219478 – GPU Process: Crash under ~RemoteLayerBackingStore call to flushDrawingContext()

Bug 219478 - GPU Process: Crash under ~RemoteLayerBackingStore call to flushDrawingContext()

Summary: GPU Process: Crash under ~RemoteLayerBackingStore call to flushDrawingContext()

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	Other
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-12-02 19:50 PST by Tim Horton
Modified:	2020-12-09 19:51 PST (History)
CC List:	6 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Horton 2020-12-02 19:50:25 PST

void WebCore::DisplayList::ItemBuffer::append<WebCore::DisplayList::FlushContext, WTF::ObjectIdentifier<WebCore::DisplayList::FlushIdentifierType>&>(WTF::ObjectIdentifier<WebCore::DisplayList::FlushIdentifierType>&) + 64
void WebCore::DisplayList::ItemBuffer::append<WebCore::DisplayList::FlushContext, WTF::ObjectIdentifier<WebCore::DisplayList::FlushIdentifierType>&>(WTF::ObjectIdentifier<WebCore::DisplayList::FlushIdentifierType>&) + 52
WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableIOSurfaceBackend>::flushDrawingContextAndCommit() + 100
WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableIOSurfaceBackend>::flushDrawingContext() + 76
WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableIOSurfaceBackend>::~RemoteImageBufferProxy() + 108
WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableIOSurfaceBackend>::~RemoteImageBufferProxy() + 16
WebKit::RemoteLayerBackingStore::~RemoteLayerBackingStore() + 40
std::__1::unique_ptr<WebKit::RemoteLayerBackingStore, std::__1::default_delete<WebKit::RemoteLayerBackingStore> >::reset(WebKit::RemoteLayerBackingStore*) + 32
WebCore::GraphicsLayerCA::updateCoverage(WebCore::GraphicsLayerCA::CommitState const&) + 168
WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers(WebCore::GraphicsLayerCA::CommitState&, float, WebCore::FloatPoint const&, bool&) + 1376
WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) + 528
WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) + 676
WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) + 676

Comment 1 Tim Horton 2020-12-02 19:51:23 PST

I hit this on nyt.com

Comment 2 Tim Horton 2020-12-02 19:54:42 PST

Crash is

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x000000011e5489e0

Comment 3 Radar WebKit Bug Importer 2020-12-09 19:51:13 PST

<rdar://problem/72164373>