262681 – REGRESSION(267014@main): "ASSERTION FAILED: Unhandled message GPUConnectionToWebProcess_ReleaseGraphicsContextGL to 0" for fast/canvas/webgl/canvas-webgl-page-cache.html

Bug 262681 - REGRESSION(267014@main): "ASSERTION FAILED: Unhandled message GPUConnectionToWebProcess_ReleaseGraphicsContextGL to 0" for fast/canvas/webgl/canvas-webgl-page-cache.html

Summary: REGRESSION(267014@main): "ASSERTION FAILED: Unhandled message GPUConnectionTo...

Status:	RESOLVED DUPLICATE of bug 262401

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebGL (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-10-04 23:34 PDT by Fujii Hironori
Modified:	2023-10-05 02:00 PDT (History)
CC List:	3 users (show)

See Also:	262401 259552

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Fujii Hironori 2023-10-04 23:34:06 PDT

Windows port is observing an assertion failure.

> python.exe ./Tools/Scripts/run-webkit-tests --debug fast/canvas/webgl/canvas-webgl-page-cache.html

It is passing but crashing WebKitGPUProcess.exe.

ASSERTION FAILED: Unhandled message GPUConnectionToWebProcess_ReleaseGraphicsContextGL to 0
assertionFailureDueToUnreachableCode
C:\home\webkit\gc\WebKitBuild\Debug\WebKit\DerivedSources\GPUConnectionToWebProcessMessageReceiver.cpp(136) : didReceiveMessage
1   00007FFDE6331C19 WTFCrash
2   00007FFDDB9DA22F WebKit::GPUConnectionToWebProcess::didReceiveMessage
3   00007FFDDC6AB29A IPC::Connection::dispatchMessage
4   00007FFDDC6AB50E IPC::Connection::dispatchMessage
5   00007FFDDC6B148E IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage::dispatch
6   00007FFDDC6A5FF2 IPC::Connection::SyncMessageState::dispatchMessagesAndResetDidScheduleDispatchMessagesForConnection
7   00007FFDDC6AB886 IPC::Connection::dispatchSyncStateMessages
8   00007FFDDC6AD41B IPC::Connection::SyncMessageState::processIncomingMessage::<lambda_3>::operator()
9   00007FFDDC6AD3B7 WTF::Detail::CallableWrapper<`lambda at C:\home\webkit\gc\Source\WebKit\Platform\IPC\Connection.cpp:224:31',void>::call
10  00007FFDE63481A4 WTF::Function<void ()>::operator()
11  00007FFDE63CAF2A WTF::RunLoop::performWork
12  00007FFDE649F220 WTF::RunLoop::wndProc
13  00007FFDE649F157 WTF::RunLoop::RunLoopWndProc
14  00007FFE3DEFE858 CallWindowProcW
15  00007FFE3DEFE299 DispatchMessageW
16  00007FFDE649F3ED WTF::RunLoop::run
17  00007FFDDB835413 WebKit::AuxiliaryProcessMainBase<WebKit::GPUProcess,0>::run
18  00007FFDDB8352C7 WebKit::AuxiliaryProcessMain<WebKit::GPUProcessMainWin>
19  00007FFDDB8351A3 WebKit::GPUProcessMain
20  00007FF63617124C main
21  00007FF6361718BC __scrt_common_main_seh
22  00007FFE3CBC7344 BaseThreadInitThunk
23  00007FFE3E7E26B1 RtlUserThreadStart
Exception thrown at 0x00007FFDE6331C1E (WTF.dll) in WebKitGPUProcess.exe: 0xC0000005: Access violation writing location 0x00000000BBADBEEF.

I don't know the regresion point. I'm testing with 268897@main.

Comment 1 Fujii Hironori 2023-10-04 23:57:49 PDT

the assertion was added by 267014@main (bug#259552)?

Comment 2 Fujii Hironori 2023-10-05 00:44:17 PDT

There is a race condition.
Web process sends Messages::GPUConnectionToWebProcess::ReleaseGraphicsContextGL when GraphicsContextGL is destroyed.
UI process sends Messages::GPUProcess::UpdatePreferencesForWebProcess to disable WebGL flag when all WebPageProxy is closed.
If UpdatePreferencesForWebProcess is dispatch before ReleaseGraphicsContextGL, the assertion fails.

Here is the callstack of updatePreferencesForWebProcess of UI process:

> WebKit2.dll!WebKit::GPUProcessProxy::updatePreferencesForWebProcess(WebKit::WebProcessProxy & webProcessProxy, const WebKit::GPUProcessPreferencesForWebProcess & preferences) Line 453	C++
> WebKit2.dll!WebKit::WebProcessProxy::updatePreferencesForGPUProcess() Line 2018	C++
> WebKit2.dll!WebKit::WebProcessProxy::removeWebPage(WebKit::WebPageProxy & webPage, WebKit::WebProcessProxy::EndsUsingDataStore endsUsingDataStore) Line 832	C++
> WebKit2.dll!WebKit::WebPageProxy::close() Line 1455	C++
> WebKit2.dll!WebKit::WebView::close() Line 781	C++
> WebKit2.dll!WebKit::WebView::wndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 114	C++
> WebKit2.dll!WebKit::WebView::WebViewWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 89	C++
> [External Code]	
> WebKitTestRunner.exe!WTR::PlatformWebView::~PlatformWebView() Line 97	C++
> [External Code]	
> WebKitTestRunner.exe!WTR::TestController::~TestController() Line 205	C++
> WebKitTestRunner.exe!main(int argc, const char * * argv) Line 34	C++
> [External Code]	

Adding Sleep works around the crash.

diff --git a/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp b/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp
index 82e675719ae0..4e044bb593f5 100644
--- a/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp
+++ b/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp
@@ -450,6 +450,7 @@ std::optional<bool> GPUProcessProxy::s_hasVP9ExtensionSupport;
 
 void GPUProcessProxy::updatePreferencesForWebProcess(WebProcessProxy& webProcessProxy, const GPUProcessPreferencesForWebProcess& preferences)
 {
+    Sleep(1000);
     send(Messages::GPUProcess::UpdatePreferencesForWebProcess(webProcessProxy.coreProcessIdentifier(), preferences), 0);
 }

Comment 3 Kimmo Kinnunen 2023-10-05 02:00:12 PDT

Thanks for the investigation. Let's continue fixing in the earlier bug.

*** This bug has been marked as a duplicate of bug 262401 ***