[Webkit-unassigned] [Bug 79850] New: threaded compositing mode crash in ManagedTexture

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 28 17:24:59 PST 2012 

https://bugs.webkit.org/show_bug.cgi?id=79850

           Summary: threaded compositing mode crash in ManagedTexture
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: jbates at google.com
                CC: jamesr at chromium.org, nduca at chromium.org


Reproduces 100% by opening a canvas 2d page with --enable-threaded-compositing.

host->contentsTextureManager() returns NULL in Canvas2DLayerChromium::setLayerTreeHost.

#0  0x00000000031793ee in WTF::HashTable<WebCore::ManagedTexture*, WebCore::ManagedTexture*, WTF::IdentityExtractor, WTF::PtrHash<WebCore::ManagedTexture*>, WTF::HashTraits<WebCore::ManagedTexture*>, WTF::HashTraits<WebCore::ManagedTexture*> >::contains<WTF::IdentityHashTranslator<WTF::PtrHash<WebCore::ManagedTexture*> >, WebCore::ManagedTexture*> (this=0x0, key=@0x7fff55aca370)
    at ../../third_party/WebKit/Source/JavaScriptCore/wtf/HashTable.h:840
#1  0x0000000003177a8b in WTF::HashTable<WebCore::ManagedTexture*, WebCore::ManagedTexture*, WTF::IdentityExtractor, WTF::PtrHash<WebCore::ManagedTexture*>, WTF::HashTraits<WebCore::ManagedTexture*>, WTF::HashTraits<WebCore::ManagedTexture*> >::contains (this=0x0, key=@0x7fff55aca370) at ../../third_party/WebKit/Source/JavaScriptCore/wtf/HashTable.h:342
#2  0x00000000031766f7 in WTF::HashSet<WebCore::ManagedTexture*, WTF::PtrHash<WebCore::ManagedTexture*>, WTF::HashTraits<WebCore::ManagedTexture*> >::contains (this=0x0, value=@0x7fff55aca370)
    at ../../third_party/WebKit/Source/JavaScriptCore/wtf/HashSet.h:161
#3  0x0000000003174fe7 in WebCore::TextureManager::registerTexture (this=0x0, texture=0x7f576b615090) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/TextureManager.cpp:128
#4  0x0000000003172c2a in WebCore::ManagedTexture::ManagedTexture (this=0x7f576b615090, manager=0x0) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/ManagedTexture.cpp:42
#5  0x000000000316e440 in WebCore::ManagedTexture::create (manager=0x0) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/ManagedTexture.h:45
#6  0x0000000003230019 in WebCore::Canvas2DLayerChromium::setTextureManager (this=0x7f576c329b00, textureManager=0x0)
    at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/Canvas2DLayerChromium.cpp:137
#7  0x000000000322ffb3 in WebCore::Canvas2DLayerChromium::setLayerTreeHost (this=0x7f576c329b00, host=0x7f576b697640)
    at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/Canvas2DLayerChromium.cpp:129
#8  0x00000000031701e1 in WebCore::LayerChromium::setLayerTreeHost (this=0x7f576b6ef100, host=0x7f576b697640) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/LayerChromium.cpp:180
#9  0x000000000317f05c in WebCore::TiledLayerChromium::setLayerTreeHost (this=0x7f576b6ef100, host=0x7f576b697640)
    at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/TiledLayerChromium.cpp:290
#10 0x00000000031701e1 in WebCore::LayerChromium::setLayerTreeHost (this=0x7f576b6ef680, host=0x7f576b697640) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/LayerChromium.cpp:180
#11 0x000000000317f05c in WebCore::TiledLayerChromium::setLayerTreeHost (this=0x7f576b6ef680, host=0x7f576b697640)
    at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/TiledLayerChromium.cpp:290
#12 0x0000000003170398 in WebCore::LayerChromium::setParent (this=0x7f576b6ef680, layer=0x7f576b6ed580) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/LayerChromium.cpp:198
#13 0x00000000031704c3 in WebCore::LayerChromium::insertChild (this=0x7f576b6ed580, child=..., index=0) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/LayerChromium.cpp:219
#14 0x000000000317043f in WebCore::LayerChromium::addChild (this=0x7f576b6ed580, child=...) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/LayerChromium.cpp:212
#15 0x0000000003170a09 in WebCore::LayerChromium::setChildren (this=0x7f576b6ed580, children=...) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/LayerChromium.cpp:313
#16 0x000000000316b717 in WebCore::GraphicsLayerChromium::updateChildList (this=0x7f576b709500) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/GraphicsLayerChromium.cpp:519
#17 0x000000000316a583 in WebCore::GraphicsLayerChromium::setChildren (this=0x7f576b709500, children=...) at ../../third_party/WebKit/Source/WebCore/platform/graphics/chromium/GraphicsLayerChromium.cpp:132
#18 0x0000000003c9a08a in WebCore::RenderLayerCompositor::updateCompositingLayers (this=0x7f577907bd10, updateType=WebCore::CompositingUpdateAfterLayoutOrStyleChange, updateRoot=0x7f5778fd92d8)
    at ../../third_party/WebKit/Source/WebCore/rendering/RenderLayerCompositor.cpp:327
#19 0x0000000001fbedc2 in WebCore::FrameView::updateCompositingLayers (this=0x7f5778fd26c0) at ../../third_party/WebKit/Source/WebCore/page/FrameView.cpp:644
#20 0x0000000001fc04e7 in WebCore::FrameView::layout (this=0x7f5778fd26c0, allowSubtree=true) at ../../third_party/WebKit/Source/WebCore/page/FrameView.cpp:1120
#21 0x0000000001fc742d in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive (this=0x7f5778fd26c0) at ../../third_party/WebKit/Source/WebCore/page/FrameView.cpp:2989
#22 0x00000000013b8c0e in WebKit::WebFrameImpl::layout (this=0x7f5779045200) at ../../third_party/WebKit/Source/WebKit/chromium/src/WebFrameImpl.cpp:2053
#23 0x00000000013e1ec5 in WebKit::WebViewImpl::layout (this=0x7f5778fee600) at ../../third_party/WebKit/Source/WebKit/chromium/src/WebViewImpl.cpp:1322
#24 0x0000000002d120ae in RenderWidget::DoDeferredUpdate (this=0x7f576c319000) at ../../content/renderer/render_widget.cc:813
#25 0x0000000002d11b8f in RenderWidget::DoDeferredUpdateAndSendInputAck (this=0x7f576c319000) at ../../content/renderer/render_widget.cc:769
#26 0x0000000002d0fddf in RenderWidget::OnUpdateRectAck (this=0x7f576c319000) at ../../content/renderer/render_widget.cc:409
#27 0x0000000002d16a69 in IPC::Message::Dispatch<RenderWidget, RenderWidget> (msg=0x7f5778ffc328, obj=0x7f576c319000, sender=0x7f576c319000, func=
    (void (RenderWidget::*)(RenderWidget * const)) 0x2d0fb68 <RenderWidget::OnUpdateRectAck()>) at ../../ipc/ipc_message.h:140
#28 0x0000000002d0ea49 in RenderWidget::OnMessageReceived (this=0x7f576c319000, message=...) at ../../content/renderer/render_widget.cc:212
#29 0x0000000002ceb1c4 in RenderViewImpl::OnMessageReceived (this=0x7f576c319000, message=...) at ../../content/renderer/render_view_impl.cc:824
#30 0x000000000289cbd4 in MessageRouter::RouteMessage (this=0x7f5778fbc6f0, msg=...) at ../../content/common/message_router.cc:46
#31 0x000000000289cb76 in MessageRouter::OnMessageReceived (this=0x7f5778fbc6f0, msg=...) at ../../content/common/message_router.cc:38
#32 0x00000000027aef09 in ChildThread::OnMessageReceived (this=0x7f5778fbc6c8, msg=...) at ../../content/common/child_thread.cc:202
#33 0x00000000013698a4 in IPC::ChannelProxy::Context::OnDispatchMessage (this=0x7f5778fa4540, message=...) at ../../ipc/ipc_channel_proxy.cc:268
#34 0x000000000136ca89 in base::internal::RunnableAdapter<void (IPC::ChannelProxy::Context::*)(IPC::Message const&)>::Run (this=0x7fff55acd390, object=0x7f5778fa4540, a1=...) at ../../base/bind_internal.h:188
#35 0x000000000136c64f in base::internal::InvokeHelper<false, void, base::internal::RunnableAdapter<void (IPC::ChannelProxy::Context::*)(IPC::Message const&)>, void (IPC::ChannelProxy::Context* const&, IPC::Message const&)>::MakeItSo(base::internal::RunnableAdapter<void (IPC::ChannelProxy::Context::*)(IPC::Message const&)>, IPC::ChannelProxy::Context* const&, IPC::Message const&) (runnable=..., a1=@0x7f5778ffc320, 
    a2=...) at ../../base/bind_internal.h:896
#36 0x000000000136c00e in base::internal::Invoker<2, base::internal::BindState<base::internal::RunnableAdapter<void (IPC::ChannelProxy::Context::*)(IPC::Message const&)>, void (IPC::ChannelProxy::Context*, IPC::Message const&), void (IPC::ChannelProxy::Context*, IPC::Message)>, void (IPC::ChannelProxy::Context*, IPC::Message const&)>::Run(base::internal::BindStateBase*) (base=0x7f5778ffc300)
    at ../../base/bind_internal.h:1254
#37 0x000000000055beb7 in base::Callback<void ()>::Run() const (this=0x7fff55acd6e8) at ../../base/callback.h:272
#38 0x000000000267f1dc in MessageLoop::RunTask (this=0x7fff55acdfe0, pending_task=...) at ../../base/message_loop.cc:458
#39 0x000000000267f2f3 in MessageLoop::DeferOrRunPendingTask (this=0x7fff55acdfe0, pending_task=...) at ../../base/message_loop.cc:470
#40 0x000000000267fb15 in MessageLoop::DoWork (this=0x7fff55acdfe0) at ../../base/message_loop.cc:660
#41 0x0000000002687940 in base::MessagePumpDefault::Run (this=0x7f5778fd79c0, delegate=0x7fff55acdfe0) at ../../base/message_pump_default.cc:28

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list