[Webkit-unassigned] [Bug 151139] New: [GTK] Web Process crashes on reparenting a WebView with AC mode on

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Nov 11 09:32:04 PST 2015 

https://bugs.webkit.org/show_bug.cgi?id=151139

            Bug ID: 151139
           Summary: [GTK] Web Process crashes on reparenting a WebView
                    with AC mode on
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: Gtk
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mario at webkit.org
                CC: agomez at igalia.com, bugs-noreply at webkitgtk.org,
                    cgarcia at igalia.com, mrobinson at webkit.org

Created attachment 265293
  --> https://bugs.webkit.org/attachment.cgi?id=265293&action=review
Backtraces for the UI and Web processes (Release build)

At least since WebKitGTK+ 2.10.0, the Web Process does very often die when the WebView gets reparented from one container to another (removing + adding, NOT using gtk_widget_reparent()) while using Accelerated Compositing, which seems to happen due to a X BadDrawable error, which eventually makes the UI process crash as well.

More specifically, the error that is being reported from the X.org server is like this:

  (WebKitWebProcess:8500): Gdk-ERROR **: The program 'WebKitWebProcess' received an X Window System error.
  This probably reflects a bug in the program.
  The error was 'BadDrawable (invalid Pixmap or Window parameter)'.
    (Details: serial 690 error_code 9 request_code 152 (DRI2) minor_code 8)
    (Note to programmers: normally, X errors are reported asynchronously;
     that is, you will receive the error a while after causing it.
     To debug your program, run it with the GDK_SYNCHRONIZE environment
     variable to change this behavior. You can then get a meaningful
     backtrace from your debugger if you break on the gdk_x_error() function.)

Please see attached a dump of the two backtraces as they are generated by the UI and the Web processes. Those were taken with a release build of WebKit since that's the one I have around now, but I will try to reproduce it in a debug build asap as well, will attach it later.

This crash has happened in a 64-bit Fedora 22 machine with the latest code from WebKit's trunk compiled from sources, using the build-webkit script.


Additional details:

This issue was not happening at all in 2.6.2 and it's crashing from 2.10.0 as far as I can see, although in 2.8.x some graphics corruption is present already when reparenting already. Carlos explained to me on IRC that this is mostly to the move to using PlatformDisplay, which reuses GDK's connection to the X display and install a bunch of error handlers, which were not present before (thus the problem has probably been there for a while, and was simply ignored)

Anyway, just for the sake of completeness I'm also linking an screencast showing the issue from inside a 32-bit Debian-like chroot:

  https://drive.google.com/file/d/0B6Gdj3EoWfFLSjZzdHFuVFJERGM/view?usp=sharing

Next, I will attach two test cases I wrote which I can reproduce the bug reliably with

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151111/3b4be014/attachment.html>

More information about the webkit-unassigned mailing list