Reproduces 100% by opening a canvas 2d page with --enable-threaded-compositing. host->contentsTextureManager() returns NULL in Canvas2DLayerChromium::setLayerTreeHost. #0 0x00000000031793ee in WTF::HashTable<WebCore::ManagedTexture*, WebCore::ManagedTexture*, WTF::IdentityExtractor, WTF::PtrHash<WebCore::ManagedTexture*>, WTF::HashTraits<WebCore::ManagedTexture*>, WTF::HashTraits<WebCore::ManagedTexture*> >::contains<WTF::IdentityHashTranslator<WTF::PtrHash<WebCore::ManagedTexture*> >, WebCore::ManagedTexture*> (this=0x0, key=@0x7fff55aca370) at ../../third_party/WebKit/Source/JavaScriptCore/wtf/HashTable.h:840 #1 0x0000000003177a8b in WTF::HashTable<WebCore::ManagedTexture*, WebCore::ManagedTexture*, WTF::IdentityExtractor, WTF::PtrHash<WebCore::ManagedTexture*>, WTF::HashTraits<WebCore::ManagedTexture*>, WTF::HashTraits<WebCore::ManagedTexture*> >::contains (this=0x0, key=@0x7fff55aca370) at ../../third_party/WebKit/Source/JavaScriptCore/wtf/HashTable.h:342 #2 0x00000000031766f7 in WTF::HashSet<WebCore::ManagedTexture*, WTF::PtrHash<WebCore::ManagedTexture*>, WTF::HashTraits<WebCore::ManagedTexture*> >::contains (this=0x0, value=@0x7fff55aca370) at ../../third_party/WebKit/Source/JavaScriptCore/wtf/HashSet.h:161 #3 0x0000000003174fe7 in WebCore::TextureManager::registerTexture (this=0x0, texture=0x7f576b615090) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/TextureManager.cpp:128 #4 0x0000000003172c2a in WebCore::ManagedTexture::ManagedTexture (this=0x7f576b615090, manager=0x0) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/ManagedTexture.cpp:42 #5 0x000000000316e440 in WebCore::ManagedTexture::create (manager=0x0) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/ManagedTexture.h:45 #6 0x0000000003230019 in WebCore::Canvas2DLayerChromium::setTextureManager (this=0x7f576c329b00, textureManager=0x0) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/Canvas2DLayerChromium.cpp:137 #7 0x000000000322ffb3 in WebCore::Canvas2DLayerChromium::setLayerTreeHost (this=0x7f576c329b00, host=0x7f576b697640) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/Canvas2DLayerChromium.cpp:129 #8 0x00000000031701e1 in WebCore::LayerChromium::setLayerTreeHost (this=0x7f576b6ef100, host=0x7f576b697640) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/LayerChromium.cpp:180 #9 0x000000000317f05c in WebCore::TiledLayerChromium::setLayerTreeHost (this=0x7f576b6ef100, host=0x7f576b697640) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/TiledLayerChromium.cpp:290 #10 0x00000000031701e1 in WebCore::LayerChromium::setLayerTreeHost (this=0x7f576b6ef680, host=0x7f576b697640) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/LayerChromium.cpp:180 #11 0x000000000317f05c in WebCore::TiledLayerChromium::setLayerTreeHost (this=0x7f576b6ef680, host=0x7f576b697640) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/TiledLayerChromium.cpp:290 #12 0x0000000003170398 in WebCore::LayerChromium::setParent (this=0x7f576b6ef680, layer=0x7f576b6ed580) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/LayerChromium.cpp:198 #13 0x00000000031704c3 in WebCore::LayerChromium::insertChild (this=0x7f576b6ed580, child=..., index=0) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/LayerChromium.cpp:219 #14 0x000000000317043f in WebCore::LayerChromium::addChild (this=0x7f576b6ed580, child=...) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/LayerChromium.cpp:212 #15 0x0000000003170a09 in WebCore::LayerChromium::setChildren (this=0x7f576b6ed580, children=...) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/LayerChromium.cpp:313 #16 0x000000000316b717 in WebCore::GraphicsLayerChromium::updateChildList (this=0x7f576b709500) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/GraphicsLayerChromium.cpp:519 #17 0x000000000316a583 in WebCore::GraphicsLayerChromium::setChildren (this=0x7f576b709500, children=...) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/GraphicsLayerChromium.cpp:132 #18 0x0000000003c9a08a in WebCore::RenderLayerCompositor::updateCompositingLayers (this=0x7f577907bd10, updateType=WebCore::CompositingUpdateAfterLayoutOrStyleChange, updateRoot=0x7f5778fd92d8) at ../../third_party/WebKit/Source/WebCore/rendering/RenderLayerCompositor.cpp:327 #19 0x0000000001fbedc2 in WebCore::FrameView::updateCompositingLayers (this=0x7f5778fd26c0) at ../../third_party/WebKit/Source/WebCore/page/FrameView.cpp:644 #20 0x0000000001fc04e7 in WebCore::FrameView::layout (this=0x7f5778fd26c0, allowSubtree=true) at ../../third_party/WebKit/Source/WebCore/page/FrameView.cpp:1120 #21 0x0000000001fc742d in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive (this=0x7f5778fd26c0) at ../../third_party/WebKit/Source/WebCore/page/FrameView.cpp:2989 #22 0x00000000013b8c0e in WebKit::WebFrameImpl::layout (this=0x7f5779045200) at ../../third_party/WebKit/Source/WebKit/chromium/src/WebFrameImpl.cpp:2053 #23 0x00000000013e1ec5 in WebKit::WebViewImpl::layout (this=0x7f5778fee600) at ../../third_party/WebKit/Source/WebKit/chromium/src/WebViewImpl.cpp:1322 #24 0x0000000002d120ae in RenderWidget::DoDeferredUpdate (this=0x7f576c319000) at ../../content/renderer/render_widget.cc:813 #25 0x0000000002d11b8f in RenderWidget::DoDeferredUpdateAndSendInputAck (this=0x7f576c319000) at ../../content/renderer/render_widget.cc:769 #26 0x0000000002d0fddf in RenderWidget::OnUpdateRectAck (this=0x7f576c319000) at ../../content/renderer/render_widget.cc:409 #27 0x0000000002d16a69 in IPC::Message::Dispatch<RenderWidget, RenderWidget> (msg=0x7f5778ffc328, obj=0x7f576c319000, sender=0x7f576c319000, func= (void (RenderWidget::*)(RenderWidget * const)) 0x2d0fb68 <RenderWidget::OnUpdateRectAck()>) at ../../ipc/ipc_message.h:140 #28 0x0000000002d0ea49 in RenderWidget::OnMessageReceived (this=0x7f576c319000, message=...) at ../../content/renderer/render_widget.cc:212 #29 0x0000000002ceb1c4 in RenderViewImpl::OnMessageReceived (this=0x7f576c319000, message=...) at ../../content/renderer/render_view_impl.cc:824 #30 0x000000000289cbd4 in MessageRouter::RouteMessage (this=0x7f5778fbc6f0, msg=...) at ../../content/common/message_router.cc:46 #31 0x000000000289cb76 in MessageRouter::OnMessageReceived (this=0x7f5778fbc6f0, msg=...) at ../../content/common/message_router.cc:38 #32 0x00000000027aef09 in ChildThread::OnMessageReceived (this=0x7f5778fbc6c8, msg=...) at ../../content/common/child_thread.cc:202 #33 0x00000000013698a4 in IPC::ChannelProxy::Context::OnDispatchMessage (this=0x7f5778fa4540, message=...) at ../../ipc/ipc_channel_proxy.cc:268 #34 0x000000000136ca89 in base::internal::RunnableAdapter<void (IPC::ChannelProxy::Context::*)(IPC::Message const&)>::Run (this=0x7fff55acd390, object=0x7f5778fa4540, a1=...) at ../../base/bind_internal.h:188 #35 0x000000000136c64f in base::internal::InvokeHelper<false, void, base::internal::RunnableAdapter<void (IPC::ChannelProxy::Context::*)(IPC::Message const&)>, void (IPC::ChannelProxy::Context* const&, IPC::Message const&)>::MakeItSo(base::internal::RunnableAdapter<void (IPC::ChannelProxy::Context::*)(IPC::Message const&)>, IPC::ChannelProxy::Context* const&, IPC::Message const&) (runnable=..., a1=@0x7f5778ffc320, a2=...) at ../../base/bind_internal.h:896 #36 0x000000000136c00e in base::internal::Invoker<2, base::internal::BindState<base::internal::RunnableAdapter<void (IPC::ChannelProxy::Context::*)(IPC::Message const&)>, void (IPC::ChannelProxy::Context*, IPC::Message const&), void (IPC::ChannelProxy::Context*, IPC::Message)>, void (IPC::ChannelProxy::Context*, IPC::Message const&)>::Run(base::internal::BindStateBase*) (base=0x7f5778ffc300) at ../../base/bind_internal.h:1254 #37 0x000000000055beb7 in base::Callback<void ()>::Run() const (this=0x7fff55acd6e8) at ../../base/callback.h:272 #38 0x000000000267f1dc in MessageLoop::RunTask (this=0x7fff55acdfe0, pending_task=...) at ../../base/message_loop.cc:458 #39 0x000000000267f2f3 in MessageLoop::DeferOrRunPendingTask (this=0x7fff55acdfe0, pending_task=...) at ../../base/message_loop.cc:470 #40 0x000000000267fb15 in MessageLoop::DoWork (this=0x7fff55acdfe0) at ../../base/message_loop.cc:660 #41 0x0000000002687940 in base::MessagePumpDefault::Run (this=0x7f5778fd79c0, delegate=0x7fff55acdfe0) at ../../base/message_pump_default.cc:28