210151 2020-04-07 13:51:43 -0700 WebContent process crashes in com.apple.WebCore: rx::IOSurfaceSurfaceCGL::releaseTexImage 2020-04-20 13:41:12 -0700 1 1 1 Unclassified WebKit WebGL WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 210153 210213 1 dino kbr dino justin_fan kbr webkit-bug-importer oldest_to_newest 1638781 0 dino 2020-04-07 13:51:43 -0700 1. Navigate to https://store.na.square-enix-games.com/en_US/product/562671/final-fantasy-vii-remake-1st-class-edition-ps4 2. Click “You Edition” drop down and select “Standard Edition” 3. Use Back keyboard command (⌘[) * CRASH DETAILS Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x7fff3d1d1ad5 rx::IOSurfaceSurfaceCGL::releaseTexImage(gl::Context const*, int) + 9 (/AppleInternal/BuildRoot/Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.16.xctoolchain/usr/bin/../include/c++/v1/memory:2624) 1 com.apple.WebCore 0x7fff3d24b327 egl::Surface::releaseTexImage(gl::Context const*, int) + 35 (/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/ANGLE/ANGLE-7610.1.7.6/src/libANGLE/Surface.cpp:472) 2 com.apple.WebCore 0x7fff3d111959 EGL_ReleaseTexImage + 139 (/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/ANGLE/ANGLE-7610.1.7.6/src/libGLESv2/entry_points_egl.cpp:672) 3 com.apple.WebCore 0x7fff3bd6da29 -[WebGLLayer display] + 169 (/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7610.1.7.6/./platform/graphics/cocoa/WebGLLayer.mm:167) 1638782 1 dino 2020-04-07 13:52:04 -0700 rdar://61367219 1638804 2 kbr 2020-04-07 14:31:41 -0700 Has this been reproducible in any smaller test environment than Safari with WebKit2? I seem to be able to reproduce it in that environment, but not with MiniBrowser, neither with WebKit1 or WebKit2. In Safari's Preferences when launched with the run-safari script, "Show Develop menu in menu bar" is grayed out, making it impossible to switch to WK1 for easier debugging. 1638809 3 kbr 2020-04-07 14:45:15 -0700 Can catch this in the debugger by attaching to the WebContent process after loading the initial web page, before selecting "Standard Edition" and navigating back. Here's the more complete stack trace from lldb: (lldb) bt * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x2dc0) * frame #0: 0x0000000622075ae5 WebCore`std::__1::unique_ptr<rx::ContextImpl, std::__1::default_delete<rx::ContextImpl> >::get(this=0x0000000000002dc0) const at memory:2624:19 frame #1: 0x000000062207397e WebCore`gl::Context::getImplementation(this=0x0000000000000000) const at Context.h:482:73 frame #2: 0x0000000622241e45 WebCore`rx::ContextGL* rx::GetImplAs<rx::ContextGL, gl::Context const>(src=0x0000000000000000) at angletypes.h:572:30 frame #3: 0x0000000622241e05 WebCore`rx::GetFunctionsGL(context=0x0000000000000000) at renderergl_utils.cpp:1908:12 frame #4: 0x00000006220ebf4a WebCore`rx::IOSurfaceSurfaceCGL::releaseTexImage(this=0x00007fe8eec1eff0, context=0x0000000000000000, buffer=12420) at IOSurfaceSurfaceCGL.cpp:181:36 frame #5: 0x000000062230373e WebCore`egl::Surface::releaseTexImage(this=0x00007fe8ea9fbe30, context=0x0000000000000000, buffer=12420) at Surface.cpp:472:5 frame #6: 0x0000000621f5c91c WebCore`::EGL_ReleaseTexImage(dpy=0x00007fe8eedf2c90, surface=0x00007fe8ea9fbe30, buffer=12420) at entry_points_egl.cpp:672:9 frame #7: 0x000000061eb87796 WebCore`-[WebGLLayer display](self=0x00007fe8ea93e5f0, _cmd="display") at WebGLLayer.mm:167:18 frame #8: 0x00007fff40988469 QuartzCore`CA::Layer::display_if_needed(CA::Transaction*) + 757 frame #9: 0x00007fff40966716 QuartzCore`CA::Context::commit_transaction(CA::Transaction*, double) + 334 frame #10: 0x00007fff40965304 QuartzCore`CA::Transaction::commit() + 644 Will investigate why this is happening. 1638822 4 kbr 2020-04-07 14:59:31 -0700 It looks like eglReleaseTexImage is supposed to be called with a current context, though the docs don't state that explicitly. 1638905 5 395763 kbr 2020-04-07 17:43:06 -0700 Created attachment 395763 Patch 1638906 6 kbr 2020-04-07 17:44:43 -0700 A context was supposed to be current when eglReleaseTexImage was called, but there's no return code from GraphicsContextGLOpenGL::prepareTexture indicating failure to make the context current. 1639191 7 ews-feeder 2020-04-08 11:50:50 -0700 Committed r259737: <https://trac.webkit.org/changeset/259737> All reviewed patches have been landed. Closing bug and clearing flags on attachment 395763. 395763 2020-04-07 17:43:06 -0700 2020-04-08 11:50:50 -0700 Patch bug-210151-20200407174305.patch text/plain 1557 kbr U3VidmVyc2lvbiBSZXZpc2lvbjogMjU5NjE4CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggODhjMjA2NzU2ODllNWEz NmY1NmYyZTU3ZGI0OTZiOGZiMjI3Yzc5Zi4uNzgzMjk0ZjMwNTdlMGRiNzE3ZjA4MmEwZTMwY2Vm NmI1ZTgwYjExNCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE2IEBACisyMDIwLTA0LTA3ICBLZW5u ZXRoIFJ1c3NlbGwgIDxrYnJAY2hyb21pdW0ub3JnPgorCisgICAgICAgIFdlYkNvbnRlbnQgcHJv Y2VzcyBjcmFzaGVzIGluIGNvbS5hcHBsZS5XZWJDb3JlOiByeDo6SU9TdXJmYWNlU3VyZmFjZUNH TDo6cmVsZWFzZVRleEltYWdlCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3df YnVnLmNnaT9pZD0yMTAxNTEKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4K KworICAgICAgICBFeHBsaWNpdGx5IGNoZWNrIGZvciBjb250ZXh0IHRlYXJkb3duIHdoZW4gZGlz cGxheWluZyBhCisgICAgICAgIFdlYkdMTGF5ZXIuCisKKyAgICAgICAgKiBwbGF0Zm9ybS9ncmFw aGljcy9jb2NvYS9XZWJHTExheWVyLm1tOgorICAgICAgICAoLVtXZWJHTExheWVyIGRpc3BsYXld KToKKwogMjAyMC0wNC0wNiAgRGV2aW4gUm91c3NvICA8ZHJvdXNzb0BhcHBsZS5jb20+CiAKICAg ICAgICAgV2ViIEluc3BlY3RvcjogYGNvbnNvbGUubG9nKC4uLilgIGFwcGVhciBhcyBgQ09OU09M RSBMT0cgTE9HYCBpbiB0aGUgc3lzdGVtIGNvbnNvbGUKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJD b3JlL3BsYXRmb3JtL2dyYXBoaWNzL2NvY29hL1dlYkdMTGF5ZXIubW0gYi9Tb3VyY2UvV2ViQ29y ZS9wbGF0Zm9ybS9ncmFwaGljcy9jb2NvYS9XZWJHTExheWVyLm1tCmluZGV4IDc3OTExZTUzNDUx M2IwOGZkYTk2NjU0MTkyNzdmN2U3NDA4ZWFlM2QuLjAwOGRiZDdkMzllMDI0NmE3OTgxZjViNDUy M2IyYmNkYzAzOWMxZDAgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL2dyYXBo aWNzL2NvY29hL1dlYkdMTGF5ZXIubW0KKysrIGIvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vZ3Jh cGhpY3MvY29jb2EvV2ViR0xMYXllci5tbQpAQCAtMTU4LDYgKzE1OCwxMCBAQCBzdGF0aWMgdm9p ZCBmcmVlRGF0YSh2b2lkICosIGNvbnN0IHZvaWQgKmRhdGEsIHNpemVfdCAvKiBzaXplICovKQog I2VsaWYgVVNFKE9QRU5HTF9FUykKICAgICBfY29udGV4dC0+cHJlc2VudFJlbmRlcmJ1ZmZlcigp OwogI2VsaWYgSEFWRShJT1NVUkZBQ0UpICYmIFVTRShBTkdMRSkKKyAgICBpZiAoIV9jb250ZXh0 LT5tYWtlQ29udGV4dEN1cnJlbnQoKSkgeworICAgICAgICAvLyBDb250ZXh0IGlzIGxpa2VseSBi ZWluZyB0b3JuIGRvd24uCisgICAgICAgIHJldHVybjsKKyAgICB9CiAgICAgX2NvbnRleHQtPnBy ZXBhcmVUZXh0dXJlKCk7CiAgICAgaWYgKF9kcmF3aW5nQnVmZmVyKSB7CiAgICAgICAgIGlmIChf bGF0Y2hlZFBidWZmZXIpIHsK