[Webkit-unassigned] [Bug 220368] New: [GPU Process] Layout test crash in DisplayList::clear()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jan 6 09:53:24 PST 2021 

https://bugs.webkit.org/show_bug.cgi?id=220368

            Bug ID: 220368
           Summary: [GPU Process] Layout test crash in
                    DisplayList::clear()
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Canvas
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rini_patel at apple.com
                CC: dino at apple.com

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x00000000bbadbeef
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [94649]

VM Regions Near 0xbbadbeef:
--> 
    __TEXT                 0000000102cb8000-0000000102cb9000 [    4K] r-x/r-x SM=COW  /Volumes/VOLUME/*/*.Development

Application Specific Information:
CRASHING TEST: fast/canvas/fill-text-with-font-features.html

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore            0x00000005f25f252e WTFCrash + 14 (Assertions.cpp:295)
1   com.apple.WebCore                   0x00000005cf7c204b WTFCrashWithInfo(int, char const*, char const*, int) + 27
2   com.apple.WebCore                   0x00000005cf7d6f18 WTF::RefCountedBase::hasOneRef() const + 104 (RefCounted.h:55)
3   com.apple.WebCore                   0x00000005cf7d6dfc WTF::RefCountedBase::applyRefDerefThreadingCheck() const + 28 (RefCounted.h:106)
4   com.apple.WebCore                   0x00000005cf7d6c6c WTF::RefCountedBase::derefBase() const + 28 (RefCounted.h:130)
5   com.apple.WebCore                   0x00000005d06c432f WTF::RefCounted<WebCore::ImageBuffer, std::__1::default_delete<WebCore::ImageBuffer> >::deref() const + 31 (RefCounted.h:189)
6   com.apple.WebCore                   0x00000005d3bdb2b5 WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >::~Ref() + 53 (Ref.h:62)
7   com.apple.WebCore                   0x00000005d3bdb275 WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >::~Ref() + 21 (Ref.h:62)
8   com.apple.WebCore                   0x00000005d3bdb24e WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >::~KeyValuePair() + 30 (KeyValuePair.h:33)
9   com.apple.WebCore                   0x00000005d3bdb185 WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >::~KeyValuePair() + 21 (KeyValuePair.h:33)
10  com.apple.WebCore                   0x00000005d3bdb111 WTF::HashTable<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > >::deallocateTable(WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >*) + 97 (HashTable.h:1237)
11  com.apple.WebCore                   0x00000005d3be149b WTF::HashTable<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > >::clear() + 59 (HashTable.h:1383)
12  com.apple.WebCore                   0x00000005d3bd14a5 WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >::clear() + 21 (HashMap.h:475)
13  com.apple.WebCore                   0x00000005d3bd1408 WebCore::DisplayList::DisplayList::clear() + 104 (DisplayList.cpp:83)
14  com.apple.WebKit                    0x00000005c19e65e6 WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableBitmapBackend>::clearDisplayList() + 38 (RemoteImageBufferProxy.h:247)
15  com.apple.WebKit                    0x00000005c19e5179 WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableBitmapBackend>::changeDestinationImageBuffer(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>) + 105 (RemoteImageBufferProxy.h:237)
16  com.apple.WebKit                    0x00000005c19742a6 WebKit::RemoteRenderingBackendProxy::willAppendItem(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>) + 198 (RemoteRenderingBackendProxy.cpp:233)
17  com.apple.WebKit                    0x00000005c19e57c3 WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableBitmapBackend>::willAppendItemOfType(WebCore::DisplayList::ItemType) + 99 (RemoteImageBufferProxy.h:253)
18  com.apple.WebCore                   0x00000005d3bf3945 WebCore::DisplayList::Recorder::willAppendItemOfType(WebCore::DisplayList::ItemType) + 85 (DisplayListRecorder.cpp:112)
19  com.apple.WebKit                    0x00000005c19d9a65 void WebCore::DisplayList::Recorder::append<WebCore::DisplayList::FlushContext, WTF::ObjectIdentifier<WebCore::DisplayList::FlushIdentifierType>&>(WTF::ObjectIdentifier<WebCore::DisplayList::FlushIdentifierType>&) + 37 (DisplayListRecorder.h:155)
20  com.apple.WebKit                    0x00000005c19d99fd WebCore::DisplayList::Recorder::flushContext(WTF::ObjectIdentifier<WebCore::DisplayList::FlushIdentifierType>) + 29 (DisplayListRecorder.h:73)
21  com.apple.WebKit                    0x00000005c19e5080 WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableBitmapBackend>::flushDrawingContextAsync() + 160
22  com.apple.WebKit                    0x00000005c19e4fbd WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableBitmapBackend>::flushDrawingContext() + 125 (RemoteImageBufferProxy.h:198)
23  com.apple.WebKit                    0x00000005c19e637d WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableBitmapBackend>::~RemoteImageBufferProxy() + 125 (RemoteImageBufferProxy.h:69)
24  com.apple.WebKit                    0x00000005c19e4d55 WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableBitmapBackend>::~RemoteImageBufferProxy() + 21 (RemoteImageBufferProxy.h:72)
25  com.apple.WebKit                    0x00000005c19e4d7c WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableBitmapBackend>::~RemoteImageBufferProxy() + 28 (RemoteImageBufferProxy.h:66)
26  com.apple.WebCore                   0x00000005d06c438f std::__1::default_delete<WebCore::ImageBuffer>::operator()(WebCore::ImageBuffer*) const + 47 (memory:2339)
27  com.apple.WebCore                   0x00000005d06c4352 WTF::RefCounted<WebCore::ImageBuffer, std::__1::default_delete<WebCore::ImageBuffer> >::deref() const + 66 (RefCounted.h:191)
28  com.apple.WebCore                   0x00000005d3bdb2b5 WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >::~Ref() + 53 (Ref.h:62)
29  com.apple.WebCore                   0x00000005d3bdb275 WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >::~Ref() + 21 (Ref.h:62)
30  com.apple.WebCore                   0x00000005d3bdb24e WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >::~KeyValuePair() + 30 (KeyValuePair.h:33)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210106/724aaa19/attachment-0001.htm>

More information about the webkit-unassigned mailing list