Bug 199319

Summary:	[iOS 13] Frequent crash in RemoteLayerTreeDrawingAreaProxy's destructor from failing main-thread assertion
Product:	WebKit	Reporter:	Ali Juma <ajuma>
Component:	Layout and Rendering	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED MOVED
Severity:	Normal	CC:	bfulgham, simon.fraser, thorton, webkit-bug-importer, wenson_hsieh, zalan
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Ali Juma

Reported 2019-06-28 07:11:01 PDT

On Chrome for iOS, we're seeing a new iOS 13-only crash in the call to CallbackMap::invalidate in RemoteLayerTreeDrawingAreaProxy's destructor. It looks like the RemoteLayerTreeDrawingAreaProxy is being destroyed on a non-main thread (as a result of LinkPresentation-related calls), so in CallbackMap::invalidate we're crashing on "RELEASE_ASSERT(RunLoop::isMain());". It's our 3rd most common crash on iOS 13, and the top WebKit-related crash. We don't have repro steps but 20% of the crash URLs are PDFs (much higher than average). The full crash stack is: (WebKit + 0x0001c450) WTFCrashWithInfo(int, char const*, char const*, int) (WebKit + 0x0022ca28) WebKit::CallbackMap::invalidate(WebKit::CallbackBase::Error) (WebKit + 0x0023f98c) WebKit::RemoteLayerTreeDrawingAreaProxy::~RemoteLayerTreeDrawingAreaProxy() (WebKit + 0x0023fa84) WebKit::RemoteLayerTreeDrawingAreaProxy::~RemoteLayerTreeDrawingAreaProxy() (WebKit + 0x0024b710) WebKit::WebPageProxy::resetState(WebKit::WebPageProxy::ResetStateReason) (WebKit + 0x00248e20) WebKit::WebPageProxy::close() (LinkPresentation + 0x00029930) -[LPURLFetcher _completedWithData:MIMEType:error:] (LinkPresentation + 0x000297fc) -[LPURLFetcher _failedWithErrorCode:underlyingError:] (LinkPresentation + 0x00029758) -[LPURLFetcher cancel] (LinkPresentation + 0x0002b434) -[LPFetcherGroup _completed] (LinkPresentation + 0x0005314c) -[LPMetadataProvider _completedWithError:] (LinkPresentation + 0x00052fcc) -[LPMetadataProvider _failedWithErrorCode:underlyingError:] (LinkPresentation + 0x00050ad4) -[LPMetadataProvider _cancelDueToTimeout] (LinkPresentation + 0x0004ef18) __48-[LPMetadataProvider _willStartFetchingMetadata]_block_invoke (Foundation + 0x001ce33c) __70+[_NSActivityAssertion _performExpiringActivityWithReason:usingBlock:]_block_invoke.81 (libdispatch.dylib + 0x0005b674) _dispatch_call_block_and_release (libdispatch.dylib + 0x0005c1e8) _dispatch_client_callout (libdispatch.dylib + 0x00035ed4) _dispatch_continuation_pop$VARIANT$armv81 (libdispatch.dylib + 0x00035700) _dispatch_async_redirect_invoke (libdispatch.dylib + 0x00042188) _dispatch_root_queue_drain (libdispatch.dylib + 0x0004292c) _dispatch_worker_thread2 (libsystem_pthread.dylib + 0x0000bfc8) _pthread_wqthread

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2019-06-28 09:09:30 PDT

<rdar://problem/52334087>

Tim Horton

Comment 2 2019-06-28 10:55:45 PDT

This is not a WebKit bug. You can report @ bugreport.apple.com if you want to track the status, but you don't have to.

Note You need to log in before you can comment on or make changes to this bug.