NEW 277696
[Skia] Web process crash in epoxy_get_proc_address when closing browser tab 
https://bugs.webkit.org/show_bug.cgi?id=277696
Summary [Skia] Web process crash in epoxy_get_proc_address when closing browser tab
Michael Catanzaro
Reported 2024-08-06 10:50:46 PDT
Two problems here. First, we have a web process crash that sometimes occurs when closing an Epiphany browser tab: (gdb) bt #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007fb9a509dbf3 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78 #2 0x00007fb9a5045aee in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007fb9a502d882 in __GI_abort () at abort.c:79 #4 0x00007fb9a502d79e in __assert_fail_base (fmt=0x7fb9a51bdca0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7fb9a4fbcec8 "0 && \"Couldn't find current GLX or EGL context.\\n\"", file=file@entry=0x7fb9a4fbcfcd "../src/dispatch_common.c", line=line@entry=872, function=function@entry=0x7fb9a4fc7ca0 <__PRETTY_FUNCTION__.0.lto_priv.0> "epoxy_get_proc_address") at assert.c:94 #5 0x00007fb9a503dfc7 in __assert_fail (assertion=assertion@entry=0x7fb9a4fbcec8 "0 && \"Couldn't find current GLX or EGL context.\\n\"", file=file@entry=0x7fb9a4fbcfcd "../src/dispatch_common.c", line=line@entry=872, function=function@entry=0x7fb9a4fc7ca0 <__PRETTY_FUNCTION__.0.lto_priv.0> "epoxy_get_proc_address") at assert.c:103 #6 0x00007fb9a4fa3e3b in epoxy_get_proc_address (name=0x7fb9a4fadfe0 <entrypoint_strings.lto_priv+9472> "glDeleteBuffers") at ../src/dispatch_common.c:872 #7 0x00007fb9a4f51f7a in epoxy_glDeleteBuffers_resolver () at src/gl_generated_dispatch.c:81508 #8 epoxy_glDeleteBuffers_global_rewrite_ptr (n=1, buffers=0x558e7b860f2c) at src/gl_generated_dispatch.c:114976 #9 0x00007fb9a84dd0da in GrGLFunction<void(int, unsigned int const*)>::operator() (this=0x578, args=1, args=0x558e7b860f2c) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/include/gpu/gl/GrGLFunctions.h:294 #10 GrGLBuffer::onRelease (this=0x558e7b860e50) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/gl/GrGLBuffer.cpp:146 #11 0x00007fb9a8278b03 in GrGpuResource::release (this=0x2) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrGpuResource.cpp:56 #12 0x00007fb9a82838ca in GrGpuResource::CacheAccess::release (this=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrGpuResourceCacheAccess.h:43 #13 GrResourceCache::releaseAll (this=0x558e7b041eb0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrResourceCache.cpp:180 #14 0x00007fb9a826d1dd in GrDirectContext::~GrDirectContext (this=0x558e7b2216e0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrDirectContext.cpp:111 #15 0x00007fb9a826d3b2 in GrDirectContext::~GrDirectContext (this=0x2) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrDirectContext.cpp:96 #16 0x00007fb9a7b236f3 in SkRefCntBase::unref (this=0x0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/include/core/SkRefCnt.h:78 #17 SkSafeUnref<GrDirectContext> (obj=0x0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/include/core/SkRefCnt.h:151 #18 sk_sp<GrDirectContext>::~sk_sp (this=0x7fb9920ea208) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/include/core/SkRefCnt.h:256 #19 WebCore::SkiaGLContext::~SkiaGLContext (this=0x7fb9920ea1f0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/skia/PlatformDisplaySkia.cpp:76 #20 WTF::ThreadSafeWeakPtrControlBlock::strongDeref<WebCore::SkiaGLContext, (WTF::DestructionThread)0>() const::{lambda()#1}::operator()() const (this=<optimized out>) at WTF/Headers/wtf/ThreadSafeWeakPtr.h:101 #21 WTF::ThreadSafeWeakPtrControlBlock::strongDeref<WebCore::SkiaGLContext, (WTF::DestructionThread)0> (this=<optimized out>) at WTF/Headers/wtf/ThreadSafeWeakPtr.h:107 #22 0x00007fb9a5047e7f in __GI___call_tls_dtors () at cxa_thread_atexit_impl.c:156 #23 0x00007fb9a504827a in __run_exit_handlers (status=0, listp=0x7fb9a51f1680 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:41 #24 0x00007fb9a50482ce in __GI_exit (status=<optimized out>) at exit.c:138 #25 0x00007fb9a502f14f in __libc_start_call_main (main=main@entry=0x558e5fa68150 <main(int, char**)>, argc=argc@entry=4, argv=argv@entry=0x7ffcb9b325a8) at ../sysdeps/nptl/libc_start_call_main.h:74 #26 0x00007fb9a502f20b in __libc_start_main_impl (main=0x558e5fa68150 <main(int, char**)>, argc=4, argv=0x7ffcb9b325a8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffcb9b32598) at ../csu/libc-start.c:360 #27 0x0000558e5fa68085 in _start () at ../sysdeps/x86_64/start.S:115 The past decade of history indicates we're no good at exit time destructors, so we should probably give up on that. But next problem is **this somehow causes the UI process to quit without crashing** and I do not know why. A misbehaving web process should not be able to cause UI process termination.
Attachments
Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2024-08-06 11:14:55 PDT
There's probably some way to rearrange the order of things such that s_skiaGLContext gets destroyed sooner. But my proposal is to just leak it.
Michael Catanzaro
Comment 2 2024-08-06 11:16:46 PDT
Wait: oops, it's thread local, not a one-time allocation that can be safely leaked. :(
Note You need to log in before you can comment on or make changes to this bug.