| Summary: | [GPU Process] REGRESSION: iCloud Photos Web app may crash WebProcess once the GPUProcess is relaunched | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Said Abou-Hallawa <sabouhallawa> | ||||||
| Component: | Canvas | Assignee: | Said Abou-Hallawa <sabouhallawa> | ||||||
| Status: | RESOLVED FIXED | ||||||||
| Severity: | Normal | CC: | dino, mmaxfield, sam, simon.fraser, webkit-bug-importer | ||||||
| Priority: | P2 | Keywords: | InRadar | ||||||
| Version: | WebKit Nightly Build | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=228969 | ||||||||
| Attachments: |
|
||||||||
|
Description
Said Abou-Hallawa
2021-07-30 15:50:28 PDT
Created attachment 434673 [details]
Patch
(In reply to Said Abou-Hallawa from comment #0) > If the WebProcess has sent a RemoteRenderingBackend.ReleaseRemoteResource > message but the GPUProcess was terminated an has just been relaunched. The > new relaunched GPUProcess will process this message for a resource which it > has not recached it yet. In this scenario, the WebProcess will be mistakenly > terminated. Why not just make the WebProcess not send the message in this case? I put some logging and I tried it on iOS device by opening iCloud/Photos/Albums/Live Photos and I kept moving between scrolling the album and swiping the between the images after clicking on one of them and here is what I found: com.apple.WebKit.GPU: (JavaScriptCore) shallawa: this = 0x106d5c030, in RemoteResourceCache::RemoteResourceCache() ... com.apple.WebKit.WebContent: (JavaScriptCore) shallawa: this = 0x10109c4d0, in RemoteRenderingBackendProxy::cacheNativeImage() renderingResourceIdentifier = 1070 com.apple.WebKit.GPU: (JavaScriptCore) shallawa: this = 0x106d5c030, in RemoteResourceCache::cacheNativeImage() renderingResourceIdentifier = 1070 ... com.apple.WebKit.GPU: (JavaScriptCore) shallawa: this = 0x104944030, in RemoteResourceCache::RemoteResourceCache() ... com.apple.WebKit.WebContent: (JavaScriptCore) shallawa: this = 0x10109c4d0, in RemoteRenderingBackendProxy::releaseRemoteResource() renderingResourceIdentifier = 1070 ... com.apple.WebKit.GPU: (JavaScriptCore) shallawa: this = 0x104944030, in RemoteResourceCache::releaseRemoteResource() resource was not found in m_resourceUseCounters renderingResourceIdentifier = 1070 And this is the explanation of these messages: (message 1) (GPUProcess) Create a RemoteResourceCache (0x106d5c030) (message 2) (WebProcess) Cache the NativeImage (1070) in RemoteRenderingBackendProxy (0x10109c4d0) (message 3) (GPUProcess) Cache the NativeImage (1070) in RemoteResourceCache (0x106d5c030) (message 4) (GPUProcess) Create a new RemoteResourceCache (0x104944030) (message 5) (WebProcess) Release the NativeImage (1070) in RemoteRenderingBackendProxy (0x10109c4d0) (message 6) (GPUProcess) The NativeImage (1070) could not be found in RemoteResourceCache (0x104944030) It is clear from (message 1) and (message 4) the RemoteResourceCache (0x106d5c030) has crashed/terminated and a new one was created 0x104944030). (message 2) and (message 6) show that the NativeImage was cached in a RemoteResourceCache (0x106d5c030) but was requested to be released from another RemoteResourceCache (0x104944030). And this is why RemoteResourceCache::releaseRemoteResource() returns false in this case and terminates the WebProcess. Seems like message 5 is the issue then? When the GPU Process crashes, the resources all need to know they are no longer being used and therefore don't need to message for release. Created attachment 434881 [details]
Patch
I think the failures on mac-AS bot are unrelated. Committed r280639 (240252@main): <https://commits.webkit.org/240252@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 434881 [details]. |