265538 2023-11-29 12:38:28 -0800 REGRESSION(271265@main): [Win][WebGL] heap corruption crash while destructing WebGLMultiDraw 2023-11-29 17:16:15 -0800 1 1 1 Unclassified WebKit WebGL WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 fujii fujii dino kbr kkinnunen webkit-bug-importer oldest_to_newest 1995683 0 fujii 2023-11-29 12:38:28 -0800 271263@main good 271266@main bad Buildbot: builder WinCairo-64-bit-Release-Tests build 2853 : 271266@main https://build.webkit.org/#/builders/728/builds/2853 Regressions: Unexpected crashes (5) webgl/2.0.y/conformance/extensions/oes-texture-float-linear.html [ Crash ] webgl/2.0.y/conformance2/extensions/webgl-multi-draw-instanced-base-vertex-base-instance.html [ Crash ] webgl/webgl-draft-extensions-flag-off.html [ Crash ] webgl/webgl-ext-norm16-texture-texsubimage-nocrash.html [ Crash ] webgl/webgl-vertex-array-object-defined.html [ Crash ] 1995684 1 fujii 2023-11-29 12:38:37 -0800 https://build.webkit.org/results/WinCairo-64-bit-Debug-Tests/271268@main%20(21403)/CrashLog_3100_2023-11-29_15-58-50-997.txt . 0 Id: 33a0.2130 Suspend: 1 Teb: 00000083`5f2c2000 Unfrozen # Child-SP RetAddr Call Site 00 00000083`5f1dd410 00007ff9`154a4913 ntdll!RtlIsZeroMemory+0x119 01 00000083`5f1dd460 00007ff9`154ad71a ntdll!RtlIsZeroMemory+0xe3 02 00000083`5f1dd550 00007ff9`154ad9fa ntdll!_misaligned_access+0x41a 03 00000083`5f1dd580 00007ff9`154b8079 ntdll!_misaligned_access+0x6fa 04 00000083`5f1dd5b0 00007ff9`153bb519 ntdll!_misaligned_access+0xad79 05 00000083`5f1dd5e0 00007ff9`153ba8c1 ntdll!RtlGetCurrentServiceSessionId+0xbb9 06 00000083`5f1dd6a0 00007ff8`ffba208b ntdll!RtlFreeHeap+0x51 07 00000083`5f1dd6e0 00007ff8`f5e21984 ucrtbase!free_base+0x1b 08 00000083`5f1dd710 00007ff8`e04b8d34 WTF!WTF::fastFree(void * p = 0x00000247`ce7b0968)+0x14 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WTF\wtf\FastMalloc.cpp @ 268] 09 00000083`5f1dd740 00007ff8`e04b8cf6 WebCore!WTF::RefCounted<WebCore::WebGLExtensionBase,std::default_delete<WebCore::WebGLExtensionBase> >::operator delete(void * p = 0x00000247`ce7b0968)+0x14 [C:\BW\WinCairo-64-bit-Debug-Build\build\WebKitBuild\Debug\WTF\Headers\wtf\RefCounted.h @ 185] 0a 00000083`5f1dd770 00007ff8`e04b8c73 WebCore!std::default_delete<WebCore::WebGLExtensionBase>::operator()(class WebCore::WebGLExtensionBase * _Ptr = 0x00000247`ce7b0968)+0x36 [C:\MSVS\VC\Tools\MSVC\14.37.32822\include\memory @ 3181] 0b 00000083`5f1dd7b0 00007ff8`e1a1718f WebCore!WTF::RefCounted<WebCore::WebGLExtensionBase,std::default_delete<WebCore::WebGLExtensionBase> >::deref(void)+0x43 [C:\BW\WinCairo-64-bit-Debug-Build\build\WebKitBuild\Debug\WTF\Headers\wtf\RefCounted.h @ 191] 0c 00000083`5f1dd800 00007ff8`e1a17137 WebCore!WTF::Ref<WebCore::WebGLMultiDraw,WTF::RawPtrTraits<WebCore::WebGLMultiDraw> >::~Ref(void)+0x4f [C:\BW\WinCairo-64-bit-Debug-Build\build\WebKitBuild\Debug\WTF\Headers\wtf\Ref.h @ 62] 0d 00000083`5f1dd850 00007ff8`e1a13c83 WebCore!WebCore::JSDOMWrapper<WebCore::WebGLMultiDraw,WTF::RawPtrTraits<WebCore::WebGLMultiDraw> >::~JSDOMWrapper(void)+0x17 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\bindings\js\JSDOMWrapper.h @ 74] 0e 00000083`5f1dd880 00007ff8`e1a03c8d WebCore!WebCore::JSWebGLMultiDraw::~JSWebGLMultiDraw(void)+0x13 [C:\BW\WinCairo-64-bit-Debug-Build\build\WebKitBuild\Debug\WebCore\DerivedSources\JSWebGLMultiDraw.h @ 31] 0f 00000083`5f1dd8b0 00007ff8`dd671988 WebCore!WebCore::JSWebGLMultiDraw::destroy(class JSC::JSCell * cell = 0x00000247`ce1f4178)+0x1d [C:\BW\WinCairo-64-bit-Debug-Build\build\WebKitBuild\Debug\WebCore\DerivedSources\JSWebGLMultiDraw.cpp @ 141] 10 00000083`5f1dd8f0 00007ff8`dd66f776 JavaScriptCore!JSC::JSDestructibleObjectDestroyFunc::operator()(class JSC::JSCell * cell = 0x00000247`ce1f4178)+0x28 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\runtime\JSDestructibleObjectHeapCellType.cpp @ 39] 11 00000083`5f1dd930 00007ff8`dcf2a51c JavaScriptCore!JSC::JSDestructibleObjectHeapCellType::destroy(class JSC::VM * vm = 0x00000247`878bad80, class JSC::JSCell * cell = 0x00000247`ce1f4178)+0x36 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\runtime\JSDestructibleObjectHeapCellType.cpp @ 58] 12 00000083`5f1dd980 00007ff8`dcf1ec89 JavaScriptCore!JSC::Subspace::destroy(class JSC::VM * vm = 0x00000247`878bad80, class JSC::JSCell * cell = 0x00000247`ce1f4178)+0x2c [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\Subspace.cpp @ 66] 13 00000083`5f1dd9c0 00007ff8`dcf02e03 JavaScriptCore!JSC::PreciseAllocation::sweep(void)+0x89 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\PreciseAllocation.cpp @ 237] 14 00000083`5f1dda10 00007ff8`dce4924f JavaScriptCore!JSC::MarkedSpace::sweepPreciseAllocations(void)+0x103 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\MarkedSpace.cpp @ 236] 15 00000083`5f1dda90 00007ff8`dce48e5a JavaScriptCore!JSC::Heap::sweepInFinalize(void)+0x1f [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\Heap.cpp @ 2284] 16 00000083`5f1ddad0 00007ff8`dce4869b JavaScriptCore!JSC::Heap::finalize(void)+0xba [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\Heap.cpp @ 2218] 17 00000083`5f1ddbb0 00007ff8`dce479c5 JavaScriptCore!JSC::Heap::handleNeedFinalize(unsigned int oldState = 0xd)+0x12b [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\Heap.cpp @ 2155] 18 00000083`5f1ddbf0 00007ff8`dce44403 JavaScriptCore!JSC::Heap::handleNeedFinalize(void)+0x35 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\Heap.cpp @ 2166] 19 00000083`5f1ddc30 00007ff8`dce45bd9 JavaScriptCore!JSC::Heap::finishChangingPhase(JSC::GCConductor conn = Mutator (0n0))+0x133 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\Heap.cpp @ 1763] 1a 00000083`5f1ddc80 00007ff8`dce45b5d JavaScriptCore!JSC::Heap::changePhase(JSC::GCConductor conn = Mutator (0n0), JSC::CollectorPhase nextPhase = NotRunning (0n0))+0x49 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\Heap.cpp @ 1736] 1b 00000083`5f1ddcc0 00007ff8`dce43d8e JavaScriptCore!JSC::Heap::runEndPhase(JSC::GCConductor conn = Mutator (0n0))+0x69d [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\Heap.cpp @ 1726] 1c 00000083`5f1dddf0 00007ff8`dce5f9fe JavaScriptCore!JSC::Heap::runCurrentPhase(JSC::GCConductor conn = Mutator (0n0), struct JSC::CurrentThreadState * currentThreadState = 0x00000083`5f1ddf58)+0x16e [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\Heap.cpp @ 1376] 1d 00000083`5f1dde50 00007ff8`dce5f9c1 JavaScriptCore!JSC::Heap::collectInMutatorThread::<lambda_0>::operator()(struct JSC::CurrentThreadState * state = 0x00000083`5f1ddf58)+0x2e [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\Heap.cpp @ 1993] 1e 00000083`5f1ddea0 00007ff8`dcf0f921 JavaScriptCore!WTF::ScopedLambdaFunctor<void (void * argument = 0x00000083`5f1de0d0, struct JSC::CurrentThreadState * arguments = 0x00000083`5f1ddf58)+0x21 [C:\BW\WinCairo-64-bit-Debug-Build\build\WebKitBuild\Debug\WTF\Headers\wtf\ScopedLambda.h @ 106] 1f 00000083`5f1ddee0 00007ff8`dcefecb1 JavaScriptCore!WTF::ScopedLambda<void (struct JSC::CurrentThreadState * arguments = 0x00000083`5f1ddf58)+0x21 [C:\BW\WinCairo-64-bit-Debug-Build\build\WebKitBuild\Debug\WTF\Headers\wtf\ScopedLambda.h @ 58] 20 00000083`5f1ddf20 00007ff8`dce48791 JavaScriptCore!JSC::callWithCurrentThreadState(class WTF::ScopedLambda<void (JSC::CurrentThreadState &)> * lambda = 0x00000083`5f1de0d0)+0x71 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\MachineStackMarker.cpp @ 225] 21 00000083`5f1de090 00007ff8`dce48552 JavaScriptCore!JSC::Heap::collectInMutatorThread(void)+0xc1 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\Heap.cpp @ 2005] 22 00000083`5f1de110 00007ff8`dce49331 JavaScriptCore!JSC::Heap::stopIfNecessarySlow(unsigned int oldState = 0x15)+0x122 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\Heap.cpp @ 1976] 23 00000083`5f1de150 00007ff8`dce439eb JavaScriptCore!JSC::Heap::waitForCollector<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap/Heap.cpp:2277:9'>(class JSC::Heap::waitForCollection::<lambda_41> * func = 0x00000083`5f1de1e8)+0xa1 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\Heap.cpp @ 2031] 24 00000083`5f1de1c0 00007ff8`dce4345e JavaScriptCore!JSC::Heap::waitForCollection(unsigned int64 ticket = 0x58d)+0x3b [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\Heap.cpp @ 2276] 25 00000083`5f1de210 00007ff8`dce43568 JavaScriptCore!JSC::Heap::collectSync(struct JSC::GCRequest * request = 0x00000083`5f1de2d0)+0x9e [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\Heap.cpp @ 1284] 26 00000083`5f1de270 00007ff8`e238155c JavaScriptCore!JSC::Heap::collectNow(JSC::Synchronousness synchronousness = Sync (0n1), struct JSC::GCRequest * request = 0x00000083`5f1de338)+0xd8 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\JavaScriptCore\heap\Heap.cpp @ 1225] 27 00000083`5f1de300 00007ff8`e23814d3 WebCore!WebCore::GCController::garbageCollectNow(void)+0x7c [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\bindings\js\GCController.cpp @ 97] 28 00000083`5f1de360 00007ff8`e24e192e WebCore!WebCore::GCController::garbageCollectSoon(void)+0x13 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\bindings\js\GCController.cpp @ 79] 29 00000083`5f1de390 00007ff8`e24e1811 WebCore!WebCore::collectGarbageAfterWindowProxyDestruction(void)+0x3e [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\bindings\js\WindowProxy.cpp @ 53] 2a 00000083`5f1de3c0 00007ff8`e3888b71 WebCore!WebCore::WindowProxy::detachFromFrame(void)+0x181 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\bindings\js\WindowProxy.cpp @ 87] 2b 00000083`5f1de440 00007ff8`e38aed19 WebCore!WebCore::Frame::~Frame(void)+0x31 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\page\Frame.cpp @ 57] 2c 00000083`5f1de480 00007ff8`e38ec979 WebCore!WebCore::LocalFrame::~LocalFrame(void)+0x239 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\page\LocalFrame.cpp @ 221] 2d 00000083`5f1de510 00007ff8`e1cf5153 WebCore!WebCore::LocalFrame::~LocalFrame(int should_call_delete = 0n1)+0x29 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\page\LocalFrame.cpp @ 197] 2e 00000083`5f1de560 00007ff8`e1cf50f7 WebCore!WTF::ThreadSafeRefCounted<WebCore::Frame,1>::deref::<lambda_1>::operator()(void)+0x33 [C:\BW\WinCairo-64-bit-Debug-Build\build\WebKitBuild\Debug\WTF\Headers\wtf\ThreadSafeRefCounted.h @ 116] 2f 00000083`5f1de5a0 00007ff8`f5e07d84 WebCore!WTF::Detail::CallableWrapper<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\WebKitBuild\Debug\WTF\Headers\wtf/ThreadSafeRefCounted.h:114:27',void>::call(void)+0x17 [C:\BW\WinCairo-64-bit-Debug-Build\build\WebKitBuild\Debug\WTF\Headers\wtf\Function.h @ 53] 30 00000083`5f1de5d0 00007ff8`f5e5df05 WTF!WTF::Function<void (void)+0x84 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WTF\wtf\Function.h @ 82] 31 00000083`5f1de610 00007ff8`e1cf4e38 WTF!WTF::ensureOnMainThread(class WTF::Function<void ()> * function = 0x00000083`5f1de670)+0x25 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WTF\wtf\MainThread.cpp @ 95] 32 00000083`5f1de640 00007ff8`e1cf4dd3 WebCore!WTF::ThreadSafeRefCounted<WebCore::Frame,1>::deref(void)+0x58 [C:\BW\WinCairo-64-bit-Debug-Build\build\WebKitBuild\Debug\WTF\Headers\wtf\ThreadSafeRefCounted.h @ 121] 33 00000083`5f1de690 00007ff8`e1ce7748 WebCore!WTF::DefaultRefDerefTraits<WebCore::LocalFrame>::derefIfNotNull(class WebCore::LocalFrame * ptr = 0x00000247`cdc79b20)+0x23 [C:\BW\WinCairo-64-bit-Debug-Build\build\WebKitBuild\Debug\WTF\Headers\wtf\RefPtr.h @ 44] 34 00000083`5f1de6c0 00007ff8`e3647353 WebCore!WTF::RefPtr<WebCore::LocalFrame,WTF::RawPtrTraits<WebCore::LocalFrame>,WTF::DefaultRefDerefTraits<WebCore::LocalFrame> >::~RefPtr(void)+0x38 [C:\BW\WinCairo-64-bit-Debug-Build\build\WebKitBuild\Debug\WTF\Headers\wtf\RefPtr.h @ 75] 35 00000083`5f1de700 00007ff8`e3648c7c WebCore!WebCore::DocumentLoader::commitLoad(class WebCore::SharedBuffer * data = 0x00000247`cdd47890)+0x123 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\loader\DocumentLoader.cpp @ 1232] 36 00000083`5f1de770 00007ff8`e36489cb WebCore!WebCore::DocumentLoader::dataReceived(class WebCore::SharedBuffer * buffer = 0x00000247`cdd47890)+0x29c [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\loader\DocumentLoader.cpp @ 1396] 37 00000083`5f1de7e0 00007ff8`e37ac741 WebCore!WebCore::DocumentLoader::dataReceived(class WebCore::CachedResource * resource = 0x00000247`cc1a1d00, class WebCore::SharedBuffer * buffer = 0x00000247`cdd47890)+0x9b [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\loader\DocumentLoader.cpp @ 1370] 38 00000083`5f1de830 00007ff8`e37ac52e WebCore!WebCore::CachedRawResource::notifyClientsDataWasReceived(class WebCore::SharedBuffer * buffer = 0x00000247`cdd47890)+0x91 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\loader\cache\CachedRawResource.cpp @ 143] 39 00000083`5f1de8a0 00007ff8`e3735dd5 WebCore!WebCore::CachedRawResource::updateBuffer(class WebCore::FragmentedSharedBuffer * data = 0x00000247`cdd47690)+0x18e [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\loader\cache\CachedRawResource.cpp @ 80] 3a 00000083`5f1de9d0 00007ff8`e371c075 WebCore!WebCore::SubresourceLoader::didReceiveBuffer(class WebCore::FragmentedSharedBuffer * buffer = 0x00000247`cdd46f90, int64 encodedDataLength = 0n3256, WebCore::DataPayloadType dataPayloadType = DataPayloadBytes (0n1))+0x2c5 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\loader\SubresourceLoader.cpp @ 571] 3b 00000083`5f1dea60 00007ff8`e962a3a4 WebCore!WebCore::ResourceLoader::didReceiveData(class WebCore::SharedBuffer * buffer = 0x00000247`cdd46f90, int64 encodedDataLength = 0n3256, WebCore::DataPayloadType dataPayloadType = DataPayloadBytes (0n1))+0x35 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\loader\ResourceLoader.cpp @ 590] 3c 00000083`5f1deab0 00007ff8`e84312cd WebKit2!WebKit::WebResourceLoader::didReceiveData(class IPC::SharedBufferReference * data = 0x00000083`5f1ded90, unsigned int64 encodedDataLength = 0xcb8)+0x2d4 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\WebProcess\Network\WebResourceLoader.cpp @ 244] 3d 00000083`5f1deba0 00007ff8`e8431287 WebKit2!IPC::callMemberFunction<WebKit::WebResourceLoader,WebKit::WebResourceLoader,void (class IPC::SharedBufferReference * args = 0x00000083`5f1ded90, unsigned int64 * args = 0x00000083`5f1ded88)+0x3d [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\HandleMessage.h @ 137] 3e 00000083`5f1debe0 00007ff8`e843124e WebKit2!std::invoke<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\HandleMessage.h:135:9',IPC::SharedBufferReference,unsigned long long>(class IPC::callMemberFunction<WebKit::WebResourceLoader,WebKit::WebResourceLoader,void (IPC::SharedBufferReference &&, unsigned long long),std::tuple<IPC::SharedBufferReference,unsigned long long> >::<lambda_1> * _Obj = 0x00000083`5f1decd8, class IPC::SharedBufferReference * _Arg1 = 0x00000083`5f1ded90, unsigned int64 * _Args2 = 0x00000083`5f1ded88)+0x27 [C:\MSVS\VC\Tools\MSVC\14.37.32822\include\type_traits @ 1762] 3f 00000083`5f1dec20 00007ff8`e8431202 WebKit2!std::_Apply_impl<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\HandleMessage.h:135:9',std::tuple<IPC::SharedBufferReference,unsigned long long>,0,1>(class IPC::callMemberFunction<WebKit::WebResourceLoader,WebKit::WebResourceLoader,void (IPC::SharedBufferReference &&, unsigned long long),std::tuple<IPC::SharedBufferReference,unsigned long long> >::<lambda_1> * _Obj = 0x00000083`5f1decd8, class std::tuple<IPC::SharedBufferReference,unsigned long long> * _Tpl = 0x00000083`5f1ded88)+0x3e [C:\MSVS\VC\Tools\MSVC\14.37.32822\include\tuple @ 1079] 40 00000083`5f1dec70 00007ff8`e843107f WebKit2!std::apply<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\HandleMessage.h:135:9',std::tuple<IPC::SharedBufferReference,unsigned long long> >(class IPC::callMemberFunction<WebKit::WebResourceLoader,WebKit::WebResourceLoader,void (IPC::SharedBufferReference &&, unsigned long long),std::tuple<IPC::SharedBufferReference,unsigned long long> >::<lambda_1> * _Obj = 0x00000083`5f1decd8, class std::tuple<IPC::SharedBufferReference,unsigned long long> * _Tpl = 0x00000083`5f1ded88)+0x22 [C:\MSVS\VC\Tools\MSVC\14.37.32822\include\tuple @ 1090] 41 00000083`5f1decb0 00007ff8`e842c67f WebKit2!IPC::callMemberFunction<WebKit::WebResourceLoader,WebKit::WebResourceLoader,void (class WebKit::WebResourceLoader * object = 0x00000247`cdb549e0, <function> * function = 0x00007ff8`e962a0d0, class std::tuple<IPC::SharedBufferReference,unsigned long long> * tuple = 0x00000083`5f1ded88)+0x4f [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\HandleMessage.h @ 134] 42 00000083`5f1ded10 00007ff8`e842bcbb WebKit2!IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData,WebKit::WebResourceLoader,WebKit::WebResourceLoader,void (class IPC::Connection * connection = 0x00000247`878b3770, class IPC::Decoder * decoder = 0x00000247`cde64650, class WebKit::WebResourceLoader * object = 0x00000247`cdb549e0, <function> * function = 0x00007ff8`e962a0d0)+0xcf [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\HandleMessage.h @ 237] 43 00000083`5f1dedc0 00007ff8`e9621487 WebKit2!WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(class IPC::Connection * connection = 0x00000247`878b3770, class IPC::Decoder * decoder = 0x00000247`cde64650)+0x25b [C:\BW\WinCairo-64-bit-Debug-Build\build\WebKitBuild\Debug\WebKit\DerivedSources\WebResourceLoaderMessageReceiver.cpp @ 76] 44 00000083`5f1def20 00007ff8`e8e203fa WebKit2!WebKit::NetworkProcessConnection::didReceiveMessage(class IPC::Connection * connection = 0x00000247`878b3770, class IPC::Decoder * decoder = 0x00000247`cde64650)+0xd7 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\WebProcess\Network\NetworkProcessConnection.cpp @ 103] 45 00000083`5f1df010 00007ff8`e8e20663 WebKit2!IPC::Connection::dispatchMessage(class IPC::Decoder * decoder = 0x00000247`cde64650)+0x16a [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\Connection.cpp @ 1233] 46 00000083`5f1df080 00007ff8`e8e20954 WebKit2!IPC::Connection::dispatchMessage(class std::unique_ptr<IPC::Decoder,std::default_delete<IPC::Decoder> > * message = 0x00000083`5f1df148)+0x253 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\Connection.cpp @ 1282] 47 00000083`5f1df110 00007ff8`e8e24aeb WebKit2!IPC::Connection::dispatchOneIncomingMessage(void)+0xd4 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\Connection.cpp @ 1346] 48 00000083`5f1df180 00007ff8`e8e24a87 WebKit2!IPC::Connection::enqueueIncomingMessage::<lambda_9>::operator()(void)+0x1b [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\Connection.cpp @ 1195] 49 00000083`5f1df1b0 00007ff8`f5e07d84 WebKit2!WTF::Detail::CallableWrapper<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform/IPC/Connection.cpp:1193:31',void>::call(void)+0x17 [C:\BW\WinCairo-64-bit-Debug-Build\build\WebKitBuild\Debug\WTF\Headers\wtf\Function.h @ 53] 4a 00000083`5f1df1e0 00007ff8`f5e8ac3a WTF!WTF::Function<void (void)+0x84 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WTF\wtf\Function.h @ 82] 4b 00000083`5f1df220 00007ff8`f5f5f370 WTF!WTF::RunLoop::performWork(void)+0x14a [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WTF\wtf\RunLoop.cpp @ 148] 4c 00000083`5f1df2e0 00007ff8`f5f5f2a7 WTF!WTF::RunLoop::wndProc(struct HWND__ * hWnd = 0x00000000`618d006a, unsigned int message = 0x401, unsigned int64 wParam = 0x00000247`87880d30, int64 lParam = 0n0)+0x60 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WTF\wtf\win\RunLoopWin.cpp @ 57] 4d 00000083`5f1df340 00007ff9`04240089 WTF!WTF::RunLoop::RunLoopWndProc(struct HWND__ * hWnd = 0x00000000`618d006a, unsigned int message = 0x401, unsigned int64 wParam = 0x00000247`87880d30, int64 lParam = 0n0)+0x57 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WTF\wtf\win\RunLoopWin.cpp @ 39] 4e 00000083`5f1df3b0 00007ff9`0423fa02 USER32!CallWindowProcW+0x419 4f 00000083`5f1df540 00007ff8`f5f5f53d USER32!DispatchMessageW+0x1e2 50 00000083`5f1df5c0 00007ff8`e8025c93 WTF!WTF::RunLoop::run(void)+0x5d [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WTF\wtf\win\RunLoopWin.cpp @ 69] 51 00000083`5f1df630 00007ff8`e8025b47 WebKit2!WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess,1>::run(int argc = 0n8, char ** argv = 0x00000247`87874530)+0x83 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Shared\AuxiliaryProcessMain.h @ 72] 52 00000083`5f1df680 00007ff8`e8025a23 WebKit2!WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainWin>(int argc = 0n8, char ** argv = 0x00000247`87874530)+0x47 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Shared\AuxiliaryProcessMain.h @ 98] 53 00000083`5f1df720 00007ff7`33fe124c WebKit2!WebKit::WebProcessMain(int argc = 0n8, char ** argv = 0x00000247`87874530)+0x83 [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\WebProcess\win\WebProcessMainWin.cpp @ 57] 54 00000083`5f1df760 00007ff7`33fe18bc WebKitWebProcess!main(int argc = 0n8, char ** argv = 0x00000247`87874530)+0x1c [C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\WebProcess\EntryPoint\win\WebProcessMain.cpp @ 35] 55 (Inline Function) --------`-------- WebKitWebProcess!invoke_main+0x22 [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 78] 56 00000083`5f1df7a0 00007ff9`04ef4de0 WebKitWebProcess!__scrt_common_main_seh(void)+0x10c [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 288] 57 00000083`5f1df7e0 00007ff9`1541ec4b KERNEL32!BaseThreadInitThunk+0x10 58 00000083`5f1df810 00000000`00000000 ntdll!RtlUserThreadStart+0x2b 1995761 2 fujii 2023-11-29 16:37:04 -0800 This is reproducible on my PC. > python .\Tools\Scripts\run-webkit-tests --debug --no-retry --iter=2 -v webgl/webgl-draft-extensions-flag-default.html 1995768 3 fujii 2023-11-29 16:59:51 -0800 ~WebGLMultiDraw should be non-virutal. 1995773 4 fujii 2023-11-29 17:05:52 -0800 Pull request: https://github.com/WebKit/WebKit/pull/21086 1995775 5 ews-feeder 2023-11-29 17:15:48 -0800 Committed 271315@main (48c1a4c6572c): <https://commits.webkit.org/271315@main> Reviewed commits have been landed. Closing PR #21086 and removing active labels. 1995776 6 webkit-bug-importer 2023-11-29 17:16:15 -0800 <rdar://problem/118958640>