Bug 229401

Summary: Drawing small caps web fonts into canvas causes the GPU process to hang
Product: WebKit Reporter: Wayne Langman <wayne.langman>
Component: CanvasAssignee: Myles C. Maxfield <mmaxfield>
Status: RESOLVED FIXED    
Severity: Major CC: dino, mmaxfield, paul.watkinson, sabouhallawa, simon.fraser, wayne.langman, webkit-bug-importer, wenson_hsieh
Priority: P2 Keywords: InRadar
Version: Safari Technology Preview   
Hardware: All   
OS: macOS 10.15   
Attachments:
Description Flags
Code and Screenshots
none
Patch none

Wayne Langman
Reported 2021-08-23 03:05:33 PDT
Created attachment 436175 [details] Code and Screenshots I've managed to replicate a hard crash using Safari Release 130 on MacOS and iOS when configuring a custom loaded font with the 'small-caps' property. Running the attached code sample will cause Safari to stall, restart and display the This webpage was reloaded because a problem occurred." warning. I've also included a screenshot of the crash as detected in Instruments which shows a "Exceeded timeout while waiting for flush in remote rendering backend." error. This issue goes away when disabled the experimental "GPU Process: Canvas Rendering" flag.
Attachments
Code and Screenshots (248.92 KB, application/zip)
2021-08-23 03:05 PDT, Wayne Langman 		no flags
Details
Patch (15.70 KB, patch)
2021-08-26 02:53 PDT, Myles C. Maxfield 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-08-24 01:40:32 PDT
<rdar://problem/82282054>
Myles C. Maxfield
Comment 2 2021-08-25 22:56:31 PDT
Thank you so much for the detailed report!
Myles C. Maxfield
Comment 3 2021-08-25 23:05:05 PDT
This is a super bad bug. I should fix it immediately.
Myles C. Maxfield
Comment 4 2021-08-25 23:48:43 PDT
Looks like the GPU Process is hung.
Myles C. Maxfield
Comment 5 2021-08-25 23:54:19 PDT
Here are some logs: /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.593673-0700 com.apple.WebKit.GPU.Development[74867:6615672] [Process] 0x1200c0c70 - GPUProcess::GPUProcess: /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.594079-0700 com.apple.WebKit.GPU.Development[74867:6615672] [Process] 0x1200c0c70 - GPUProcess::initializeGPUProcess: /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.613465-0700 com.apple.WebKit.GPU.Development[74867:6615672] [Process] 0x1200c0c70 - GPUProcess::createGPUConnectionToWebProcess: processIdentifier=8 /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.637535-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Allocated Items[15] => Image(13) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.645703-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Sending wakeup: Items[15] => Image(13) at 32 /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.646035-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{16} in Image(13) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.715598-0700 com.apple.WebKit.GPU.Development[74867:6615699] Waking up to Items[15] => Image(13) at 32 /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.716136-0700 com.apple.WebKit.GPU.Development[74867:6615699] Acknowledging Flush{16} in Image(13) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.716361-0700 com.apple.WebKit.GPU.Development[74867:6615699] Read [32, 112]; Items[15] => Image(13) in 0.00s /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.716432-0700 com.apple.WebKit.GPU.Development[74867:6615699] Going back to sleep. /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.716443-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 0.07s; 0 timeout(s) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.743836-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Sending wakeup: Items[15] => Image(17) at 32 /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.744218-0700 com.apple.WebKit.GPU.Development[74867:6615699] Waking up to Items[15] => Image(17) at 32 /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.746691-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{20} in Image(17) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.748959-0700 com.apple.WebKit.GPU.Development[74867:6615699] Acknowledging Flush{20} in Image(17) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.749078-0700 com.apple.WebKit.GPU.Development[74867:6615699] Read [32, 1480]; Items[15] => Image(17) in 0.00s /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.749140-0700 com.apple.WebKit.GPU.Development[74867:6615699] Going back to sleep. /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.749198-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 0.00s; 0 timeout(s) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.899553-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 65504) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.901680-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Sending wakeup: Items[15] => Image(17) at 32 /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.902977-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{24} in Image(17) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.910946-0700 com.apple.WebKit.GPU.Development[74867:6615699] Waking up to Items[15] => Image(17) at 32 /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.911206-0700 com.apple.WebKit.GPU.Development[74867:6615699] Read [32, 360]; Items[15] => Image(17) in 0.00s /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.911270-0700 com.apple.WebKit.GPU.Development[74867:6615699] Going back to sleep. /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.911328-0700 com.apple.WebKit.GPU.Development[74867:6615699] Waking up to Items[15] => Image(17) at 360 /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.911396-0700 com.apple.WebKit.GPU.Development[74867:6615699] Read [360, 360]; Items[15] => Image(17) in 0.00s /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.911438-0700 com.apple.WebKit.GPU.Development[74867:6615699] Going back to sleep. /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:59.904655-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 3.00s; 3 timeout(s) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:59.904915-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [SharedDisplayLists] Exceeded timeout while waiting for flush in remote rendering backend: 12. /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:59.914851-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 64696) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:59.916731-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{26} in Image(17) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:02.918625-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 3.00s; 3 timeout(s) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:02.918871-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [SharedDisplayLists] Exceeded timeout while waiting for flush in remote rendering backend: 12. /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:02.923310-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 63888) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:02.924958-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{28} in Image(17) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:05.925843-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 3.00s; 3 timeout(s) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:05.926152-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [SharedDisplayLists] Exceeded timeout while waiting for flush in remote rendering backend: 12. /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:05.928288-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 63080) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:05.929971-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{30} in Image(17) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:08.931549-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 3.00s; 3 timeout(s) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:08.931823-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [SharedDisplayLists] Exceeded timeout while waiting for flush in remote rendering backend: 12. /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:08.935901-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 62272) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:08.937587-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{32} in Image(17) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:11.938896-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 3.00s; 3 timeout(s) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:11.939113-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [SharedDisplayLists] Exceeded timeout while waiting for flush in remote rendering backend: 12. /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:11.941209-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 61464) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:11.942923-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{34} in Image(17) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:14.945486-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 3.00s; 3 timeout(s) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:14.945751-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [SharedDisplayLists] Exceeded timeout while waiting for flush in remote rendering backend: 12. /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:14.949477-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 60656) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:14.951120-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{36} in Image(17) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:17.952725-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 3.00s; 3 timeout(s) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:17.953028-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [SharedDisplayLists] Exceeded timeout while waiting for flush in remote rendering backend: 12. /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:17.954884-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [PerformanceLogging] 0x7fbec2119900 - PerformanceMonitor::measurePostLoadMemoryUsage: Process was using 25563136 bytes of memory after the page load. /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:17.955068-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [PerformanceLogging] 0x7fbec2119900 - PerformanceMonitor::measurePostLoadCPUUsage: Process was using 0.6% CPU after the page load. /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:17.955480-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 59848) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:17.957096-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{38} in Image(17) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:20.959486-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 3.00s; 3 timeout(s) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:20.959812-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [SharedDisplayLists] Exceeded timeout while waiting for flush in remote rendering backend: 12. /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:20.963571-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 59040) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:20.965160-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{40} in Image(17) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:23.966915-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 3.00s; 3 timeout(s) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:23.967157-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [SharedDisplayLists] Exceeded timeout while waiting for flush in remote rendering backend: 12. /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:23.969188-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 58232) /Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:23.970829-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{42} in Image(17)
Myles C. Maxfield
Comment 6 2021-08-26 01:02:54 PDT
The Web Process is running RemoteRenderingBackendProxy::cacheFont() to send two fonts to the GPU Process, but the GPU Process is not receiving RemoteRenderingBackend::cacheFont() calls for them.
Myles C. Maxfield
Comment 7 2021-08-26 01:13:17 PDT
platformData.creationData() is nullopt, but it's a web font (so it shouldn't be nullopt). This is likely because of the m_derivedFontData thing in Font.
Myles C. Maxfield
Comment 8 2021-08-26 02:53:58 PDT
Created attachment 436485 [details] Patch
EWS
Comment 9 2021-08-26 13:44:43 PDT
Committed r281650 (241006@main): <https://commits.webkit.org/241006@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 436485 [details].
Wayne Langman
Comment 10 2021-08-27 04:50:18 PDT
Thanks for the quick turnaround on this!
Simon Fraser (smfr)
Comment 11 2021-09-21 10:13:56 PDT
*** Bug 230548 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.