Bug 242031

Summary: [GPU Process] RemoteRenderingBackend has to explicitly stop IOSurfacePool::m_collectionTimer before destruction
Product: WebKit Reporter: Said Abou-Hallawa <sabouhallawa>
Component: Layout and RenderingAssignee: Said Abou-Hallawa <sabouhallawa>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, simon.fraser, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Said Abou-Hallawa 2022-06-27 09:57:43 PDT 
RemoteRenderingBackend can be destroyed by RemoteGraphicsContextGL on the StreamConnection WorkQueue. Because RemoteRenderingBackend now owns an IOSurfacePool, this IOSurfacePool can be destroyed on the StreamConnection WorkQueue also. At the same time the handler of IOSurfacePool::m_collectionTimer can be called on the main thread. This leads to accessing null IOSurfaces in IOSurfacePool::collectionTimerFired().
Comment 1 Said Abou-Hallawa 2022-06-27 09:58:02 PDT 
rdar://94516877
Comment 2 Said Abou-Hallawa 2022-06-27 10:09:13 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/1821
Comment 3 EWS 2022-06-28 05:52:17 PDT 
Committed 251907@main (0cabd082474b): <https://commits.webkit.org/251907@main>

Reviewed commits have been landed. Closing PR #1821 and removing active labels.