RESOLVED CONFIGURATION CHANGED 220368
[GPU Process] Assert in DisplayList::clear() 
https://bugs.webkit.org/show_bug.cgi?id=220368
Summary [GPU Process] Assert in DisplayList::clear()
Rini Patel
Reported 2021-01-06 09:53:24 PST
Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [94649] VM Regions Near 0xbbadbeef: --> __TEXT 0000000102cb8000-0000000102cb9000 [ 4K] r-x/r-x SM=COW /Volumes/VOLUME/*/*.Development Application Specific Information: CRASHING TEST: fast/canvas/fill-text-with-font-features.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00000005f25f252e WTFCrash + 14 (Assertions.cpp:295) 1 com.apple.WebCore 0x00000005cf7c204b WTFCrashWithInfo(int, char const*, char const*, int) + 27 2 com.apple.WebCore 0x00000005cf7d6f18 WTF::RefCountedBase::hasOneRef() const + 104 (RefCounted.h:55) 3 com.apple.WebCore 0x00000005cf7d6dfc WTF::RefCountedBase::applyRefDerefThreadingCheck() const + 28 (RefCounted.h:106) 4 com.apple.WebCore 0x00000005cf7d6c6c WTF::RefCountedBase::derefBase() const + 28 (RefCounted.h:130) 5 com.apple.WebCore 0x00000005d06c432f WTF::RefCounted<WebCore::ImageBuffer, std::__1::default_delete<WebCore::ImageBuffer> >::deref() const + 31 (RefCounted.h:189) 6 com.apple.WebCore 0x00000005d3bdb2b5 WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >::~Ref() + 53 (Ref.h:62) 7 com.apple.WebCore 0x00000005d3bdb275 WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >::~Ref() + 21 (Ref.h:62) 8 com.apple.WebCore 0x00000005d3bdb24e WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >::~KeyValuePair() + 30 (KeyValuePair.h:33) 9 com.apple.WebCore 0x00000005d3bdb185 WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >::~KeyValuePair() + 21 (KeyValuePair.h:33) 10 com.apple.WebCore 0x00000005d3bdb111 WTF::HashTable<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > >::deallocateTable(WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >*) + 97 (HashTable.h:1237) 11 com.apple.WebCore 0x00000005d3be149b WTF::HashTable<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> > >::clear() + 59 (HashTable.h:1383) 12 com.apple.WebCore 0x00000005d3bd14a5 WTF::HashMap<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::HashTraits<WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > > >::clear() + 21 (HashMap.h:475) 13 com.apple.WebCore 0x00000005d3bd1408 WebCore::DisplayList::DisplayList::clear() + 104 (DisplayList.cpp:83) 14 com.apple.WebKit 0x00000005c19e65e6 WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableBitmapBackend>::clearDisplayList() + 38 (RemoteImageBufferProxy.h:247) 15 com.apple.WebKit 0x00000005c19e5179 WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableBitmapBackend>::changeDestinationImageBuffer(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>) + 105 (RemoteImageBufferProxy.h:237) 16 com.apple.WebKit 0x00000005c19742a6 WebKit::RemoteRenderingBackendProxy::willAppendItem(WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>) + 198 (RemoteRenderingBackendProxy.cpp:233) 17 com.apple.WebKit 0x00000005c19e57c3 WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableBitmapBackend>::willAppendItemOfType(WebCore::DisplayList::ItemType) + 99 (RemoteImageBufferProxy.h:253) 18 com.apple.WebCore 0x00000005d3bf3945 WebCore::DisplayList::Recorder::willAppendItemOfType(WebCore::DisplayList::ItemType) + 85 (DisplayListRecorder.cpp:112) 19 com.apple.WebKit 0x00000005c19d9a65 void WebCore::DisplayList::Recorder::append<WebCore::DisplayList::FlushContext, WTF::ObjectIdentifier<WebCore::DisplayList::FlushIdentifierType>&>(WTF::ObjectIdentifier<WebCore::DisplayList::FlushIdentifierType>&) + 37 (DisplayListRecorder.h:155) 20 com.apple.WebKit 0x00000005c19d99fd WebCore::DisplayList::Recorder::flushContext(WTF::ObjectIdentifier<WebCore::DisplayList::FlushIdentifierType>) + 29 (DisplayListRecorder.h:73) 21 com.apple.WebKit 0x00000005c19e5080 WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableBitmapBackend>::flushDrawingContextAsync() + 160 22 com.apple.WebKit 0x00000005c19e4fbd WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableBitmapBackend>::flushDrawingContext() + 125 (RemoteImageBufferProxy.h:198) 23 com.apple.WebKit 0x00000005c19e637d WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableBitmapBackend>::~RemoteImageBufferProxy() + 125 (RemoteImageBufferProxy.h:69) 24 com.apple.WebKit 0x00000005c19e4d55 WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableBitmapBackend>::~RemoteImageBufferProxy() + 21 (RemoteImageBufferProxy.h:72) 25 com.apple.WebKit 0x00000005c19e4d7c WebKit::RemoteImageBufferProxy<WebKit::ImageBufferShareableBitmapBackend>::~RemoteImageBufferProxy() + 28 (RemoteImageBufferProxy.h:66) 26 com.apple.WebCore 0x00000005d06c438f std::__1::default_delete<WebCore::ImageBuffer>::operator()(WebCore::ImageBuffer*) const + 47 (memory:2339) 27 com.apple.WebCore 0x00000005d06c4352 WTF::RefCounted<WebCore::ImageBuffer, std::__1::default_delete<WebCore::ImageBuffer> >::deref() const + 66 (RefCounted.h:191) 28 com.apple.WebCore 0x00000005d3bdb2b5 WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >::~Ref() + 53 (Ref.h:62) 29 com.apple.WebCore 0x00000005d3bdb275 WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> >::~Ref() + 21 (Ref.h:62) 30 com.apple.WebCore 0x00000005d3bdb24e WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, WTF::Ref<WebCore::ImageBuffer, WTF::RawPtrTraits<WebCore::ImageBuffer> > >::~KeyValuePair() + 30 (KeyValuePair.h:33)
Attachments
Add attachment proposed patch, testcase, etc.
Rini Patel
Comment 1 2021-01-06 09:55:11 PST
Multiple tests with same signature added in TestExpectations file. Some of them are following: fast/canvas/canvas-blending-clipping.html fast/canvas/canvas-large-fills.html fast/canvas/fill-text-with-font-features.html mported/w3c/web-platform-tests/html/canvas/element/imagebitmap/canvas-createImageBitmap-video-resize.html
Rini Patel
Comment 2 2021-01-06 10:33:40 PST
I think this is same as https://bugs.webkit.org/show_bug.cgi?id=219478.
Radar WebKit Bug Importer
Comment 3 2021-01-06 10:59:18 PST
<rdar://problem/72857723>
Jon Lee
Comment 4 2021-03-05 01:48:21 PST
All of the tests cited above have been removed from TestExpectations as they no longer assert.
Note You need to log in before you can comment on or make changes to this bug.