[Webkit-unassigned] [Bug 223920] Crash in webgl/1.0.x/conformance/textures/misc/texture-with-flip-y-and-premultiply-alpha.html

Tue Mar 30 04:48:15 PDT 2021

https://bugs.webkit.org/show_bug.cgi?id=223920

Kimmo Kinnunen <kkinnunen at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|220076                      |222812
            Summary|Crash in                    |Crash in
                   |webgl/1.0.x/conformance/tex |webgl/1.0.x/conformance/tex
                   |tures/misc/texture-with-fli |tures/misc/texture-with-fli
                   |p-y-and-premultiply-alpha.h |p-y-and-premultiply-alpha.h
                   |tml ANGLE+METAL             |tml

--- Comment #2 from Kimmo Kinnunen <kkinnunen at apple.com> ---
Skip the previous comment, it was of wrong crash.

This one is:

Process:               com.apple.WebKit.WebContent.Development [86645]
Path:                  /Users/USER/*/com.apple.WebKit.WebContent.Development
Identifier:            com.apple.WebKit.WebContent
Version:               612+ (612.1.9+)
Code Type:             X86-64 (Native)
Parent Process:        ??? [1]
User ID:               501

Date/Time:             2021-03-30 14:21:48.603 +0300
OS Version:            macOS 11.3 (20E201)
Report Version:        12
Bridge OS Version:     5.3 (18P4544)
Anonymous UUID:        ADEB2724-109F-6379-8A4B-657A6A37BBA8

Sleep/Wake UUID:       D48EB9D4-6C73-426F-AF12-26DC79BB8DC1

Time Awake Since Boot: 110000 seconds
Time Since Wake:       5400 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x00000000bbadbeef
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [86645]

VM Regions Near 0xbbadbeef:
--> 
    __TEXT                      108c0e000-108c12000    [   16K] r-x/r-x SM=COW  /Users/*/*.Development

Application Specific Information:
CRASHING TEST: webgl/1.0.x/conformance/textures/misc/texture-with-flip-y-and-premultiply-alpha.html

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore            0x00000001420346ae WTFCrash + 14 (Assertions.cpp:295)
1   com.apple.WebCore                   0x0000000125013e4b WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:671)
2   com.apple.WebCore                   0x000000012900f464 WebCore::getDataFormat(unsigned int, unsigned int) + 1364 (GraphicsContextGL.cpp:136)
3   com.apple.WebCore                   0x000000012900ecbd WebCore::GraphicsContextGL::extractTextureData(unsigned int, unsigned int, unsigned int, unsigned int, WebCore::GraphicsContextGL::PixelStoreParams const&, bool, bool, void const*, WTF::Vector<unsigned char, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&) + 77 (GraphicsContextGL.cpp:791)
4   com.apple.WebCore                   0x000000012857f5d9 WebCore::WebGLRenderingContextBase::texImageArrayBufferViewHelper(WebCore::WebGLRenderingContextBase::TexImageFunctionID, unsigned int, int, int, int, int, int, int, unsigned int, unsigned int, int, int, int, WTF::RefPtr<JSC::ArrayBufferView, WTF::RawPtrTraits<JSC::ArrayBufferView>, WTF::DefaultRefDerefTraits<JSC::ArrayBufferView> >&&, WebCore::WebGLRenderingContextBase::NullDisposition, unsigned int) + 1529 (WebGLRenderingContextBase.cpp:4981)
5   com.apple.WebCore                   0x00000001285816fc WebCore::WebGLRenderingContextBase::texImage2D(unsigned int, int, unsigned int, int, int, int, unsigned int, unsigned int, WTF::RefPtr<JSC::ArrayBufferView, WTF::RawPtrTraits<JSC::ArrayBufferView>, WTF::DefaultRefDerefTraits<JSC::ArrayBufferView> >&&) + 268 (WebGLRenderingContextBase.cpp:5226)
6   com.apple.WebCore                   0x00000001267614e1 WebCore::jsWebGLRenderingContextPrototypeFunction_texImage2D1Body(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)::'lambda'()::operator()() const + 241 (JSWebGLRenderingContext.cpp:5062)
7   com.apple.WebCore                   0x000000012676110d JSC::JSValue WebCore::toJS<WebCore::IDLUndefined, WebCore::jsWebGLRenderingContextPrototypeFunction_texImage2D1Body(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)::'lambda'()>(JSC::JSGlobalObject&, JSC::ThrowScope&, WebCore::jsWebGLRenderingContextPrototypeFunction_texImage2D1Body(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)::'lambda'()&&) + 29 (JSDOMConvertBase.h:165)
8   com.apple.WebCore                   0x0000000126760dcd WebCore::jsWebGLRenderingContextPrototypeFunction_texImage2D1Body(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*) + 2733 (JSWebGLRenderingContext.cpp:5062)
9   com.apple.WebCore                   0x000000012675f9eb WebCore::jsWebGLRenderingContextPrototypeFunction_texImage2DOverloadDispatcher(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*) + 299 (JSWebGLRenderingContext.cpp:5116)
10  com.apple.WebCore                   0x000000012675f88c long long WebCore::IDLOperation<WebCore::JSWebGLRenderingContext>::call<&(WebCore::jsWebGLRenderingContextPrototypeFunction_texImage2DOverloadDispatcher(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWebGLRenderingContext*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) + 700 (JSDOMOperation.h:55)
11  com.apple.WebCore                   0x00000001267518f4 WebCore::jsWebGLRenderingContextPrototypeFunction_texImage2D(JSC::JSGlobalObject*, JSC::CallFrame*) + 36 (JSWebGLRenderingContext.cpp:5124)
12  ???                                 0x000054c3eb0011d8 0 + 93200438006232
13  com.apple.JavaScriptCore            0x000000014262599d llint_entry + 138395 (LowLevelInterpreter.asm:1093)
14  com.apple.JavaScriptCore            0x0000000142625a45 llint_entry + 138563 (LowLevelInterpreter.asm:1093)
15  com.apple.JavaScriptCore            0x0000000142603a10 vmEntryToJavaScript + 289 (LowLevelInterpreter64.asm:316)
16  com.apple.JavaScriptCore            0x00000001434c6e3b JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 235 (JITCodeInlines.h:42)
17  com.apple.JavaScriptCore            0x00000001434c6398 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*) + 6600 (Interpreter.cpp:839)
18  com.apple.JavaScriptCore            0x00000001438a4b17 JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 567 (Completion.cpp:137)
19  com.apple.JavaScriptCore            0x00000001438a4c6a JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 74 (Completion.cpp:152)
20  com.apple.WebCore                   0x00000001278efebc WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 76 (JSExecState.h:79)
21  com.apple.WebCore                   0x00000001278efa9e WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) + 398 (ScriptController.cpp:148)
22  com.apple.WebCore                   0x00000001278ef8c9 WebCore::ScriptController::evaluateInWorldIgnoringException(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) + 41 (ScriptController.cpp:121)
23  com.apple.WebCore                   0x00000001278f01c5 WebCore::ScriptController::evaluateIgnoringException(WebCore::ScriptSourceCode const&) + 53 (ScriptController.cpp:167)
24  com.apple.WebCore                   0x000000012804cb76 WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&) + 1478 (ScriptElement.cpp:405)
25  com.apple.WebCore                   0x000000012804ab8b WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 2699 (ScriptElement.cpp:271)
26  com.apple.WebCore                   0x00000001285dfc76 WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&) + 390 (HTMLScriptRunner.cpp:250)
27  com.apple.WebCore                   0x00000001285dfa77 WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement, WTF::RawPtrTraits<WebCore::ScriptElement> >&&, WTF::TextPosition const&) + 71 (HTMLScriptRunner.cpp:140)
28  com.apple.WebCore                   0x00000001285be181 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 897 (HTMLDocumentParser.cpp:244)
29  com.apple.WebCore                   0x00000001285be605 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) + 133 (HTMLDocumentParser.cpp:263)
30  com.apple.WebCore                   0x00000001285bd97f WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 495 (HTMLDocumentParser.cpp:322)
31  com.apple.WebCore                   0x00000001285bd116 WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) + 198 (HTMLDocumentParser.cpp:196)
32  com.apple.WebCore                   0x00000001285bf3b4 WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::RawPtrTraits<WTF::StringImpl>, WTF::DefaultRefDerefTraits<WTF::StringImpl> >&&) + 548 (HTMLDocumentParser.cpp:437)
33  com.apple.WebCore                   0x0000000127e4e9e6 WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&, char const*, unsigned long) + 150 (DecodedDataDocumentParser.cpp:50)
34  com.apple.WebCore                   0x0000000128a0b14d WebCore::DocumentWriter::addData(char const*, unsigned long) + 365 (DocumentWriter.cpp:263)
35  com.apple.WebCore                   0x00000001289bd7ae WebCore::DocumentLoader::commitData(char const*, unsigned long) + 2414 (DocumentLoader.cpp:1235)
36  com.apple.WebKit                    0x000000011750a0c2 WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 82 (WebFrameLoaderClient.cpp:1147)
37  com.apple.WebCore                   0x00000001289c3ca1 WebCore::DocumentLoader::commitLoad(char const*, int) + 209 (DocumentLoader.cpp:1117)
38  com.apple.WebCore                   0x00000001289c3bc8 WebCore::DocumentLoader::dataReceived(char const*, int) + 568 (DocumentLoader.cpp:1268)
39  com.apple.WebCore                   0x00000001289c4578 WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int) + 152 (DocumentLoader.cpp:1241)
40  com.apple.WebCore                   0x0000000128b3e59e WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) + 142 (CachedRawResource.cpp:139)
41  com.apple.WebCore                   0x0000000128b3e3a5 WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&) + 357 (CachedRawResource.cpp:76)
42  com.apple.WebCore                   0x0000000128ac86ff WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer, WTF::RawPtrTraits<WebCore::SharedBuffer>, WTF::DefaultRefDerefTraits<WebCore::SharedBuffer> >&&, long long, WebCore::DataPayloadType) + 671 (SubresourceLoader.cpp:537)
43  com.apple.WebCore                   0x0000000128ac8451 WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) + 97 (SubresourceLoader.cpp:505)
44  com.apple.WebKit                    0x000000011740f2ba WebKit::WebResourceLoader::didReceiveData(IPC::ArrayReference<unsigned char, 18446744073709551615ul> const&, long long) + 1018 (WebResourceLoader.cpp:210)
45  com.apple.WebKit                    0x0000000117a0ad09 void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::ArrayReference<unsigned char, 18446744073709551615ul> const&, long long), std::__1::tuple<IPC::ArrayReference<unsigned char, 18446744073709551615ul>, long long>, 0ul, 1ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::ArrayReference<unsigned char, 18446744073709551615ul> const&, long long), std::__1::tuple<IPC::ArrayReference<unsigned char, 18446744073709551615ul>, long long>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) + 185 (HandleMessage.h:43)
46  com.apple.WebKit                    0x0000000117a0ac40 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::ArrayReference<unsigned char, 18446744073709551615ul> const&, long long), std::__1::tuple<IPC::ArrayReference<unsigned char, 18446744073709551615ul>, long long>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<IPC::ArrayReference<unsigned char, 18446744073709551615ul>, long long>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::ArrayReference<unsigned char, 18446744073709551615ul> const&, long long)) + 112 (HandleMessage.h:49)
47  com.apple.WebKit                    0x0000000117a08a66 void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::ArrayReference<unsigned char, 18446744073709551615ul> const&, long long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::ArrayReference<unsigned char, 18446744073709551615ul> const&, long long)) + 150 (HandleMessage.h:121)
48  com.apple.WebKit                    0x0000000117a08442 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) + 402 (WebResourceLoaderMessageReceiver.cpp:54)
49  com.apple.WebKit                    0x00000001173d0930 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 144 (NetworkProcessConnection.cpp:94)
50  com.apple.WebKit                    0x0000000115716024 IPC::Connection::dispatchMessage(IPC::Decoder&) + 516 (Connection.cpp:1020)
51  com.apple.WebKit                    0x00000001157167ec IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 636 (Connection.cpp:1065)
52  com.apple.WebKit                    0x0000000115716e10 IPC::Connection::dispatchOneIncomingMessage() + 208 (Connection.cpp:1134)
53  com.apple.WebKit                    0x0000000115735368 IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_9::operator()() + 88 (Connection.cpp:989)
54  com.apple.WebKit                    0x000000011573525e WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_9, void>::call() + 30 (Function.h:52)
55  com.apple.JavaScriptCore            0x000000014205cc62 WTF::Function<void ()>::operator()() const + 130 (Function.h:83)
56  com.apple.JavaScriptCore            0x00000001420d4de5 WTF::RunLoop::performWork() + 341 (RunLoop.cpp:133)
57  com.apple.JavaScriptCore            0x00000001420d8761 WTF::RunLoop::performWork(void*) + 33 (RunLoopCF.cpp:46)
58  com.apple.CoreFoundation            0x00007fff2045be2c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
59  com.apple.CoreFoundation            0x00007fff2045bd94 __CFRunLoopDoSource0 + 180
60  com.apple.CoreFoundation            0x00007fff2045bb14 __CFRunLoopDoSources0 + 242
61  com.apple.CoreFoundation            0x00007fff2045a53c __CFRunLoopRun + 893
62  com.apple.CoreFoundation            0x00007fff20459afc CFRunLoopRunSpecific + 563
63  com.apple.Foundation                0x00007fff211e3bb7 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212
64  com.apple.Foundation                0x00007fff21271a81 -[NSRunLoop(NSRunLoop) run] + 76
65  libxpc.dylib                        0x00007fff200b138d _xpc_objc_main + 825
66  libxpc.dylib                        0x00007fff200b0cd3 xpc_main + 116
67  com.apple.WebKit                    0x00000001163f48e1 WebKit::XPCServiceMain(int, char const**) + 1025 (XPCServiceMain.mm:209)
68  com.apple.WebKit                    0x0000000117a96c6b WKXPCServiceMain + 27 (WKMain.mm:33)
69  com.apple.WebKit.WebContent         0x0000000108c11ea2 main + 34 (AuxiliaryProcessMain.cpp:30)
70  libdyld.dylib                       0x00007fff2037df3d start + 1

Referenced Bugs:

https://bugs.webkit.org/show_bug.cgi?id=220076
[Bug 220076] Enable Metal ANGLE backend for WebGL
https://bugs.webkit.org/show_bug.cgi?id=222812
[Bug 222812] WebGL2 conformance test failures on Mac/iOS
-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210330/17511e73/attachment-0001.htm>