[Webkit-unassigned] [Bug 277696] New: [Skia] Web process crash in epoxy_get_proc_address when closing browser tab
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 6 10:50:46 PDT 2024
https://bugs.webkit.org/show_bug.cgi?id=277696
Bug ID: 277696
Summary: [Skia] Web process crash in epoxy_get_proc_address
when closing browser tab
Product: WebKit
Version: Other
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: WebKitGTK
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at redhat.com
CC: bugs-noreply at webkitgtk.org
Two problems here. First, we have a web process crash that sometimes occurs when closing an Epiphany browser tab:
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo at entry=6, no_tid=no_tid at entry=0) at pthread_kill.c:44
#1 0x00007fb9a509dbf3 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78
#2 0x00007fb9a5045aee in __GI_raise (sig=sig at entry=6) at ../sysdeps/posix/raise.c:26
#3 0x00007fb9a502d882 in __GI_abort () at abort.c:79
#4 0x00007fb9a502d79e in __assert_fail_base
(fmt=0x7fb9a51bdca0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion at entry=0x7fb9a4fbcec8 "0 && \"Couldn't find current GLX or EGL context.\\n\"", file=file at entry=0x7fb9a4fbcfcd "../src/dispatch_common.c", line=line at entry=872, function=function at entry=0x7fb9a4fc7ca0 <__PRETTY_FUNCTION__.0.lto_priv.0> "epoxy_get_proc_address") at assert.c:94
#5 0x00007fb9a503dfc7 in __assert_fail
(assertion=assertion at entry=0x7fb9a4fbcec8 "0 && \"Couldn't find current GLX or EGL context.\\n\"", file=file at entry=0x7fb9a4fbcfcd "../src/dispatch_common.c", line=line at entry=872, function=function at entry=0x7fb9a4fc7ca0 <__PRETTY_FUNCTION__.0.lto_priv.0> "epoxy_get_proc_address") at assert.c:103
#6 0x00007fb9a4fa3e3b in epoxy_get_proc_address (name=0x7fb9a4fadfe0 <entrypoint_strings.lto_priv+9472> "glDeleteBuffers") at ../src/dispatch_common.c:872
#7 0x00007fb9a4f51f7a in epoxy_glDeleteBuffers_resolver () at src/gl_generated_dispatch.c:81508
#8 epoxy_glDeleteBuffers_global_rewrite_ptr (n=1, buffers=0x558e7b860f2c) at src/gl_generated_dispatch.c:114976
#9 0x00007fb9a84dd0da in GrGLFunction<void(int, unsigned int const*)>::operator() (this=0x578, args=1, args=0x558e7b860f2c)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/include/gpu/gl/GrGLFunctions.h:294
#10 GrGLBuffer::onRelease (this=0x558e7b860e50) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/gl/GrGLBuffer.cpp:146
#11 0x00007fb9a8278b03 in GrGpuResource::release (this=0x2)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrGpuResource.cpp:56
#12 0x00007fb9a82838ca in GrGpuResource::CacheAccess::release (this=<optimized out>)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrGpuResourceCacheAccess.h:43
#13 GrResourceCache::releaseAll (this=0x558e7b041eb0)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrResourceCache.cpp:180
#14 0x00007fb9a826d1dd in GrDirectContext::~GrDirectContext (this=0x558e7b2216e0)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrDirectContext.cpp:111
#15 0x00007fb9a826d3b2 in GrDirectContext::~GrDirectContext (this=0x2)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrDirectContext.cpp:96
#16 0x00007fb9a7b236f3 in SkRefCntBase::unref (this=0x0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/include/core/SkRefCnt.h:78
#17 SkSafeUnref<GrDirectContext> (obj=0x0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/include/core/SkRefCnt.h:151
#18 sk_sp<GrDirectContext>::~sk_sp (this=0x7fb9920ea208) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/include/core/SkRefCnt.h:256
#19 WebCore::SkiaGLContext::~SkiaGLContext (this=0x7fb9920ea1f0)
at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/skia/PlatformDisplaySkia.cpp:76
#20 WTF::ThreadSafeWeakPtrControlBlock::strongDeref<WebCore::SkiaGLContext, (WTF::DestructionThread)0>() const::{lambda()#1}::operator()() const
(this=<optimized out>) at WTF/Headers/wtf/ThreadSafeWeakPtr.h:101
#21 WTF::ThreadSafeWeakPtrControlBlock::strongDeref<WebCore::SkiaGLContext, (WTF::DestructionThread)0> (this=<optimized out>)
at WTF/Headers/wtf/ThreadSafeWeakPtr.h:107
#22 0x00007fb9a5047e7f in __GI___call_tls_dtors () at cxa_thread_atexit_impl.c:156
#23 0x00007fb9a504827a in __run_exit_handlers
(status=0, listp=0x7fb9a51f1680 <__exit_funcs>, run_list_atexit=run_list_atexit at entry=true, run_dtors=run_dtors at entry=true) at exit.c:41
#24 0x00007fb9a50482ce in __GI_exit (status=<optimized out>) at exit.c:138
#25 0x00007fb9a502f14f in __libc_start_call_main (main=main at entry=0x558e5fa68150 <main(int, char**)>, argc=argc at entry=4, argv=argv at entry=0x7ffcb9b325a8)
at ../sysdeps/nptl/libc_start_call_main.h:74
#26 0x00007fb9a502f20b in __libc_start_main_impl
(main=0x558e5fa68150 <main(int, char**)>, argc=4, argv=0x7ffcb9b325a8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffcb9b32598) at ../csu/libc-start.c:360
#27 0x0000558e5fa68085 in _start () at ../sysdeps/x86_64/start.S:115
The past decade of history indicates we're no good at exit time destructors, so we should probably give up on that. But next problem is **this somehow causes the UI process to quit without crashing** and I do not know why. A misbehaving web process should not be able to cause UI process termination.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240806/232d303e/attachment.htm>
More information about the webkit-unassigned
mailing list