After r289518, this bug has surfaced because now the intermediate ImageBuffers have to match the underlying ImageBuffer of the GraphicsContext. This means we create RemoteImageBufferProxy and we exercise the rendering through GPUProcess more often. The current implementation of sinkIntoNativeImage() and sinkIntoImage() has to go through the backend which is not right for RemoteImageBufferProxy. Accessing the IOSurface backend should only happen in GPUProcess. Otherwise we will hit this release assert: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 WebKit 0x1d54e99a4 WTFCrashWithInfo(int, char const*, char const*, int) 1 WebKit 0x1d5b3940a WebKit::ImageBufferRemoteIOSurfaceBackend::copyImage(WebCore::BackingStoreCopy, WebCore::PreserveResolution) const 2 WebCore 0x1d78e195e WebCore::GradientImage::drawPattern(WebCore::GraphicsContext&, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::AffineTransform const&, WebCore::FloatPoint const&, WebCore::FloatSize const&, WebCore::ImagePaintingOptions const&) 3 WebCore 0x1d78f533a WebCore::Image::drawTiled(WebCore::GraphicsContext&, WebCore::FloatRect const&, WebCore::FloatPoint const&, WebCore::FloatSize const&, WebCore::FloatSize const&, WebCore::ImagePaintingOptions const&) 4 WebCore 0x1d7b2a192 WebCore::RenderBoxModelObject::paintFillLayerExtended(WebCore::PaintInfo const&, WebCore::Color const&, WebCore::FillLayer const&, WebCore::LayoutRect const&, WebCore::BackgroundBleedAvoidance, WebCore::InlineIterator::InlineBoxIterator const&, WebCore::LayoutRect const&, WebCore::CompositeOperator, WebCore::RenderElement*, WebCore::BaseBackgroundColorUsage) 5 WebCore 0x1d7b1f72e WebCore::RenderBox::paintFillLayers(WebCore::PaintInfo const&, WebCore::Color const&, WebCore::FillLayer const&, WebCore::LayoutRect const&, WebCore::BackgroundBleedAvoidance, WebCore::CompositeOperator, WebCore::RenderElement*) 6 WebCore 0x1d7b23bc6 WebCore::RenderBox::paintBackground(WebCore::PaintInfo const&, WebCore::LayoutRect const&, WebCore::BackgroundBleedAvoidance) 7 WebCore 0x1d7b204c2 WebCore::RenderBox::paintBoxDecorations(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 8 WebCore 0x1d7af0616 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 9 WebCore 0x1d7aef806 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 10 WebCore 0x1d7ba6aee WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) 11 WebCore 0x1d7ba706e WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) 12 WebCore 0x1d7ba706e WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) 13 WebCore 0x1d7ba706e WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) 14 WebCore 0x1d7bc48d2 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::EventRegionContext*)::$_26::operator()(WebCore::RenderLayer&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) const 15 WebCore 0x1d7bc459e WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::EventRegionContext*) 16 WebCore 0x1d7bc4e9e WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) 17 WebCore 0x1d794f77a WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) 18 WebCore 0x1d6a19626 WebCore::PlatformCALayer::drawLayerContents(WebCore::GraphicsContext&, WebCore::PlatformCALayer*, WTF::Vector<WebCore::FloatRect, 5ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, unsigned int) 19 WebCore 0x1d7964426 WebCore::TileGrid::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) 20 WebKit 0x1d566f67a WebKit::RemoteLayerBackingStore::display() 21 WebKit 0x1d5bfc312 WebKit::PlatformCALayerRemote::recursiveBuildTransaction(WebKit::RemoteLayerTreeContext&, WebKit::RemoteLayerTreeTransaction&) 22 WebKit 0x1d5bfc406 WebKit::PlatformCALayerRemote::recursiveBuildTransaction(WebKit::RemoteLayerTreeContext&, WebKit::RemoteLayerTreeTransaction&) 23 WebKit 0x1d5bfc406 WebKit::PlatformCALayerRemote::recursiveBuildTransaction(WebKit::RemoteLayerTreeContext&, WebKit::RemoteLayerTreeTransaction&) 24 WebKit 0x1d5bfc406 WebKit::PlatformCALayerRemote::recursiveBuildTransaction(WebKit::RemoteLayerTreeContext&, WebKit::RemoteLayerTreeTransaction&) 25 WebKit 0x1d5bfc406 WebKit::PlatformCALayerRemote::recursiveBuildTransaction(WebKit::RemoteLayerTreeContext&, WebKit::RemoteLayerTreeTransaction&) 26 WebKit 0x1d59652fa WebKit::RemoteLayerTreeContext::buildTransaction(WebKit::RemoteLayerTreeTransaction&, WebCore::PlatformCALayer&) 27 WebKit 0x1d5594fae WebKit::RemoteLayerTreeDrawingArea::updateRendering() 28 WebCore 0x1d786b28e WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call() 29 WebCore 0x1d78904ae WebCore::timerFired(__CFRunLoopTimer*, void*) 30 CoreFoundation 0x1c695e54c __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 28 /Library/Caches/com.apple.xbs/Sources/CoreFoundation/CoreFoundation/RunLoop.subproj/CFRunLoop.c:1805 31 CoreFoundation 0x1c68e6fcc __CFRunLoopDoTimer + 1012 /Library/Caches/com.apple.xbs/Sources/CoreFoundation/CoreFoundation/RunLoop.subproj/CFRunLoop.c:2413 32 CoreFoundation 0x1c68e1bbc __CFRunLoopDoTimers + 300 /Library/Caches/com.apple.xbs/Sources/CoreFoundation/CoreFoundation/RunLoop.subproj/CFRunLoop.c:2573 33 CoreFoundation 0x1c68c11c4 __CFRunLoopRun + 1856 /Library/Caches/com.apple.xbs/Sources/CoreFoundation/CoreFoundation/RunLoop.subproj/CFRunLoop.c:3109 34 CoreFoundation 0x1c68d4278 CFRunLoopRunSpecific + 568 /Library/Caches/com.apple.xbs/Sources/CoreFoundation/CoreFoundation/RunLoop.subproj/CFRunLoop.c:3261 35 Foundation 0x1c7f26a1c -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 232 /Library/Caches/com.apple.xbs/Sources/Foundation/Foundation/Soil.subproj/NSRunLoop.m:373 36 Foundation 0x1c7f271e0 -[NSRunLoop(NSRunLoop) run] + 88 /Library/Caches/com.apple.xbs/Sources/Foundation/Foundation/Soil.subproj/NSRunLoop.m:398 37 libxpc.dylib 0x235aedcbc _xpc_objc_main + 508 /Library/Caches/com.apple.xbs/Sources/libxpc/src/main.m:246 38 libxpc.dylib 0x235aefe5c xpc_main + 152 /Library/Caches/com.apple.xbs/Sources/libxpc/src/init.c:1192 39 WebKit 0x1d566de5e WebKit::XPCServiceMain(int, char const**) 40 WebKit 0x1d5d5c7f6 WKXPCServiceMain 41 dyld 0x24b0fa694 start + 556 /Library/Caches/com.apple.xbs/Sources/dyld/dyld/dyldMain.cpp:1003
Created attachment 451643 [details] Patch
<rdar://problem/88863016>
Created attachment 451863 [details] Patch
Committed r289766 (247238@main): <https://commits.webkit.org/247238@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 451863 [details].