Bug 229401

Summary:

Drawing small caps web fonts into canvas causes the GPU process to hang

Product:

WebKit

Reporter:

Wayne Langman <wayne.langman>

Component:

Canvas

Assignee:

Myles C. Maxfield <mmaxfield>

Status:

RESOLVED FIXED

Severity:

Major

CC:

dino, mmaxfield, paul.watkinson, sabouhallawa, simon.fraser, wayne.langman, webkit-bug-importer, wenson_hsieh

Priority:

Keywords:

InRadar

Version:

Safari Technology Preview

Hardware:

All

OS:

macOS 10.15

Attachments:

Description	Flags
Code and Screenshots	none
Patch	none

Description Wayne Langman 2021-08-23 03:05:33 PDT

Created attachment 436175 [details]
Code and Screenshots

I've managed to replicate a hard crash using Safari Release 130 on MacOS and iOS when configuring a custom loaded font with the 'small-caps' property.

Running the attached code sample will cause Safari to stall, restart and display the This webpage was reloaded because a problem occurred." warning.

I've also included a screenshot of the crash as detected in Instruments which shows a "Exceeded timeout while waiting for flush in remote rendering backend." error.

This issue goes away when disabled the experimental "GPU Process: Canvas Rendering" flag.

Comment 1 Radar WebKit Bug Importer 2021-08-24 01:40:32 PDT

<rdar://problem/82282054>

Comment 2 Myles C. Maxfield 2021-08-25 22:56:31 PDT

Thank you so much for the detailed report!

Comment 3 Myles C. Maxfield 2021-08-25 23:05:05 PDT

This is a super bad bug. I should fix it immediately.

Comment 4 Myles C. Maxfield 2021-08-25 23:48:43 PDT

Looks like the GPU Process is hung.

Comment 5 Myles C. Maxfield 2021-08-25 23:54:19 PDT

Here are some logs:

/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.593673-0700 com.apple.WebKit.GPU.Development[74867:6615672] [Process] 0x1200c0c70 - GPUProcess::GPUProcess:
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.594079-0700 com.apple.WebKit.GPU.Development[74867:6615672] [Process] 0x1200c0c70 - GPUProcess::initializeGPUProcess:
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.613465-0700 com.apple.WebKit.GPU.Development[74867:6615672] [Process] 0x1200c0c70 - GPUProcess::createGPUConnectionToWebProcess: processIdentifier=8
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.637535-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Allocated Items[15] => Image(13)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.645703-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Sending wakeup: Items[15] => Image(13) at 32
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.646035-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{16} in Image(13)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.715598-0700 com.apple.WebKit.GPU.Development[74867:6615699] Waking up to Items[15] => Image(13) at 32
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.716136-0700 com.apple.WebKit.GPU.Development[74867:6615699] Acknowledging Flush{16} in Image(13)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.716361-0700 com.apple.WebKit.GPU.Development[74867:6615699] Read [32, 112]; Items[15] => Image(13) in 0.00s
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.716432-0700 com.apple.WebKit.GPU.Development[74867:6615699] Going back to sleep.
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.716443-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 0.07s; 0 timeout(s)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.743836-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Sending wakeup: Items[15] => Image(17) at 32
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.744218-0700 com.apple.WebKit.GPU.Development[74867:6615699] Waking up to Items[15] => Image(17) at 32
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.746691-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{20} in Image(17)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.748959-0700 com.apple.WebKit.GPU.Development[74867:6615699] Acknowledging Flush{20} in Image(17)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.749078-0700 com.apple.WebKit.GPU.Development[74867:6615699] Read [32, 1480]; Items[15] => Image(17) in 0.00s
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.749140-0700 com.apple.WebKit.GPU.Development[74867:6615699] Going back to sleep.
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.749198-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 0.00s; 0 timeout(s)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.899553-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 65504)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.901680-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Sending wakeup: Items[15] => Image(17) at 32
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.902977-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{24} in Image(17)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.910946-0700 com.apple.WebKit.GPU.Development[74867:6615699] Waking up to Items[15] => Image(17) at 32
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.911206-0700 com.apple.WebKit.GPU.Development[74867:6615699] Read [32, 360]; Items[15] => Image(17) in 0.00s
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.911270-0700 com.apple.WebKit.GPU.Development[74867:6615699] Going back to sleep.
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.911328-0700 com.apple.WebKit.GPU.Development[74867:6615699] Waking up to Items[15] => Image(17) at 360
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.911396-0700 com.apple.WebKit.GPU.Development[74867:6615699] Read [360, 360]; Items[15] => Image(17) in 0.00s
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:56.911438-0700 com.apple.WebKit.GPU.Development[74867:6615699] Going back to sleep.
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:59.904655-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 3.00s; 3 timeout(s)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:59.904915-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [SharedDisplayLists] Exceeded timeout while waiting for flush in remote rendering backend: 12.
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:59.914851-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 64696)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:49:59.916731-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{26} in Image(17)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:02.918625-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 3.00s; 3 timeout(s)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:02.918871-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [SharedDisplayLists] Exceeded timeout while waiting for flush in remote rendering backend: 12.
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:02.923310-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 63888)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:02.924958-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{28} in Image(17)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:05.925843-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 3.00s; 3 timeout(s)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:05.926152-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [SharedDisplayLists] Exceeded timeout while waiting for flush in remote rendering backend: 12.
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:05.928288-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 63080)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:05.929971-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{30} in Image(17)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:08.931549-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 3.00s; 3 timeout(s)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:08.931823-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [SharedDisplayLists] Exceeded timeout while waiting for flush in remote rendering backend: 12.
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:08.935901-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 62272)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:08.937587-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{32} in Image(17)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:11.938896-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 3.00s; 3 timeout(s)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:11.939113-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [SharedDisplayLists] Exceeded timeout while waiting for flush in remote rendering backend: 12.
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:11.941209-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 61464)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:11.942923-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{34} in Image(17)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:14.945486-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 3.00s; 3 timeout(s)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:14.945751-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [SharedDisplayLists] Exceeded timeout while waiting for flush in remote rendering backend: 12.
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:14.949477-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 60656)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:14.951120-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{36} in Image(17)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:17.952725-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 3.00s; 3 timeout(s)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:17.953028-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [SharedDisplayLists] Exceeded timeout while waiting for flush in remote rendering backend: 12.
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:17.954884-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [PerformanceLogging] 0x7fbec2119900 - PerformanceMonitor::measurePostLoadMemoryUsage: Process was using 25563136 bytes of memory after the page load.
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:17.955068-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [PerformanceLogging] 0x7fbec2119900 - PerformanceMonitor::measurePostLoadCPUUsage: Process was using 0.6% CPU after the page load.
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:17.955480-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 59848)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:17.957096-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{38} in Image(17)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:20.959486-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 3.00s; 3 timeout(s)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:20.959812-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [SharedDisplayLists] Exceeded timeout while waiting for flush in remote rendering backend: 12.
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:20.963571-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 59040)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:20.965160-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{40} in Image(17)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:23.966915-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Done waiting: 3.00s; 3 timeout(s)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:23.967157-0700 com.apple.WebKit.WebContent.Development[74852:6614915] [SharedDisplayLists] Exceeded timeout while waiting for flush in remote rendering backend: 12.
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:23.969188-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Reusing Items[15] => Image(17) (remaining capacity: 58232)
/Users/mmaxfield/tmp/Untitled 88.txt:2021-08-25 23:50:23.970829-0700 com.apple.WebKit.WebContent.Development[74852:6614915] Waiting for Flush{42} in Image(17)

Comment 6 Myles C. Maxfield 2021-08-26 01:02:54 PDT

The Web Process is running RemoteRenderingBackendProxy::cacheFont() to send two fonts to the GPU Process, but the GPU Process is not receiving RemoteRenderingBackend::cacheFont() calls for them.

Comment 7 Myles C. Maxfield 2021-08-26 01:13:17 PDT

platformData.creationData() is nullopt, but it's a web font (so it shouldn't be nullopt). This is likely because of the m_derivedFontData thing in Font.

Comment 8 Myles C. Maxfield 2021-08-26 02:53:58 PDT

Created attachment 436485 [details]
Patch

Comment 9 EWS 2021-08-26 13:44:43 PDT

Committed r281650 (241006@main): <https://commits.webkit.org/241006@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 436485 [details].

Comment 10 Wayne Langman 2021-08-27 04:50:18 PDT

Thanks for the quick turnaround on this!

Comment 11 Simon Fraser (smfr) 2021-09-21 10:13:56 PDT

*** Bug 230548 has been marked as a duplicate of this bug. ***