RESOLVED CONFIGURATION CHANGED208339
Web process crashes with UI-side compositing on macOS 
https://bugs.webkit.org/show_bug.cgi?id=208339
Summary Web process crashes with UI-side compositing on macOS
Simon Fraser (smfr)
Reported 2020-02-27 13:54:13 PST
(lldb) bt * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x40) frame #0: 0x00000005f1182375 WebKit`std::__1::unique_ptr<WebCore::Page, std::__1::default_delete<WebCore::Page> >::operator bool(this=0x0000000000000040) const at memory:2636:27 * frame #1: 0x00000005f16e5cb6 WebKit`WebKit::WebPage::mainFrame(this=0x0000000000000000) const at WebPage.cpp:5232:12 frame #2: 0x00000005f16e56e5 WebKit`WebKit::WebPage::mainFrameView(this=0x0000000000000000) const at WebPage.cpp:5237:24 frame #3: 0x00000005f1265c21 WebKit`auto WebKit::WebProcess::updatePageScreenProperties(this=0x00007ffeef0de410, page=0x000000061f7f9498)::$_3::operator()<WTF::RefPtr<WebKit::WebPage, WTF::DumbPtrTraits<WebKit::WebPage> > >(WTF::RefPtr<WebKit::WebPage, WTF::DumbPtrTraits<WebKit::WebPage> >&) const at WebProcessCocoa.mm:997:53 frame #4: 0x00000005f125c893 WebKit`bool WTF::allOf<WTF::SizedIteratorRange<WTF::HashMap<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WTF::RefPtr<WebKit::WebPage, WTF::DumbPtrTraits<WebKit::WebPage> >, WTF::ObjectIdentifierHash<WebCore::PageIdentifierType>, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::PageIdentifierType> >, WTF::HashTraits<WTF::RefPtr<WebKit::WebPage, WTF::DumbPtrTraits<WebKit::WebPage> > > >, WTF::HashTableValuesIterator<WTF::HashTable<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WTF::RefPtr<WebKit::WebPage, WTF::DumbPtrTraits<WebKit::WebPage> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WTF::RefPtr<WebKit::WebPage, WTF::DumbPtrTraits<WebKit::WebPage> > > >, WTF::ObjectIdentifierHash<WebCore::PageIdentifierType>, WTF::HashMap<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WTF::RefPtr<WebKit::WebPage, WTF::DumbPtrTraits<WebKit::WebPage> >, WTF::ObjectIdentifierHash<WebCore::PageIdentifierType>, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::PageIdentifierType> >, WTF::HashTraits<WTF::RefPtr<WebKit::WebPage, WTF::DumbPtrTraits<WebKit::WebPage> > > >::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::PageIdentifierType> > >, WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WTF::RefPtr<WebKit::WebPage, WTF::DumbPtrTraits<WebKit::WebPage> > > >, WebKit::WebProcess::updatePageScreenProperties()::$_3>(container=0x00007ffeef0de4d0, allOfFunction=(anonymous class) @ 0x00007ffeef0de410)::$_3) at Algorithms.h:51:14 frame #5: 0x00000005f125c72e WebKit`WebKit::WebProcess::updatePageScreenProperties(this=0x000000061f7f4000) at WebProcessCocoa.mm:996:36 frame #6: 0x00000005f16ea055 WebKit`WebKit::WebPage::windowScreenDidChange(this=0x00007fec40011608, displayID=4294967281) at WebPage.cpp:2006:29 frame #7: 0x00000005f03a4c30 WebKit`WebKit::RemoteLayerTreeDrawingArea::RemoteLayerTreeDrawingArea(this=0x000000061f766000, webPage=0x00007fec40011608, parameters=0x00007ffeef0df028) at RemoteLayerTreeDrawingArea.mm:75:13 frame #8: 0x00000005f03a6005 WebKit`WebKit::RemoteLayerTreeDrawingArea::RemoteLayerTreeDrawingArea(this=0x000000061f766000, webPage=0x00007fec40011608, parameters=0x00007ffeef0df028) at RemoteLayerTreeDrawingArea.mm:64:1 frame #9: 0x00000005f150cef2 WebKit`std::__1::__unique_if<WebKit::RemoteLayerTreeDrawingArea>::__unique_single std::__1::make_unique<WebKit::RemoteLayerTreeDrawingArea, WebKit::WebPage&, WebKit::WebPageCreationParameters const&>(__args=0x00007fec40011608, __args=0x00007ffeef0df028) at memory:3131:32 frame #10: 0x00000005f1505ba4 WebKit`decltype(args=0x00007fec40011608, args=0x00007ffeef0df028) WTF::makeUnique<WebKit::RemoteLayerTreeDrawingArea, WebKit::WebPage&, WebKit::WebPageCreationParameters const&>(WebKit::WebPage&, WebKit::WebPageCreationParameters const&) at StdLibExtras.h:483:12 frame #11: 0x00000005f1505a83 WebKit`WebKit::DrawingArea::create(webPage=0x00007fec40011608, parameters=0x00007ffeef0df028) at DrawingArea.cpp:56:16 frame #12: 0x00000005f16dbcd6 WebKit`WebKit::WebPage::WebPage(this=0x00007fec40011608, pageID=(m_identifier = 14), parameters=0x00007ffeef0df028) at WebPage.cpp:546:21 frame #13: 0x00000005f16da7c5 WebKit`WebKit::WebPage::WebPage(this=0x00007fec40011608, pageID=(m_identifier = 14), parameters=0x00007ffeef0df028) at WebPage.cpp:456:1 frame #14: 0x00000005f16da6d1 WebKit`WebKit::WebPage::create(pageID=(m_identifier = 14), parameters=0x00007ffeef0df028) at WebPage.cpp:381:39 frame #15: 0x00000005f1270744 WebKit`WebKit::WebProcess::createWebPage(this=0x000000061f7f4000, pageID=(m_identifier = 14), parameters=0x00007ffeef0df028) at WebProcess.cpp:690:34 frame #16: 0x00000005f19897ec WebKit`void IPC::callMemberFunctionImpl<WebKit::WebProcess, void (WebKit::WebProcess::*)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters&&), std::__1::tuple<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters>, 0ul, 1ul>(object=0x000000061f7f4000, function=60 06 27 f1 05 00 00 00 00 00 00 00 00 00 00 00, args=size=2, (null)=std::__1::index_sequence<0UL, 1UL> @ 0x00007ffeef0def58)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters&&), std::__1::tuple<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) at HandleMessage.h:41:5 frame #17: 0x00000005f1988310 WebKit`void IPC::callMemberFunction<WebKit::WebProcess, void (WebKit::WebProcess::*)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters&&), std::__1::tuple<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(args=size=2, object=0x000000061f7f4000, function=60 06 27 f1 05 00 00 00 00 00 00 00 00 00 00 00)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters&&)) at HandleMessage.h:47:5 frame #18: 0x00000005f198052b WebKit`void IPC::handleMessage<Messages::WebProcess::CreateWebPage, WebKit::WebProcess, void (WebKit::WebProcess::*)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters&&)>(decoder=0x000000061f7db150, object=0x000000061f7f4000, function=60 06 27 f1 05 00 00 00 00 00 00 00 00 00 00 00)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters&&)) at HandleMessage.h:120:5 frame #19: 0x00000005f197d8c0 WebKit`WebKit::WebProcess::didReceiveWebProcessMessage(this=0x000000061f7f4000, connection=0x000000061f7e4000, decoder=0x000000061f7db150) at WebProcessMessageReceiver.cpp:294:9 frame #20: 0x00000005f12711ab WebKit`WebKit::WebProcess::didReceiveMessage(this=0x000000061f7f4000, connection=0x000000061f7e4000, decoder=0x000000061f7db150) at WebProcess.cpp:755:9 frame #21: 0x00000005f0071ba9 WebKit`IPC::Connection::dispatchMessage(this=0x000000061f7e4000, decoder=0x000000061f7db150) at Connection.cpp:1008:14 frame #22: 0x00000005f0072502 WebKit`IPC::Connection::dispatchMessage(this=0x000000061f7e4000, message=unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> > @ 0x00007ffeef0e0460) at Connection.cpp:1077:9 frame #23: 0x00000005f0072bb0 WebKit`IPC::Connection::dispatchOneIncomingMessage(this=0x000000061f7e4000) at Connection.cpp:1146:5 frame #24: 0x00000005f00915ee WebKit`IPC::Connection::enqueueIncomingMessage(this=0x000000061f7dc048)::$_7::operator()() at Connection.cpp:985:28 frame #25: 0x00000005f00914fe WebKit`WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_7, void>::call(this=0x000000061f7dc040) at Function.h:52:39 frame #26: 0x0000000615f53f92 JavaScriptCore`WTF::Function<void ()>::operator(this=0x00007ffeef0e0528)() const at Function.h:84:35 frame #27: 0x0000000615fc1348 JavaScriptCore`WTF::RunLoop::performWork(this=0x000000061f7f6000) at RunLoop.cpp:119:9 frame #28: 0x0000000615fc1cf1 JavaScriptCore`WTF::RunLoop::performWork(context=0x000000061f7f6000) at RunLoopCF.cpp:38:37 frame #29: 0x00007fff322aa552 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 frame #30: 0x00007fff322aa4f1 CoreFoundation`__CFRunLoopDoSource0 + 103 frame #31: 0x00007fff322aa30b CoreFoundation`__CFRunLoopDoSources0 + 209 frame #32: 0x00007fff322a903a CoreFoundation`__CFRunLoopRun + 927 frame #33: 0x00007fff322a863e CoreFoundation`CFRunLoopRunSpecific + 462 frame #34: 0x00007fff3493c2a8 Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 frame #35: 0x00007fff349eed2f Foundation`-[NSRunLoop(NSRunLoop) run] + 76 frame #36: 0x00007fff6c3ed51a libxpc.dylib`_xpc_objc_main.cold.4 + 49 frame #37: 0x00007fff6c3ed460 libxpc.dylib`_xpc_objc_main + 559 frame #38: 0x00007fff6c3ecf93 libxpc.dylib`xpc_main + 377 frame #39: 0x00000005f07cd5d9 WebKit`WebKit::XPCServiceMain((null)=1, (null)=0x00007ffeef0e16b0) at XPCServiceMain.mm:164:5 frame #40: 0x00000005f1a6abfb WebKit`WKXPCServiceMain(argc=1, argv=0x00007ffeef0e16b0) at WKMain.mm:33:12 frame #41: 0x0000000100b1eeb2 com.apple.WebKit.WebContent.Development`main(argc=1, argv=0x00007ffeef0e16b0) at AuxiliaryProcessMain.cpp:30:12 frame #42: 0x00007fff6c19fcc9 libdyld.dylib`start + 1 (lldb)
Attachments
Patch (1.56 KB, patch)
2020-03-13 08:44 PDT, Kate Cheney 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Simon Fraser (smfr)
Comment 1 2020-02-27 13:58:46 PST
WebProcess::createWebPage() is in WebPage::create() which hasn't yet set the value in the m_pageMap: if (result.isNewEntry) { ASSERT(!result.iterator->value); result.iterator->value = WebPage::create(pageID, WTFMove(parameters)); then WebProcess::updatePageScreenProperties() tries to iterate the map: bool allPagesAreOnHDRScreens = allOf(m_pageMap.values(), [] (auto& page) { return screenSupportsHighDynamicRange(page->mainFrameView()); }); and gets a null page.
Simon Fraser (smfr)
Comment 2 2020-02-27 13:59:43 PST
Maybe RemoteLayerTreeDrawingArea::RemoteLayerTreeDrawingArea() shouldn't call windowScreenDidChange().
Alexey Proskuryakov
Comment 3 2020-03-12 19:52:25 PDT
rdar://problem/60395998
Kate Cheney
Comment 4 2020-03-13 08:44:07 PDT
Created attachment 393484 [details] Patch
Kate Cheney
Comment 5 2020-03-13 08:47:39 PDT
(In reply to katherine_cheney from comment #4) > Created attachment 393484 [details] > Patch Wrong bug :)
Simon Fraser (smfr)
Comment 6 2022-03-14 14:52:56 PDT
This doesn't happen any more.
Note You need to log in before you can comment on or make changes to this bug.