Bug 220568

Summary:	Layout tests crash in WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableMappedIOSurfaceBackend>::willAppendItemOfType()
Product:	WebKit	Reporter:	Rini Patel <rini_patel>
Component:	Canvas	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED CONFIGURATION CHANGED
Severity:	Normal	CC:	dino, jonlee, rini_patel, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Description Rini Patel 2021-01-12 15:18:57 PST

imported/w3c/web-platform-tests/html/canvas/element/path-objects/2d.path.arc.angle.3.html
imported/w3c/web-platform-tests/html/canvas/element/line-styles/2d.line.cap.invalid.html

Crashed Thread:        16  WebCore: Worker

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x00000000bbadbeef
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb

Thread 16 Crashed:: WebCore: Worker
0   com.apple.JavaScriptCore      	0x00000001415014ce WTFCrash + 14 (Assertions.cpp:295)
1   com.apple.WebKit              	0x000000011776e50b WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:671)
2   com.apple.WebKit              	0x00000001191401c9 WTF::WeakPtr<WebKit::RemoteRenderingBackendProxy, WTF::EmptyCounter>::operator->() const + 153 (WeakPtr.h:107)
3   com.apple.WebKit              	0x0000000119140c8b WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableMappedIOSurfaceBackend>::willAppendItemOfType(WebCore::DisplayList::ItemType) + 75 (RemoteImageBufferProxy.h:252)
4   com.apple.WebCore             	0x0000000129fec325 WebCore::DisplayList::Recorder::willAppendItemOfType(WebCore::DisplayList::ItemType) + 85 (DisplayListRecorder.cpp:110)
5   com.apple.WebKit              	0x0000000119141d25 void WebCore::DisplayList::Recorder::append<WebCore::DisplayList::FlushContext, WTF::ObjectIdentifier<WebCore::DisplayList::FlushIdentifierType>&>(WTF::ObjectIdentifier<WebCore::DisplayList::FlushIdentifierType>&) + 37 (DisplayListRecorder.h:155)
6   com.apple.WebKit              	0x0000000119141cbd WebCore::DisplayList::Recorder::flushContext(WTF::ObjectIdentifier<WebCore::DisplayList::FlushIdentifierType>) + 29 (DisplayListRecorder.h:73)
7   com.apple.WebKit              	0x0000000119140550 WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableMappedIOSurfaceBackend>::flushDrawingContextAsync() + 160 (RemoteImageBufferProxy.h:209)
8   com.apple.WebKit              	0x000000011914048d WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableMappedIOSurfaceBackend>::flushDrawingContext() + 125 (RemoteImageBufferProxy.h:198)
9   com.apple.WebKit              	0x00000001191419fd WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableMappedIOSurfaceBackend>::~RemoteImageBufferProxy() + 125 (RemoteImageBufferProxy.h:69)
10  com.apple.WebKit              	0x0000000119140235 WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableMappedIOSurfaceBackend>::~RemoteImageBufferProxy() + 21 (RemoteImageBufferProxy.h:66)
11  com.apple.WebKit              	0x000000011914025c WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableMappedIOSurfaceBackend>::~RemoteImageBufferProxy() + 28 (RemoteImageBufferProxy.h:66)
12  com.apple.WebCore             	0x0000000126d0114f std::__1::default_delete<WebCore::ImageBuffer>::operator()(WebCore::ImageBuffer*) const + 47 (memory:2368)
13  com.apple.WebCore             	0x0000000126d01112 WTF::RefCounted<WebCore::ImageBuffer, std::__1::default_delete<WebCore::ImageBuffer> >::deref() const + 66 (RefCounted.h:190)
14  com.apple.WebCore             	0x0000000126d01097 WTF::DefaultRefDerefTraits<WebCore::ImageBuffer>::derefIfNotNull(WebCore::ImageBuffer*) + 55 (RefPtr.h:42)
15  com.apple.WebCore             	0x0000000126d01059 WTF::RefPtr<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer>, WTF::DefaultRefDerefTraits<WebCore::ImageBuffer> >::~RefPtr() + 41 (RefPtr.h:73)
16  com.apple.WebCore             	0x0000000126d01025 WTF::RefPtr<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer>, WTF::DefaultRefDerefTraits<WebCore::ImageBuffer> >::~RefPtr() + 21 (RefPtr.h:73)
17  com.apple.WebCore             	0x0000000126d01005 WebCore::ImageBitmapBacking::~ImageBitmapBacking() + 21 (ImageBitmapBacking.h:39)

Comment 1 Rini Patel 2021-01-13 10:01:36 PST

imported/w3c/web-platform-tests/html/canvas/element/line-styles/2d.line.cap.butt.html

Comment 2 Rini Patel 2021-01-14 15:26:41 PST

imported/w3c/web-platform-tests/html/dom/elements/images/bypass-cache-revalidation.html

Comment 3 Radar WebKit Bug Importer 2021-01-19 15:19:12 PST

<rdar://problem/73375813>

Comment 4 Rini Patel 2021-02-18 16:40:26 PST

Not seeing this crash anymore. All the mentioned tests are passing.