The following assertion failure is seen on debug bots with imported/w3c/web-platform-tests/html/canvas/element/imagebitmap/createImageBitmap-in-worker-transfer.html ASSERTION FAILED: isMainThread() ./platform/graphics/cocoa/IOSurface.mm(247) : WTF::Optional<IntSize> &WebCore::surfaceMaximumSize() 1 0x4f0b8ec29 WTFCrash 2 0x4ce8a9bdb WTFCrashWithInfo(int, char const*, char const*, int) 3 0x4d04d6e9c WebCore::surfaceMaximumSize() 4 0x4d04d6ebd WebCore::IOSurface::maximumSize() 5 0x4d2bf1b2c WebCore::ImageBufferIOSurfaceBackend::calculateBackendSize(WebCore::FloatSize const&, float) 6 0x4d2bf1c45 WebCore::ImageBufferIOSurfaceBackend::create(WebCore::FloatSize const&, float, WebCore::ColorSpace, CGColorSpace*, WebCore::PixelFormat, WebCore::HostWindow const*) 7 0x4d2bf2088 WebCore::ImageBufferIOSurfaceBackend::create(WebCore::FloatSize const&, float, WebCore::ColorSpace, WebCore::PixelFormat, WebCore::HostWindow const*) 8 0x4d2b0be95 WTF::RefPtr<WebCore::ConcreteImageBuffer<WebCore::ImageBufferIOSurfaceBackend>, WTF::RawPtrTraits<WebCore::ConcreteImageBuffer<WebCore::ImageBufferIOSurfaceBackend> >, WTF::DefaultRefDerefTraits<WebCore::ConcreteImageBuffer<WebCore::ImageBufferIOSurfaceBackend> > > WebCore::ConcreteImageBuffer<WebCore::ImageBufferIOSurfaceBackend>::create<WebCore::ConcreteImageBuffer<WebCore::ImageBufferIOSurfaceBackend> >(WebCore::FloatSize const&, float, WebCore::ColorSpace, WebCore::PixelFormat, WebCore::HostWindow const*) 9 0x4d2b0bda9 WebCore::ImageBuffer::create(WebCore::FloatSize const&, WebCore::RenderingMode, float, WebCore::ColorSpace, WebCore::PixelFormat, WebCore::HostWindow const*) 10 0x4d1e4ca24 WebCore::ImageBitmap::createImageBuffer(WebCore::ScriptExecutionContext&, WebCore::FloatSize const&, WebCore::RenderingMode, float) 11 0x4d1e4fb93 WebCore::ImageBitmap::createFromBuffer(WebCore::ScriptExecutionContext&, WTF::Ref<JSC::ArrayBuffer, WTF::RawPtrTraits<JSC::ArrayBuffer> >&&, WTF::String, long long, WTF::URL const&, WebCore::ImageBitmapOptions&&, WTF::Optional<WebCore::IntRect>, WebCore::DOMPromiseDeferred<WebCore::IDLInterface<WebCore::ImageBitmap> >&&) 12 0x4d1e5b5ab WebCore::PendingImageBitmap::createImageBitmapAndResolvePromise() 13 0x4d1e5c2b7 decltype(*(std::__1::forward<WebCore::PendingImageBitmap*&>(fp0)).*fp()) std::__1::__invoke<void (WebCore::PendingImageBitmap::*&)(), WebCore::PendingImageBitmap*&, void>(void (WebCore::PendingImageBitmap::*&)(), WebCore::PendingImageBitmap*&) 14 0x4d1e5c230 std::__1::__bind_return<void (WebCore::PendingImageBitmap::*)(), std::__1::tuple<WebCore::PendingImageBitmap*>, std::__1::tuple<>, __is_valid_bind_return<void (WebCore::PendingImageBitmap::*)(), std::__1::tuple<WebCore::PendingImageBitmap*>, std::__1::tuple<> >::value>::type std::__1::__apply_functor<void (WebCore::PendingImageBitmap::*)(), std::__1::tuple<WebCore::PendingImageBitmap*>, 0ul, std::__1::tuple<> >(void (WebCore::PendingImageBitmap::*&)(), std::__1::tuple<WebCore::PendingImageBitmap*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) 15 0x4d1e5c1e9 std::__1::__bind_return<void (WebCore::PendingImageBitmap::*)(), std::__1::tuple<WebCore::PendingImageBitmap*>, std::__1::tuple<>, __is_valid_bind_return<void (WebCore::PendingImageBitmap::*)(), std::__1::tuple<WebCore::PendingImageBitmap*>, std::__1::tuple<> >::value>::type std::__1::__bind<void (WebCore::PendingImageBitmap::*&)(), WebCore::PendingImageBitmap*>::operator()<>() 16 0x4d1e5c18e WTF::Detail::CallableWrapper<std::__1::__bind<void (WebCore::PendingImageBitmap::*&)(), WebCore::PendingImageBitmap*>, void>::call() 17 0x4ce8bdf32 WTF::Function<void ()>::operator()() const 18 0x4d28645ae WebCore::SuspendableTimer::fired() 19 0x4d2987a44 WebCore::ThreadTimers::sharedTimerFiredInternal() 20 0x4d2994291 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const 21 0x4d299423e WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call() 22 0x4ce8bdf32 WTF::Function<void ()>::operator()() const 23 0x4d3932a6e WebCore::WorkerSharedTimer::fire() 24 0x4d3931f5e WebCore::WorkerRunLoop::runInMode(WebCore::WorkerOrWorkletGlobalScope*, WebCore::ModePredicate const&, WebCore::WorkerRunLoop::WaitMode) 25 0x4d3930f38 WebCore::WorkerRunLoop::run(WebCore::WorkerOrWorkletGlobalScope*) 26 0x4d3930ed8 WebCore::WorkerOrWorkletThread::runEventLoop() 27 0x4d3907174 WebCore::DedicatedWorkerThread::runEventLoop() 28 0x4d393113d WebCore::WorkerOrWorkletThread::workerOrWorkletThread() 29 0x4d396258b WebCore::WorkerThread::createThread()::$_0::operator()() const 30 0x4d396253e WTF::Detail::CallableWrapper<WebCore::WorkerThread::createThread()::$_0, void>::call() 31 0x4f0bba152 WTF::Function<void ()>::operator()() const LEAK: 1 WebPageProxy
<rdar://problem/71937782>
Started with https://trac.webkit.org/changeset/270392/webkit
Oh dear!
Created attachment 415336 [details] Patch
Comment on attachment 415336 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=415336&action=review > Source/WebCore/platform/graphics/cocoa/IOSurface.mm:259 > + if (size.isEmpty()) { I know that this is racy (might have gotten written from elsewhere), but I don't think it matters at all.
Comment on attachment 415336 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=415336&action=review > Source/WebCore/platform/graphics/cocoa/IOSurface.mm:253 > - surfaceMaximumSize() = size; > + surfaceMaximumSize().store(size); Can we assert that new size is not empty? > Source/WebCore/platform/graphics/cocoa/IOSurface.mm:260 > + auto computedSize = computeMaximumSurfaceSize(); We should consider asserting that this won't happen when GPU process is enabled and we're in the web content process using ProcessPrivilege.
Created attachment 415341 [details] Patch
Created attachment 415344 [details] Patch
Patch 415341 does not build
Committed r270410: <https://trac.webkit.org/changeset/270410> All reviewed patches have been landed. Closing bug and clearing flags on attachment 415344 [details].