219492 – ASSERTION FAILED: isMainThread() in WTF::Optional<IntSize> &WebCore::surfaceMaximumSize()

RESOLVED FIXED219492

ASSERTION FAILED: isMainThread() in WTF::Optional<IntSize> &WebCore::surfaceMaximumSize()

https://bugs.webkit.org/show_bug.cgi?id=219492

Summary ASSERTION FAILED: isMainThread() in WTF::Optional<IntSize> &WebCore::surfaceM...

Ryan Haddad

Reported 2020-12-03 08:35:24 PST

The following assertion failure is seen on debug bots with imported/w3c/web-platform-tests/html/canvas/element/imagebitmap/createImageBitmap-in-worker-transfer.html ASSERTION FAILED: isMainThread() ./platform/graphics/cocoa/IOSurface.mm(247) : WTF::Optional<IntSize> &WebCore::surfaceMaximumSize() 1 0x4f0b8ec29 WTFCrash 2 0x4ce8a9bdb WTFCrashWithInfo(int, char const*, char const*, int) 3 0x4d04d6e9c WebCore::surfaceMaximumSize() 4 0x4d04d6ebd WebCore::IOSurface::maximumSize() 5 0x4d2bf1b2c WebCore::ImageBufferIOSurfaceBackend::calculateBackendSize(WebCore::FloatSize const&, float) 6 0x4d2bf1c45 WebCore::ImageBufferIOSurfaceBackend::create(WebCore::FloatSize const&, float, WebCore::ColorSpace, CGColorSpace*, WebCore::PixelFormat, WebCore::HostWindow const*) 7 0x4d2bf2088 WebCore::ImageBufferIOSurfaceBackend::create(WebCore::FloatSize const&, float, WebCore::ColorSpace, WebCore::PixelFormat, WebCore::HostWindow const*) 8 0x4d2b0be95 WTF::RefPtr<WebCore::ConcreteImageBuffer<WebCore::ImageBufferIOSurfaceBackend>, WTF::RawPtrTraits<WebCore::ConcreteImageBuffer<WebCore::ImageBufferIOSurfaceBackend> >, WTF::DefaultRefDerefTraits<WebCore::ConcreteImageBuffer<WebCore::ImageBufferIOSurfaceBackend> > > WebCore::ConcreteImageBuffer<WebCore::ImageBufferIOSurfaceBackend>::create<WebCore::ConcreteImageBuffer<WebCore::ImageBufferIOSurfaceBackend> >(WebCore::FloatSize const&, float, WebCore::ColorSpace, WebCore::PixelFormat, WebCore::HostWindow const*) 9 0x4d2b0bda9 WebCore::ImageBuffer::create(WebCore::FloatSize const&, WebCore::RenderingMode, float, WebCore::ColorSpace, WebCore::PixelFormat, WebCore::HostWindow const*) 10 0x4d1e4ca24 WebCore::ImageBitmap::createImageBuffer(WebCore::ScriptExecutionContext&, WebCore::FloatSize const&, WebCore::RenderingMode, float) 11 0x4d1e4fb93 WebCore::ImageBitmap::createFromBuffer(WebCore::ScriptExecutionContext&, WTF::Ref<JSC::ArrayBuffer, WTF::RawPtrTraits<JSC::ArrayBuffer> >&&, WTF::String, long long, WTF::URL const&, WebCore::ImageBitmapOptions&&, WTF::Optional<WebCore::IntRect>, WebCore::DOMPromiseDeferred<WebCore::IDLInterface<WebCore::ImageBitmap> >&&) 12 0x4d1e5b5ab WebCore::PendingImageBitmap::createImageBitmapAndResolvePromise() 13 0x4d1e5c2b7 decltype(*(std::__1::forward<WebCore::PendingImageBitmap*&>(fp0)).*fp()) std::__1::__invoke<void (WebCore::PendingImageBitmap::*&)(), WebCore::PendingImageBitmap*&, void>(void (WebCore::PendingImageBitmap::*&)(), WebCore::PendingImageBitmap*&) 14 0x4d1e5c230 std::__1::__bind_return<void (WebCore::PendingImageBitmap::*)(), std::__1::tuple<WebCore::PendingImageBitmap*>, std::__1::tuple<>, __is_valid_bind_return<void (WebCore::PendingImageBitmap::*)(), std::__1::tuple<WebCore::PendingImageBitmap*>, std::__1::tuple<> >::value>::type std::__1::__apply_functor<void (WebCore::PendingImageBitmap::*)(), std::__1::tuple<WebCore::PendingImageBitmap*>, 0ul, std::__1::tuple<> >(void (WebCore::PendingImageBitmap::*&)(), std::__1::tuple<WebCore::PendingImageBitmap*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) 15 0x4d1e5c1e9 std::__1::__bind_return<void (WebCore::PendingImageBitmap::*)(), std::__1::tuple<WebCore::PendingImageBitmap*>, std::__1::tuple<>, __is_valid_bind_return<void (WebCore::PendingImageBitmap::*)(), std::__1::tuple<WebCore::PendingImageBitmap*>, std::__1::tuple<> >::value>::type std::__1::__bind<void (WebCore::PendingImageBitmap::*&)(), WebCore::PendingImageBitmap*>::operator()<>() 16 0x4d1e5c18e WTF::Detail::CallableWrapper<std::__1::__bind<void (WebCore::PendingImageBitmap::*&)(), WebCore::PendingImageBitmap*>, void>::call() 17 0x4ce8bdf32 WTF::Function<void ()>::operator()() const 18 0x4d28645ae WebCore::SuspendableTimer::fired() 19 0x4d2987a44 WebCore::ThreadTimers::sharedTimerFiredInternal() 20 0x4d2994291 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const 21 0x4d299423e WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call() 22 0x4ce8bdf32 WTF::Function<void ()>::operator()() const 23 0x4d3932a6e WebCore::WorkerSharedTimer::fire() 24 0x4d3931f5e WebCore::WorkerRunLoop::runInMode(WebCore::WorkerOrWorkletGlobalScope*, WebCore::ModePredicate const&, WebCore::WorkerRunLoop::WaitMode) 25 0x4d3930f38 WebCore::WorkerRunLoop::run(WebCore::WorkerOrWorkletGlobalScope*) 26 0x4d3930ed8 WebCore::WorkerOrWorkletThread::runEventLoop() 27 0x4d3907174 WebCore::DedicatedWorkerThread::runEventLoop() 28 0x4d393113d WebCore::WorkerOrWorkletThread::workerOrWorkletThread() 29 0x4d396258b WebCore::WorkerThread::createThread()::$_0::operator()() const 30 0x4d396253e WTF::Detail::CallableWrapper<WebCore::WorkerThread::createThread()::$_0, void>::call() 31 0x4f0bba152 WTF::Function<void ()>::operator()() const LEAK: 1 WebPageProxy

Attachments
Patch (2.24 KB, patch) 2020-12-03 13:46 PST, Tim Horton	ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (2.27 KB, patch) 2020-12-03 13:54 PST, Tim Horton	ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (2.29 KB, patch) 2020-12-03 14:18 PST, Tim Horton	no flags	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2020-12-03 08:35:40 PST

<rdar://problem/71937782>

Ryan Haddad

Comment 2 2020-12-03 08:36:17 PST

Started with https://trac.webkit.org/changeset/270392/webkit

Tim Horton

Comment 3 2020-12-03 11:22:19 PST

Oh dear!

Tim Horton

Comment 4 2020-12-03 13:46:06 PST

Created attachment 415336 [details] Patch

Tim Horton

Comment 5 2020-12-03 13:47:06 PST

Comment on attachment 415336 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=415336&action=review > Source/WebCore/platform/graphics/cocoa/IOSurface.mm:259 > + if (size.isEmpty()) { I know that this is racy (might have gotten written from elsewhere), but I don't think it matters at all.

Ryosuke Niwa

Comment 6 2020-12-03 13:51:05 PST

Comment on attachment 415336 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=415336&action=review > Source/WebCore/platform/graphics/cocoa/IOSurface.mm:253 > - surfaceMaximumSize() = size; > + surfaceMaximumSize().store(size); Can we assert that new size is not empty? > Source/WebCore/platform/graphics/cocoa/IOSurface.mm:260 > + auto computedSize = computeMaximumSurfaceSize(); We should consider asserting that this won't happen when GPU process is enabled and we're in the web content process using ProcessPrivilege.

Tim Horton

Comment 7 2020-12-03 13:54:28 PST

Created attachment 415341 [details] Patch

Tim Horton

Comment 8 2020-12-03 14:18:25 PST

Created attachment 415344 [details] Patch

EWS

Comment 9 2020-12-03 14:33:59 PST

Patch 415341 does not build

EWS

Comment 10 2020-12-03 15:15:32 PST

Committed r270410: <https://trac.webkit.org/changeset/270410> All reviewed patches have been landed. Closing bug and clearing flags on attachment 415344 [details].

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Tim Horton

Reported

2020-12-03 08:35 PST

Modified

2020-12-03 15:15 PST History

CC List

4 users Show

URL

Keywords InRadar

Depends on

Blocks