Bug 210151

Summary: WebContent process crashes in com.apple.WebCore: rx::IOSurfaceSurfaceCGL::releaseTexImage
Product: WebKit Reporter: Dean Jackson <dino>
Component: WebGLAssignee: Kenneth Russell <kbr>
Status: RESOLVED FIXED    
Severity: Normal CC: dino, justin_fan, kbr, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 210153, 210213    
Attachments:
Description Flags
Patch none

Dean Jackson
Reported 2020-04-07 13:51:43 PDT
1. Navigate to https://store.na.square-enix-games.com/en_US/product/562671/final-fantasy-vii-remake-1st-class-edition-ps4 2. Click “You Edition” drop down and select “Standard Edition” 3. Use Back keyboard command (⌘[) * CRASH DETAILS Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x7fff3d1d1ad5 rx::IOSurfaceSurfaceCGL::releaseTexImage(gl::Context const*, int) + 9 (/AppleInternal/BuildRoot/Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.16.xctoolchain/usr/bin/../include/c++/v1/memory:2624) 1 com.apple.WebCore 0x7fff3d24b327 egl::Surface::releaseTexImage(gl::Context const*, int) + 35 (/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/ANGLE/ANGLE-7610.1.7.6/src/libANGLE/Surface.cpp:472) 2 com.apple.WebCore 0x7fff3d111959 EGL_ReleaseTexImage + 139 (/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/ANGLE/ANGLE-7610.1.7.6/src/libGLESv2/entry_points_egl.cpp:672) 3 com.apple.WebCore 0x7fff3bd6da29 -[WebGLLayer display] + 169 (/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7610.1.7.6/./platform/graphics/cocoa/WebGLLayer.mm:167)
Attachments
Patch (1.52 KB, patch)
2020-04-07 17:43 PDT, Kenneth Russell 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Dean Jackson
Comment 1 2020-04-07 13:52:04 PDT
rdar://61367219
Kenneth Russell
Comment 2 2020-04-07 14:31:41 PDT
Has this been reproducible in any smaller test environment than Safari with WebKit2? I seem to be able to reproduce it in that environment, but not with MiniBrowser, neither with WebKit1 or WebKit2. In Safari's Preferences when launched with the run-safari script, "Show Develop menu in menu bar" is grayed out, making it impossible to switch to WK1 for easier debugging.
Kenneth Russell
Comment 3 2020-04-07 14:45:15 PDT
Can catch this in the debugger by attaching to the WebContent process after loading the initial web page, before selecting "Standard Edition" and navigating back. Here's the more complete stack trace from lldb: (lldb) bt * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x2dc0) * frame #0: 0x0000000622075ae5 WebCore`std::__1::unique_ptr<rx::ContextImpl, std::__1::default_delete<rx::ContextImpl> >::get(this=0x0000000000002dc0) const at memory:2624:19 frame #1: 0x000000062207397e WebCore`gl::Context::getImplementation(this=0x0000000000000000) const at Context.h:482:73 frame #2: 0x0000000622241e45 WebCore`rx::ContextGL* rx::GetImplAs<rx::ContextGL, gl::Context const>(src=0x0000000000000000) at angletypes.h:572:30 frame #3: 0x0000000622241e05 WebCore`rx::GetFunctionsGL(context=0x0000000000000000) at renderergl_utils.cpp:1908:12 frame #4: 0x00000006220ebf4a WebCore`rx::IOSurfaceSurfaceCGL::releaseTexImage(this=0x00007fe8eec1eff0, context=0x0000000000000000, buffer=12420) at IOSurfaceSurfaceCGL.cpp:181:36 frame #5: 0x000000062230373e WebCore`egl::Surface::releaseTexImage(this=0x00007fe8ea9fbe30, context=0x0000000000000000, buffer=12420) at Surface.cpp:472:5 frame #6: 0x0000000621f5c91c WebCore`::EGL_ReleaseTexImage(dpy=0x00007fe8eedf2c90, surface=0x00007fe8ea9fbe30, buffer=12420) at entry_points_egl.cpp:672:9 frame #7: 0x000000061eb87796 WebCore`-[WebGLLayer display](self=0x00007fe8ea93e5f0, _cmd="display") at WebGLLayer.mm:167:18 frame #8: 0x00007fff40988469 QuartzCore`CA::Layer::display_if_needed(CA::Transaction*) + 757 frame #9: 0x00007fff40966716 QuartzCore`CA::Context::commit_transaction(CA::Transaction*, double) + 334 frame #10: 0x00007fff40965304 QuartzCore`CA::Transaction::commit() + 644 Will investigate why this is happening.
Kenneth Russell
Comment 4 2020-04-07 14:59:31 PDT
It looks like eglReleaseTexImage is supposed to be called with a current context, though the docs don't state that explicitly.
Kenneth Russell
Comment 5 2020-04-07 17:43:06 PDT
Created attachment 395763 [details] Patch
Kenneth Russell
Comment 6 2020-04-07 17:44:43 PDT
A context was supposed to be current when eglReleaseTexImage was called, but there's no return code from GraphicsContextGLOpenGL::prepareTexture indicating failure to make the context current.
EWS
Comment 7 2020-04-08 11:50:50 PDT
Committed r259737: <https://trac.webkit.org/changeset/259737> All reviewed patches have been landed. Closing bug and clearing flags on attachment 395763 [details].
Note You need to log in before you can comment on or make changes to this bug.