282084 2024-10-24 23:36:12 -0700 [GTK][WPE][Skia] Fix threading issue with DisplayList rendering / GraphicsContextState merging 2024-11-18 12:34:15 -0800 1 1 1 Unclassified WebKit Layout and Rendering WebKit Local Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 279618 280677 1 zimmermann zimmermann bfulgham sabouhallawa simon.fraser webkit-bug-importer zalan oldest_to_newest 2070512 0 zimmermann 2024-10-24 23:36:12 -0700 ASSERTION FAILED: Unsafe to ref/deref from different threads m_isOwnedByMainThread == isMainThread() /host/home/nzimmermann/Software/GitRepositories/WebKit/WebKitBuild/WPE/Release/WTF/Headers/wtf/RefCounted.h(124) : void WTF::RefCountedBase::applyRefDerefThreadingCheck() const 1 0x7243c5527d4d WTF::RefCountedBase::ref() const 2 0x7243ca63f6e0 auto std::__detail::__variant::_Copy_assign_base<false, std::monostate, WebCore::SourceBrushLogicalGradient, WTF::Ref<WebCore::Pattern, WTF::RawPtrTraits<WebCore::Pattern>, WTF::DefaultRefDerefTraits<WebCore::Pattern> > >::operator=(std::__detail::__variant::_Copy_assign_base<false, std::monostate, WebCore::SourceBrushLogicalGradient, WTF::Ref<WebCore::Pattern, WTF::RawPtrTraits<WebCore::Pattern>, WTF::DefaultRefDerefTraits<WebCore::Pattern> > > const&)::{lambda(auto:1&&, auto:2)#1}::operator()<WTF::Ref<WebCore::Pattern, WTF::RawPtrTraits<WebCore::Pattern>, WTF::DefaultRefDerefTraits<WebCore::Pattern> > const&, std::integral_constant<unsigned long, 2ul> >(WTF::Ref<WebCore::Pattern, WTF::RawPtrTraits<WebCore::Pattern>, WTF::DefaultRefDerefTraits<WebCore::Pattern> > const&, std::integral_constant<unsigned long, 2ul>) 3 0x7243ca6427ff auto WebCore::GraphicsContextState::mergeLastChanges(WebCore::GraphicsContextState const&, std::optional<WebCore::GraphicsContextState> const&)::$_0::operator()<WebCore::SourceBrush>(WebCore::SourceBrush WebCore::GraphicsContextState::*) const 4 0x7243ca641e1c WebCore::GraphicsContextState::mergeLastChanges(WebCore::GraphicsContextState const&, std::optional<WebCore::GraphicsContextState> const&) 5 0x7243ca6390e3 WebCore::GraphicsContext::mergeLastChanges(WebCore::GraphicsContextState const&, std::optional<WebCore::GraphicsContextState> const&) 6 0x7243ca6c29e2 WebCore::DisplayList::SetState::apply(WebCore::GraphicsContext&) const 7 0x7243ca6bc80b _ZNSt8__detail9__variant17__gen_vtable_implINS0_12_Multi_arrayIPFNS0_21__deduce_visit_resultIN7WebCore11DisplayList15ApplyItemResultEEEON3WTF7VisitorIZNS5_9applyItemERNS4_15GraphicsContextERKNS5_12ResourceHeapERNS4_14ControlFactoryERKSt7variantIJNS5_22ApplyDeviceScaleFactorENS5_22BeginTransparencyLayerENS5_39BeginTransparencyLayerWithCompositeModeENS5_9ClearRectENS5_15ClearDropShadowENS5_4ClipENS5_15ClipRoundedRectENS5_7ClipOutENS5_18ClipOutRoundedRectENS5_13ClipOutToPathENS5_8ClipPathENS5_17ClipToImageBufferENS5_14ConcatenateCTMENS5_15DrawControlPartENS5_25DrawDotsForDocumentMarkerENS5_11DrawEllipseENS5_23DrawFilteredImageBufferENS5_17DrawFocusRingPathENS5_18DrawFocusRingRectsENS5_10DrawGlyphsENS5_20DrawDecomposedGlyphsENS5_20DrawDisplayListItemsENS5_15DrawImageBufferENS5_8DrawLineENS5_16DrawLinesForTextENS5_15DrawNativeImageENS5_8DrawPathENS5_11DrawPatternENS5_8DrawRectENS5_15DrawSystemImageENS5_20EndTransparencyLayerENS5_18FillCompositedRectENS5_11FillEllipseENS5_15FillPathSegmentENS5_8FillPathENS5_8FillRectENS5_17FillRectWithColorENS5_20FillRectWithGradientENS5_37FillRectWithGradientAndSpaceTransformENS5_23FillRectWithRoundedHoleENS5_15FillRoundedRectENS5_9ResetClipENS5_7RestoreENS5_6RotateENS5_4SaveENS5_5ScaleENS5_6SetCTMENS5_18SetInlineFillColorENS5_15SetInlineStrokeENS5_10SetLineCapENS5_11SetLineDashENS5_11SetLineJoinENS5_13SetMiterLimitENS5_8SetStateENS5_13StrokeEllipseENS5_10StrokeLineENS5_17StrokePathSegmentENS5_10StrokePathENS5_10StrokeRectENS5_9TranslateEEEE3$_0JZNS5_9applyItemESB_SE_SG_S28_E3$_1ZNS5_9applyItemESB_SE_SG_S28_E3$_2ZNS5_9applyItemESB_SE_SG_S28_E3$_3ZNS5_9applyItemESB_SE_SG_S28_E3$_4ZNS5_9applyItemESB_SE_SG_S28_E3$_5ZNS5_9applyItemESB_SE_SG_S28_E3$_6ZNS5_9applyItemESB_SE_SG_S28_E3$_7ZNS5_9applyItemESB_SE_SG_S28_E3$_8ZNS5_9applyItemESB_SE_SG_S28_E3$_9ZNS5_9applyItemESB_SE_SG_S28_E4$_10EEES28_EJEEESt16integer_sequenceImJLm53EEEE14__visit_invokeES2L_S28_ 2070513 1 zimmermann 2024-10-24 23:48:25 -0700 Pattern is not thread-safe. ``` frame #3: 0x00007a4feae3f6e0 libWPEWebKit-2.0.so.2`auto std::__detail::__variant::_Copy_assign_base<false, std::monostate, WebCore::SourceBrushLogicalGradient, WTF::Ref<WebCore::Pattern, WTF::RawPtrTraits<WebCore::Pattern>, WTF::DefaultRefDerefTraits<WebCore::Pattern>>>::operator=(std::__detail::__variant::_Copy_assign_base<false, std::monostate, WebCore::SourceBrushLogicalGradient, WTF::Ref<WebCore::Pattern, WTF::RawPtrTraits<WebCore::Pattern>, WTF::DefaultRefDerefTraits<WebCore::Pattern>>> const&)::'lambda'(auto&&, auto)::operator()<WTF::Ref<WebCore::Pattern, WTF::RawPtrTraits<WebCore::Pattern>, WTF::DefaultRefDerefTraits<WebCore::Pattern>> const&, std::integral_constant<unsigned long, 2ul>>(auto&&, auto) [inlined] WTF::DefaultRefDerefTraits<WebCore::Pattern>::ref(ref=0x00007a4fcf031f80) at Ref.h:55:13 52 53 static ALWAYS_INLINE T& ref(T& ref) 54 { -> 55 ref.ref(); 56 return ref; 57 } 58 (lldb) p ref (WebCore::Pattern &) 0x00007a4fcf031f80: { WTF::RefCounted<WebCore::Pattern> = { WTF::RefCountedBase = { ``` 2075760 2 zimmermann 2024-11-18 00:36:58 -0800 Pull request: https://github.com/WebKit/WebKit/pull/36787 2075905 3 ews-feeder 2024-11-18 12:33:57 -0800 Committed 286744@main (b4d253a7cf35): <https://commits.webkit.org/286744@main> Reviewed commits have been landed. Closing PR #36787 and removing active labels. 2075906 4 webkit-bug-importer 2024-11-18 12:34:15 -0800 <rdar://problem/140144560>