[Webkit-unassigned] [Bug 279523] New: [WPE] Web Process crashes in WebCore::GLContext::swapBuffers when USE_SKIA=ON

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Sep 11 10:31:52 PDT 2024 

https://bugs.webkit.org/show_bug.cgi?id=279523

            Bug ID: 279523
           Summary: [WPE] Web Process crashes in
                    WebCore::GLContext::swapBuffers when USE_SKIA=ON
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WPE WebKit
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: yurys at chromium.org
                CC: bugs-noreply at webkitgtk.org

While trying to enable Skia in Playwright builds of WebKit we noticed that mobile viewport tests[1] started crashing intermittently (seems to be a race). The tests emulate fixed layout mode with custom viewport size. Here is the stack trace (from ubuntu 22.04):

```
(lldb) bt
* thread #1, name = 'WPEWebProcess', stop reason = signal SIGSEGV: invalid permissions for mapped object
  * frame #0: 0x000077dfb8daefb3 libc.so.6`__memcpy_evex_unaligned_erms at memmove-vec-unaligned-erms.S:543
    frame #1: 0x000077dfab5e0a01 libEGL_mesa.so.0`___lldb_unnamed_symbol972 + 305
    frame #2: 0x000077dfab5e0d4c libEGL_mesa.so.0`___lldb_unnamed_symbol973 + 92
    frame #3: 0x000077df59eb58f9 swrast_dri.so`___lldb_unnamed_symbol3221 + 41
    frame #4: 0x000077df59eb5b5e swrast_dri.so`___lldb_unnamed_symbol3225 + 302
    frame #5: 0x000077dfab5de8cf libEGL_mesa.so.0`___lldb_unnamed_symbol948 + 47
    frame #6: 0x000077dfab5d5df5 libEGL_mesa.so.0`___lldb_unnamed_symbol799 + 69
    frame #7: 0x000077dfab5c9af5 libEGL_mesa.so.0`___lldb_unnamed_symbol623 + 565
    frame #8: 0x000077dfc5937cc8 libWPEWebKit-2.0.so.1`WebCore::GLContext::swapBuffers(this=0x000077dfa91300e0) at GLContext.cpp:470:5
    frame #9: 0x000077dfbdb81be0 libWPEWebKit-2.0.so.1`WebKit::ThreadedCompositor::renderLayerTree(this=0x000077dfa902c600) at ThreadedCompositor.cpp:304:16
    frame #10: 0x000077dfbdb82898 libWPEWebKit-2.0.so.1`WebKit::ThreadedCompositor::ThreadedCompositor(WebKit::ThreadedCompositor::Client&, unsigned int, WebCore::IntSize const&, float, bool, WebKit::ThreadedCompositor::DamagePropagation)::$_0::operator()(this=0x000077dfa9001cc8) const at ThreadedCompositor.cpp:81:68
    frame #11: 0x000077dfbdb82879 libWPEWebKit-2.0.so.1`WTF::Detail::CallableWrapper<WebKit::ThreadedCompositor::ThreadedCompositor(WebKit::ThreadedCompositor::Client&, unsigned int, WebCore::IntSize const&, float, bool, WebKit::ThreadedCompositor::DamagePropagation)::$_0, void>::call(this=0x000077dfa9001cc0) at Function.h:53:39
    frame #12: 0x000077dfbd644007 libWPEWebKit-2.0.so.1`WTF::Function<void ()>::operator()(this=0x000077dfa903cca8) const at Function.h:82:35
    frame #13: 0x000077dfbdb80468 libWPEWebKit-2.0.so.1`WebKit::CompositingRunLoop::updateTimerFired(this=0x000077dfa903cc70) at CompositingRunLoop.cpp:182:5
    frame #14: 0x000077dfbdb89c89 libWPEWebKit-2.0.so.1`void std::__invoke_impl<void, void (WebKit::CompositingRunLoop::*&)(), WebKit::CompositingRunLoop*&>((null)=__invoke_memfun_deref @ 0x000077ddc29ff7af, __f=0x000077dfa9112dc8, __t=0x000077dfa9112dd8) at invoke.h:74:14
    frame #15: 0x000077dfbdb89bcd libWPEWebKit-2.0.so.1`std::__invoke_result<void (WebKit::CompositingRunLoop::*&)(), WebKit::CompositingRunLoop*&>::type std::__invoke<void (WebKit::CompositingRunLoop::*&)(), WebKit::CompositingRunLoop*&>(__fn=0x000077dfa9112dc8, __args=0x000077dfa9112dd8) at invoke.h:96:14
    frame #16: 0x000077dfbdb89b9d libWPEWebKit-2.0.so.1`void std::_Bind<void (WebKit::CompositingRunLoop::* (WebKit::CompositingRunLoop*))()>::__call<void, 0ul>(this=0x000077dfa9112dc8, __args=0x000077ddc29ff847, (null)=_Index_tuple<0UL> @ 0x000077ddc29ff81f) at functional:495:11
    frame #17: 0x000077dfbdb89b56 libWPEWebKit-2.0.so.1`void std::_Bind<void (WebKit::CompositingRunLoop::* (WebKit::CompositingRunLoop*))()>::operator()<void>(this=0x000077dfa9112dc8) at functional:580:17
    frame #18: 0x000077dfbdb89ad9 libWPEWebKit-2.0.so.1`WTF::Detail::CallableWrapper<std::_Bind<void (WebKit::CompositingRunLoop::* (WebKit::CompositingRunLoop*))()>, void>::call(this=0x000077dfa9112dc0) at Function.h:53:39
    frame #19: 0x000077dfbd644007 libWPEWebKit-2.0.so.1`WTF::Function<void ()>::operator()(this=0x000077dfa903cca0) const at Function.h:82:35
    frame #20: 0x000077dfbd74aed9 libWPEWebKit-2.0.so.1`WTF::RunLoop::Timer::fired(this=0x000077dfa903cc78) at RunLoop.h:195:33
    frame #21: 0x000077dfc1065d5a libWPEWebKit-2.0.so.1`WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::operator()(this=0x000077ddc29ff907, userData=0x000077dfa903cc78) const at RunLoopGLib.cpp:177:16
    frame #22: 0x000077dfc1065d09 libWPEWebKit-2.0.so.1`WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::__invoke(userData=0x000077dfa903cc78) at RunLoopGLib.cpp:169:43
    frame #23: 0x000077dfc1065a89 libWPEWebKit-2.0.so.1`WTF::RunLoop::$_0::operator()(this=0x000077ddc29ff977, source=0x00006424ef5ffd90, callback=(libWPEWebKit-2.0.so.1`WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::__invoke(void*) at RunLoopGLib.cpp:169), userData=0x000077dfa903cc78) const at RunLoopGLib.cpp:53:28
    frame #24: 0x000077dfc1064419 libWPEWebKit-2.0.so.1`WTF::RunLoop::$_0::__invoke(source=0x00006424ef5ffd90, callback=(libWPEWebKit-2.0.so.1`WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::__invoke(void*) at RunLoopGLib.cpp:169), userData=0x000077dfa903cc78) at RunLoopGLib.cpp:45:5
    frame #25: 0x000077dfb9346c44 libglib-2.0.so.0`g_main_context_dispatch + 372
    frame #26: 0x000077dfb939c2b8 libglib-2.0.so.0`___lldb_unnamed_symbol2709 + 488
    frame #27: 0x000077dfb93462b3 libglib-2.0.so.0`g_main_loop_run + 115
    frame #28: 0x000077dfc1064d6a libWPEWebKit-2.0.so.1`WTF::RunLoop::run() at RunLoopGLib.cpp:108:9
    frame #29: 0x000077dfc0ed6ad4 libWPEWebKit-2.0.so.1`WTF::RunLoop::create(WTF::ASCIILiteral, WTF::ThreadType, WTF::Thread::QOS)::$_0::operator()(this=0x000077dfa9112da8) const at RunLoop.cpp:114:9
    frame #30: 0x000077dfc0ed6a99 libWPEWebKit-2.0.so.1`WTF::Detail::CallableWrapper<WTF::RunLoop::create(WTF::ASCIILiteral, WTF::ThreadType, WTF::Thread::QOS)::$_0, void>::call(this=0x000077dfa9112da0) at Function.h:53:39
    frame #31: 0x000077dfbd644007 libWPEWebKit-2.0.so.1`WTF::Function<void ()>::operator()(this=0x000077ddc29ffb60) const at Function.h:82:35
    frame #32: 0x000077dfc0fac489 libWPEWebKit-2.0.so.1`WTF::Thread::entryPoint(newThreadContext=0x000077dfa900dc20) at Threading.cpp:266:5
    frame #33: 0x000077dfc10727d5 libWPEWebKit-2.0.so.1`WTF::wtfThreadEntryPoint(context=0x000077dfa900dc20) at ThreadingPOSIX.cpp:239:5
    frame #34: 0x000077dfb8c94ac3 libc.so.6`start_thread(arg=<unavailable>) at pthread_create.c:442:8
    frame #35: 0x000077dfb8d26850 libc.so.6`__clone3 at clone3.S:81
(lldb) 
```

It does not reproduce when running with `WEBKIT_SKIA_ENABLE_CPU_RENDERING=1`.


[1] https://github.com/microsoft/playwright/blob/1f0514536e1ca8a0b93ab774c03eef7c6966bd31/tests/library/browsercontext-viewport-mobile.spec.ts#L87-L95

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240911/2e6e7a4c/attachment.htm>

More information about the webkit-unassigned mailing list