Bug 255231 - [GTK] Crash in TextureMapperGL::draw
Summary: [GTK] Crash in TextureMapperGL::draw
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-04-10 09:19 PDT by Michael Catanzaro
Modified: 2023-04-10 09:23 PDT (History)
2 users (show)

See Also:

Attachments
all threads backtrace (145.08 KB, text/plain)
2023-04-10 09:19 PDT, Michael Catanzaro 		no flags Details
full backtrace (51.46 KB, text/plain)
2023-04-10 09:20 PDT, Michael Catanzaro 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Catanzaro 2023-04-10 09:19:02 PDT 
This crash occurred when using Google Maps with WebKitGTK 2.41.1:

Thread 1 (Thread 0x7fa8995ff640 (LWP 20)):
#0  0x00007fa8ae75ce3a in st_update_single_texture () at /usr/lib/x86_64-linux-gnu/GL/default/lib/dri/radeonsi_dri.so
#1  0x00007fa8ae75d03c in st_get_sampler_views () at /usr/lib/x86_64-linux-gnu/GL/default/lib/dri/radeonsi_dri.so
#2  0x00007fa8ae75d48d in update_textures () at /usr/lib/x86_64-linux-gnu/GL/default/lib/dri/radeonsi_dri.so
#3  0x00007fa8ae754d02 in st_validate_state () at /usr/lib/x86_64-linux-gnu/GL/default/lib/dri/radeonsi_dri.so
#4  0x00007fa8ae76dcab in prepare_draw () at /usr/lib/x86_64-linux-gnu/GL/default/lib/dri/radeonsi_dri.so
#5  0x00007fa8ae76e172 in st_draw_gallium () at /usr/lib/x86_64-linux-gnu/GL/default/lib/dri/radeonsi_dri.so
#6  0x00007fa8ae878a5c in _mesa_draw_arrays.part.0 () at /usr/lib/x86_64-linux-gnu/GL/default/lib/dri/radeonsi_dri.so
#7  0x00007fa92751ad48 in WebCore::TextureMapperGL::draw(WebCore::FloatRect const&, WebCore::TransformationMatrix const&, WebCore::TextureMapperShaderProgram&, unsigned int, int) (this=0x7fa6d32800e0, rect=..., modelViewMatrix=..., program=..., drawingMode=6, flags=129) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/texmap/TextureMapperGL.cpp:763
#8  0x00007fa92751c791 in WebCore::TextureMapperGL::drawTexturedQuadWithProgram(WebCore::TextureMapperShaderProgram&, WTF::Vector<std::pair<unsigned int, unsigned int>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, int, WebCore::FloatRect const&, WebCore::TransformationMatrix const&, float) (this=0x7fa6d32800e0, program=..., texturesAndSamplers=..., flags=0, rect=..., modelViewMatrix=..., opacity=<error reading variable: That operation is not available on integers of more than 8 bytes.>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/texmap/TextureMapperGL.cpp:839
#9  0x00007fa92751b77b in WebCore::TextureMapperGL::drawTexturedQuadWithProgram(WebCore::TextureMapperShaderProgram&, unsigned int, int, WebCore::FloatRect const&, WebCore::TransformationMatrix const&, float) (this=0x7fa6d32800e0, program=..., texture=141, flags=129, rect=..., modelViewMatrix=..., opacity=<error reading variable: That operation is not available on integers of more than 8 bytes.>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/texmap/TextureMapperGL.cpp:852
#10 WebCore::TextureMapperGL::drawTexture(unsigned int, int, WebCore::IntSize const&, WebCore::FloatRect const&, WebCore::TransformationMatrix const&, float, unsigned int) (this=0x7fa6d32800e0, texture=141, flags=129, textureSize=<optimized out>, targetRect=..., modelViewMatrix=..., opacity=<error reading variable: That operation is not available on integers of more than 8 bytes.>, exposedEdges=11) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/texmap/TextureMapperGL.cpp:516

So something is wrong on the painting thread. Will attach more detailed backtraces.
Comment 1 Michael Catanzaro 2023-04-10 09:19:25 PDT 
Created attachment 465830 [details]
all threads backtrace
Comment 2 Michael Catanzaro 2023-04-10 09:20:46 PDT 
Created attachment 465831 [details]
full backtrace
Comment 3 Michael Catanzaro 2023-04-10 09:23:36 PDT 
Notably, it looks like both thread 1 is calling _mesa_draw_arrays.part.0 while thread 2 is calling _mesa_DrawArrays. Maybe that's relevant. Real shame we have no debuginfo for the GL extension.