[Webkit-unassigned] [Bug 214417] New: [GTK][WPE] css3/color/composited-solid-backgrounds.html crashes with cross thread ExtendedColor ref

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jul 16 12:30:56 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=214417

            Bug ID: 214417
           Summary: [GTK][WPE]
                    css3/color/composited-solid-backgrounds.html crashes
                    with cross thread ExtendedColor ref
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: lmoura at igalia.com
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    zalan at apple.com

Crashing since a long time ago, likely after bug200507 landed these asserts.

Would it be the case of making ExtendedColor ThreadSafeRefCounted<> or would be too much of a penalty?

Trace from manual gdb session:

#0  0x00007fffdde7e340 in WTFCrash() () at ../../Source/WTF/wtf/Assertions.cpp:295
#1  0x00007fffec1f0983 in WTF::RefCountedBase::applyRefDerefThreadingCheck() const (this=0x7fffd4687ce0) at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:114
#2  0x00007fffec20249e in WTF::RefCountedBase::ref() const (this=0x7fffd4687ce0) at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:43
#3  0x00007fffefd7e4e7 in WebCore::Color::operator=(WebCore::Color const&) (this=0x7fff504eccd8, other=...) at ../../Source/WebCore/platform/graphics/Color.cpp:62
#4  0x00007fffecd77fd7 in Nicosia::CompositionLayer::LayerState::operator=(Nicosia::CompositionLayer::LayerState const&) (this=0x7fff504ecb50) at DerivedSources/ForwardingHeaders/WebCore/NicosiaPlatformLayer.h:106
#5  0x00007fffecd6e65a in Nicosia::CompositionLayer::commitState<WebKit::CoordinatedGraphicsScene::updateSceneState()::<lambda(Nicosia::Scene::State&)>::<lambda(const Nicosia::CompositionLayer::LayerState&)> >(const WebKit::CoordinatedGraphicsScene::<lambda(Nicosia::Scene::State&)>::<lambda(const Nicosia::CompositionLayer::LayerState&)> &) (this=0x7fff504ec700, functor=...) at DerivedSources/ForwardingHeaders/WebCore/NicosiaPlatformLayer.h:282
#6  0x00007fffecd6adda in WebKit::CoordinatedGraphicsScene::<lambda(Nicosia::Scene::State&)>::operator()(Nicosia::Scene::State &) const (__closure=0x7ffece7fb680, state=...)
    at ../../Source/WebKit/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp:273
#7  0x00007fffecd6e6f3 in Nicosia::Scene::accessState<WebKit::CoordinatedGraphicsScene::updateSceneState()::<lambda(Nicosia::Scene::State&)> >(const WebKit::CoordinatedGraphicsScene::<lambda(Nicosia::Scene::State&)> &)
    (this=0x7fffd463dee0, functor=...) at DerivedSources/ForwardingHeaders/WebCore/NicosiaScene.h:66
#8  0x00007fffecd6aeb1 in WebKit::CoordinatedGraphicsScene::updateSceneState() (this=0x7fffd4610000) at ../../Source/WebKit/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp:236
#9  0x00007fffecd6974f in WebKit::CoordinatedGraphicsScene::paintToCurrentGLContext(WebCore::TransformationMatrix const&, WebCore::FloatRect const&, unsigned int) (this=0x7fffd4610000, matrix=..., clipRect=..., PaintFlags=1)
    at ../../Source/WebKit/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp:65
#10 0x00007fffecd6da4a in WebKit::ThreadedCompositor::renderLayerTree() (this=0x7fffd4633680) at ../../Source/WebKit/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:220
#11 0x00007fffecd6cb07 in WebKit::ThreadedCompositor::<lambda()>::operator()(void) const (__closure=0x7fffd46220d8) at ../../Source/WebKit/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:56
#12 0x00007fffecd74c18 in WTF::Detail::CallableWrapper<WebKit::ThreadedCompositor::ThreadedCompositor(WebKit::ThreadedCompositor::Client&, WebKit::ThreadedDisplayRefreshMonitor::Client&, WebCore::PlatformDisplayID, const WebCore::IntSize&, float, WebCore::TextureMapper::PaintFlags)::<lambda()>, void>::call(void) (this=0x7fffd46220d0) at DerivedSources/ForwardingHeaders/wtf/Function.h:52
#13 0x00007fffec1f389b in WTF::Function<void ()>::operator()() const (this=0x7fffd462fee8) at DerivedSources/ForwardingHeaders/wtf/Function.h:84
#14 0x00007fffecd6ca37 in WebKit::CompositingRunLoop::updateTimerFired() (this=0x7fffd462fea0) at ../../Source/WebKit/Shared/CoordinatedGraphics/threadedcompositor/CompositingRunLoop.cpp:188
#15 0x00007fffecd8ac32 in WTF::RunLoop::Timer<WebKit::CompositingRunLoop>::fired() (this=0x7fffd462fea8) at DerivedSources/ForwardingHeaders/wtf/RunLoop.h:177
#16 0x00007fffddf3909f in WTF::RunLoop::TimerBase::<lambda(gpointer)>::operator()(gpointer) const (__closure=0x0, userData=0x7fffd462fea8) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:179
#17 0x00007fffddf390df in WTF::RunLoop::TimerBase::<lambda(gpointer)>::_FUN(gpointer) () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:183
#18 0x00007fffddf386c0 in WTF::<lambda(GSource*, GSourceFunc, gpointer)>::operator()(GSource *, GSourceFunc, gpointer) const
    (__closure=0x0, source=0x555555b5def0, callback=0x7fffddf390c2 <WTF::RunLoop::TimerBase::<lambda(gpointer)>::_FUN(gpointer)>, userData=0x7fffd462fea8) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:45
#19 0x00007fffddf386f0 in WTF::<lambda(GSource*, GSourceFunc, gpointer)>::_FUN(GSource *, GSourceFunc, gpointer) () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:46
#20 0x00007fffd727ec3e in g_main_dispatch (context=0x7ffeb8000b60) at ../glib/gmain.c:3309
#21 0x00007fffd727ec3e in g_main_context_dispatch (context=context at entry=0x7ffeb8000b60) at ../glib/gmain.c:3974
#22 0x00007fffd727eff0 in g_main_context_iterate (context=0x7ffeb8000b60, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/gmain.c:4047
#23 0x00007fffd727f2e3 in g_main_loop_run (loop=0x7ffeb8001480) at ../glib/gmain.c:4241
#24 0x00007fffddf38c70 in WTF::RunLoop::run() () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:96
#25 0x00007fffecd6c177 in WebKit::<lambda()>::operator()(void) const (__closure=0x7fffd4621110) at ../../Source/WebKit/Shared/CoordinatedGraphics/threadedcompositor/CompositingRunLoop.cpp:49
#26 0x00007fffecd74d08 in WTF::Detail::CallableWrapper<WebKit::createRunLoop()::<lambda()>, void>::call(void) (this=0x7fffd4621108) at DerivedSources/ForwardingHeaders/wtf/Function.h:52
#27 0x00007fffec1f389b in WTF::Function<void ()>::operator()() const (this=0x7ffece7fbc30) at DerivedSources/ForwardingHeaders/wtf/Function.h:84
#28 0x00007fffddeb6faf in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) (newThreadContext=0x7fffd4627550) at ../../Source/WTF/wtf/Threading.cpp:167
#29 0x00007fffddf3fe65 in WTF::wtfThreadEntryPoint(void*) (context=0x7fffd4627550) at ../../Source/WTF/wtf/posix/ThreadingPOSIX.cpp:197
#30 0x00007fffd82fc5e2 in start_thread (arg=<optimized out>) at pthread_create.c:479
#31 0x00007fffd5f8c473 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200716/e35039bd/attachment-0001.htm>

More information about the webkit-unassigned mailing list