Bug 229635 - ThreadSanitizer: data race reading/writing key count for WTF::HashTable<> in WebKit::RemoteRenderingBackend object
Summary: ThreadSanitizer: data race reading/writing key count for WTF::HashTable<> in ...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-08-27 16:35 PDT by David Kilzer (:ddkilzer)
Modified: 2021-08-28 18:46 PDT (History)
7 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David Kilzer (:ddkilzer) 2021-08-27 16:35:27 PDT 
ThreadSanitizer: data race reading/writing key count for WTF::HashTable<> in WebKit::RemoteRenderingBackend object.

In the TSAn report below, the main thread is trying to read WTF::HashTable<>::keyCount() but a background thread is calling WTF::HashTable<>::setKeyCount(), which means that this method in Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp could return an incorrect value for m_remoteResourceCache.imageBuffers().isEmpty():

bool RemoteRenderingBackend::allowsExitUnderMemoryPressure() const
{
    return m_remoteResourceCache.imageBuffers().isEmpty() && m_remoteResourceCache.nativeImages().isEmpty();
}

==================
WARNING: ThreadSanitizer: data race (pid=4134)
  Read of size 4 at 0x7b24000083a4 by main thread:
    #0 WTF::HashTable<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > >::keyCount() const <null> (WebKit:x86_64+0x9172aa)
    #1 WTF::HashTable<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > >::isEmpty() const <null> (WebKit:x86_64+0x917269)
    #2 WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::HashTableTraits>::isEmpty() const <null> (WebKit:x86_64+0x8b5579)
    #3 WebKit::RemoteRenderingBackend::allowsExitUnderMemoryPressure() const <null> (WebKit:x86_64+0x8a67c5)
    #4 WebKit::GPUConnectionToWebProcess::allowsExitUnderMemoryPressure() const <null> (WebKit:x86_64+0x8a6406)
    #5 WebKit::GPUProcess::canExitUnderMemoryPressure() const <null> (WebKit:x86_64+0x8ab1f4)
    #6 WebKit::GPUProcess::tryExitIfUnused() <null> (WebKit:x86_64+0x8aa500)
    #7 WebKit::GPUProcess::lowMemoryHandler(WTF::Critical, WTF::Synchronous) <null> (WebKit:x86_64+0x8ab6ca)
    #8 WebKit::GPUProcess::initializeGPUProcess(WebKit::GPUProcessCreationParameters&&)::$_3::operator()(WTF::Critical, WTF::Synchronous) const <null> (WebKit:x86_64+0x8d53f1)
    #9 WTF::Detail::CallableWrapper<WebKit::GPUProcess::initializeGPUProcess(WebKit::GPUProcessCreationParameters&&)::$_3, void, WTF::Critical, WTF::Synchronous>::call(WTF::Critical, WTF::Synchronous) <null> (WebKit:x86_64+0x8d537b)
    #10 WTF::Function<void (WTF::Critical, WTF::Synchronous)>::operator()(WTF::Critical, WTF::Synchronous) const <null> (JavaScriptCore:x86_64+0x6c8eb)
    #11 WTF::MemoryPressureHandler::releaseMemory(WTF::Critical, WTF::Synchronous) <null> (JavaScriptCore:x86_64+0x6c319)
    #12 WTF::MemoryPressureHandler::respondToMemoryPressure(WTF::Critical, WTF::Synchronous) <null> (JavaScriptCore:x86_64+0x705fe)
    #13 invocation function for block in WTF::MemoryPressureHandler::install() <null> (JavaScriptCore:x86_64+0x70476)
    #14 __tsan::dispatch_callback_wrap(void*) <null> (libclang_rt.tsan_osx_dynamic.dylib:x86_64+0x734d1)
    #15 _dispatch_client_callout <null> (libdispatch.dylib:x86_64+0x34ff)
    #16 WKXPCServiceMain <null> (WebKit:x86_64+0x225da4e)
    #17 main <null> (com.apple.WebKit.GPU.Development:x86_64+0x100003e3e)

  Previous write of size 4 at 0x7b24000083a4 by thread T17:
    #0 WTF::HashTable<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > >::setKeyCount(unsigned int) const <null> (WebKit:x86_64+0x9177d9)
    #1 WTF::HashTableAddResult<WTF::HashTableIterator<WTF::HashTable<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > >, WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > > > WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::HashTableTraits>::add<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> const&, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >&&) <null> (WebKit:x86_64+0x8b5828)
    #2 WebKit::RemoteResourceCache::cacheImageBuffer(WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >&&) <null> (WebKit:x86_64+0x8b017e)
    #3 WebKit::RemoteRenderingBackend::createImageBuffer(WebCore::FloatSize const&, WebCore::RenderingMode, float, WebCore::DestinationColorSpace const&, WebCore::PixelFormat, WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>) <null> (WebKit:x86_64+0x8afd6d)
    #4 void IPC::callMemberFunctionImpl<WebKit::RemoteRenderingBackend, void (WebKit::RemoteRenderingBackend::*)(WebCore::FloatSize const&, WebCore::RenderingMode, float, WebCore::DestinationColorSpace const&, WebCore::PixelFormat, WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>), std::__1::tuple<WebCore::FloatSize, WebCore::RenderingMode, float, WebCore::DestinationColorSpace, WebCore::PixelFormat, WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>(WebKit::RemoteRenderingBackend*, void (WebKit::RemoteRenderingBackend::*)(WebCore::FloatSize const&, WebCore::RenderingMode, float, WebCore::DestinationColorSpace const&, WebCore::PixelFormat, WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>), std::__1::tuple<WebCore::FloatSize, WebCore::RenderingMode, float, WebCore::DestinationColorSpace, WebCore::PixelFormat, WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>) <null> (WebKit:x86_64+0x854acf)
    #5 void IPC::callMemberFunction<WebKit::RemoteRenderingBackend, void (WebKit::RemoteRenderingBackend::*)(WebCore::FloatSize const&, WebCore::RenderingMode, float, WebCore::DestinationColorSpace const&, WebCore::PixelFormat, WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>), std::__1::tuple<WebCore::FloatSize, WebCore::RenderingMode, float, WebCore::DestinationColorSpace, WebCore::PixelFormat, WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul> >(std::__1::tuple<WebCore::FloatSize, WebCore::RenderingMode, float, WebCore::DestinationColorSpace, WebCore::PixelFormat, WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >&&, WebKit::RemoteRenderingBackend*, void (WebKit::RemoteRenderingBackend::*)(WebCore::FloatSize const&, WebCore::RenderingMode, float, WebCore::DestinationColorSpace const&, WebCore::PixelFormat, WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>)) <null> (WebKit:x86_64+0x84f298)
    #6 void IPC::handleMessage<Messages::RemoteRenderingBackend::CreateImageBuffer, WebKit::RemoteRenderingBackend, void (WebKit::RemoteRenderingBackend::*)(WebCore::FloatSize const&, WebCore::RenderingMode, float, WebCore::DestinationColorSpace const&, WebCore::PixelFormat, WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>)>(IPC::Decoder&, WebKit::RemoteRenderingBackend*, void (WebKit::RemoteRenderingBackend::*)(WebCore::FloatSize const&, WebCore::RenderingMode, float, WebCore::DestinationColorSpace const&, WebCore::PixelFormat, WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>)) <null> (WebKit:x86_64+0x838062)
    #7 WebKit::RemoteRenderingBackend::didReceiveMessage(IPC::Connection&, IPC::Decoder&) <null> (WebKit:x86_64+0x837e2c)
    #8 non-virtual thunk to WebKit::RemoteRenderingBackend::didReceiveMessage(IPC::Connection&, IPC::Decoder&) <null> (WebKit:x86_64+0x8385d4)
    #9 IPC::Connection::dispatchMessageReceiverMessage(IPC::MessageReceiver&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&&) <null> (WebKit:x86_64+0x8fbb1)
    #10 IPC::WorkQueueMessageReceiverQueue::enqueueMessage(IPC::Connection&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&&)::'lambda'()::operator()() <null> (WebKit:x86_64+0x9730e)
    #11 WTF::Detail::CallableWrapper<IPC::WorkQueueMessageReceiverQueue::enqueueMessage(IPC::Connection&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&&)::'lambda'(), void>::call() <null> (WebKit:x86_64+0x970ed)
    #12 WTF::Function<void ()>::operator()() const <null> (JavaScriptCore:x86_64+0x2805d)
    #13 WTF::(anonymous namespace)::DispatchWorkItem::operator()() <null> (JavaScriptCore:x86_64+0x11846d)
    #14 void WTF::dispatchWorkItem<WTF::(anonymous namespace)::DispatchWorkItem>(void*) <null> (JavaScriptCore:x86_64+0x117459)
    #15 __tsan::dispatch_callback_wrap(void*) <null> (libclang_rt.tsan_osx_dynamic.dylib:x86_64+0x734d1)
    #16 _dispatch_client_callout <null> (libdispatch.dylib:x86_64+0x34ff)

  Location is heap block of size 144 at 0x7b24000083a0 allocated by thread T17:
    #0 __sanitizer_mz_malloc <null> (libclang_rt.tsan_osx_dynamic.dylib:x86_64+0x5168a)
    #1 _malloc_zone_malloc <null> (libsystem_malloc.dylib:x86_64+0x1cf80)
    #2 bmalloc::Cache::allocateSlowCaseNullCache(bmalloc::HeapKind, unsigned long) <null> (JavaScriptCore:x86_64+0x122e50)
    #3 bmalloc::Cache::allocate(bmalloc::HeapKind, unsigned long) <null> (JavaScriptCore:x86_64+0x394c9)
    #4 WTF::fastMalloc(unsigned long) <null> (JavaScriptCore:x86_64+0x38cfb)
    #5 WTF::fastZeroedMalloc(unsigned long) <null> (JavaScriptCore:x86_64+0x38cba)
    #6 WTF::FastMalloc::zeroedMalloc(unsigned long) <null> (WebKit:x86_64+0x1f499)
    #7 WTF::HashTable<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > >::allocateTable(unsigned int) <null> (WebKit:x86_64+0x917a5f)
    #8 WTF::HashTable<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > >::rehash(unsigned int, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >*) <null> (WebKit:x86_64+0x917914)
    #9 WTF::HashTable<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > >::shrink() <null> (WebKit:x86_64+0x91c077)
    #10 WTF::HashTable<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > >::remove(WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >*) <null> (WebKit:x86_64+0x91bfb7)
    #11 WTF::HashTable<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > >::removeAndInvalidateWithoutEntryConsistencyCheck(WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >*) <null> (WebKit:x86_64+0x91bf48)
    #12 WTF::HashTable<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > >::removeWithoutEntryConsistencyCheck(WTF::HashTableIterator<WTF::HashTable<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > >, WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > >) <null> (WebKit:x86_64+0x91be93)
    #13 WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::HashTableTraits>::remove(WTF::HashTableIteratorAdapter<WTF::HashTable<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > >, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >) <null> (WebKit:x86_64+0x91bd42)
    #14 WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::HashTableTraits>::remove(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> const&) <null> (WebKit:x86_64+0x8b62bf)
    #15 WebKit::RemoteResourceCache::maybeRemoveResource(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::HashTableIteratorAdapter<WTF::HashTable<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebKit::RemoteResourceCache::ResourceUseCounter>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebKit::RemoteResourceCache::ResourceUseCounter> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebKit::RemoteResourceCache::ResourceUseCounter, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WebKit::RemoteResourceCache::ResourceUseCounter>, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > >, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WebKit::RemoteResourceCache::ResourceUseCounter> >&) <null> (WebKit:x86_64+0x8b616c)
    #16 WebKit::RemoteResourceCache::releaseRemoteResource(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, unsigned long long) <null> (WebKit:x86_64+0x8b3acf)
    #17 WebKit::RemoteRenderingBackend::releaseRemoteResource(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, unsigned long long) <null> (WebKit:x86_64+0x8b394b)
    #18 void IPC::callMemberFunctionImpl<WebKit::RemoteRenderingBackend, void (WebKit::RemoteRenderingBackend::*)(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, unsigned long long), std::__1::tuple<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, unsigned long long>, 0ul, 1ul>(WebKit::RemoteRenderingBackend*, void (WebKit::RemoteRenderingBackend::*)(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, unsigned long long), std::__1::tuple<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, unsigned long long>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) <null> (WebKit:x86_64+0x85c64e)
    #19 void IPC::callMemberFunction<WebKit::RemoteRenderingBackend, void (WebKit::RemoteRenderingBackend::*)(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, unsigned long long), std::__1::tuple<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, unsigned long long>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, unsigned long long>&&, WebKit::RemoteRenderingBackend*, void (WebKit::RemoteRenderingBackend::*)(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, unsigned long long)) <null> (WebKit:x86_64+0x85ba98)
    #20 void IPC::handleMessage<Messages::RemoteRenderingBackend::ReleaseRemoteResource, WebKit::RemoteRenderingBackend, void (WebKit::RemoteRenderingBackend::*)(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, unsigned long long)>(IPC::Decoder&, WebKit::RemoteRenderingBackend*, void (WebKit::RemoteRenderingBackend::*)(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, unsigned long long)) <null> (WebKit:x86_64+0x8384c2)
    #21 WebKit::RemoteRenderingBackend::didReceiveMessage(IPC::Connection&, IPC::Decoder&) <null> (WebKit:x86_64+0x837f61)
    #22 non-virtual thunk to WebKit::RemoteRenderingBackend::didReceiveMessage(IPC::Connection&, IPC::Decoder&) <null> (WebKit:x86_64+0x8385d4)
    #23 IPC::Connection::dispatchMessageReceiverMessage(IPC::MessageReceiver&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&&) <null> (WebKit:x86_64+0x8fbb1)
    #24 IPC::WorkQueueMessageReceiverQueue::enqueueMessage(IPC::Connection&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&&)::'lambda'()::operator()() <null> (WebKit:x86_64+0x9730e)
    #25 WTF::Detail::CallableWrapper<IPC::WorkQueueMessageReceiverQueue::enqueueMessage(IPC::Connection&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&&)::'lambda'(), void>::call() <null> (WebKit:x86_64+0x970ed)
    #26 WTF::Function<void ()>::operator()() const <null> (JavaScriptCore:x86_64+0x2805d)
    #27 WTF::(anonymous namespace)::DispatchWorkItem::operator()() <null> (JavaScriptCore:x86_64+0x11846d)
    #28 void WTF::dispatchWorkItem<WTF::(anonymous namespace)::DispatchWorkItem>(void*) <null> (JavaScriptCore:x86_64+0x117459)
    #29 __tsan::dispatch_callback_wrap(void*) <null> (libclang_rt.tsan_osx_dynamic.dylib:x86_64+0x734d1)
    #30 _dispatch_client_callout <null> (libdispatch.dylib:x86_64+0x34ff)

  Thread T17 (tid=21827517, running) is a GCD worker thread

SUMMARY: ThreadSanitizer: data race (WebKitBuild/WebKit.framework/Versions/A/WebKit:x86_64+0x9172aa) in WTF::HashTable<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCor
==================
Comment 1 Radar WebKit Bug Importer 2021-08-27 16:35:55 PDT 
<rdar://problem/82459484>
Comment 2 David Kilzer (:ddkilzer) 2021-08-27 16:37:02 PDT 
I'm not familiar with this code, so don't plan to work on this right now (so anyone can feel free to take it).

I'm also not sure if RemoteRenderingBackend::allowsExitUnderMemoryPressure() is just a "best effort" count and doesn't need to be exact.  If that's the case, this may simply be a not-to-be-fixed bug.
Comment 3 David Kilzer (:ddkilzer) 2021-08-27 18:23:50 PDT 
Occurred with these layout tests:

    fast/canvas/canvas-blending-image-over-color.html
    fast/canvas/canvas-composite-canvas.html
    fast/canvas/canvas-context-save-limit.html
    fast/canvas/canvas-getImageData-largeNonintegralDimensions.html
    fast/canvas/draw-focus-if-needed-null-element.html