[Webkit-unassigned] [Bug 129419] [GTK] Wrong GL context when destroying textures
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 6 00:22:02 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=129419
--- Comment #8 from Iago Toral <itoral at igalia.com> 2014-03-06 00:19:03 PST ---
(In reply to comment #7)
> (In reply to comment #6)
>
> > I think the way to fix this would be to make the GLContext instance used by both the layer tree host and the GraphicsContext3D a RefPtr instead of an OwnPtr. I think this would allow us to just use the same GLContext instance for both and make sure it won't be destroyed until both objects are done with it. This would require to change the signature of the GLContext::create*() functions.
>
> It seems a bit suspicious that the GraphicsContext3D is destroyed before the layer tree host. What owns the graphics context?
The TextureMapperGL has a reference to a GraphicsContext3D that it creates in its constructor, but it is a RefPtr.
TextureMapperGLData, which is also created in the TextureMapperGL constuctor, seems to hold another RefPtr to the same pointer of the graphics context.
Then all the instances of BitmapTextureGL created with the texture mapper also have a RefPtr to the GraphicsContext3D instance.
Typically, the GraphicsContext3D is destroyed with the texture mapper like this:
#0 0x00007fa1241580d0 in WebCore::GraphicsContext3DPrivate::~GraphicsContext3DPrivate() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#1 0x00007fa124157bd6 in WebCore::GraphicsContext3D::~GraphicsContext3D() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#2 0x00007fa123a31408 in WebCore::TextureMapperGL::~TextureMapperGL() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#3 0x00007fa123a31449 in WebCore::TextureMapperGL::~TextureMapperGL() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#4 0x00007fa12320c6b0 in WebKit::LayerTreeHostGtk::invalidate() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#5 0x00007fa1231e0199 in WebKit::DrawingAreaImpl::~DrawingAreaImpl() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#6 0x00007fa1231e0289 in WebKit::DrawingAreaImpl::~DrawingAreaImpl() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#7 0x00007fa1231f915d in WebKit::WebPage::close() () from /home/itoral/Devel
However, this can also happen some times:
#0 0x00007fa1241580d0 in WebCore::GraphicsContext3DPrivate::~GraphicsContext3DPrivate() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#1 0x00007fa124157bd6 in WebCore::GraphicsContext3D::~GraphicsContext3D() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#2 0x00007fa123a2d827 in WebCore::BitmapTextureGL::~BitmapTextureGL() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#3 0x00007fa123a2d8f9 in WebCore::BitmapTextureGL::~BitmapTextureGL() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#4 0x00007fa123a4533d in WTF::Vector<WebCore::TextureMapperTile, 0ul, WTF::CrashOnOverflow>::shrink(unsigned long) ()
from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#5 0x00007fa123a45467 in WebCore::TextureMapperTiledBackingStore::~TextureMapperTiledBackingStore() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#6 0x00007fa123a41fa6 in WebCore::TextureMapperLayer::~TextureMapperLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#7 0x00007fa123a42039 in WebCore::TextureMapperLayer::~TextureMapperLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#8 0x00007fa123a386f1 in WebCore::GraphicsLayerTextureMapper::~GraphicsLayerTextureMapper() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#9 0x00007fa123a38739 in WebCore::GraphicsLayerTextureMapper::~GraphicsLayerTextureMapper() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#10 0x00007fa1239069f1 in WebCore::RenderLayerBacking::destroyGraphicsLayers() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#11 0x00007fa1239082c9 in WebCore::RenderLayerBacking::~RenderLayerBacking() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#12 0x00007fa1239083f9 in WebCore::RenderLayerBacking::~RenderLayerBacking() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#13 0x00007fa1238f93e1 in WebCore::RenderLayer::clearBacking(bool) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#14 0x00007fa1238f953a in WebCore::RenderLayer::~RenderLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#15 0x00007fa1238f9799 in WebCore::RenderLayer::~RenderLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#16 0x00007fa12393a161 in WebCore::RenderObject::willBeDestroyed() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#17 0x00007fa12393f48d in WebCore::RenderObject::destroy() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#18 0x00007fa1239ed11e in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#19 0x00007fa1239ed03b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#20 0x00007fa1239ed09b in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#21 0x00007fa1239ed03b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#22 0x00007fa1239ed09b in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#23 0x00007fa1239ed03b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#24 0x00007fa1239ed09b in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#25 0x00007fa1239ed03b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#26 0x00007fa1239ed09b in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#27 0x00007fa1239ed03b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#28 0x00007fa1239ed09b in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#29 0x00007fa1239ed03b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#30 0x00007fa1239ed09b in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#31 0x00007fa123407577 in WebCore::Document::destroyRenderTree() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#32 0x00007fa123412365 in WebCore::Document::prepareForDestruction() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#33 0x00007fa1237d1068 in WebCore::Frame::setView(WTF::PassRefPtr<WebCore::FrameView>) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#34 0x00007fa12373ba73 in WebCore::FrameLoader::detachFromParent() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#35 0x00007fa1231f9125 in WebKit::WebPage::close() () from /home/itoral/Devel
The error situation, which is a crash in the driver when trying to make current a context that is no longer valid, happens with this stack:
#0 0x00007f2c00c0b22b in intel_prepare_render (brw=0x302c4b0) at brw_context.c:1117
#1 0x00007f2c00c0ae42 in intelMakeCurrent (driContextPriv=0x2ff66d0, driDrawPriv=0x2fe75e0, driReadPriv=0x2fe75e0) at brw_context.c:964
#2 0x00007f2c00b8348b in driBindContext (pcp=0x2ff66d0, pdp=0x2fe75e0, prp=0x2fe75e0) at dri_util.c:543
#3 0x00007f2c81d0a3a9 in dri2_bind_context (context=0x4639810, old=0x7f2c81d444e0 <dummyContext>, draw=41949698, read=41949698) at dri2_glx.c:162
#4 0x00007f2c81cd044d in MakeContextCurrent (dpy=0x1bf6740, draw=41949698, read=41949698, gc_user=0x4639810) at glxcurrent.c:259
#5 0x00007f2c81cd056e in glXMakeCurrent (dpy=0x1bf6740, draw=41949698, gc=0x4639810) at glxcurrent.c:293
#6 0x00007f2c86a4edd3 in WebCore::GLContextGLX::makeContextCurrent() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#7 0x00007f2c864fa341 in WebCore::GraphicsContext3D::deleteTexture(unsigned int) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#8 0x00007f2c861738e4 in WebCore::BitmapTextureGL::~BitmapTextureGL() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#9 0x00007f2c861738f9 in WebCore::BitmapTextureGL::~BitmapTextureGL() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#10 0x00007f2c8618b33d in WTF::Vector<WebCore::TextureMapperTile, 0ul, WTF::CrashOnOverflow>::shrink(unsigned long) ()
from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#11 0x00007f2c8618b467 in WebCore::TextureMapperTiledBackingStore::~TextureMapperTiledBackingStore() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#12 0x00007f2c86187fa6 in WebCore::TextureMapperLayer::~TextureMapperLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#13 0x00007f2c86188039 in WebCore::TextureMapperLayer::~TextureMapperLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#14 0x00007f2c8617e6f1 in WebCore::GraphicsLayerTextureMapper::~GraphicsLayerTextureMapper() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#15 0x00007f2c8617e739 in WebCore::GraphicsLayerTextureMapper::~GraphicsLayerTextureMapper() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#16 0x00007f2c8604c9f1 in WebCore::RenderLayerBacking::destroyGraphicsLayers() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#17 0x00007f2c8604e2c9 in WebCore::RenderLayerBacking::~RenderLayerBacking() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#18 0x00007f2c8604e3f9 in WebCore::RenderLayerBacking::~RenderLayerBacking() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#19 0x00007f2c8603f3e1 in WebCore::RenderLayer::clearBacking(bool) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#20 0x00007f2c8603f53a in WebCore::RenderLayer::~RenderLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#21 0x00007f2c8603f799 in WebCore::RenderLayer::~RenderLayer() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#22 0x00007f2c86080161 in WebCore::RenderObject::willBeDestroyed() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#23 0x00007f2c8608548d in WebCore::RenderObject::destroy() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#24 0x00007f2c8613311e in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#25 0x00007f2c8613303b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#26 0x00007f2c8613309b in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#27 0x00007f2c8613303b in WebCore::Style::detachChildren(WebCore::ContainerNode&, WebCore::Style::DetachType) ()
from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#28 0x00007f2c8613309b in WebCore::Style::detachRenderTree(WebCore::Element&, WebCore::Style::DetachType) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#29 0x00007f2c85b4d577 in WebCore::Document::destroyRenderTree() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#30 0x00007f2c85b58365 in WebCore::Document::prepareForDestruction() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#31 0x00007f2c85f17068 in WebCore::Frame::setView(WTF::PassRefPtr<WebCore::FrameView>) () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#32 0x00007f2c85e81a73 in WebCore::FrameLoader::detachFromParent() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
#33 0x00007f2c8593f125 in WebKit::WebPage::close() () from /home/itoral/Devel/Gnome/bin/lib64/libwebkit2gtk-3.0.so.25
And as far as I can see, when this happens the texture mapper was already destroyed (I suppose because of that timer function I mentioned in a previous comment), but it looks like some BitmapTextureGL objects still lived, keeping a reference to the GraphicsContext3D preventing its destruction, hence leading to the problem.
I don't know if this behavior is expected or is a bug.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list