Bug 232517

Summary:

Crash under DisplayLink::displayLinkCallback()

Product:

WebKit

Reporter:

Chris Dumez <cdumez>

Component:

WebKit2

Assignee:

Chris Dumez <cdumez>

Status:

RESOLVED DUPLICATE

Severity:

Normal

CC:

kkinnunen, simon.fraser

Priority:

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	simon.fraser: review+

Description Chris Dumez 2021-10-29 16:57:54 PDT

Crash under DisplayLink::displayLinkCallback():

Crashed Thread:        21  CVDisplayLink

Exception Type:        EXC_ARITHMETIC (SIGFPE)
Exception Codes:       0x0000000000000001, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace SIGNAL, Code 8 Floating point exception: 8
Terminating Process:   exc handler [40667]

Thread 0  Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	       0x7ff809d464c6 __psynch_mutexdrop + 10
1   libsystem_pthread.dylib       	       0x7ff809d7ee9c _pthread_mutex_firstfit_wake + 18 (/AppleInternal/Library/BuildRoots/f4aa0efc-2cdb-11ec-8d20-9658076854e7/Library/Caches/com.apple.xbs/Sources/libpthread/src/pthread_mutex.c:1317)
2   libsystem_pthread.dylib       	       0x7ff809d7ce82 _pthread_mutex_firstfit_unlock_slow + 242 (/AppleInternal/Library/BuildRoots/f4aa0efc-2cdb-11ec-8d20-9658076854e7/Library/Caches/com.apple.xbs/Sources/libpthread/src/pthread_mutex.c:1346)
3   com.apple.CoreVideo           	       0x7ff811770ba2 CVDisplayLink::start() + 262 (/AppleInternal/Library/BuildRoots/8cea4b3b-2b9d-11ec-9728-4e3f4f355132/Library/Caches/com.apple.xbs/Sources/CoreVideo/CoreVideo/DisplayLink/CVDisplayLinkInternal.cpp:698)
4   com.apple.WebKit              	       0x7ff91027d0de WebKit::DisplayLink::addObserver(IPC::Connection&, WTF::ObjectIdentifier<WebKit::DisplayLinkObserverIDType>, unsigned int) + 592 (/AppleInternal/Library/BuildRoots/f4aa0efc-2cdb-11ec-8d20-9658076854e7/Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/UIProcess/mac/DisplayLink.cpp:104)
5   com.apple.WebKit              	       0x7ff9104cb6ee WebKit::WebProcessProxy::didReceiveWebProcessProxyMessage(IPC::Connection&, IPC::Decoder&) + 1630 (/AppleInternal/Library/BuildRoots/f4aa0efc-2cdb-11ec-8d20-9658076854e7/Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/UIProcess/mac/WebProcessProxyMac.mm:66)
6   com.apple.WebKit              	       0x7ff90fd701ca IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 634 (/AppleInternal/Library/BuildRoots/f4aa0efc-2cdb-11ec-8d20-9658076854e7/Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1058)
7   com.apple.WebKit              	       0x7ff90fd6fa40 IPC::Connection::dispatchIncomingMessages() + 572 (/AppleInternal/Library/BuildRoots/f4aa0efc-2cdb-11ec-8d20-9658076854e7/Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1217)
8   com.apple.JavaScriptCore      	       0x7ff90ac4200e WTF::RunLoop::performWork() + 286 (/AppleInternal/Library/BuildRoots/f4aa0efc-2cdb-11ec-8d20-9658076854e7/Library/Caches/com.apple.xbs/Binaries/WTF/install/TempContent/Root/usr/local/include/wtf/Function.h:82)
9   com.apple.JavaScriptCore      	       0x7ff90ac42f8a WTF::RunLoop::performWork(void*) + 26 (/AppleInternal/Library/BuildRoots/f4aa0efc-2cdb-11ec-8d20-9658076854e7/Library/Caches/com.apple.xbs/Sources/WTF/Source/WTF/wtf/cf/RunLoopCF.cpp:46)
10  com.apple.CoreFoundation      	       0x7ff809e4b664 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 16 (/AppleInternal/Library/BuildRoots/8cea4b3b-2b9d-11ec-9728-4e3f4f355132/Library/Caches/com.apple.xbs/Sources/CoreFoundation/CoreFoundation/RunLoop.subproj/CFRunLoop.c:1974)
11  com.apple.CoreFoundation      	       0x7ff809e4b5cc __CFRunLoopDoSource0 + 180 (/AppleInternal/Library/BuildRoots/8cea4b3b-2b9d-11ec-9728-4e3f4f355132/Library/Caches/com.apple.xbs/Sources/CoreFoundation/CoreFoundation/RunLoop.subproj/CFRunLoop.c:2018)
12  com.apple.CoreFoundation      	       0x7ff809e4b342 __CFRunLoopDoSources0 + 238 (/AppleInternal/Library/BuildRoots/8cea4b3b-2b9d-11ec-9728-4e3f4f355132/Library/Caches/com.apple.xbs/Sources/CoreFoundation/CoreFoundation/RunLoop.subproj/CFRunLoop.c:2055)
13  com.apple.CoreFoundation      	       0x7ff809e49d68 __CFRunLoopRun + 890 (/AppleInternal/Library/BuildRoots/8cea4b3b-2b9d-11ec-9728-4e3f4f355132/Library/Caches/com.apple.xbs/Sources/CoreFoundation/CoreFoundation/RunLoop.subproj/CFRunLoop.c:2953)
14  com.apple.CoreFoundation      	       0x7ff809e49328 CFRunLoopRunSpecific + 554 (/AppleInternal/Library/BuildRoots/8cea4b3b-2b9d-11ec-9728-4e3f4f355132/Library/Caches/com.apple.xbs/Sources/CoreFoundation/CoreFoundation/RunLoop.subproj/CFRunLoop.c:3270)
15  com.apple.HIToolbox           	       0x7ff812d2c026 RunCurrentEventLoopInMode + 292 (/AppleInternal/Library/BuildRoots/f4aa0efc-2cdb-11ec-8d20-9658076854e7/Library/Caches/com.apple.xbs/Sources/HIToolbox/./Events/EventsCore/EventLoop.c:455)
16  com.apple.HIToolbox           	       0x7ff812d2bd8a ReceiveNextEventCommon + 594 (/AppleInternal/Library/BuildRoots/f4aa0efc-2cdb-11ec-8d20-9658076854e7/Library/Caches/com.apple.xbs/Sources/HIToolbox/./Events/EventsCore/EventBlocking.c:326)
17  com.apple.HIToolbox           	       0x7ff812d2bb24 _BlockUntilNextEventMatchingListInModeWithFilter + 68 (/AppleInternal/Library/BuildRoots/f4aa0efc-2cdb-11ec-8d20-9658076854e7/Library/Caches/com.apple.xbs/Sources/HIToolbox/./Events/EventsCore/EventBlocking.c:170)
18  com.apple.AppKit              	       0x7ff80c9f5704 _DPSNextEvent + 926 (/AppleInternal/Library/BuildRoots/f4aa0efc-2cdb-11ec-8d20-9658076854e7/Library/Caches/com.apple.xbs/Sources/AppKit/GraphicsContext.subproj/CGDPSReplacement.m:588)
19  com.apple.AppKit              	       0x7ff80c9f3dc2 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1394 (/AppleInternal/Library/BuildRoots/f4aa0efc-2cdb-11ec-8d20-9658076854e7/Library/Caches/com.apple.xbs/Sources/AppKit/Events.subproj/appEventRouting.m:1449)
20  com.apple.Safari.framework    	       0x7ff91887f3a6 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 230 (/AppleInternal/Library/BuildRoots/2a316a3e-2b05-11ec-8895-4e3f4f355132/Library/Caches/com.apple.xbs/Sources/Safari/Mac/Safari/Basics/BrowserApplication.mm:248)
21  com.apple.AppKit              	       0x7ff80c9e631e -[NSApplication run] + 584 (/AppleInternal/Library/BuildRoots/f4aa0efc-2cdb-11ec-8d20-9658076854e7/Library/Caches/com.apple.xbs/Sources/AppKit/AppKit.subproj/NSApplication.m:3384)
22  com.apple.AppKit              	       0x7ff80c9ba2a8 NSApplicationMain + 816 (/AppleInternal/Library/BuildRoots/f4aa0efc-2cdb-11ec-8d20-9658076854e7/Library/Caches/com.apple.xbs/Sources/AppKit/AppKit.subproj/NSApplication.m:9226)
23  com.apple.Safari.framework    	       0x7ff918869b7c SafariMain + 444 (/AppleInternal/Library/BuildRoots/2a316a3e-2b05-11ec-8895-4e3f4f355132/Library/Caches/com.apple.xbs/Sources/Safari/Mac/Safari/Basics/SafariMain.mm:61)
24  dyld  

Thread 21 Crashed ↩::  
0   com.apple.WebKit              	       0x7ff91027cde2 WebKit::DisplayLink::displayLinkCallback(__CVDisplayLink*, CVTimeStamp const*, CVTimeStamp const*, unsigned long long, unsigned long long*, void*) + 1228 (/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebCore.framework/PrivateHeaders/DisplayUpdate.h:44)
1   com.apple.CoreVideo           	       0x7ff811771ce2 CVDisplayLink::performIO(CVTimeStamp*) + 298
2   com.apple.CoreVideo           	       0x7ff811770fac CVDisplayLink::runIOThread() + 666
3   libsystem_pthread.dylib       	       0x7ff809d81500 _pthread_start + 120
4   libsystem_pthread.dylib       	       0x7ff809d7cefe thread_start + 14

Comment 1 Chris Dumez 2021-10-29 17:04:27 PDT

Created attachment 442882 [details]
Patch

Comment 2 Chris Dumez 2021-10-29 17:32:57 PDT

Simon already made a fix in Bug 232101 which I didn't know about. Let's see if the other fix is sufficient. I'll dupe for now. We can reopen this bug if the crashes persist.

So far, I have only seen these crashes on builds that didn't have Simon's fix.

*** This bug has been marked as a duplicate of bug 232101 ***