Bug 173866

Summary: [GTK][WPE] Assertion failure in TimerBase inside WebCore::IconRecord::setImageData
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: WebKit Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: beidson, berto, bugs-noreply, buildbot, cdumez, cgarcia, cturner, ggaren, gustavo, mcatanzaro, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari Technology Preview   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch mcatanzaro: review+

Description Ryosuke Niwa 2017-06-26 23:17:41 PDT 
I'm hitting assertions like the one below all the time when I run debug Safari:

ASSERTION FAILED: canAccessThreadLocalDataForThread(m_thread)
/Volumes/Data/webkit2/Source/WebCore/platform/Timer.cpp(214) : void WebCore::TimerBase::stop()
1   0x101a122ad WTFCrash
2   0x10cbaccfc WebCore::TimerBase::stop()
3   0x10cbacc57 WebCore::TimerBase::~TimerBase()
4   0x10a120a8d WebCore::Timer::~Timer()
5   0x10a120a25 WebCore::Timer::~Timer()
6   0x10b008051 WebCore::Image::~Image()
7   0x10a2e30e6 WebCore::BitmapImage::~BitmapImage()
8   0x10a2e3275 WebCore::BitmapImage::~BitmapImage()
9   0x10a2e3299 WebCore::BitmapImage::~BitmapImage()
10  0x10a2e861f WTF::RefCounted<WebCore::Image>::deref() const
11  0x10a2e85c5 void WTF::derefIfNotNull<WebCore::Image>(WebCore::Image*)
12  0x10a2e8583 WTF::RefPtr<WebCore::Image>::~RefPtr()
13  0x10a2e3235 WTF::RefPtr<WebCore::Image>::~RefPtr()
14  0x10a3285b3 WTF::RefPtr<WebCore::Image>& WTF::RefPtr<WebCore::Image>::operator=<WebCore::BitmapImage>(WTF::Ref<WebCore::BitmapImage>&&)
15  0x10af121a3 WebCore::IconRecord::setImageData(WTF::RefPtr<WebCore::SharedBuffer>&&)
16  0x10aeed974 WebCore::IconDatabase::setIconDataForIconURL(WebCore::SharedBuffer*, WTF::String const&)
17  0x104d90a7f WebKit::WebIconDatabase::setIconDataForIconURL(IPC::DataReference const&, WTF::String const&)
18  0x104d94e09 void IPC::callMemberFunctionImpl<WebKit::WebIconDatabase, void (WebKit::WebIconDatabase::*)(IPC::DataReference const&, WTF::String const&), std::__1::tuple<IPC::DataReference, WTF::String>, 0ul, 1ul>(WebKit::WebIconDatabase*, void (WebKit::WebIconDatabase::*)(IPC::DataReference const&, WTF::String const&), std::__1::tuple<IPC::DataReference, WTF::String>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>)
19  0x104d94be8 void IPC::callMemberFunction<WebKit::WebIconDatabase, void (WebKit::WebIconDatabase::*)(IPC::DataReference const&, WTF::String const&), std::__1::tuple<IPC::DataReference, WTF::String>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<IPC::DataReference, WTF::String>&&, WebKit::WebIconDatabase*, void (WebKit::WebIconDatabase::*)(IPC::DataReference const&, WTF::String const&))
20  0x104d93cbb void IPC::handleMessage<Messages::WebIconDatabase::SetIconDataForIconURL, WebKit::WebIconDatabase, void (WebKit::WebIconDatabase::*)(IPC::DataReference const&, WTF::String const&)>(IPC::Decoder&, WebKit::WebIconDatabase*, void (WebKit::WebIconDatabase::*)(IPC::DataReference const&, WTF::String const&))
21  0x104d938ad WebKit::WebIconDatabase::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
22  0x104d93fd4 non-virtual thunk to WebKit::WebIconDatabase::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
23  0x1047f5e4d IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)
24  0x1050f2d84 WebKit::WebProcessPool::dispatchMessage(IPC::Connection&, IPC::Decoder&)
25  0x1051264ae WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
26  0x105126574 non-virtual thunk to WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
27  0x1046ccc93 IPC::Connection::dispatchMessage(IPC::Decoder&)
28  0x1046c2228 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)
29  0x1046cd290 IPC::Connection::dispatchOneMessage()
30  0x1046e563d IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()()
31  0x1046e5599 WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call()
Comment 1 Ryosuke Niwa 2017-06-26 23:18:03 PDT 
This seems like a very recent regression. I don't recall having this issue a week ago.
Comment 2 Ryosuke Niwa 2017-06-27 00:03:26 PDT 
Reproduces at r218700. Going back to r218500...
Comment 3 Ryosuke Niwa 2017-06-27 01:32:07 PDT 
Hm... I still reproduce this at r218500 so maybe it's not a very recent regression. I'm pretty certain it's not an old assertion though because I do recall being able to browser the Web with debug builds without hitting this before.
Comment 4 Radar WebKit Bug Importer 2017-07-04 04:31:05 PDT 
<rdar://problem/33122050>
Comment 5 Michael Catanzaro 2017-08-06 05:25:23 PDT 
*** Bug 173524 has been marked as a duplicate of this bug. ***
Comment 6 Michael Catanzaro 2017-08-06 05:26:12 PDT 
(In reply to Ryosuke Niwa from comment #3)
> Hm... I still reproduce this at r218500 so maybe it's not a very recent
> regression.

I'm hitting this too. I don't remember seeing it until recently.
Comment 7 Brady Eidson 2017-08-06 08:45:56 PDT 
(In reply to Ryosuke Niwa from comment #3)
> Hm... I still reproduce this at r218500 so maybe it's not a very recent
> regression. I'm pretty certain it's not an old assertion though because I do
> recall being able to browser the Web with debug builds without hitting this
> before.

Ryosuke, I'm curious under what configuration you're seeing this, because IconDatabase no longer exists in trunk WebKit for Mac/iOS.

Therefore... you shouldn't be seeing this with Debug Safari.
Comment 8 Michael Catanzaro 2017-08-06 09:48:00 PDT 
This bug is one month old, so I bet it doesn't affect Mac anymore. It's still causing tons of crashes for WebKitGTK+, though.
Comment 9 Brady Eidson 2017-08-06 17:08:42 PDT 
(In reply to Michael Catanzaro from comment #8)
> This bug is one month old, so I bet it doesn't affect Mac anymore. It's
> still causing tons of crashes for WebKitGTK+, though.

Oh yah whoops, I misread the month Ryosuke posted it.
Comment 10 Carlos Garcia Campos 2017-08-09 23:00:48 PDT 
Michael, are you sure you are still getting crashes? WebIconDatabase no longer exists, and I fixed the crash I could reproduce in r219861. If you are still getting crashes with current trunk I need a new backtrace.
Comment 11 Carlos Garcia Campos 2017-08-10 00:12:43 PDT 
Created attachment 317788 [details]
Patch
Comment 12 Build Bot 2017-08-10 00:14:56 PDT 
Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See http://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API
Comment 13 Carlos Garcia Campos 2017-08-10 23:01:25 PDT 
Committed r220580: <http://trac.webkit.org/changeset/220580>