[Webkit-unassigned] [Bug 159918] New: [GTK][Threaded Compositor] Web Process crash when the page is closed before the web view is realized

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jul 19 06:02:29 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=159918

            Bug ID: 159918
           Summary: [GTK][Threaded Compositor] Web Process crash when the
                    page is closed before the web view is realized
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: Gtk
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: cgarcia at igalia.com
                CC: bugs-noreply at webkitgtk.org
            Blocks: 154066

When the web view is unrealized we send a sync message to the web process to destroy the native surface handle for compositing, and then we actually destroy the redirected window. But if the page is closed explicitly before the web view is unrealized, the drawing area proxy is destroyed so that when the web view is unrealized we can't notify the web process that keeps trying to render to a now deleted window handle. that produces a BasdDrawable X error and the web process crashes.

The program 'WebKitWebProcess' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadDrawable (invalid Pixmap or Window parameter)'.
  (Details: serial 213 error_code 9 request_code 154 (DRI2) minor_code 3)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the GDK_SYNCHRONIZE environment
   variable to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)

Thread 11 (Thread 0x7f1c6f07a700 (LWP 8225)):
#0  0x00007f1ce6b19303 in _g_log_abort (breakpoint=1) at gmessages.c:325
#1  g_logv (log_domain=0x7f1ce336966e "Gdk", log_level=G_LOG_LEVEL_ERROR, format=<optimized out>, args=args at entry=0x7f1c6f079248) at gmessages.c:1080
#2  0x00007f1ce6b19462 in g_log (log_domain=log_domain at entry=0x7f1ce336966e "Gdk", log_level=log_level at entry=G_LOG_LEVEL_ERROR, format=format at entry=0x7f1ce3386f74 "%s") at gmessages.c:1119
#3  0x00007f1ce332dc30 in _gdk_x11_display_error_event (display=display at entry=0x12cf020, error=error at entry=0x7f1c6f0793f0) at gdkdisplay-x11.c:2576
#4  0x00007f1ce333b3a1 in gdk_x_error (xdisplay=0x12c2c20, error=0x7f1c6f0793f0) at gdkmain-x11.c:307
#5  0x00007f1ce4fe846d in _XError () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#6  0x00007f1ce4fe53a7 in ?? () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#7  0x00007f1ce4fe5465 in ?? () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#8  0x00007f1ce4fe6420 in _XReply () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#9  0x00007f1ce9e4d2fa in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#10 0x00007f1ce9e4d637 in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#11 0x00007f1c853284bb in ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#12 0x00007f1c853289c1 in ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#13 0x00007f1c85328aab in ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#14 0x00007f1c852d8236 in ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#15 0x00007f1ce9e4f0cb in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#16 0x00007f1ce9e25415 in glXMakeCurrentReadSGI () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#17 0x00007f1cedf7d1c9 in WebCore::GLContextGLX::makeContextCurrent() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#18 0x00007f1ced00b6d4 in WebKit::ThreadedCompositor::tryEnsureGLContext() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#19 0x00007f1ced00b793 in WebKit::ThreadedCompositor::renderLayerTree() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#20 0x00007f1ced00a3d2 in WebKit::CompositingRunLoop::updateTimerFired() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#21 0x00007f1ceb94a1fa in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#22 0x00007f1ce6b12b8a in g_main_dispatch (context=0x7f1c68000900) at gmain.c:3154
#23 g_main_context_dispatch (context=context at entry=0x7f1c68000900) at gmain.c:3769
#24 0x00007f1ce6b12f08 in g_main_context_iterate (context=0x7f1c68000900, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at gmain.c:3840
#25 0x00007f1ce6b13222 in g_main_loop_run (loop=0x7f1c68001240) at gmain.c:4034
#26 0x00007f1ceb94a5a0 in WTF::RunLoop::run() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#27 0x00007f1ced00bcbd in WebKit::ThreadedCompositor::runCompositingThread() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#28 0x00007f1ceb917b15 in WTF::threadEntryPoint(void*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#29 0x00007f1ceb9477aa in WTF::wtfThreadEntryPoint(void*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#30 0x00007f1cea415464 in start_thread (arg=0x7f1c6f07a700) at pthread_create.c:333
#31 0x00007f1ce1cf730d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 1 (Thread 0x7f1cef1fcac0 (LWP 8153)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007f1ce257f79c in std::condition_variable::wait(std::unique_lock<std::mutex>&) () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#2  0x00007f1ceb914d78 in WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#3  0x00007f1ced00af7f in WebKit::CompositingRunLoop::performTaskSync(WTF::Function<void ()>&&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007f1ced00ca59 in WebKit::ThreadedCompositor::didChangeViewportSize(WebCore::IntSize const&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#5  0x00007f1cecff74fc in WebKit::AcceleratedDrawingArea::updateBackingStoreState(unsigned long, bool, float, WebCore::IntSize const&, WebCore::IntSize const&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#6  0x00007f1cecffa0eb in WebKit::DrawingAreaImpl::updateBackingStoreState(unsigned long, bool, float, WebCore::IntSize const&, WebCore::IntSize const&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#7  0x00007f1ced061283 in WebKit::DrawingArea::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#8  0x00007f1cecd2dc29 in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::MessageDecoder&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#9  0x00007f1cece62d36 in WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#10 0x00007f1cecd2a0a6 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#11 0x00007f1cecd2aa03 in IPC::Connection::dispatchOneMessage() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#12 0x00007f1ceb916cc2 in WTF::RunLoop::performWork() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#13 0x00007f1ceb949cd9 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#14 0x00007f1ce6b12b8a in g_main_dispatch (context=0x12e2da0) at gmain.c:3154
#15 g_main_context_dispatch (context=context at entry=0x12e2da0) at gmain.c:3769
#16 0x00007f1ce6b12f08 in g_main_context_iterate (context=0x12e2da0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at gmain.c:3840
#17 0x00007f1ce6b13222 in g_main_loop_run (loop=0x1a90510) at gmain.c:4034
#18 0x00007f1ceb94a509 in WTF::RunLoop::run() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#19 0x00007f1cecf12818 in WebKit::WebPage::runModal() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#20 0x00007f1ced8922dd in WebCore::Chrome::runModal() const () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#21 0x00007f1ced8a9811 in WebCore::DOMWindow::showModalDialog(WTF::String const&, WTF::String const&, WebCore::DOMWindow&, WebCore::DOMWindow&, std::function<void (WebCore::DOMWindow&)>) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#22 0x00007f1ced25520c in WebCore::JSDOMWindow::showModalDialog(JSC::ExecState&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#23 0x00007f1cee2cf013 in WebCore::jsDOMWindowInstanceFunctionShowModalDialog(JSC::ExecState*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#24 0x00007f1c87fff028 in ?? ()
#25 0x00007ffe1c13ac20 in ?? ()
#26 0x00007f1ceb58790b in llint_entry () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160719/90e85fb7/attachment-0001.html>

More information about the webkit-unassigned mailing list