238298 – [GPU Process] RemoteRenderingBackend::stopListeningForIPC() should not change the RemoteResourceCache on the main thread

RESOLVED FIXED Bug 238298

[GPU Process] RemoteRenderingBackend::stopListeningForIPC() should not change the RemoteResourceCache on the main thread

https://bugs.webkit.org/show_bug.cgi?id=238298

Summary [GPU Process] RemoteRenderingBackend::stopListeningForIPC() should not change...

Ryan Haddad

Reported 2022-03-23 16:18:53 PDT

The following assertion failure is seen on iOS debug bots: ASSERTION FAILED: imageBufferCount == m_imageBufferCount /Volumes/Data/worker/ios-simulator-15-debug/build/Source/WebKit/GPUProcess/graphics/QualifiedResourceHeap.h(225) : void WebKit::QualifiedResourceHeap::checkInvariants() const 1 0x1438b6b09 WTFCrash 2 0x125dc1b4b WTFCrashWithInfo(int, char const*, char const*, int) 3 0x126a10bbd WebKit::QualifiedResourceHeap::checkInvariants() const 4 0x126a1daac void WebKit::QualifiedResourceHeap::add<WebCore::Font>(WebCore::ProcessQualified<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&, unsigned int&) 5 0x126a04cd4 WebKit::QualifiedResourceHeap::add(WebCore::ProcessQualified<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >, WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&) 6 0x126a03026 WebKit::RemoteResourceCache::cacheFont(WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&, WebCore::ProcessQualified<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >) 7 0x126a02f46 WebKit::RemoteRenderingBackend::cacheFontWithQualifiedIdentifier(WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&, WebCore::ProcessQualified<WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType> >) 8 0x126a02e09 WebKit::RemoteRenderingBackend::cacheFont(WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&) 9 0x1269b1817 void IPC::callMemberFunctionImpl<WebKit::RemoteRenderingBackend, void (WebKit::RemoteRenderingBackend::*)(WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&), std::__1::tuple<WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> > >, 0ul>(WebKit::RemoteRenderingBackend*, void (WebKit::RemoteRenderingBackend::*)(WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&), std::__1::tuple<WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> > >&&, std::__1::integer_sequence<unsigned long, 0ul>) 10 0x1269b044d void IPC::callMemberFunction<WebKit::RemoteRenderingBackend, void (WebKit::RemoteRenderingBackend::*)(WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&), std::__1::tuple<WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> > >, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> > >&&, WebKit::RemoteRenderingBackend*, void (WebKit::RemoteRenderingBackend::*)(WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&)) 11 0x12699c88a void IPC::handleMessage<Messages::RemoteRenderingBackend::CacheFont, WebKit::RemoteRenderingBackend, void (WebKit::RemoteRenderingBackend::*)(WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&)>(IPC::Connection&, IPC::Decoder&, WebKit::RemoteRenderingBackend*, void (WebKit::RemoteRenderingBackend::*)(WTF::Ref<WebCore::Font, WTF::RawPtrTraits<WebCore::Font> >&&)) 12 0x12699be51 WebKit::RemoteRenderingBackend::didReceiveStreamMessage(IPC::StreamServerConnectionBase&, IPC::Decoder&) 13 0x12727b778 IPC::StreamServerConnection::dispatchOutOfStreamMessage(IPC::Decoder&&) 14 0x12727b1a6 IPC::StreamServerConnection::dispatchStreamMessages(unsigned long) 15 0x127279ad4 IPC::StreamConnectionWorkQueue::processStreams() 16 0x1272827e0 IPC::StreamConnectionWorkQueue::startProcessingThread()::$_0::operator()() 17 0x127282799 WTF::Detail::CallableWrapper<IPC::StreamConnectionWorkQueue::startProcessingThread()::$_0, void>::call() 18 0x1438e4692 WTF::Function<void ()>::operator()() const 19 0x1439ba948 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) 20 0x1439c8bb5 WTF::wtfThreadEntryPoint(void*) 21 0x7fff6bfee8fc _pthread_start 22 0x7fff6bfea443 thread_start LEAK: 2 WebPageProxy https://build.webkit.org/results/Apple-iOS-15-Simulator-Debug-WK2-Tests/r291751%20(2042)/results.html

Attachments
crash log (129.69 KB, text/plain) 2022-03-23 16:22 PDT, Ryan Haddad	no flags	Details
Patch (9.02 KB, patch) 2022-03-24 14:54 PDT, Said Abou-Hallawa	no flags	Details Formatted Diff Diff
Patch (3.22 KB, patch) 2022-03-24 23:59 PDT, Said Abou-Hallawa	simon.fraser: review+	Details Formatted Diff Diff
Patch (3.66 KB, patch) 2022-03-25 10:46 PDT, Said Abou-Hallawa	no flags	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2022-03-23 16:20:15 PDT

<rdar://problem/90731372>

Ryan Haddad

Comment 2 2022-03-23 16:20:57 PDT

crypto/subtle/rsa-indexeddb-non-exportable.html

Ryan Haddad

Comment 3 2022-03-23 16:22:08 PDT

Created attachment 455580 [details] crash log

Said Abou-Hallawa

Comment 4 2022-03-24 00:54:29 PDT

This seems a threading issue in the RemoteResourceCache.

Said Abou-Hallawa

Comment 5 2022-03-24 00:55:03 PDT

*** Bug 238299 has been marked as a duplicate of this bug. ***

Said Abou-Hallawa

Comment 6 2022-03-24 14:54:38 PDT

Created attachment 455690 [details] Patch

Simon Fraser (smfr)

Comment 7 2022-03-24 17:17:30 PDT

Comment on attachment 455690 [details] Patch We determined that there's a cleaner way to fix this.

Said Abou-Hallawa

Comment 8 2022-03-24 23:59:28 PDT

Created attachment 455734 [details] Patch

Simon Fraser (smfr)

Comment 9 2022-03-25 09:25:10 PDT

Comment on attachment 455734 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=455734&action=review > Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp:123 > + m_workQueue->dispatch([&] { > + m_remoteResourceCache = { m_gpuConnectionToWebProcess->webProcessIdentifier() }; > + m_renderingResourcesRequest = { }; > + }); > m_workQueue->stopAndWaitForCompletion(); I guess the idea here is that m_workQueue->dispatch() appends this item to the work queue so that stopAndWaitForCompletion() will process it last, after any existing work? Seems ok. Maybe the comment could make that clearer.

Said Abou-Hallawa

Comment 10 2022-03-25 10:46:51 PDT

Created attachment 455781 [details] Patch

EWS

Comment 11 2022-03-25 13:08:47 PDT

Committed r291881 (248880@main): <https://commits.webkit.org/248880@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 455781 [details].

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version Safari 13

Hardware Unspecified

OS Unspecified

Product WebKit

Component Layout and Rendering

Assignee

Said Abou-Hallawa

Reported

2022-03-23 16:18 PDT

Modified

2022-05-13 15:15 PDT History

CC List

8 users Show

URL

Keywords InRadar

Duplicates (1)

238299 View as bug list

Depends on

Blocks

236508

Dependancies

tree graph