[Webkit-unassigned] [Bug 223739] New: ANGLE Metal crash ASAN webgl/1.0.3/conformance/misc/object-deletion-behaviour.html
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 25 03:14:05 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=223739
Bug ID: 223739
Summary: ANGLE Metal crash ASAN
webgl/1.0.3/conformance/misc/object-deletion-behaviour
.html
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: ANGLE
Assignee: webkit-unassigned at lists.webkit.org
Reporter: kkinnunen at apple.com
CC: dino at apple.com, kkinnunen at apple.com
Blocks: 220076
ANGLE Metal crash ASAN webgl/1.0.3/conformance/misc/object-deletion-behaviour.html
make debug ASAN=YES && Tools/Scripts/run-webkit-tests --debug --order=random webgl --timeout=300000
==93334==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110000d6720 at pc 0x0006b65e17b0 bp 0x7ffee6976060 sp 0x7ffee6976058
READ of size 8 at 0x6110000d6720 thread T0
==93334==WARNING: failed to spawn external symbolizer (errno: 25)
==93334==WARNING: failed to spawn external symbolizer (errno: 25)
==93334==WARNING: failed to spawn external symbolizer (errno: 25)
==93334==WARNING: failed to spawn external symbolizer (errno: 25)
==93334==WARNING: failed to spawn external symbolizer (errno: 25)
==93334==WARNING: Failed to use and restart external symbolizer!
#0 0x6b65e17af in rx::RenderTargetMtl::getFormat() const+0x3f (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0xa2f7af)
#1 0x6b65d94d3 in rx::(anonymous namespace)::GetReadAttachmentInfo(gl::Context const*, rx::RenderTargetMtl*)+0x23 (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0xa274d3)
#2 0x6b65d94a0 in rx::FramebufferMtl::getImplementationColorReadFormat(gl::Context const*) const+0x30 (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0xa274a0)
#3 0x6b65a5fbf in gl::Framebuffer::getImplementationColorReadFormat(gl::Context const*)+0xcf (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x9f3fbf)
#4 0x6b73f0272 in gl::ValidateReadPixelsBase(gl::Context const*, int, int, int, int, unsigned int, unsigned int, int, int*, int*, int*, void const*)+0x8f2 (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x183e272)
#5 0x6b73f0e2e in gl::ValidateReadnPixelsRobustANGLE(gl::Context const*, int, int, int, int, unsigned int, unsigned int, int, int const*, int const*, int const*, void const*)+0x30e (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x183ee2e)
#6 0x6b628b28a in gl::ReadnPixelsRobustANGLE(int, int, int, int, unsigned int, unsigned int, int, int*, int*, int*, void*)+0x19a (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x6d928a)
#7 0x670381211 in WebCore::GraphicsContextGLOpenGL::readnPixelsImpl(int, int, int, int, unsigned int, unsigned int, int, int*, int*, int*, void*, bool)+0x511 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x57b211)
#8 0x670380c7f in WebCore::GraphicsContextGLOpenGL::readnPixels(int, int, int, int, unsigned int, unsigned int, GCGLSpan<void, 18446744073709551615ul>)+0x2cf (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x57ac7f)
#9 0x678d5f38d in WebCore::WebGLRenderingContextBase::readPixels(int, int, int, int, unsigned int, unsigned int, JSC::ArrayBufferView&)+0x5dd (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x8f5938d)
#10 0x67412d296 in WebCore::jsWebGLRenderingContextPrototypeFunction_readPixelsBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)::'lambda'()::operator()() const+0x5c6 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x4327296)
#11 0x67412c483 in JSC::JSValue WebCore::toJS<WebCore::IDLUndefined, WebCore::jsWebGLRenderingContextPrototypeFunction_readPixelsBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)::'lambda'()>(JSC::JSGlobalObject&, JSC::ThrowScope&, WebCore::jsWebGLRenderingContextPrototypeFunction_readPixelsBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)::'lambda'()&&)+0xe3 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x4326483)
#12 0x67412be2c in WebCore::jsWebGLRenderingContextPrototypeFunction_readPixelsBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)+0x1e1c (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x4325e2c)
#13 0x674129f36 in long long WebCore::IDLOperation<WebCore::JSWebGLRenderingContext>::call<&(WebCore::jsWebGLRenderingContextPrototypeFunction_readPixelsBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)+0x4c6 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x4323f36)
#14 0x67408a113 in WebCore::jsWebGLRenderingContextPrototypeFunction_readPixels(JSC::JSGlobalObject*, JSC::CallFrame*)+0x23 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x4284113)
#15 0x26e8b1e011d7 (<unknown module>)
#16 0x26e8b1e0a54e (<unknown module>)
#17 0x6a6aead6e in llint_entry+0x21c9a (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x12e4d6e)
#18 0x6a6aead6e in llint_entry+0x21c9a (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x12e4d6e)
#19 0x6a6ac8de1 in vmEntryToJavaScript+0x120 (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x12c2de1)
#20 0x6a948584d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)+0x4fd (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3c7f84d)
#21 0x6a9478c77 in JSC::Interpreter::execute(JSC::EvalExecutable*, JSC::JSGlobalObject*, JSC::JSValue, JSC::JSScope*)+0x4037 (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3c72c77)
#22 0x6a9474311 in JSC::eval(JSC::JSGlobalObject*, JSC::CallFrame*, JSC::ECMAMode)+0x1691 (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3c6e311)
#23 0x6a96a5b9f in JSC::operationCallEval(JSC::JSGlobalObject*, JSC::CallFrame*, JSC::ECMAMode)+0x57f (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3e9fb9f)
#24 0x26e8b1e06254 (<unknown module>)
#25 0x6a6aeae16 in llint_entry+0x21d42 (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x12e4e16)
#26 0x6a6ac8de1 in vmEntryToJavaScript+0x120 (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x12c2de1)
#27 0x6a948584d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)+0x4fd (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3c7f84d)
#28 0x6a9483313 in JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*)+0x42d3 (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3c7d313)
#29 0x6a9f3ce16 in JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)+0x6d6 (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x4736e16)
#30 0x6a9f3d31a in JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)+0x24a (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x473731a)
#31 0x676ec11e2 in WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)+0x262 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x70bb1e2)
#32 0x676ec0516 in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&)+0x4c6 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x70ba516)
#33 0x676ebff32 in WebCore::ScriptController::evaluateInWorldIgnoringException(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&)+0x132 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x70b9f32)
#34 0x676ec16bd in WebCore::ScriptController::evaluateIgnoringException(WebCore::ScriptSourceCode const&)+0xfd (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x70bb6bd)
#35 0x6780d28d6 in WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&)+0xc26 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x82cc8d6)
#36 0x6780cd7d8 in WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport)+0x1e18 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x82c77d8)
#37 0x678e4a31e in WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&)+0x45e (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x904431e)
#38 0x678e49ce0 in WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement, WTF::RawPtrTraits<WebCore::ScriptElement> >&&, WTF::TextPosition const&)+0xf0 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x9043ce0)
#39 0x678e04003 in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder()+0x643 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x8ffe003)
#40 0x678e047f6 in WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&)+0x1a6 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x8ffe7f6)
#41 0x678e0317c in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode)+0x39c (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x8ffd17c)
#42 0x678e024da in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode)+0xca (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x8ffc4da)
#43 0x678e062fe in WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::RawPtrTraits<WTF::StringImpl>, WTF::DefaultRefDerefTraits<WTF::StringImpl> >&&)+0x36e (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x90002fe)
#44 0x677c3a1f9 in WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&, char const*, unsigned long)+0x1e9 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x7e341f9)
#45 0x67988177d in WebCore::DocumentWriter::addData(char const*, unsigned long)+0x29d (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x9a7b77d)
#46 0x6797dfa59 in WebCore::DocumentLoader::commitData(char const*, unsigned long)+0x1079 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x99d9a59)
#47 0x65c586205 in WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int)+0x145 (/Users/kkinnunen/Build/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x4584205)
#48 0x6797ec1a8 in WebCore::DocumentLoader::commitLoad(char const*, int)+0x258 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x99e61a8)
#49 0x6797ebedd in WebCore::DocumentLoader::dataReceived(char const*, int)+0x3cd (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x99e5edd)
#50 0x6797ed23c in WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int)+0x9c (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x99e723c)
#51 0x679b3ad42 in WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int)+0x222 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x9d34d42)
#52 0x679b3a8c0 in WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&)+0x3b0 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x9d348c0)
#53 0x679a3bde4 in WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer, WTF::RawPtrTraits<WebCore::SharedBuffer>, WTF::DefaultRefDerefTraits<WebCore::SharedBuffer> >&&, long long, WebCore::DataPayloadType)+0x774 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x9c35de4)
#54 0x679a3b5e7 in WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType)+0x127 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x9c355e7)
#55 0x65c3364ac in WebKit::WebResourceLoader::didReceiveData(IPC::ArrayReference<unsigned char, 18446744073709551615ul> const&, long long)+0x81c (/Users/kkinnunen/Build/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x43344ac)
#56 0x65d0ce5a7 in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::ArrayReference<unsigned char, 18446744073709551615ul> const&, long long), std::__1::tuple<IPC::ArrayReference<unsigned char, 18446744073709551615ul>, long long>, 0ul, 1ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::ArrayReference<unsigned char, 18446744073709551615ul> const&, long long), std::__1::tuple<IPC::ArrayReference<unsigned char, 18446744073709551615ul>, long long>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>)+0x2b7 (/Users/kkinnunen/Build/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x50cc5a7)
#57 0x65d0ce276 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::ArrayReference<unsigned char, 18446744073709551615ul> const&, long long), std::__1::tuple<IPC::ArrayReference<unsigned char, 18446744073709551615ul>, long long>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<IPC::ArrayReference<unsigned char, 18446744073709551615ul>, long long>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::ArrayReference<unsigned char, 18446744073709551615ul> const&, long long))+0x2b6 (/Users/kkinnunen/Build/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x50cc276)
#58 0x65d0c8c36 in void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::ArrayReference<unsigned char, 18446744073709551615ul> const&, long long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::ArrayReference<unsigned char, 18446744073709551615ul> const&, long long))+0x346 (/Users/kkinnunen/Build/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x50c6c36)
#59 0x65d0c7337 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&)+0x6a7 (/Users/kkinnunen/Build/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x50c5337)
#60 0x65c2ae39e in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&)+0x24e (/Users/kkinnunen/Build/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x42ac39e)
#61 0x658126ae4 in IPC::Connection::dispatchMessage(IPC::Decoder&)+0x494 (/Users/kkinnunen/Build/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x124ae4)
#62 0x658127e47 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)+0x7d7 (/Users/kkinnunen/Build/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x125e47)
#63 0x658129b34 in IPC::Connection::dispatchOneIncomingMessage()+0x204 (/Users/kkinnunen/Build/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x127b34)
#64 0x65816c3c7 in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_9::operator()()+0x57 (/Users/kkinnunen/Build/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x16a3c7)
#65 0x65816c28d in WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_9, void>::call()+0x1d (/Users/kkinnunen/Build/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x16a28d)
#66 0x6a586e444 in WTF::Function<void ()>::operator()() const+0xf4 (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x68444)
#67 0x6a59bc53d in WTF::RunLoop::performWork()+0x37d (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1b653d)
#68 0x6a59c3ea5 in WTF::RunLoop::performWork(void*)+0xe5 (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x1bdea5)
#69 0x7fff20434e2b in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__+0x10 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x81e2b)
#70 0x7fff20434d93 in __CFRunLoopDoSource0+0xb3 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x81d93)
#71 0x7fff20434b13 in __CFRunLoopDoSources0+0xf1 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x81b13)
#72 0x7fff2043353b in __CFRunLoopRun+0x37c (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x8053b)
#73 0x7fff20432afb in CFRunLoopRunSpecific+0x232 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64h+0x7fafb)
#74 0x7fff211bcbb6 in -[NSRunLoop(NSRunLoop) runMode:beforeDate:]+0xd3 (/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation:x86_64+0x5fbb6)
#75 0x7fff2124aa80 in -[NSRunLoop(NSRunLoop) run]+0x4b (/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation:x86_64+0xeda80)
#76 0x7fff2008a38c in _xpc_objc_main+0x338 (/usr/lib/system/libxpc.dylib:x86_64+0x1538c)
#77 0x7fff20089cd2 in xpc_main+0x73 (/usr/lib/system/libxpc.dylib:x86_64+0x14cd2)
#78 0x659e58d3c in WebKit::XPCServiceMain(int, char const**)+0x9fc (/Users/kkinnunen/Build/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x1e56d3c)
#79 0x65d1fdbfa in WKXPCServiceMain+0x1a (/Users/kkinnunen/Build/Debug/WebKit.framework/Versions/A/WebKit:x86_64+0x51fbbfa)
#80 0x10927fe11 in main+0x21 (/Users/kkinnunen/Build/Debug/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development:x86_64+0x100003e11)
#81 0x7fff20356f3c in start+0x0 (/usr/lib/system/libdyld.dylib:x86_64+0x15f3c)
0x6110000d6720 is located 224 bytes inside of 232-byte region [0x6110000d6640,0x6110000d6728)
freed by thread T0 here:
#0 0x66d53665d in wrap__ZdlPv+0x7d (/Volumes/Xcode12E5244b_m20F25_i18F26_FastSim_Boost_43GB/Xcode.app/Contents/Developer/Toolchains/OSX11.4.xctoolchain/usr/lib/clang/12.0.5/lib/darwin/libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x5465d)
#1 0x6b6e11857 in rx::RenderbufferMtl::~RenderbufferMtl()+0x27 (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x125f857)
#2 0x6b6e0ed35 in std::__1::default_delete<rx::RenderbufferImpl>::operator()(rx::RenderbufferImpl*) const+0x95 (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x125cd35)
#3 0x6b6e0ec4e in std::__1::unique_ptr<rx::RenderbufferImpl, std::__1::default_delete<rx::RenderbufferImpl> >::reset(rx::RenderbufferImpl*)+0xbe (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x125cc4e)
#4 0x6b6e0eb88 in std::__1::unique_ptr<rx::RenderbufferImpl, std::__1::default_delete<rx::RenderbufferImpl> >::~unique_ptr()+0x18 (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x125cb88)
#5 0x6b6e0a534 in std::__1::unique_ptr<rx::RenderbufferImpl, std::__1::default_delete<rx::RenderbufferImpl> >::~unique_ptr()+0x14 (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x1258534)
#6 0x6b6e0a4ca in gl::Renderbuffer::~Renderbuffer()+0x16a (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x12584ca)
#7 0x6b6e0a574 in gl::Renderbuffer::~Renderbuffer()+0x14 (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x1258574)
#8 0x6b6e0a5fb in gl::Renderbuffer::~Renderbuffer()+0x1b (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x12585fb)
#9 0x6b5dae1b2 in angle::RefCountObject<gl::Context, angle::Result>::release(gl::Context const*)+0x462 (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x1fc1b2)
#10 0x6b6e958bf in gl::RenderbufferManager::DeleteObject(gl::Context const*, gl::Renderbuffer*)+0x1f (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x12e38bf)
#11 0x6b6e94f12 in gl::TypedResourceManager<gl::Renderbuffer, gl::RenderbufferManager, gl::RenderbufferID>::deleteObject(gl::Context const*, gl::RenderbufferID)+0x382 (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x12e2f12)
#12 0x6b5db88be in gl::Context::deleteRenderbuffer(gl::RenderbufferID)+0x38e (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x2068be)
#13 0x6b5e13b7a in gl::Context::deleteRenderbuffers(int, gl::RenderbufferID const*)+0x17a (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x261b7a)
#14 0x6b623654a in gl::DeleteRenderbuffers(int, unsigned int const*)+0x15a (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x68454a)
#15 0x67039493c in WebCore::GraphicsContextGLOpenGL::deleteRenderbuffer(unsigned int)+0x14c (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x58e93c)
#16 0x678d1a59a in WebCore::WebGLRenderbuffer::deleteObjectImpl(WTF::AbstractLocker const&, WebCore::GraphicsContextGL*, unsigned int)+0x9a (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x8f1459a)
#17 0x678d17044 in WebCore::WebGLObject::deleteObject(WTF::AbstractLocker const&, WebCore::GraphicsContextGL*)+0x374 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x8f11044)
#18 0x678d17316 in WebCore::WebGLObject::onDetached(WTF::AbstractLocker const&, WebCore::GraphicsContextGL*)+0x156 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x8f11316)
#19 0x678cfa665 in WebCore::(anonymous namespace)::WebGLRenderbufferAttachment::onDetached(WTF::AbstractLocker const&, WebCore::GraphicsContextGL*)+0x35 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x8ef4665)
#20 0x678cf4cda in WebCore::WebGLFramebuffer::removeAttachmentInternal(WTF::AbstractLocker const&, unsigned int)+0x25a (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x8eeecda)
#21 0x678cf0877 in WebCore::WebGLFramebuffer::setAttachmentInternal(unsigned int, unsigned int, WebCore::WebGLTexture*, int, int)+0x277 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x8eea877)
#22 0x678cf0063 in WebCore::WebGLFramebuffer::setAttachmentForBoundFramebuffer(unsigned int, unsigned int, unsigned int, WebCore::WebGLTexture*, int, int)+0x113 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x8eea063)
#23 0x678d4b70c in WebCore::WebGLRenderingContextBase::framebufferTexture2D(unsigned int, unsigned int, unsigned int, WebCore::WebGLTexture*, int)+0x28c (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x8f4570c)
#24 0x6740f34d0 in WebCore::jsWebGLRenderingContextPrototypeFunction_framebufferTexture2DBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)::'lambda'()::operator()() const+0x350 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x42ed4d0)
#25 0x6740f29a3 in JSC::JSValue WebCore::toJS<WebCore::IDLUndefined, WebCore::jsWebGLRenderingContextPrototypeFunction_framebufferTexture2DBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)::'lambda'()>(JSC::JSGlobalObject&, JSC::ThrowScope&, WebCore::jsWebGLRenderingContextPrototypeFunction_framebufferTexture2DBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)::'lambda'()&&)+0xe3 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x42ec9a3)
#26 0x6740f23e1 in WebCore::jsWebGLRenderingContextPrototypeFunction_framebufferTexture2DBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)+0x17a1 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x42ec3e1)
#27 0x6740f0b66 in long long WebCore::IDLOperation<WebCore::JSWebGLRenderingContext>::call<&(WebCore::jsWebGLRenderingContextPrototypeFunction_framebufferTexture2DBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)+0x4c6 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x42eab66)
#28 0x674089993 in WebCore::jsWebGLRenderingContextPrototypeFunction_framebufferTexture2D(JSC::JSGlobalObject*, JSC::CallFrame*)+0x23 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x4283993)
#29 0x26e8b1e011d7 (<unknown module>)
previously allocated by thread T0 here:
#0 0x66d53623d in wrap__Znwm+0x7d (/Volumes/Xcode12E5244b_m20F25_i18F26_FastSim_Boost_43GB/Xcode.app/Contents/Developer/Toolchains/OSX11.4.xctoolchain/usr/lib/clang/12.0.5/lib/darwin/libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x5423d)
#1 0x6b5f89199 in rx::ContextMtl::createRenderbuffer(gl::RenderbufferState const&)+0x19 (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x3d7199)
#2 0x6b6e09b7b in gl::Renderbuffer::Renderbuffer(rx::GLImplFactory*, gl::RenderbufferID)+0x4eb (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x1257b7b)
#3 0x6b6e0a14b in gl::Renderbuffer::Renderbuffer(rx::GLImplFactory*, gl::RenderbufferID)+0x1ab (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x125814b)
#4 0x6b6ea3c35 in gl::RenderbufferManager::AllocateNewObject(rx::GLImplFactory*, gl::RenderbufferID)+0x1e5 (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x12f1c35)
#5 0x6b5e94b87 in gl::Renderbuffer* gl::TypedResourceManager<gl::Renderbuffer, gl::RenderbufferManager, gl::RenderbufferID>::checkObjectAllocationImpl<>(rx::GLImplFactory*, gl::RenderbufferID)+0x267 (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x2e2b87)
#6 0x6b5e94020 in gl::Renderbuffer* gl::TypedResourceManager<gl::Renderbuffer, gl::RenderbufferManager, gl::RenderbufferID>::checkObjectAllocation<>(rx::GLImplFactory*, gl::RenderbufferID)+0x370 (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x2e2020)
#7 0x6b5e0db76 in gl::RenderbufferManager::checkRenderbufferAllocation(rx::GLImplFactory*, gl::RenderbufferID)+0x1e6 (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x25bb76)
#8 0x6b5dab08a in gl::Context::bindRenderbuffer(unsigned int, gl::RenderbufferID)+0x45a (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x1f908a)
#9 0x6b62326be in gl::BindRenderbuffer(unsigned int, unsigned int)+0x2fe (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0x6806be)
#10 0x670384d82 in WebCore::GraphicsContextGLOpenGL::bindRenderbuffer(unsigned int, unsigned int)+0x32 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x57ed82)
#11 0x678d41680 in WebCore::WebGLRenderingContextBase::bindRenderbuffer(unsigned int, WebCore::WebGLRenderbuffer*)+0x240 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x8f3b680)
#12 0x6740968ce in WebCore::jsWebGLRenderingContextPrototypeFunction_bindRenderbufferBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)::'lambda'()::operator()() const+0x15e (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x42908ce)
#13 0x674095f93 in JSC::JSValue WebCore::toJS<WebCore::IDLUndefined, WebCore::jsWebGLRenderingContextPrototypeFunction_bindRenderbufferBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)::'lambda'()>(JSC::JSGlobalObject&, JSC::ThrowScope&, WebCore::jsWebGLRenderingContextPrototypeFunction_bindRenderbufferBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)::'lambda'()&&)+0xe3 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x428ff93)
#14 0x674095a73 in WebCore::jsWebGLRenderingContextPrototypeFunction_bindRenderbufferBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)+0xd13 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x428fa73)
#15 0x674094c86 in long long WebCore::IDLOperation<WebCore::JSWebGLRenderingContext>::call<&(WebCore::jsWebGLRenderingContextPrototypeFunction_bindRenderbufferBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)+0x4c6 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x428ec86)
#16 0x674089093 in WebCore::jsWebGLRenderingContextPrototypeFunction_bindRenderbuffer(JSC::JSGlobalObject*, JSC::CallFrame*)+0x23 (/Users/kkinnunen/Build/Debug/WebCore.framework/Versions/A/WebCore:x86_64+0x4283093)
#17 0x26e8b1e011d7 (<unknown module>)
#18 0x6a6aead6e in llint_entry+0x21c9a (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x12e4d6e)
#19 0x6a6ac8de1 in vmEntryToJavaScript+0x120 (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x12c2de1)
#20 0x6a948584d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)+0x4fd (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3c7f84d)
#21 0x6a9478c77 in JSC::Interpreter::execute(JSC::EvalExecutable*, JSC::JSGlobalObject*, JSC::JSValue, JSC::JSScope*)+0x4037 (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3c72c77)
#22 0x6a9474311 in JSC::eval(JSC::JSGlobalObject*, JSC::CallFrame*, JSC::ECMAMode)+0x1691 (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3c6e311)
#23 0x6a96a5b9f in JSC::operationCallEval(JSC::JSGlobalObject*, JSC::CallFrame*, JSC::ECMAMode)+0x57f (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3e9fb9f)
#24 0x26e8b1e06254 (<unknown module>)
#25 0x6a6aeae16 in llint_entry+0x21d42 (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x12e4e16)
#26 0x6a6ac8de1 in vmEntryToJavaScript+0x120 (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x12c2de1)
#27 0x6a948584d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)+0x4fd (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3c7f84d)
#28 0x6a9483313 in JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*)+0x42d3 (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x3c7d313)
#29 0x6a9f3ce16 in JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)+0x6d6 (/Users/kkinnunen/Build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x4736e16)
SUMMARY: AddressSanitizer: heap-use-after-free (/Users/kkinnunen/Build/Debug/libANGLE-shared.dylib:x86_64+0xa2f7af) in rx::RenderTargetMtl::getFormat() const+0x3f
Shadow bytes around the buggy address:
0x1c220001ac90: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c220001aca0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c220001acb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c220001acc0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x1c220001acd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x1c220001ace0: fd fd fd fd[fd]fa fa fa fa fa fa fa fa fa fa fa
0x1c220001acf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c220001ad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c220001ad10: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x1c220001ad20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c220001ad30: 00 00 06 fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==93334==ABORTING
Referenced Bugs:
https://bugs.webkit.org/show_bug.cgi?id=220076
[Bug 220076] Enable Metal ANGLE backend for WebGL
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210325/d61c434d/attachment-0001.htm>
More information about the webkit-unassigned
mailing list