Bug 224388

Summary: UI process can assert in DisplayLink::decrementFullSpeedRequestClientCount()
Product: WebKit Reporter: Simon Fraser (smfr) <simon.fraser>
Component: WebKit2Assignee: Simon Fraser (smfr) <simon.fraser>
Status: RESOLVED FIXED    
Severity: Normal CC: kkinnunen, simon.fraser, thorton, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari Technology Preview   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Simon Fraser (smfr) 2021-04-09 13:38:00 PDT 
This can happen when we have a process swap between m_wheelEventActivityHysteresis start and stop. To reproduce:

1. Load a page
2. Scroll
3. Load another page that immediately triggers a rendering update
4. Wait a few seconds.

0   com.apple.JavaScriptCore      	0x0000000143c9d1be WTFCrash + 14 (Assertions.cpp:305)
1   com.apple.WebKit              	0x000000011a5f681b WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:671)
2   com.apple.WebKit              	0x000000011c0dbb52 WebKit::DisplayLink::decrementFullSpeedRequestClientCount(IPC::Connection&) + 290 (DisplayLink.cpp:177)
3   com.apple.WebKit              	0x000000011b92894a WebKit::WebProcessPool::setDisplayLinkForDisplayWantsFullSpeedUpdates(IPC::Connection&, unsigned int, bool) + 170 (WebProcessPoolCocoa.mm:831)
4   com.apple.WebKit              	0x000000011bb63c36 WebKit::WebPageProxy::wheelEventHysteresisUpdated(PAL::HysteresisState) + 214 (WebPageProxy.cpp:2712)
5   com.apple.WebKit              	0x000000011bbc238e WebKit::WebPageProxy::WebPageProxy(WebKit::PageClient&, WebKit::WebProcessProxy&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration> >&&)::$_6::operator()(PAL::HysteresisState) const + 30 (WebPageProxy.cpp:486)
6   com.apple.WebKit              	0x000000011bbc2321 WTF::Detail::CallableWrapper<WebKit::WebPageProxy::WebPageProxy(WebKit::PageClient&, WebKit::WebProcessProxy&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration> >&&)::$_6, void, PAL::HysteresisState>::call(PAL::HysteresisState) + 49 (Function.h:52)
7   com.apple.WebKit              	0x000000011a5fc9c8 WTF::Function<void (PAL::HysteresisState)>::operator()(PAL::HysteresisState) const + 152 (Function.h:83)
8   com.apple.WebKit              	0x000000011b6273a4 PAL::HysteresisActivity::hysteresisTimerFired() + 52 (HysteresisActivity.h:88)
9   com.apple.WebKit              	0x000000011b627d37 decltype(*(std::__1::forward<PAL::HysteresisActivity*&>(fp0)).*fp()) std::__1::__invoke<void (PAL::HysteresisActivity::*&)(), PAL::HysteresisActivity*&, void>(void (PAL::HysteresisActivity::*&)(), PAL::HysteresisActivity*&) + 119 (type_traits:3688)
10  com.apple.WebKit              	0x000000011b627cb0 std::__1::__bind_return<void (PAL::HysteresisActivity::*)(), std::__1::tuple<PAL::HysteresisActivity*>, std::__1::tuple<>, __is_valid_bind_return<void (PAL::HysteresisActivity::*)(), std::__1::tuple<PAL::HysteresisActivity*>, std::__1::tuple<> >::value>::type std::__1::__apply_functor<void (PAL::HysteresisActivity::*)(), std::__1::tuple<PAL::HysteresisActivity*>, 0ul, std::__1::tuple<> >(void (PAL::HysteresisActivity::*&)(), std::__1::tuple<PAL::HysteresisActivity*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) + 64 (functional:2852)
11  com.apple.WebKit              	0x000000011b627c69 std::__1::__bind_return<void (PAL::HysteresisActivity::*)(), std::__1::tuple<PAL::HysteresisActivity*>, std::__1::tuple<>, __is_valid_bind_return<void (PAL::HysteresisActivity::*)(), std::__1::tuple<PAL::HysteresisActivity*>, std::__1::tuple<> >::value>::type std::__1::__bind<void (PAL::HysteresisActivity::*&)(), PAL::HysteresisActivity*&>::operator()<>() + 41 (functional:2885)
12  com.apple.WebKit              	0x000000011b627bee WTF::Detail::CallableWrapper<std::__1::__bind<void (PAL::HysteresisActivity::*&)(), PAL::HysteresisActivity*&>, void>::call() + 30 (Function.h:52)
13  com.apple.WebKit              	0x000000011a63dc32 WTF::Function<void ()>::operator()() const + 130 (Function.h:83)
14  com.apple.WebKit              	0x000000011a63db7e WTF::RunLoop::Timer<PAL::HysteresisActivity>::fired() + 30 (RunLoop.h:187)
15  com.apple.JavaScriptCore      	0x0000000143d5442c WTF::RunLoop::TimerBase::start(WTF::Seconds, bool)::$_1::operator()(__CFRunLoopTimer*, void*) const + 76 (RunLoopCF.cpp:126)
16  com.apple.JavaScriptCore      	0x0000000143d543cd WTF::RunLoop::TimerBase::start(WTF::Seconds, bool)::$_1::__invoke(__CFRunLoopTimer*, void*) + 29 (RunLoopCF.cpp:119)
17  com.apple.CoreFoundation      	0x00007fff204813c9 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
Comment 1 Simon Fraser (smfr) 2021-04-09 14:00:19 PDT 
Created attachment 425648 [details]
Patch
Comment 2 EWS 2021-04-15 11:37:10 PDT 
Committed r276036 (236580@main): <https://commits.webkit.org/236580@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 425648 [details].
Comment 3 Radar WebKit Bug Importer 2021-04-15 11:38:14 PDT 
<rdar://problem/76714742>