NEW255231
[GTK] Crash in TextureMapperGL::draw 
https://bugs.webkit.org/show_bug.cgi?id=255231
Summary [GTK] Crash in TextureMapperGL::draw
Michael Catanzaro
Reported 2023-04-10 09:19:02 PDT
This crash occurred when using Google Maps with WebKitGTK 2.41.1: Thread 1 (Thread 0x7fa8995ff640 (LWP 20)): #0 0x00007fa8ae75ce3a in st_update_single_texture () at /usr/lib/x86_64-linux-gnu/GL/default/lib/dri/radeonsi_dri.so #1 0x00007fa8ae75d03c in st_get_sampler_views () at /usr/lib/x86_64-linux-gnu/GL/default/lib/dri/radeonsi_dri.so #2 0x00007fa8ae75d48d in update_textures () at /usr/lib/x86_64-linux-gnu/GL/default/lib/dri/radeonsi_dri.so #3 0x00007fa8ae754d02 in st_validate_state () at /usr/lib/x86_64-linux-gnu/GL/default/lib/dri/radeonsi_dri.so #4 0x00007fa8ae76dcab in prepare_draw () at /usr/lib/x86_64-linux-gnu/GL/default/lib/dri/radeonsi_dri.so #5 0x00007fa8ae76e172 in st_draw_gallium () at /usr/lib/x86_64-linux-gnu/GL/default/lib/dri/radeonsi_dri.so #6 0x00007fa8ae878a5c in _mesa_draw_arrays.part.0 () at /usr/lib/x86_64-linux-gnu/GL/default/lib/dri/radeonsi_dri.so #7 0x00007fa92751ad48 in WebCore::TextureMapperGL::draw(WebCore::FloatRect const&, WebCore::TransformationMatrix const&, WebCore::TextureMapperShaderProgram&, unsigned int, int) (this=0x7fa6d32800e0, rect=..., modelViewMatrix=..., program=..., drawingMode=6, flags=129) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/texmap/TextureMapperGL.cpp:763 #8 0x00007fa92751c791 in WebCore::TextureMapperGL::drawTexturedQuadWithProgram(WebCore::TextureMapperShaderProgram&, WTF::Vector<std::pair<unsigned int, unsigned int>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, int, WebCore::FloatRect const&, WebCore::TransformationMatrix const&, float) (this=0x7fa6d32800e0, program=..., texturesAndSamplers=..., flags=0, rect=..., modelViewMatrix=..., opacity=<error reading variable: That operation is not available on integers of more than 8 bytes.>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/texmap/TextureMapperGL.cpp:839 #9 0x00007fa92751b77b in WebCore::TextureMapperGL::drawTexturedQuadWithProgram(WebCore::TextureMapperShaderProgram&, unsigned int, int, WebCore::FloatRect const&, WebCore::TransformationMatrix const&, float) (this=0x7fa6d32800e0, program=..., texture=141, flags=129, rect=..., modelViewMatrix=..., opacity=<error reading variable: That operation is not available on integers of more than 8 bytes.>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/texmap/TextureMapperGL.cpp:852 #10 WebCore::TextureMapperGL::drawTexture(unsigned int, int, WebCore::IntSize const&, WebCore::FloatRect const&, WebCore::TransformationMatrix const&, float, unsigned int) (this=0x7fa6d32800e0, texture=141, flags=129, textureSize=<optimized out>, targetRect=..., modelViewMatrix=..., opacity=<error reading variable: That operation is not available on integers of more than 8 bytes.>, exposedEdges=11) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/texmap/TextureMapperGL.cpp:516 So something is wrong on the painting thread. Will attach more detailed backtraces.
Attachments
all threads backtrace (145.08 KB, text/plain)
2023-04-10 09:19 PDT, Michael Catanzaro 		no flags
Details
full backtrace (51.46 KB, text/plain)
2023-04-10 09:20 PDT, Michael Catanzaro 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2023-04-10 09:19:25 PDT
Created attachment 465830 [details] all threads backtrace
Michael Catanzaro
Comment 2 2023-04-10 09:20:46 PDT
Created attachment 465831 [details] full backtrace
Michael Catanzaro
Comment 3 2023-04-10 09:23:36 PDT
Notably, it looks like both thread 1 is calling _mesa_draw_arrays.part.0 while thread 2 is calling _mesa_DrawArrays. Maybe that's relevant. Real shame we have no debuginfo for the GL extension.
Note You need to log in before you can comment on or make changes to this bug.