Bug 238298

Summary: [GPU Process] RemoteRenderingBackend::stopListeningForIPC() should not change the RemoteResourceCache on the main thread
Product: WebKit Reporter: Ryan Haddad <ryanhaddad>
Component: Layout and RenderingAssignee: Said Abou-Hallawa <sabouhallawa>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, cdumez, jonlee, kkinnunen, sabouhallawa, simon.fraser, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: Safari 13   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 236508    
Attachments:
Description Flags
crash log
none
Patch
none
Patch
simon.fraser: review+
Patch none

Ryan Haddad
Reported 2022-03-23 16:18:53 PDT
The following assertion failure is seen on iOS debug bots: ASSERTION FAILED: imageBufferCount == m_imageBufferCount /Volumes/Data/worker/ios-simulator-15-debug/build/Source/WebKit/GPUProcess/graphics/QualifiedResourceHeap.h(225) : void WebKit::QualifiedResourceHeap::checkInvariants() const 1 0x1438b6b09 WTFCrash 2 0x125dc1b4b WTFCrashWithInfo(int, char const*, char const*, int) 3 0x126a10bbd WebKit::QualifiedResourceHeap::checkInvariants() const 4 0x126a1daac void WebKit::QualifiedResourceHeap::add<WebCore::Font>(WebCore::ProcessQualified<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&, unsigned int&) 5 0x126a04cd4 WebKit::QualifiedResourceHeap::add(WebCore::ProcessQualified<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&) 6 0x126a03026 WebKit::RemoteResourceCache::cacheFont(WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&, WebCore::ProcessQualified<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >) 7 0x126a02f46 WebKit::RemoteRenderingBackend::cacheFontWithQualifiedIdentifier(WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&, WebCore::ProcessQualified<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >) 8 0x126a02e09 WebKit::RemoteRenderingBackend::cacheFont(WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&) 9 0x1269b1817 void IPC::callMemberFunctionImpl<WebKit::RemoteRenderingBackend, void (WebKit::RemoteRenderingBackend::*)(WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&), std::__1::tuple<WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> > >, 0ul>(WebKit::RemoteRenderingBackend*, void (WebKit::RemoteRenderingBackend::*)(WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&), std::__1::tuple<WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> > >&&, std::__1::integer_sequence<unsigned long, 0ul>) 10 0x1269b044d void IPC::callMemberFunction<WebKit::RemoteRenderingBackend, void (WebKit::RemoteRenderingBackend::*)(WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&), std::__1::tuple<WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> > >, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> > >&&, WebKit::RemoteRenderingBackend*, void (WebKit::RemoteRenderingBackend::*)(WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&)) 11 0x12699c88a void IPC::handleMessage<Messages::RemoteRenderingBackend::CacheFont, WebKit::RemoteRenderingBackend, void (WebKit::RemoteRenderingBackend::*)(WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&)>(IPC::Connection&, IPC::Decoder&, WebKit::RemoteRenderingBackend*, void (WebKit::RemoteRenderingBackend::*)(WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&)) 12 0x12699be51 WebKit::RemoteRenderingBackend::didReceiveStreamMessage(IPC::StreamServerConnectionBase&, IPC::Decoder&) 13 0x12727b778 IPC::StreamServerConnection::dispatchOutOfStreamMessage(IPC::Decoder&&) 14 0x12727b1a6 IPC::StreamServerConnection::dispatchStreamMessages(unsigned long) 15 0x127279ad4 IPC::StreamConnectionWorkQueue::processStreams() 16 0x1272827e0 IPC::StreamConnectionWorkQueue::startProcessingThread()::$_0::operator()() 17 0x127282799 WTF::Detail::CallableWrapper<IPC::StreamConnectionWorkQueue::startProcessingThread()::$_0, void>::call() 18 0x1438e4692 WTF::Function<void ()>::operator()() const 19 0x1439ba948 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) 20 0x1439c8bb5 WTF::wtfThreadEntryPoint(void*) 21 0x7fff6bfee8fc _pthread_start 22 0x7fff6bfea443 thread_start LEAK: 2 WebPageProxy https://build.webkit.org/results/Apple-iOS-15-Simulator-Debug-WK2-Tests/r291751%20(2042)/results.html
Attachments
crash log (129.69 KB, text/plain)
2022-03-23 16:22 PDT, Ryan Haddad 		no flags
Details
Patch (9.02 KB, patch)
2022-03-24 14:54 PDT, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Patch (3.22 KB, patch)
2022-03-24 23:59 PDT, Said Abou-Hallawa 		simon.fraser: review+
DetailsFormatted DiffDiff
Patch (3.66 KB, patch)
2022-03-25 10:46 PDT, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2022-03-23 16:20:15 PDT
<rdar://problem/90731372>
Ryan Haddad
Comment 2 2022-03-23 16:20:57 PDT
crypto/subtle/rsa-indexeddb-non-exportable.html
Ryan Haddad
Comment 3 2022-03-23 16:22:08 PDT
Created attachment 455580 [details] crash log
Said Abou-Hallawa
Comment 4 2022-03-24 00:54:29 PDT
This seems a threading issue in the RemoteResourceCache.
Said Abou-Hallawa
Comment 5 2022-03-24 00:55:03 PDT
*** Bug 238299 has been marked as a duplicate of this bug. ***
Said Abou-Hallawa
Comment 6 2022-03-24 14:54:38 PDT
Created attachment 455690 [details] Patch
Simon Fraser (smfr)
Comment 7 2022-03-24 17:17:30 PDT
Comment on attachment 455690 [details] Patch We determined that there's a cleaner way to fix this.
Said Abou-Hallawa
Comment 8 2022-03-24 23:59:28 PDT
Created attachment 455734 [details] Patch
Simon Fraser (smfr)
Comment 9 2022-03-25 09:25:10 PDT
Comment on attachment 455734 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=455734&action=review > Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp:123 > + m_workQueue->dispatch([&] { > + m_remoteResourceCache = { m_gpuConnectionToWebProcess->webProcessIdentifier() }; > + m_renderingResourcesRequest = { }; > + }); > m_workQueue->stopAndWaitForCompletion(); I guess the idea here is that m_workQueue->dispatch() appends this item to the work queue so that stopAndWaitForCompletion() will process it last, after any existing work? Seems ok. Maybe the comment could make that clearer.
Said Abou-Hallawa
Comment 10 2022-03-25 10:46:51 PDT
Created attachment 455781 [details] Patch
EWS
Comment 11 2022-03-25 13:08:47 PDT
Committed r291881 (248880@main): <https://commits.webkit.org/248880@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 455781 [details].
Note You need to log in before you can comment on or make changes to this bug.