.. using the VC4 mesa driver: ``` #0 0x6a096c22 in _mesa_update_renderbuffer_surface (ctx=ctx@entry=0x6bfc8020, rb=rb@entry=0x2476190) at ../mesa-22.0.3/src/mesa/main/renderbuffer.c:581 #1 0x6a087ed0 in render_texture (ctx=ctx@entry=0x6bfc8020, att=att@entry=0x24f3a04, fb=0x24f3858) at ../mesa-22.0.3/src/mesa/main/fbobject.c:451 #2 0x6a089320 in _mesa_update_texture_renderbuffer (ctx=ctx@entry=0x6bfc8020, fb=fb@entry=0x24f3858, att=att@entry=0x24f3a04) at ../mesa-22.0.3/src/mesa/main/fbobject.c:590 #3 0x6a08cad0 in set_texture_attachment (layered=0 '\000', layer=1778962583, samples=38787704, level=3553, texTarget=<optimized out>, texObj=0x24fda78, att=0x24f3a04, fb=0x24f3858, ctx=0x6bfc8020) at ../mesa-22.0.3/src/mesa/main/fbobject.c:631 #4 _mesa_framebuffer_texture (ctx=0x6bfc8020, fb=0x24f3858, attachment=36064, att=0x24f3a04, texObj=<optimized out>, textarget=<optimized out>, level=0, samples=0, layer=0, layered=0 '\000') at ../mesa-22.0.3/src/mesa/main/fbobject.c:4019 #5 0x6a08cdb0 in framebuffer_texture_with_dims (dims=3553, target=<optimized out>, framebuffer=<optimized out>, attachment=<optimized out>, textarget=<optimized out>, texture=<optimized out>, level=0, samples=0, layer=0, caller=0x0, dsa=false) at ../mesa-22.0.3/src/mesa/main/fbobject.c:4121 #6 0x6a08d096 in _mesa_FramebufferTexture2D (target=<optimized out>, attachment=<optimized out>, textarget=3553, texture=<optimized out>, level=0) at ../mesa-22.0.3/src/mesa/main/fbobject.c:4159 #7 0x74d28e58 in WebCore::BitmapTextureGL::createFboIfNeeded() [clone .part.0] () from /opt/browsers/1.0/sysroots/cortexa7t2hf-neon-vfpv4-poky-linux-gnueabi/usr/lib/libWPEWebKit-2.0.so.0.0.0 #8 0x74d29b0c in WebCore::BitmapTextureGL::bindAsSurface() () from /opt/browsers/1.0/sysroots/cortexa7t2hf-neon-vfpv4-poky-linux-gnueabi/usr/lib/libWPEWebKit-2.0.so.0.0.0 #9 0x74d2a984 in WebCore::TextureMapperGL::bindSurface(WebCore::BitmapTexture*) () from /opt/browsers/1.0/sysroots/cortexa7t2hf-neon-vfpv4-poky-linux-gnueabi/usr/lib/libWPEWebKit-2.0.so.0.0.0 #10 0x74d27c9c in WebCore::TextureMapperLayer::paintWith3DRenderingContext(WebCore::TextureMapperPaintOptions&) () from /opt/browsers/1.0/sysroots/cortexa7t2hf-neon-vfpv4-poky-linux-gnueabi/usr/lib/libWPEWebKit-2.0.so.0.0.0 #11 0x76e9e964 in ?? () from /opt/browsers/1.0/sysroots/cortexa7t2hf-neon-vfpv4-poky-linux-gnueabi/usr/lib/libWPEWebKit-2.0.so.0.0.0 ``` The crash seems a side-effect of: TextureMapper: Attach a depth buffer for BitmapTextureGL for 3D transform https://bugs.webkit.org/show_bug.cgi?id=244526 since this crash is not reproducible after a partial revert of the https://commits.webkit.org/255021@main commit. ``` diff diff --git a/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp b/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp index f891d9bc8c70..f627ebdecaf8 100644 --- a/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp +++ b/Source/WebCore/platform/graphics/texmap/TextureMapperLayer.cpp @@ -754,9 +754,10 @@ void TextureMapperLayer::paintRecursive(TextureMapperPaintOptions& options) SetForScope scopedOpacity(options.opacity, options.opacity * m_currentOpacity); - if (m_state.preserves3D) - paintWith3DRenderingContext(options); - else if (shouldBlend()) + if (shouldBlend()) paintUsingOverlapRegions(options); else paintSelfChildrenReplicaFilterAndMask(options); ```