Bug 173866

Summary: [GTK][WPE] Assertion failure in TimerBase inside WebCore::IconRecord::setImageData
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: WebKit Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: beidson, berto, bugs-noreply, buildbot, cdumez, cgarcia, cturner, ggaren, gustavo, mcatanzaro, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari Technology Preview   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch mcatanzaro: review+

Ryosuke Niwa
Reported 2017-06-26 23:17:41 PDT
I'm hitting assertions like the one below all the time when I run debug Safari: ASSERTION FAILED: canAccessThreadLocalDataForThread(m_thread) /Volumes/Data/webkit2/Source/WebCore/platform/Timer.cpp(214) : void WebCore::TimerBase::stop() 1 0x101a122ad WTFCrash 2 0x10cbaccfc WebCore::TimerBase::stop() 3 0x10cbacc57 WebCore::TimerBase::~TimerBase() 4 0x10a120a8d WebCore::Timer::~Timer() 5 0x10a120a25 WebCore::Timer::~Timer() 6 0x10b008051 WebCore::Image::~Image() 7 0x10a2e30e6 WebCore::BitmapImage::~BitmapImage() 8 0x10a2e3275 WebCore::BitmapImage::~BitmapImage() 9 0x10a2e3299 WebCore::BitmapImage::~BitmapImage() 10 0x10a2e861f WTF::RefCounted<WebCore::Image>::deref() const 11 0x10a2e85c5 void WTF::derefIfNotNull<WebCore::Image>(WebCore::Image*) 12 0x10a2e8583 WTF::RefPtr<WebCore::Image>::~RefPtr() 13 0x10a2e3235 WTF::RefPtr<WebCore::Image>::~RefPtr() 14 0x10a3285b3 WTF::RefPtr<WebCore::Image>& WTF::RefPtr<WebCore::Image>::operator=<WebCore::BitmapImage>(WTF::Ref<WebCore::BitmapImage>&&) 15 0x10af121a3 WebCore::IconRecord::setImageData(WTF::RefPtr<WebCore::SharedBuffer>&&) 16 0x10aeed974 WebCore::IconDatabase::setIconDataForIconURL(WebCore::SharedBuffer*, WTF::String const&) 17 0x104d90a7f WebKit::WebIconDatabase::setIconDataForIconURL(IPC::DataReference const&, WTF::String const&) 18 0x104d94e09 void IPC::callMemberFunctionImpl<WebKit::WebIconDatabase, void (WebKit::WebIconDatabase::*)(IPC::DataReference const&, WTF::String const&), std::__1::tuple<IPC::DataReference, WTF::String>, 0ul, 1ul>(WebKit::WebIconDatabase*, void (WebKit::WebIconDatabase::*)(IPC::DataReference const&, WTF::String const&), std::__1::tuple<IPC::DataReference, WTF::String>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) 19 0x104d94be8 void IPC::callMemberFunction<WebKit::WebIconDatabase, void (WebKit::WebIconDatabase::*)(IPC::DataReference const&, WTF::String const&), std::__1::tuple<IPC::DataReference, WTF::String>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<IPC::DataReference, WTF::String>&&, WebKit::WebIconDatabase*, void (WebKit::WebIconDatabase::*)(IPC::DataReference const&, WTF::String const&)) 20 0x104d93cbb void IPC::handleMessage<Messages::WebIconDatabase::SetIconDataForIconURL, WebKit::WebIconDatabase, void (WebKit::WebIconDatabase::*)(IPC::DataReference const&, WTF::String const&)>(IPC::Decoder&, WebKit::WebIconDatabase*, void (WebKit::WebIconDatabase::*)(IPC::DataReference const&, WTF::String const&)) 21 0x104d938ad WebKit::WebIconDatabase::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 22 0x104d93fd4 non-virtual thunk to WebKit::WebIconDatabase::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 23 0x1047f5e4d IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) 24 0x1050f2d84 WebKit::WebProcessPool::dispatchMessage(IPC::Connection&, IPC::Decoder&) 25 0x1051264ae WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 26 0x105126574 non-virtual thunk to WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 27 0x1046ccc93 IPC::Connection::dispatchMessage(IPC::Decoder&) 28 0x1046c2228 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) 29 0x1046cd290 IPC::Connection::dispatchOneMessage() 30 0x1046e563d IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() 31 0x1046e5599 WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call()
Attachments
Patch (12.15 KB, patch)
2017-08-10 00:12 PDT, Carlos Garcia Campos 		mcatanzaro: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2017-06-26 23:18:03 PDT
This seems like a very recent regression. I don't recall having this issue a week ago.
Ryosuke Niwa
Comment 2 2017-06-27 00:03:26 PDT
Reproduces at r218700. Going back to r218500...
Ryosuke Niwa
Comment 3 2017-06-27 01:32:07 PDT
Hm... I still reproduce this at r218500 so maybe it's not a very recent regression. I'm pretty certain it's not an old assertion though because I do recall being able to browser the Web with debug builds without hitting this before.
Radar WebKit Bug Importer
Comment 4 2017-07-04 04:31:05 PDT
<rdar://problem/33122050>
Michael Catanzaro
Comment 5 2017-08-06 05:25:23 PDT
*** Bug 173524 has been marked as a duplicate of this bug. ***
Michael Catanzaro
Comment 6 2017-08-06 05:26:12 PDT
(In reply to Ryosuke Niwa from comment #3) > Hm... I still reproduce this at r218500 so maybe it's not a very recent > regression. I'm hitting this too. I don't remember seeing it until recently.
Brady Eidson
Comment 7 2017-08-06 08:45:56 PDT
(In reply to Ryosuke Niwa from comment #3) > Hm... I still reproduce this at r218500 so maybe it's not a very recent > regression. I'm pretty certain it's not an old assertion though because I do > recall being able to browser the Web with debug builds without hitting this > before. Ryosuke, I'm curious under what configuration you're seeing this, because IconDatabase no longer exists in trunk WebKit for Mac/iOS. Therefore... you shouldn't be seeing this with Debug Safari.
Michael Catanzaro
Comment 8 2017-08-06 09:48:00 PDT
This bug is one month old, so I bet it doesn't affect Mac anymore. It's still causing tons of crashes for WebKitGTK+, though.
Brady Eidson
Comment 9 2017-08-06 17:08:42 PDT
(In reply to Michael Catanzaro from comment #8) > This bug is one month old, so I bet it doesn't affect Mac anymore. It's > still causing tons of crashes for WebKitGTK+, though. Oh yah whoops, I misread the month Ryosuke posted it.
Carlos Garcia Campos
Comment 10 2017-08-09 23:00:48 PDT
Michael, are you sure you are still getting crashes? WebIconDatabase no longer exists, and I fixed the crash I could reproduce in r219861. If you are still getting crashes with current trunk I need a new backtrace.
Carlos Garcia Campos
Comment 11 2017-08-10 00:12:43 PDT
Created attachment 317788 [details] Patch
Build Bot
Comment 12 2017-08-10 00:14:56 PDT
Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See http://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API
Carlos Garcia Campos
Comment 13 2017-08-10 23:01:25 PDT
Committed r220580: <http://trac.webkit.org/changeset/220580>
Note You need to log in before you can comment on or make changes to this bug.