNode::applyLayerPositions() (this=<optimized out>) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebCore/page/scrolling/nicosia/ScrollingTreeFixedNode.cpp:135 #8 0x00007f89a3dbd0f5 in WebCore::ScrollingTree::applyLayerPositionsRecursive(WebCore::ScrollingTreeNode&) (this=0x7f8992104640, node=...) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebCore/page/scrolling/ScrollingTree.cpp:467 #9 0x00007f89a3dbd43f in WebCore::ScrollingTree::applyLayerPositionsRecursive(WebCore::ScrollingTreeNode&) (node=<optimized out>, this=0x7f8992104640) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebCore/page/scrolling/ScrollingTree.cpp:470 #10 WebCore::ScrollingTree::applyLayerPositionsInternal() (this=0x7f8992104640) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebCore/page/scrolling/ScrollingTree.cpp:462 #11 WebCore::ScrollingTree::applyLayerPositions() (this=0x7f8992104640) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebCore/page/scrolling/ScrollingTree.cpp:453 #12 0x00007f89a3d2f585 in WebCore::Page::finalizeRenderingUpdate(WTF::OptionSet<WebCore::FinalizeRenderingUpdateFlags>) (this=0x7f89920e4680, flags=...) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebCore/page/Page.cpp:1851 #13 0x00007f89a2704abd in WebKit::WebPage::finalizeRenderingUpdate(WTF::OptionSet<WebCore::FinalizeRenderingUpdateFlags>) (this=<optimized out>, flags=..., flags@entry=...) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/WebProcess/WebPage/WebPage.cpp:4457 #14 0x00007f89a273b103 in WebKit::CompositingCoordinator::flushPendingLayerChanges(WTF::OptionSet<WebCore::FinalizeRenderingUpdateFlags>) (this=0x7f8992157620, flags=...) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp:134 #15 0x00007f89a2740d3b in WebKit::LayerTreeHost::layerFlushTimerFired() (this=0x7f8992157520) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp:157 #16 WebKit::LayerTreeHost::layerFlushTimerFired() (this=0x7f8992157520) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp:136 #17 0x00007f89a126b545 in operator() (__closure=0x0, userData=0x7f89921575f0) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:177 #18 _FUN(gpointer) () at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:181 #19 0x00007f89a126bd4d in operator() (__closure=0x0, userData=0x7f89921575f0, callback=0x7f89a126b4d0 <_FUN(gpointer)>, source=0x55b2eadb6830) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:53 #20 _FUN(GSource*, GSourceFunc, gpointer) () at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:56 #21 0x00007f899dcaf661 in g_main_dispatch (context=<optimized out>) at ../glib/gmain.c:3444 #22 g_main_context_dispatch (context=<optimized out>) at ../glib/gmain.c:4162 #23 0x00007f899dcafbb8 in g_main_context_iterate (context=0x55b2eab6b870, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4238 #24 0x00007f899dcafe9f in g_main_loop_run (loop=0x55b2eab666a0) at ../glib/gmain.c:4438 #25 0x00007f89a126beb0 in WTF::RunLoop::run() () at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:108 #26 0x00007f89a274cc6f in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (argc=3, argv=0x7ffedd33e4e8, this=0x7ffedd33e350) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:71 #27 WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (argv=0x7ffedd33e4e8, argc=3, this=0x7ffedd33e350) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:58 #28 WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk>(int, char**) (argc=3, argv=0x7ffedd33e4e8) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:97 #29 0x00007f89a16e454a in __libc_start_call_main (main=main@entry=0x55b2ea596060 <main>, argc=argc@entry=3, argv=argv@entry=0x7ffedd33e4e8) at ../sysdeps/nptl/libc_start_call_main.h:58 #30 0x00007f89a16e460b in __libc_start_main_impl (main=0x55b2ea596060 <main>, argc=3, argv=0x7ffedd33e4e8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=<optimized out>) at ../csu/libc-start.c:389 #31 0x000055b2ea596095 in _start ()
Attachments
Full backtrace (10.81 KB, text/plain)
2022-10-13 08:11 PDT, Michael Catanzaro 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2022-10-13 08:11:14 PDT
Created attachment 462962 [details] Full backtrace
Michael Catanzaro
Comment 2 2022-10-14 07:12:09 PDT
I found a reproducer! Visit https://github.com/WebKit/WebKit/wiki/GLib-Stable-Branches/_edit while logged in and try to save an edit to the page. The web process will hit this crash. I guess no more stable branch backports for a little while. D:
Michael Catanzaro
Comment 3 2022-10-25 14:12:39 PDT
(In reply to Michael Catanzaro from comment #2) > I found a reproducer! Visit > https://github.com/WebKit/WebKit/wiki/GLib-Stable-Branches/_edit while > logged in and try to save an edit to the page. The web process will hit this > crash. > > I guess no more stable branch backports for a little while. D: Sadly, this reproducer is no longer consistent for me. This crash is frequent enough that we'll know when it's gone, though.
Michael Catanzaro
Comment 4 2022-10-28 06:11:59 PDT
This crash is presumably going to occur in Nicosia::CompositionLayer::accessPending now after bug #247186.
Michael Catanzaro
Comment 5 2023-01-27 09:15:51 PST
I don't remember seeing this crash for a few months now. Is it possible that it went away when we disabled the threaded renderer? I'm not sure.
Michael Catanzaro
Comment 6 2023-02-17 11:37:18 PST
(In reply to Michael Catanzaro from comment #3) > Sadly, this reproducer is no longer consistent for me. This crash is > frequent enough that we'll know when it's gone, though. I'll close based on this comment. I gather this used to be a very major problem, but I haven't seen this crash in ages.
Note You need to log in before you can comment on or make changes to this bug.