1. Navigate to https://store.na.square-enix-games.com/en_US/product/562671/final-fantasy-vii-remake-1st-class-edition-ps4 2. Click “You Edition” drop down and select “Standard Edition” 3. Use Back keyboard command (⌘[) * CRASH DETAILS Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x7fff3d1d1ad5 rx::IOSurfaceSurfaceCGL::releaseTexImage(gl::Context const*, int) + 9 (/AppleInternal/BuildRoot/Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.16.xctoolchain/usr/bin/../include/c++/v1/memory:2624) 1 com.apple.WebCore 0x7fff3d24b327 egl::Surface::releaseTexImage(gl::Context const*, int) + 35 (/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/ANGLE/ANGLE-7610.1.7.6/src/libANGLE/Surface.cpp:472) 2 com.apple.WebCore 0x7fff3d111959 EGL_ReleaseTexImage + 139 (/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/ANGLE/ANGLE-7610.1.7.6/src/libGLESv2/entry_points_egl.cpp:672) 3 com.apple.WebCore 0x7fff3bd6da29 -[WebGLLayer display] + 169 (/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebCore/WebCore-7610.1.7.6/./platform/graphics/cocoa/WebGLLayer.mm:167)
rdar://61367219
Has this been reproducible in any smaller test environment than Safari with WebKit2? I seem to be able to reproduce it in that environment, but not with MiniBrowser, neither with WebKit1 or WebKit2. In Safari's Preferences when launched with the run-safari script, "Show Develop menu in menu bar" is grayed out, making it impossible to switch to WK1 for easier debugging.
Can catch this in the debugger by attaching to the WebContent process after loading the initial web page, before selecting "Standard Edition" and navigating back. Here's the more complete stack trace from lldb: (lldb) bt * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x2dc0) * frame #0: 0x0000000622075ae5 WebCore`std::__1::unique_ptr<rx::ContextImpl, std::__1::default_delete<rx::ContextImpl> >::get(this=0x0000000000002dc0) const at memory:2624:19 frame #1: 0x000000062207397e WebCore`gl::Context::getImplementation(this=0x0000000000000000) const at Context.h:482:73 frame #2: 0x0000000622241e45 WebCore`rx::ContextGL* rx::GetImplAs<rx::ContextGL, gl::Context const>(src=0x0000000000000000) at angletypes.h:572:30 frame #3: 0x0000000622241e05 WebCore`rx::GetFunctionsGL(context=0x0000000000000000) at renderergl_utils.cpp:1908:12 frame #4: 0x00000006220ebf4a WebCore`rx::IOSurfaceSurfaceCGL::releaseTexImage(this=0x00007fe8eec1eff0, context=0x0000000000000000, buffer=12420) at IOSurfaceSurfaceCGL.cpp:181:36 frame #5: 0x000000062230373e WebCore`egl::Surface::releaseTexImage(this=0x00007fe8ea9fbe30, context=0x0000000000000000, buffer=12420) at Surface.cpp:472:5 frame #6: 0x0000000621f5c91c WebCore`::EGL_ReleaseTexImage(dpy=0x00007fe8eedf2c90, surface=0x00007fe8ea9fbe30, buffer=12420) at entry_points_egl.cpp:672:9 frame #7: 0x000000061eb87796 WebCore`-[WebGLLayer display](self=0x00007fe8ea93e5f0, _cmd="display") at WebGLLayer.mm:167:18 frame #8: 0x00007fff40988469 QuartzCore`CA::Layer::display_if_needed(CA::Transaction*) + 757 frame #9: 0x00007fff40966716 QuartzCore`CA::Context::commit_transaction(CA::Transaction*, double) + 334 frame #10: 0x00007fff40965304 QuartzCore`CA::Transaction::commit() + 644 Will investigate why this is happening.
It looks like eglReleaseTexImage is supposed to be called with a current context, though the docs don't state that explicitly.
Created attachment 395763 [details] Patch
A context was supposed to be current when eglReleaseTexImage was called, but there's no return code from GraphicsContextGLOpenGL::prepareTexture indicating failure to make the context current.
Committed r259737: <https://trac.webkit.org/changeset/259737> All reviewed patches have been landed. Closing bug and clearing flags on attachment 395763 [details].