Created attachment 466316 [details]
Full backtrace

I hit this crash twice yesterday. Notice this=0x0 in frame 5, so the bug is that BitmapImage::m_source is null, which is illegal because that is a Ref and not a RefPtr so it should always be valid.

#0  WTF::OptionSet<WebCore::ImageSource::MetadataType>::isEmpty() const (this=<optimized out>)
    at WTF/Headers/wtf/OptionSet.h:159
#1  WTF::OptionSet<WebCore::ImageSource::MetadataType>::operator bool() (this=<optimized out>)
    at WTF/Headers/wtf/OptionSet.h:164
#2  WTF::OptionSet<WebCore::ImageSource::MetadataType>::containsAny(WTF::OptionSet<WebCore::ImageSource::MetadataType>) const (this=0x22c, optionSet=...) at WTF/Headers/wtf/OptionSet.h:173
#3  WTF::OptionSet<WebCore::ImageSource::MetadataType>::contains(WebCore::ImageSource::MetadataType) const
    (this=0x22c, option=WebCore::ImageSource::MetadataType::FrameCount) at WTF/Headers/wtf/OptionSet.h:168
#4  WebCore::ImageSource::metadataCacheIfNeeded<unsigned long>(unsigned long&, unsigned long const&, WebCore::ImageSource::MetadataType, unsigned long (WebCore::ImageDecoder::*)() const)
    (this=0x0, cachedValue=<error reading variable: Cannot access memory at address 0x1c8>, metadataType=WebCore::ImageSource::MetadataType::FrameCount, functor=&virtual table offset 56, defaultValue=<optimized out>)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/ImageSource.cpp:495
#5  WebCore::ImageSource::frameCount() (this=0x0)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/ImageSource.cpp:531
#6  0x00007ff4653c1760 in WebCore::BitmapImage::frameCount() const (this=0x7ff44a9ab780)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/BitmapImage.h:85
#7  WebCore::BitmapImage::destroyDecodedData(bool) (this=0x7ff44a9ab780, destroyAll=<optimized out>)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/BitmapImage.cpp:87
#8  0x00007ff4651f1922 in WTF::Function<void (WebCore::CachedResource&)>::operator()(WebCore::CachedResource&) const
    (this=0x7ffd5ecd1508, in=...) at WTF/Headers/wtf/Function.h:82
#9  WebCore::MemoryCache::forEachResource(WTF::Function<void (WebCore::CachedResource&)> const&)
    (this=<optimized out>, function=...)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/loader/cache/MemoryCache.cpp:226
#10 0x00007ff4651f1c10 in WebCore::MemoryCache::destroyDecodedDataForAllImages() (this=<optimized out>)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/loader/cache/MemoryCache.cpp:242
#11 0x00007ff465386fe8 in WebCore::ThreadTimers::sharedTimerFiredInternal() (this=0x7ff44a0ec2a0)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/ThreadTimers.cpp:127
#12 0x00007ff46249a443 in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_3::operator()(void*) const
    (userData=0x7ff4670823b0 <WebCore::MainThreadSharedTimer::singleton()::instance+16>, this=<optimized out>)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:177
#13 WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_3::__invoke(void*)
    (userData=0x7ff4670823b0 <WebCore::MainThreadSharedTimer::singleton()::instance+16>)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:169
#14 0x00007ff462499781 in WTF::RunLoop::$_0::operator()(_GSource*, int (*)(void*), void*) const
    (source=0x5594d757dd20, callback=0x7ff46249a3b0 <WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_3::__invoke(void*)>, userData=0x7ff4670823b0 <WebCore::MainThreadSharedTimer::singleton()::instance+16>, this=<optimized out>)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:53
#15 WTF::RunLoop::$_0::__invoke(_GSource*, int (*)(void*), void*)
    (source=0x5594d757dd20, callback=0x7ff46249a3b0 <WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_3::__invoke(void*)>, userData=0x7ff4670823b0 <WebCore::MainThreadSharedTimer::singleton()::instance+16>)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:45
#16 0x00007ff45ef8bd24 in g_main_dispatch (context=context@entry=0x5594d7254720) at ../glib/gmain.c:3474
#17 0x00007ff45ef8de27 in g_main_context_dispatch_unlocked (context=0x5594d7254720) at ../glib/gmain.c:4287
#18 g_main_context_iterate_unlocked
    (context=0x5594d7254720, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at ../glib/gmain.c:4352
#19 0x00007ff45ef8e74f in g_main_loop_run (loop=0x5594d72773d0) at ../glib/gmain.c:4554
#20 0x00007ff462499d66 in WTF::RunLoop::run() ()
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:108
#21 0x00007ff463c49a87 in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**)
     (this=0x7ffd5ecd1790, argc=3, argv=0x7ffd5ecd1928)
--Type <RET> for more, q to quit, c to continue without paging--c
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:72
#22 WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk>(int, char**) (argc=3, argv=0x7ffd5ecd1928) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:98
#23 0x00007ff462a2954a in __libc_start_call_main (main=main@entry=0x5594d61e0150 <main>, argc=argc@entry=3, argv=argv@entry=0x7ffd5ecd1928) at ../sysdeps/nptl/libc_start_call_main.h:58
#24 0x00007ff462a2960b in __libc_start_main_impl (main=0x5594d61e0150 <main>, argc=3, argv=0x7ffd5ecd1928, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=<optimized out>) at ../csu/libc-start.c:389
#25 0x00005594d61e0085 in _start ()

Line numbers correspond to 2.41.3.