Bug 182422

Summary:

Crash in imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-origin.sub.html

Product:

WebKit

Reporter:

Ms2ger (he/him; ⌚ UTC+1/+2) <Ms2ger>

Component:

Page Loading

Assignee:

youenn fablet <youennf>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, ap, beidson, commit-queue, jer.noble, jlewis3, ryanhaddad, webkit-bug-importer, youennf

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=182335

Attachments:

Description	Flags
Crash Log	none
Patch	none
Patch	none
Patch for landing	none

Description Ms2ger (he/him; ⌚ UTC+1/+2) 2018-02-02 01:24:28 PST

Thread 24 Crashed:: Dispatch queue: NSOperationQueue 0x7fc756b6db70 (QOS: UNSPECIFIED)
0   com.apple.JavaScriptCore      	0x00000001e06f6064 WTFCrash + 36 (Assertions.cpp:272)
1   com.apple.WebCore             	0x00000001d25b688a WebCore::MemoryCache::singleton() + 58 (MemoryCache.cpp:57)
2   com.apple.WebCore             	0x00000001d252202f WebCore::SubresourceLoader::willCancel(WebCore::ResourceError const&) + 223 (SubresourceLoader.cpp:666)
3   com.apple.WebCore             	0x00000001d250ca01 WebCore::ResourceLoader::cancel(WebCore::ResourceError const&) + 161 (ResourceLoader.cpp:597)
4   com.apple.WebCore             	0x00000001d250c94f WebCore::ResourceLoader::cancel() + 47 (ResourceLoader.cpp:572)
5   com.apple.WebCore             	0x00000001d252da22 WebCore::SubresourceLoader::willSendRequestInternal(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)::$_0::operator()(WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&, WebCore::ResourceRequest&&)::'lambda'(WebCore::ResourceRequest&&)::operator()(WebCore::ResourceRequest&&) + 130 (SubresourceLoader.cpp:196)
6   com.apple.WebCore             	0x00000001d252d8d4 WTF::Function<void (WebCore::ResourceRequest&&)>::CallableWrapper<WebCore::SubresourceLoader::willSendRequestInternal(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)::$_0::operator()(WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&, WebCore::ResourceRequest&&)::'lambda'(WebCore::ResourceRequest&&)>::call(WebCore::ResourceRequest&&) + 52 (Function.h:101)
7   com.apple.WebCore             	0x00000001d0b257ee WTF::Function<void (WebCore::ResourceRequest&&)>::operator()(WebCore::ResourceRequest&&) const + 158 (Function.h:56)
8   com.apple.WebCore             	0x00000001d0b256f9 WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>::operator()(WebCore::ResourceRequest&&) const + 137 (CompletionHandler.h:60)
9   com.apple.WebCore             	0x00000001d250bf3a WebCore::ResourceLoader::willSendRequestInternal(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&) + 1594 (ResourceLoader.cpp:426)
10  com.apple.WebCore             	0x00000001d2520471 WebCore::SubresourceLoader::willSendRequestInternal(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)::$_0::operator()(WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&, WebCore::ResourceRequest&&) + 417 (SubresourceLoader.cpp:190)
11  com.apple.WebCore             	0x00000001d2530de4 WebCore::SubresourceLoader::willSendRequestInternal(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)::$_3::operator()(WebCore::ResourceRequest&&) + 68 (SubresourceLoader.cpp:260)
12  com.apple.WebCore             	0x00000001d2530cf4 WTF::Function<void (WebCore::ResourceRequest&&)>::CallableWrapper<WebCore::SubresourceLoader::willSendRequestInternal(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)::$_3>::call(WebCore::ResourceRequest&&) + 52 (Function.h:101)
13  com.apple.WebCore             	0x00000001d0b257ee WTF::Function<void (WebCore::ResourceRequest&&)>::operator()(WebCore::ResourceRequest&&) const + 158 (Function.h:56)
14  com.apple.WebCore             	0x00000001d0b256f9 WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>::operator()(WebCore::ResourceRequest&&) const + 137 (CompletionHandler.h:60)
15  com.apple.WebCore             	0x00000001d258387b WebCore::CachedResource::redirectReceived(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&) + 155 (CachedResource.cpp:466)
16  com.apple.WebCore             	0x00000001d25a1cfc WebCore::CachedRawResource::redirectReceived(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)::$_1::operator()(WebCore::ResourceRequest&&) + 92 (CachedRawResource.cpp:189)
17  com.apple.WebCore             	0x00000001d25a1bd4 WTF::Function<void (WebCore::ResourceRequest&&)>::CallableWrapper<WebCore::CachedRawResource::redirectReceived(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)::$_1>::call(WebCore::ResourceRequest&&) + 52 (Function.h:101)
18  com.apple.WebCore             	0x00000001d0b257ee WTF::Function<void (WebCore::ResourceRequest&&)>::operator()(WebCore::ResourceRequest&&) const + 158 (Function.h:56)
19  com.apple.WebCore             	0x00000001d0b256f9 WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>::operator()(WebCore::ResourceRequest&&) const + 137 (CompletionHandler.h:60)
20  com.apple.WebCore             	0x00000001d258398b WebCore::iterateClients(WebCore::CachedResourceClientWalker<WebCore::CachedRawResourceClient>&&, WebCore::CachedResourceHandle<WebCore::CachedRawResource>&&, WebCore::ResourceRequest&&, std::__1::unique_ptr<WebCore::ResourceResponse, std::__1::default_delete<WebCore::ResourceResponse> >&&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&) + 123 (CachedRawResource.cpp:174)
21  com.apple.WebCore             	0x00000001d2597bd1 WebCore::iterateClients(WebCore::CachedResourceClientWalker<WebCore::CachedRawResourceClient>&&, WebCore::CachedResourceHandle<WebCore::CachedRawResource>&&, WebCore::ResourceRequest&&, std::__1::unique_ptr<WebCore::ResourceResponse, std::__1::default_delete<WebCore::ResourceResponse> >&&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)::$_5::operator()(WebCore::ResourceRequest&&) + 129 (CachedRawResource.cpp:178)
22  com.apple.WebCore             	0x00000001d2597934 WTF::Function<void (WebCore::ResourceRequest&&)>::CallableWrapper<WebCore::iterateClients(WebCore::CachedResourceClientWalker<WebCore::CachedRawResourceClient>&&, WebCore::CachedResourceHandle<WebCore::CachedRawResource>&&, WebCore::ResourceRequest&&, std::__1::unique_ptr<WebCore::ResourceResponse, std::__1::default_delete<WebCore::ResourceResponse> >&&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)::$_5>::call(WebCore::ResourceRequest&&) + 52 (Function.h:101)
23  com.apple.WebCore             	0x00000001d0b257ee WTF::Function<void (WebCore::ResourceRequest&&)>::operator()(WebCore::ResourceRequest&&) const + 158 (Function.h:56)
24  com.apple.WebCore             	0x00000001d0b256f9 WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>::operator()(WebCore::ResourceRequest&&) const + 137 (CompletionHandler.h:60)
25  com.apple.WebCore             	0x00000001d34982d0 -[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:completionHandler:]::$_11::operator()() + 608 (WebCoreNSURLSession.mm:635)
26  com.apple.WebCore             	0x00000001d3497e59 WTF::Function<void ()>::CallableWrapper<-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:completionHandler:]::$_11>::call() + 25 (Function.h:101)
27  com.apple.WebCore             	0x00000001d000d31b WTF::Function<void ()>::operator()() const + 139 (Function.h:56)
28  com.apple.WebCore             	0x00000001d3490730 WTF::BlockPtr<void ()> WTF::BlockPtr<void ()>::fromCallable<WTF::Function<void ()> >(WTF::Function<void ()>)::'lambda'(void*)::operator()(void*) const + 32 (BlockPtr.h:94)
29  com.apple.WebCore             	0x00000001d3490708 WTF::BlockPtr<void ()> WTF::BlockPtr<void ()>::fromCallable<WTF::Function<void ()> >(WTF::Function<void ()>)::'lambda'(void*)::__invoke(void*) + 24 (BlockPtr.h:93)
30  com.apple.Foundation          	0x00007fff349f622f __NSBLOCKOPERATION_IS_CALLING_OUT_TO_A_BLOCK__ + 7
31  com.apple.Foundation          	0x00007fff349f6091 -[NSBlockOperation main] + 68
32  com.apple.Foundation          	0x00007fff349f453e -[__NSOperationInternal _start:] + 778
33  com.apple.Foundation          	0x00007fff349f0567 __NSOQSchedule_f + 369
34  libdispatch.dylib             	0x00007fff5a24bd50 _dispatch_client_callout + 8
35  libdispatch.dylib             	0x00007fff5a25ee76 _dispatch_continuation_pop + 472
36  libdispatch.dylib             	0x00007fff5a2566cb _dispatch_async_redirect_invoke + 703
37  libdispatch.dylib             	0x00007fff5a24d941 _dispatch_root_queue_drain + 515
38  libdispatch.dylib             	0x00007fff5a24d6ed _dispatch_worker_thread3 + 101
39  libsystem_pthread.dylib       	0x00007fff5a5101ca _pthread_wqthread + 1387
40  libsystem_pthread.dylib       	0x00007fff5a50fc4d start_wqthread + 13

Comment 1 Alexey Proskuryakov 2018-02-02 21:28:07 PST

Whoa, ResourceLoader code certainly shouldn’t be running on a secondary thread.

Comment 2 Radar WebKit Bug Importer 2018-02-02 21:28:38 PST

<rdar://problem/37182665>

Comment 3 Alexey Proskuryakov 2018-02-05 09:16:03 PST

What were you doing when you hit this crash? Can you attach a complete crash log?

Comment 4 Matt Lewis 2018-02-05 10:30:27 PST

Created attachment 333094 [details]
Crash Log

This crash occurred after https://bugs.webkit.org/show_bug.cgi?id=182335

I looks like the update caused the assertion failure to occur with this test on Debug platforms and the crash. While the crash is blaming other tests, this test is consistently crashing with the assertion. The test was marked as crashing in the same commit as the test being updated: https://trac.webkit.org/changeset/228003

Attaching the full crash.

Here is the assertion:

ASSERTION FAILED: WTF::isMainThread()
/Volumes/Data/slave/highsierra-debug/build/Source/WebCore/loader/cache/MemoryCache.cpp(57) : static WebCore::MemoryCache &WebCore::MemoryCache::singleton()
1   0x1e06f605d WTFCrash
2   0x1d25b688a WebCore::MemoryCache::singleton()
3   0x1d252202f WebCore::SubresourceLoader::willCancel(WebCore::ResourceError const&)
4   0x1d250ca01 WebCore::ResourceLoader::cancel(WebCore::ResourceError const&)
5   0x1d250c94f WebCore::ResourceLoader::cancel()
6   0x1d252da22 WebCore::SubresourceLoader::willSendRequestInternal(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)::$_0::operator()(WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&, WebCore::ResourceRequest&&)::'lambda'(WebCore::ResourceRequest&&)::operator()(WebCore::ResourceRequest&&)
7   0x1d252d8d4 WTF::Function<void (WebCore::ResourceRequest&&)>::CallableWrapper<WebCore::SubresourceLoader::willSendRequestInternal(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)::$_0::operator()(WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&, WebCore::ResourceRequest&&)::'lambda'(WebCore::ResourceRequest&&)>::call(WebCore::ResourceRequest&&)
8   0x1d0b257ee WTF::Function<void (WebCore::ResourceRequest&&)>::operator()(WebCore::ResourceRequest&&) const
9   0x1d0b256f9 WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>::operator()(WebCore::ResourceRequest&&) const
10  0x1d250bf3a WebCore::ResourceLoader::willSendRequestInternal(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)
11  0x1d2520471 WebCore::SubresourceLoader::willSendRequestInternal(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)::$_0::operator()(WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&, WebCore::ResourceRequest&&)
12  0x1d2530de4 WebCore::SubresourceLoader::willSendRequestInternal(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)::$_3::operator()(WebCore::ResourceRequest&&)
13  0x1d2530cf4 WTF::Function<void (WebCore::ResourceRequest&&)>::CallableWrapper<WebCore::SubresourceLoader::willSendRequestInternal(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)::$_3>::call(WebCore::ResourceRequest&&)
14  0x1d0b257ee WTF::Function<void (WebCore::ResourceRequest&&)>::operator()(WebCore::ResourceRequest&&) const
15  0x1d0b256f9 WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>::operator()(WebCore::ResourceRequest&&) const
16  0x1d258387b WebCore::CachedResource::redirectReceived(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)
17  0x1d25a1cfc WebCore::CachedRawResource::redirectReceived(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)::$_1::operator()(WebCore::ResourceRequest&&)
18  0x1d25a1bd4 WTF::Function<void (WebCore::ResourceRequest&&)>::CallableWrapper<WebCore::CachedRawResource::redirectReceived(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)::$_1>::call(WebCore::ResourceRequest&&)
19  0x1d0b257ee WTF::Function<void (WebCore::ResourceRequest&&)>::operator()(WebCore::ResourceRequest&&) const
20  0x1d0b256f9 WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>::operator()(WebCore::ResourceRequest&&) const
21  0x1d258398b WebCore::iterateClients(WebCore::CachedResourceClientWalker<WebCore::CachedRawResourceClient>&&, WebCore::CachedResourceHandle<WebCore::CachedRawResource>&&, WebCore::ResourceRequest&&, std::__1::unique_ptr<WebCore::ResourceResponse, std::__1::default_delete<WebCore::ResourceResponse> >&&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)
22  0x1d2597bd1 WebCore::iterateClients(WebCore::CachedResourceClientWalker<WebCore::CachedRawResourceClient>&&, WebCore::CachedResourceHandle<WebCore::CachedRawResource>&&, WebCore::ResourceRequest&&, std::__1::unique_ptr<WebCore::ResourceResponse, std::__1::default_delete<WebCore::ResourceResponse> >&&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)::$_5::operator()(WebCore::ResourceRequest&&)
23  0x1d2597934 WTF::Function<void (WebCore::ResourceRequest&&)>::CallableWrapper<WebCore::iterateClients(WebCore::CachedResourceClientWalker<WebCore::CachedRawResourceClient>&&, WebCore::CachedResourceHandle<WebCore::CachedRawResource>&&, WebCore::ResourceRequest&&, std::__1::unique_ptr<WebCore::ResourceResponse, std::__1::default_delete<WebCore::ResourceResponse> >&&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)::$_5>::call(WebCore::ResourceRequest&&)
24  0x1d0b257ee WTF::Function<void (WebCore::ResourceRequest&&)>::operator()(WebCore::ResourceRequest&&) const
25  0x1d0b256f9 WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>::operator()(WebCore::ResourceRequest&&) const
26  0x1d34982d0 -[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:completionHandler:]::$_11::operator()()
27  0x1d3497e59 WTF::Function<void ()>::CallableWrapper<-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:completionHandler:]::$_11>::call()
28  0x1d000d31b WTF::Function<void ()>::operator()() const
29  0x1d3490730 WTF::BlockPtr<void ()> WTF::BlockPtr<void ()>::fromCallable<WTF::Function<void ()> >(WTF::Function<void ()>)::'lambda'(void*)::operator()(void*) const
30  0x1d3490708 WTF::BlockPtr<void ()> WTF::BlockPtr<void ()>::fromCallable<WTF::Function<void ()> >(WTF::Function<void ()>)::'lambda'(void*)::__invoke(void*)
31  0x7fff349f622f __NSBLOCKOPERATION_IS_CALLING_OUT_TO_A_BLOCK__
LEAK: 2 WebPageProxy

The crash can be found under other on this build:
https://build.webkit.org/results/Apple%20High%20Sierra%20Debug%20WK2%20(Tests)/r228095%20(1931)/results.html

Comment 5 Matt Lewis 2018-02-05 10:46:43 PST

I was able to reproduce the crash with:

run-webkit-tests --no-retry-failure --verbose --debug imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-origin.sub.html


I temporarily skipped the test in https://trac.webkit.org/changeset/228104/webkit

Comment 6 youenn fablet 2018-02-05 11:12:19 PST

Looked at it a bit.
We are crashing in case of redirection in the video loading case.
Issue might come from changes done in https://bugs.webkit.org/show_bug.cgi?id=179539.

Comment 7 youenn fablet 2018-02-05 11:30:14 PST

Created attachment 333101 [details]
Patch

Comment 8 youenn fablet 2018-02-05 12:34:51 PST

Created attachment 333110 [details]
Patch

Comment 9 Alex Christensen 2018-02-05 14:23:13 PST

Comment on attachment 333110 [details]
Patch

Let's add a lambda wrapping the completion handler in WebCoreNSURLSessionDataTaskClient::redirectReceived and adding an assertion that we're on the main thread.

Comment 10 youenn fablet 2018-02-05 15:55:23 PST

Created attachment 333129 [details]
Patch for landing

Comment 11 WebKit Commit Bot 2018-02-05 19:57:36 PST

Comment on attachment 333129 [details]
Patch for landing

Clearing flags on attachment: 333129

Committed r228150: <https://trac.webkit.org/changeset/228150>

Comment 12 WebKit Commit Bot 2018-02-05 19:57:38 PST

All reviewed patches have been landed.  Closing bug.