221789 2021-02-11 17:24:46 -0800 [CoordinatedGraphics] SIGSEGV in TextureMapperLayer::paintSelf() 2022-05-10 18:20:28 -0700 1 1 1 Unclassified WebKit WebCore Misc. WebKit Local Build Other Linux NEW https://bugs.webkit.org/show_bug.cgi?id=197293 https://bugs.webkit.org/show_bug.cgi?id=240283 InRadar P2 Normal --- 1 gavriliuk webkit-unassigned fujii webkit-bug-importer zan oldest_to_newest 1728381 0 gavriliuk 2021-02-11 17:24:46 -0800 It seems the pointer m_contentsLayer becomes invalid but is not set to NULL Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp : 165 void TextureMapperLayer::paintSelf(const TextureMapperPaintOptions& options) { if (!m_state.visible || !m_state.contentsVisible) return; ... if (!m_contentsLayer) return; if (!m_state.contentsTileSize.isEmpty()) { options.textureMapper.setWrapMode(TextureMapper::RepeatWrap); auto patternTransform = TransformationMatrix::rectToRect({ { }, m_state.contentsTileSize }, { { }, m_state.contentsRect.size() }) .translate(m_state.contentsTilePhase.width() / m_state.contentsRect.width(), m_state.contentsTilePhase.height() / m_state.contentsRect.height()); options.textureMapper.setPatternTransform(patternTransform); } ASSERT(!layerRect().isEmpty()); /// SIGSEGV on the following line: m_contentsLayer->paintToTextureMapper(options.textureMapper, m_state.contentsRect, transform, options.opacity); if (m_state.showDebugBorders) m_contentsLayer->drawBorder(options.textureMapper, m_state.debugBorderColor, m_state.debugBorderWidth, m_state.contentsRect, transform); } Callstack | 1|paintSelf‎ |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:165 | 2|paintSelfAndChildren‎ |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:180 | 3|paintSelfAndChildrenWithReplica‎|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:242 | 4|paintRecursive ‎|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:446 | 5|paintSelfAndChildren‎ |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:203 | 6|paintSelfAndChildrenWithReplica‎|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:242 | 7|paintRecursive ‎|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:446 | 8|paintSelfAndChildren ‎|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:203 | 9|paintSelfAndChildrenWithReplica‎|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:242 |10|paintRecursive‎ |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:446 |11|paintSelfAndChildren ‎|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:203 |12|paintSelfAndChildrenWithReplica‎|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:242 |13|paintRecursive ‎|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:446 |14|paintSelfAndChildren ‎|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:203 |15|paintSelfAndChildrenWithReplica‎|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:242 |16|paintRecursive‎ |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:446 |17|paintSelfAndChildren‎ |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:203 |18|paintSelfAndChildrenWithReplica‎|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:242 |19|paintRecursive‎ |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:446 |20|paintSelfAndChildren ‎|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:203 |21|paintSelfAndChildrenWithReplica‎|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:242 |22|paintRecursive‎ |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:446 |23|paintSelfAndChildren‎ |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:203 |24|paintSelfAndChildrenWithReplica‎|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:242 |25|paintRecursive‎ |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:446 |26|paint‎ |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp:110 |27|paintToCurrentGLContext ‎|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebKit/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp:97 |28|renderLayerTree‎ |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WebKit/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:302 |29|updateTimerFired‎ |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/build/DerivedSources/ForwardingHeaders/wtf/Function.h:56 |30|_FUN‎ |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WTF/wtf/glib/RunLoopGLib.cpp:170 |31|g_main_context_dispatch‎ |/usr/src/debug/glib-2.0/1_2.48.2-r0/glib-2.48.2/glib/gmain.c:3154 |32|g_main_context_iterate ‎|/usr/src/debug/glib-2.0/1_2.48.2-r0/glib-2.48.2/glib/gmain.c:3844 |33|g_main_loop_run ‎|/usr/src/debug/glib-2.0/1_2.48.2-r0/glib-2.48.2/glib/gmain.c:4038 |34|run‎ |/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WTF/wtf/glib/RunLoopGLib.cpp:96 |35|entryPoint ‎|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WTF/wtf/Function.h:56 |36|wtfThreadEntryPoint ‎|/usr/src/debug/wpe-webkit/2.22+gitAUTOINC+686cd2f7df-r0/git/Source/WTF/wtf/ThreadingPthreads.cpp:215 |37|start_thread ‎|/usr/src/debug/glibc/2.24-r0/git/nptl/pthread_create.c:458 |38|clone ‎|/lib/libc-2.24.so 1729052 1 fujii 2021-02-14 23:48:07 -0800 CoordinatedBackingStore is created in the compositor thread, and stored in ImageBackingTextureMapperImpl::m_compositionState::backingStore. https://github.com/WebKit/WebKit/blob/d3936e832f436bb9e3b552dd42948e5ba4239c67/Source/WebKit/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp#L159 However, ImageBackingTextureMapperImpl is destructed in the main thread. https://github.com/WebKit/WebKit/blob/d3936e832f436bb9e3b552dd42948e5ba4239c67/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp#L876 https://github.com/WebKit/WebKit/blob/d3936e832f436bb9e3b552dd42948e5ba4239c67/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp#L905 1731115 2 webkit-bug-importer 2021-02-18 17:25:14 -0800 <rdar://problem/74501717>