Bug 242235
| Summary: | [iOS 15.3+] Crash at -[UIViewController presentViewController:withAnimationController:completion:], called on a wrong thread | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | 894110476 |
| Component: | WebKit2 | Assignee: | Eric Carlson <eric.carlson> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | ap, bfulgham, cdumez, eric.carlson, jer.noble, kkinnunen, webkit-bug-importer, wenson_hsieh |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Other | ||
| Hardware: | Unspecified | ||
| OS: | iOS 15 | ||
894110476
I found an crash that webcore call UI API not on main thread, this maybe happened from iOS15.3, the call stack like this:
Thread 29(Crashed)
1 CoreFoundation __exceptionPreprocess (in CoreFoundation) + 220
2 libobjc.A.dylib objc_exception_throw (in libobjc.A.dylib) + 60
3 Foundation _userInfoForFileAndLine (in Foundation) + 0
4 UIKitCore -[_UISimpleFenceProvider trackSystemAnimationFence:] (in UIKitCore) + 204
5 UIKitCore -[UIApplication _trackSystemAnimationFence:] (in UIKitCore) + 88
6 UIKitCore +[UIWindow _synchronizeDrawingWithFence:preCommitHandler:] (in UIKitCore) + 92
7 UIKitCore -[UIScene _synchronizeDrawingWithFence:] (in UIKitCore) + 76
8 UIKitCore -[_UIRemoteKeyboards prepareToMoveKeyboard:withIAV:isIAVRelevant:showing:notifyRemote:forScene:] (in UIKitCore) + 1216
9 UIKitCore -[UIKeyboardSceneDelegate prepareToMoveKeyboardForInputViewSet:animationStyle:] (in UIKitCore) + 488
10 UIKitCore -[UIKeyboardSceneDelegate setKeyWindowSceneInputViews:animationStyle:] (in UIKitCore) + 660
11 UIKitCore -[UIKeyboardSceneDelegate setInputViews:animationStyle:] (in UIKitCore) + 256
12 UIKitCore -[UIKeyboardSceneDelegate setInputViews:animated:] (in UIKitCore) + 100
13 UIKitCore -[UIKeyboardSceneDelegate setInputViews:] (in UIKitCore) + 80
14 UIKitCore __71-[UIKeyboardSceneDelegate _reloadInputViewsForKeyWindowSceneResponder:]_block_invoke.713 (in UIKitCore) + 40
15 UIKitCore -[UIKeyboardSceneDelegate _reloadInputViewsForKeyWindowSceneResponder:] (in UIKitCore) + 3936
16 UIKitCore -[UIKeyboardSceneDelegate _reloadInputViewsForResponder:] (in UIKitCore) + 164
17 UIKitCore -[UIKeyboardSceneDelegate _preserveInputViewsWithId:animated:reset:] (in UIKitCore) + 140
18 UIKitCore -[UIViewController _presentViewController:modalSourceViewController:presentationController:animationController:interactionController:completion:] (in UIKitCore) + 1292
19 UIKitCore -[UIViewController _presentViewController:withAnimationController:completion:] (in UIKitCore) + 3972
20 UIKitCore __63-[UIViewController _presentViewController:animated:completion:]_block_invoke (in UIKitCore) + 108
21 UIKitCore -[UIViewController _performCoordinatedPresentOrDismiss:animated:] (in UIKitCore) + 536
22 UIKitCore -[UIViewController _presentViewController:animated:completion:] (in UIKitCore) + 208
23 UIKitCore -[UIViewController presentViewController:animated:completion:] (in UIKitCore) + 188
24 WebKit WebKit::alertForPermission(WebKit::WebPageProxy&, WebKit::MediaPermissionReason, WebCore::SecurityOriginData const&, WTF::CompletionHandler<void (bool)>&&) (in WebKit) + 1764
25 WebKit WebKit::UserMediaPermissionRequestProxy::promptForGetUserMedia() (in WebKit) + 216
26 WebKit WTF::Detail::CallableWrapper<WebKit::UserMediaPermissionRequestManagerProxy::processUserMediaPermissionValidRequest(WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::String&&)::$_10, void, bool>::call(bool) (in WebKit) + 324
27 WebKit WTF::CompletionHandler<void (bool)>::operator()(bool) (in WebKit) + 72
28 WebKit WTF::Detail::CallableWrapper<WebKit::UserMediaPermissionRequestManagerProxy::processUserMediaPermissionRequest()::$_0::operator()(WTF::String&&)::'lambda'(WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::String&&), void, WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::String&&>::call(WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::String&&) (in WebKit) + 3172
29 WebCore WebCore::RealtimeMediaSourceCenter::validateRequestConstraintsAfterEnumeration(WTF::Function<void (WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::String&&)>&&, WTF::Function<void (WTF::String const&)>&&, WebCore::MediaStreamRequest const&, WTF::String&&) (in WebCore) + 820
30 WebCore WTF::Detail::CallableWrapper<WebCore::RealtimeMediaSourceCenter::enumerateDevices(bool, bool, bool, bool, WTF::CompletionHandler<void ()>&&)::$_42, void>::~CallableWrapper() (in WebCore) + 168
31 WebCore HandleRunSource(void*) (in WebCore) + 660
32 CoreFoundation __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (in CoreFoundation) + 28
33 CoreFoundation __CFRunLoopDoSource0 (in CoreFoundation) + 208
34 CoreFoundation __CFRunLoopDoSources0 (in CoreFoundation) + 268
35 CoreFoundation __CFRunLoopRun (in CoreFoundation) + 828
36 CoreFoundation CFRunLoopRunSpecific (in CoreFoundation) + 600
37 WebCore RunWebThread(void*) (in WebCore) + 760
38 libsystem_pthread.dylib _pthread_start (in libsystem_pthread.dylib) + 148
39 libsystem_pthread.dylib thread_start (in libsystem_pthread.dylib) + 8
I'm sorry that I can't attach an standard crash report since we used a custom crash report system, hope related people can check your internal crash logs for this crash!
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Brent Fulgham
Could you locate the console log message that should have been generated by the exception? It might give us a clue about the cause.
Alexey Proskuryakov
There is an assertion in -[_UISimpleFenceProvider trackSystemAnimationFence:] that says "main thread only", and we are clearly calling it on WebThread.
And this seems like a weird mix of WebKit and WebKitLegacy code?
Radar WebKit Bug Importer
<rdar://problem/96305779>
Eric Carlson
(In reply to Alexey Proskuryakov from comment #2)
> And this seems like a weird mix of WebKit and WebKitLegacy code?
There is no WK1 here. The symbol names are confusing because some of the code is exported from the WebCore framework and called from WebKit. This is because media capture and enumeration was originally done in the web process, but is now spread among the UI, GPU, and web processes.
Eric Carlson
Pull request: https://github.com/WebKit/WebKit/pull/2009
EWS
Committed 252189@main (4dbd5bdfdbf7): <https://commits.webkit.org/252189@main>
Reviewed commits have been landed. Closing PR #2009 and removing active labels.
894110476
still happened on iOS16.3 !!!!!
Eric Carlson
(In reply to 894110476 from comment #7)
> still happened on iOS16.3 !!!!!
Can you please attach a log of the crash on 16.3?
Eric Carlson
`UserMediaPermissionRequestProxy::promptForGetUserMedia` is only called when getUserMedia is used in an application that does not implement `[WKUIDelegate webView:requestMediaCapturePermissionForOrigin:initiatedByFrame:type:decisionHandler:]`.
I was not able to reproduce this crash by opening https://webrtc.github.io/samples/src/content/devices/input-output in MobileMiniBrowser.
894110476
(In reply to Eric Carlson from comment #9)
> `UserMediaPermissionRequestProxy::promptForGetUserMedia` is only called when
> getUserMedia is used in an application that does not implement
> `[WKUIDelegate
> webView:requestMediaCapturePermissionForOrigin:initiatedByFrame:type:
> decisionHandler:]`.
>
> I was not able to reproduce this crash by opening
> https://webrtc.github.io/samples/src/content/devices/input-output in
> MobileMiniBrowser.
YES, my application didn't implement `[WKUIDelegate
webView:requestMediaCapturePermissionForOrigin:initiatedByFrame:type:
decisionHandler:]`, it is confused that we can't reproduce it and which scene webkit called UI api not on main thread?
crash stack on iOS 16.3 like this:
thread 18
1 CoreFoundation __exceptionPreprocess (in CoreFoundation) + 164
2 libobjc.A.dylib objc_exception_throw (in libobjc.A.dylib) + 60
3 Foundation _userInfoForFileAndLine (in Foundation) + 0
4 UIKitCore -[UIApplication _performAfterCATransactionCommitsWithLegacyRunloopObserverBasedTiming:block:] (in UIKitCore) + 408
5 UIKitCore -[UIApplication _updateSerializableKeyCommandsForResponder:] (in UIKitCore) + 200
6 UIKitCore -[UIViewController setChildModalViewController:] (in UIKitCore) + 168
7 UIKitCore -[UIViewController _presentViewController:modalSourceViewController:presentationController:animationController:interactionController:completion:] (in UIKitCore) + 496
8 UIKitCore -[UIViewController _presentViewController:withAnimationController:completion:] (in UIKitCore) + 3144
9 UIKitCore __63-[UIViewController _presentViewController:animated:completion:]_block_invoke (in UIKitCore) + 92
10 UIKitCore -[UIViewController _performCoordinatedPresentOrDismiss:animated:] (in UIKitCore) + 396
11 UIKitCore -[UIViewController _presentViewController:animated:completion:] (in UIKitCore) + 188
12 UIKitCore -[UIViewController presentViewController:animated:completion:] (in UIKitCore) + 164
13 WebKit WebKit::alertForPermission(WebKit::WebPageProxy&, WebKit::MediaPermissionReason, WebCore::SecurityOriginData const&, WTF::CompletionHandler<void (bool)>&&) (in WebKit) + 1684
14 WebKit WebKit::UserMediaPermissionRequestProxy::promptForGetUserMedia() (in WebKit) + 220
15 WebKit WTF::Detail::CallableWrapper<WebKit::UserMediaPermissionRequestManagerProxy::processUserMediaPermissionValidRequest(WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WebCore::MediaDeviceHashSalts&&)::$_11, void, bool>::call(bool) (in WebKit) + 304
16 WebKit WTF::CompletionHandler<void (bool)>::operator()(bool) (in WebKit) + 64
17 WebKit WTF::Detail::CallableWrapper<WebKit::UserMediaPermissionRequestManagerProxy::processUserMediaPermissionRequest()::$_1::operator()(WTF::String&&)::'lambda'(WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&), void, WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&>::call(WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) (in WebKit) + 2672
18 WebCore WebCore::RealtimeMediaSourceCenter::validateRequestConstraintsAfterEnumeration(WTF::Function<void (WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Vector<WebCore::CaptureDevice, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&)>&&, WTF::Function<void (WTF::String const&)>&&, WebCore::MediaStreamRequest const&, WebCore::MediaDeviceHashSalts&&) (in WebCore) + 1628
19 WebCore WTF::Detail::CallableWrapper<WebCore::RealtimeMediaSourceCenter::enumerateDevices(bool, bool, bool, bool, WTF::CompletionHandler<void ()>&&)::$_30, void>::~CallableWrapper() (in WebCore) + 168
20 WebCore HandleRunSource(void*) (in WebCore) + 660
21 CoreFoundation
__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (in CoreFoundation) + 28
...
26
WebCore
RunWebThread(void*) (in WebCore) + 756
Eric Carlson
Pull request: https://github.com/WebKit/WebKit/pull/10448
EWS
Committed 260619@main (f3eb8e384292): <https://commits.webkit.org/260619@main>
Reviewed commits have been landed. Closing PR #10448 and removing active labels.