280745 – [Skia] WebProcess crashes with offscreen canvas in SkTDPQueue::percolateUpIfNecessary

NEW 280745

[Skia] WebProcess crashes with offscreen canvas in SkTDPQueue::percolateUpIfNecessary

https://bugs.webkit.org/show_bug.cgi?id=280745

Summary [Skia] WebProcess crashes with offscreen canvas in SkTDPQueue::percolateUpIfN...

Sergio Villar Senin

Reported 2024-10-02 00:57:02 PDT

I read that OffscreenCanvas is enabled by default since 2.46. I decided to give it a try in epiphany, so I went to https://web.dev/articles/offscreen-canvas?hl=es-419 and let the page load. After a while the WebProcess crashed. This is easy to reproduce with MiniBrowser as well

Attachments
Full backtrace (14.62 KB, text/plain) 2024-10-07 14:08 PDT, Michael Catanzaro	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Michael Catanzaro

Comment 1 2024-10-07 14:08:14 PDT

Huh, it's crashing with SIGILL. That's unusual. Will attach a full backtrace. #0 0x00007f99b0ae05fd in SkTDPQueue<GrGpuResource*, &GrResourceCache::CompareTimestamp, &GrResourceCache::AccessResourceIndex>::percolateUpIfNecessary (this=this@entry=0x7f97ac0a1bf8, index=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/base/SkTDPQueue.h:158 #1 0x00007f99b0adfceb in SkTDPQueue<GrGpuResource*, &GrResourceCache::CompareTimestamp, &GrResourceCache::AccessResourceIndex>::insert (this=0x7f97ac0a1bf8, entry=0x7f97ac251d90) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/base/SkTDPQueue.h:74 #2 GrResourceCache::notifyARefCntReachedZero (this=0x7f97ac0a1be0, resource=0x7f97ac251d90, removedRef=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrResourceCache.cpp:359 #3 0x00007f99b0ae6bc7 in GrIORef<GrGpuResource>::notifyWillBeZero (removedRef=GrIORef<GrGpuResource>::LastRemovedRef::kMainRef, this=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrGpuResource.h:102 #4 GrIORef<GrGpuResource>::unref (this=0x7f97ac0a1c00) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrGpuResource.h:65 #5 SkSafeUnref<GrSurface> (obj=0x7f97ac0a1bf8) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/include/core/SkRefCnt.h:151 #6 sk_sp<GrSurface>::reset (this=0x7f97ac5e2171, ptr=0x0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/include/core/SkRefCnt.h:316 #7 sk_sp<GrSurface>::operator=(decltype(nullptr)) (this=0x7f97ac5e2171) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/include/core/SkRefCnt.h:260 #8 GrTextureProxy::~GrTextureProxy (this=0x7f97ac5e2160, vtt=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrTextureProxy.cpp:110 #9 0x00007f99b0ae805f in GrTextureRenderTargetProxy::~GrTextureRenderTargetProxy (this=0x7f97ac5e2130, vtt=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrTextureRenderTargetProxy.h:44 #10 GrTextureRenderTargetProxy::~GrTextureRenderTargetProxy (this=0x7f97ac5e2130) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/ThirdParty/skia/src/gpu/ganesh/GrTextureRenderTargetProxy.h:44

Michael Catanzaro

Comment 2 2024-10-07 14:08:40 PDT

Created attachment 472847 [details] Full backtrace

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Major

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Linux

Product WebKit

Component WebKitGTK

Assignee

Nobody

Reported

2024-10-02 00:57 PDT

Modified

2024-10-09 00:57 PDT History

CC List

3 users Show

URL

Keywords

Depends on

Blocks