[Webkit-unassigned] [Bug 236501] New: GPUP WebGL: WTF::RefCountedBase::applyRefDerefThreadingCheck() fails due to RemoteGraphicsContextGL::paintPixelBufferToImageBuffer

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Feb 11 06:42:55 PST 2022 

https://bugs.webkit.org/show_bug.cgi?id=236501

            Bug ID: 236501
           Summary: GPUP WebGL:
                    WTF::RefCountedBase::applyRefDerefThreadingCheck()
                    fails due to
                    RemoteGraphicsContextGL::paintPixelBufferToImageBuffer
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebGL
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: kkinnunen at apple.com
                CC: dino at apple.com, kbr at google.com, kkinnunen at apple.com
            Blocks: 217211

GPUP WebGL: WTF::RefCountedBase::applyRefDerefThreadingCheck() fails due to RemoteGraphicsContextGL::paintPixelBufferToImageBuffer


Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   JavaScriptCore                             0x132b265be WTFCrash + 14
1   WebCore                                    0x14e8544e3 WTF::RefCountedBase::applyRefDerefThreadingCheck() const + 179 (RefCounted.h:114)
2   WebCore                                    0x14e8542b9 WTF::RefCountedBase::derefBase() const + 25 (RefCounted.h:130)
3   WebCore                                    0x14e8df579 WTF::RefCounted<JSC::ArrayBufferView, std::__1::default_delete<JSC::ArrayBufferView> >::deref() const + 25 (RefCounted.h:189)
4   WebCore                                    0x152c9fc15 WebCore::GraphicsContextGL::paintToCanvas(WebCore::GraphicsContextGLAttributes const&, WebCore::PixelBuffer&&, WebCore::IntSize const&, WebCore::GraphicsContext&)::$_15::operator()(void*, void const*, unsigned long) const + 37 (GraphicsContextGLCG.cpp:531)
5   WebCore                                    0x152c9fbe5 WebCore::GraphicsContextGL::paintToCanvas(WebCore::GraphicsContextGLAttributes const&, WebCore::PixelBuffer&&, WebCore::IntSize const&, WebCore::GraphicsContext&)::$_15::__invoke(void*, void const*, unsigned long) + 37 (GraphicsContextGLCG.cpp:530)
6   CoreGraphics                            0x7ff811b68285 data_release_info + 31
7   CoreGraphics                            0x7ff811b19c3e data_provider_finalize + 64
8   CoreGraphics                            0x7ff811adfa2a data_provider_retain_count + 74
9   CoreFoundation                          0x7ff80c933d30 _CFRelease + 478
10  CoreGraphics                            0x7ff811b454f4 image_finalize + 103
11  CoreFoundation                          0x7ff80c933c46 _CFRelease + 244
12  WebCore                                    0x14ebfed19 WTF::RetainPtr<CGImage*>::~RetainPtr() + 57 (RetainPtr.h:178)
13  WebCore                                    0x14ebcb145 WTF::RetainPtr<CGImage*>::~RetainPtr() + 21 (RetainPtr.h:176)
14  WebCore                                    0x152baeeba WebCore::NativeImage::~NativeImage() + 186 (NativeImage.cpp:50)
15  WebCore                                    0x152baf095 WebCore::NativeImage::~NativeImage() + 21 (NativeImage.cpp:47)
16  WebCore                                    0x14ebf29ca WTF::ThreadSafeRefCounted<WebCore::NativeImage, (WTF::DestructionThread)1>::deref() const::'lambda'()::operator()() const + 42 (ThreadSafeRefCounted.h:117)
17  WebCore                                    0x14ebf2979 WTF::Detail::CallableWrapper<WTF::ThreadSafeRefCounted<WebCore::NativeImage, (WTF::DestructionThread)1>::deref() const::'lambda'(), void>::call() + 25 (Function.h:53)
18  JavaScriptCore                             0x132b503b2 WTF::Function<void ()>::operator()() const + 130
19  JavaScriptCore                             0x132bd719e WTF::RunLoop::performWork() + 318
20  JavaScriptCore                             0x132bdaa6e WTF::RunLoop::performWork(void*) + 30
21  CoreFoundation                          0x7ff80c866c1b __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17

Thread 7:: RemoteRenderingBackend work queue
0   libsystem_kernel.dylib                  0x7ff80c76399a mach_msg_trap + 10
1   libsystem_kernel.dylib                  0x7ff80c763d08 mach_msg + 56
2   libsystem_kernel.dylib                  0x7ff80c765f35 vm_copy + 106
3   CoreGraphics                            0x7ff811cb92d0 create_protected_copy + 181
4   CoreGraphics                            0x7ff811b07274 CGDataProviderCreateWithCopyOfData + 12
5   CoreGraphics                            0x7ff811b07254 CGDataProviderCreateTrustedWithCopyOfData + 9
6   CoreGraphics                            0x7ff811b070a2 CGBitmapContextCreateImage + 133
7   WebKit                                     0x1208c31dc WebKit::ShareableBitmap::makeCGImageCopy() + 108 (ShareableBitmapCG.cpp:171)
8   WebKit                                     0x11fd857f3 WebKit::ShareableBitmap::createPlatformImage() + 35 (ShareableBitmap.h:123)
9   WebKit                                     0x120facd67 WebKit::ImageBufferShareableBitmapBackend::copyNativeImage(WebCore::BackingStoreCopy) const + 55 (ImageBufferShareableBitmapBackend.cpp:148)
10  WebCore                                    0x152c90b91 WebCore::ImageBufferCGBackend::draw(WebCore::GraphicsContext&, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) + 161 (ImageBufferCGBackend.cpp:141)
11  WebKit                                     0x11fd9a2f0 WebCore::ConcreteImageBuffer<WebKit::ImageBufferShareableBitmapBackend>::draw(WebCore::GraphicsContext&, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) + 96 (ConcreteImageBuffer.h:167)
12  WebCore                                    0x152b5b6da WebCore::GraphicsContext::drawImageBuffer(WebCore::ImageBuffer&, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) + 90 (GraphicsContext.cpp:695)
13  WebCore                                    0x152d4115b WebCore::DisplayList::DrawImageBuffer::apply(WebCore::GraphicsContext&, WebCore::ImageBuffer&) const + 59 (DisplayListItems.cpp:371)
14  WebKit                                     0x11fd7e542 void WebKit::RemoteDisplayListRecorder::handleItem<WebCore::DisplayList::DrawImageBuffer, WebCore::ImageBuffer&>(WebCore::DisplayList::DrawImageBuffer&&, WebCore::ImageBuffer&) + 66 (RemoteDisplayListRecorder.h:149)
15  WebKit                                     0x11fd7e4de WebKit::RemoteDisplayListRecorder::drawImageBufferWithQualifiedIdentifier(WebCore::ProcessQualified<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) + 270 (RemoteDisplayListRecorder.cpp:265)
16  WebKit                                     0x11fd7e3ca WebKit::RemoteDisplayListRecorder::drawImageBuffer(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) + 90 (RemoteDisplayListRecorder.cpp:254)
17  WebKit                                     0x11fb03925 void IPC::callMemberFunctionImpl<WebKit::RemoteDisplayListRecorder, void (WebKit::RemoteDisplayListRecorder::*)(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&), std::__1::tuple<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebCore::FloatRect, WebCore::FloatRect, WebCore::ImagePaintingOptions>, 0ul, 1ul, 2ul, 3ul>(WebKit::RemoteDisplayListRecorder*, void (WebKit::RemoteDisplayListRecorder::*)(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&), std::__1::tuple<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebCore::FloatRect, WebCore::FloatRect, WebCore::ImagePaintingOptions>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul>) + 229 (HandleMessage.h:125)
18  WebKit                                     0x11fb0182d void IPC::callMemberFunction<WebKit::RemoteDisplayListRecorder, void (WebKit::RemoteDisplayListRecorder::*)(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&), std::__1::tuple<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebCore::FloatRect, WebCore::FloatRect, WebCore::ImagePaintingOptions>, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul> >(std::__1::tuple<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebCore::FloatRect, WebCore::FloatRect, WebCore::ImagePaintingOptions>&&, WebKit::RemoteDisplayListRecorder*, void (WebKit::RemoteDisplayListRecorder::*)(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&)) + 109 (HandleMessage.h:131)
19  WebKit                                     0x11faca341 void IPC::handleMessage<Messages::RemoteDisplayListRecorder::DrawImageBuffer, WebKit::RemoteDisplayListRecorder, void (WebKit::RemoteDisplayListRecorder::*)(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&)>(IPC::Connection&, IPC::Decoder&, WebKit::RemoteDisplayListRecorder*, void (WebKit::RemoteDisplayListRecorder::*)(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&)) + 225 (HandleMessage.h:196)
20  WebKit                                     0x11fac7abf WebKit::RemoteDisplayListRecorder::didReceiveStreamMessage(IPC::StreamServerConnectionBase&, IPC::Decoder&) + 2639 (RemoteDisplayListRecorderMessageReceiver.cpp:107)
21  WebKit                                     0x12053abab IPC::StreamServerConnection::dispatchStreamMessage(IPC::Decoder&&, IPC::StreamMessageReceiver&) + 139 (StreamServerConnection.cpp:254)
22  WebKit                                     0x12053a544 IPC::StreamServerConnection::dispatchStreamMessages(unsigned long) + 964 (StreamServerConnection.cpp:229)
23  WebKit                                     0x120538f04 IPC::StreamConnectionWorkQueue::processStreams() + 452 (StreamConnectionWorkQueue.cpp:135)
24  WebKit                                     0x120540bf0 IPC::StreamConnectionWorkQueue::startProcessingThread()::$_0::operator()() + 32 (StreamConnectionWorkQueue.cpp:107)
25  WebKit                                     0x120540ba9 WTF::Detail::CallableWrapper<IPC::StreamConnectionWorkQueue::startProcessingThread()::$_0, void>::call() + 25 (Function.h:53)
26  JavaScriptCore                             0x132b503b2 WTF::Function<void ()>::operator()() const + 130
27  JavaScriptCore                             0x132c152e8 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 408


Thread 8:: RemoteGraphicsContextGL work queue
0   libsystem_kernel.dylib                  0x7ff80c7639d6 semaphore_wait_trap + 10
1   WebKit                                     0x120588e38 IPC::Semaphore::wait() + 24 (IPCSemaphoreDarwin.cpp:77)
2   WebKit                                     0x120540c26 IPC::StreamConnectionWorkQueue::startProcessingThread()::$_0::operator()() + 86 (StreamConnectionWorkQueue.cpp:112)
3   WebKit                                     0x120540ba9 WTF::Detail::CallableWrapper<IPC::StreamConnectionWorkQueue::startProcessingThread()::$_0, void>::call() + 25 (Function.h:53)
4   JavaScriptCore                             0x132b503b2 WTF::Function<void ()>::operator()() const + 130
5   JavaScriptCore                             0x132c152e8 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 408
6   JavaScriptCore                             0x132c216d5 WTF::wtfThreadEntryPoint(void*) + 21
7   libsystem_pthread.dylib                 0x7ff80c7a04bc _pthread_start + 120
8   libsystem_pthread.dylib                 0x7ff80c79bebf thread_start + 15


Referenced Bugs:

https://bugs.webkit.org/show_bug.cgi?id=217211
[Bug 217211] Support running WebGL in GPU process
-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220211/8dd64822/attachment-0001.htm>

More information about the webkit-unassigned mailing list