[Webkit-unassigned] [Bug 240545] New: Crash under RemoteDisplayListRecorder::restore()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 17 15:57:08 PDT 2022 

https://bugs.webkit.org/show_bug.cgi?id=240545

            Bug ID: 240545
           Summary: Crash under RemoteDisplayListRecorder::restore()
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Process Model
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: simon.fraser at apple.com

Created attachment 459519

  --> https://bugs.webkit.org/attachment.cgi?id=459519&action=review

Crash log

EWS shows a crash under RemoteDisplayListRecorder::restore():
https://ews-build.s3-us-west-2.amazonaws.com/macOS-BigSur-Release-WK2-Tests-EWS/459507-7519/fast/mediastream/granted-denied-request-management2-crash-log.txt

Thread 30 Crashed:: RemoteRenderingBackend work queue
0   com.apple.WebCore                   0x000000011482a475 WebCore::Color::operator=(WebCore::Color const&) + 229
1   com.apple.WebCore                   0x00000001148a7c62 WebCore::GraphicsContextState::operator=(WebCore::GraphicsContextState const&) + 34
2   com.apple.WebCore                   0x00000001148a7b97 WebCore::GraphicsContext::restore() + 55
3   com.apple.WebCore                   0x0000000114933e07 WebCore::GraphicsContextCG::restore() + 23
4   com.apple.WebKit                    0x000000010f092a5c WebKit::RemoteDisplayListRecorder::restore() + 34
5   com.apple.WebKit                    0x000000010f27e5e8 IPC::StreamServerConnection::dispatchStreamMessage(IPC::Decoder&&, IPC::StreamMessageReceiver&) + 32
6   com.apple.WebKit                    0x000000010f27d953 IPC::StreamServerConnection::dispatchStreamMessages(unsigned long) + 377
7   com.apple.WebKit                    0x000000010f27d6bf IPC::StreamConnectionWorkQueue::processStreams() + 435
8   com.apple.WebKit                    0x000000010f27ee3a WTF::Detail::CallableWrapper<IPC::StreamConnectionWorkQueue::startProcessingThread()::$_0, void>::call() + 46
9   com.apple.JavaScriptCore            0x0000000117e7bbdc WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 124
10  com.apple.JavaScriptCore            0x0000000117e7e209 WTF::wtfThreadEntryPoint(void*) + 9
11  libsystem_pthread.dylib             0x00007fff2045a8fc _pthread_start + 224
12  libsystem_pthread.dylib             0x00007fff20456443 thread_start + 15


Main thread is in:

Thread 0:: Dispatch queue: com.apple.main-thread
0   libsystem_malloc.dylib              0x00007fff202865f0 tiny_free_no_lock + 997
1   libsystem_malloc.dylib              0x00007fff202860c9 free_tiny + 442
2   com.apple.CoreGraphics              0x00007fff24fb0e8d CGGStateRelease + 44
3   com.apple.CoreGraphics              0x00007fff24fbb804 CGGStackReset + 44
4   com.apple.CoreGraphics              0x00007fff24fbb7c9 CGGStackRelease + 19
5   com.apple.CoreGraphics              0x00007fff24fbb755 context_finalize + 67
6   com.apple.CoreFoundation            0x00007fff2061c967 _CFRelease + 244
7   com.apple.WebCore                   0x000000011493a6e5 WebCore::IOSurfacePool::willAddSurface(WebCore::IOSurface&, bool) + 85
8   com.apple.WebCore                   0x000000011493b208 WebCore::IOSurfacePool::addSurface(std::__1::unique_ptr<WebCore::IOSurface, std::__1::default_delete<WebCore::IOSurface> >&&) + 104
9   com.apple.WebCore                   0x0000000114946ee7 WebCore::ImageBufferIOSurfaceBackend::~ImageBufferIOSurfaceBackend() + 71
10  com.apple.WebKit                    0x000000010f098fbf std::__1::unique_ptr<WebKit::ImageBufferShareableMappedIOSurfaceBackend, std::__1::default_delete<WebKit::ImageBufferShareableMappedIOSurfaceBackend> >::reset(WebKit::ImageBufferShareableMappedIOSurfaceBackend*) + 25
11  com.apple.WebKit                    0x000000010f098ede WebKit::RemoteImageBuffer<WebKit::ImageBufferShareableMappedIOSurfaceBackend>::~RemoteImageBuffer() + 120
12  com.apple.WebKit                    0x000000010f098780 WebKit::RemoteImageBuffer<WebKit::ImageBufferShareableMappedIOSurfaceBackend>::~RemoteImageBuffer() + 14
13  com.apple.JavaScriptCore            0x0000000117e617c1 WTF::RunLoop::performWork() + 545
14  com.apple.JavaScriptCore            0x0000000117e62072 WTF::RunLoop::performWork(void*) + 34
15  com.apple.CoreFoundation            0x00007fff205520dc __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
16  com.apple.CoreFoundation            0x00007fff20552044 __CFRunLoopDoSource0 + 180
17  com.apple.CoreFoundation            0x00007fff20551dba __CFRunLoopDoSources0 + 242
18  com.apple.CoreFoundation            0x00007fff205507c8 __CFRunLoopRun + 897
19  com.apple.CoreFoundation            0x00007fff2054fd80 CFRunLoopRunSpecific + 567
20  com.apple.Foundation                0x00007fff2120b607 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212
21  com.apple.Foundation                0x00007fff212994d1 -[NSRunLoop(NSRunLoop) run] + 76
22  libxpc.dylib                        0x00007fff201a938d _xpc_objc_main + 825

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220517/ebc8ab6e/attachment-0001.htm>

More information about the webkit-unassigned mailing list