208339 – Web process crashes with UI-side compositing on macOS

Bug 208339 - Web process crashes with UI-side compositing on macOS

Summary: Web process crashes with UI-side compositing on macOS

Status:	RESOLVED CONFIGURATION CHANGED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Misc. (show other bugs)
Version:	Safari Technology Preview
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-02-27 13:54 PST by Simon Fraser (smfr)
Modified:	2022-03-14 14:52 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
Patch (1.56 KB, patch) 2020-03-13 08:44 PDT, Kate Cheney	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Simon Fraser (smfr) 2020-02-27 13:54:13 PST

(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x40)
    frame #0: 0x00000005f1182375 WebKit`std::__1::unique_ptr<WebCore::Page, std::__1::default_delete<WebCore::Page> >::operator bool(this=0x0000000000000040) const at memory:2636:27
  * frame #1: 0x00000005f16e5cb6 WebKit`WebKit::WebPage::mainFrame(this=0x0000000000000000) const at WebPage.cpp:5232:12
    frame #2: 0x00000005f16e56e5 WebKit`WebKit::WebPage::mainFrameView(this=0x0000000000000000) const at WebPage.cpp:5237:24
    frame #3: 0x00000005f1265c21 WebKit`auto WebKit::WebProcess::updatePageScreenProperties(this=0x00007ffeef0de410, page=0x000000061f7f9498)::$_3::operator()<WTF::RefPtr<WebKit::WebPage, WTF::DumbPtrTraits<WebKit::WebPage> > >(WTF::RefPtr<WebKit::WebPage, WTF::DumbPtrTraits<WebKit::WebPage> >&) const at WebProcessCocoa.mm:997:53
    frame #4: 0x00000005f125c893 WebKit`bool WTF::allOf<WTF::SizedIteratorRange<WTF::HashMap<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WTF::RefPtr<WebKit::WebPage, WTF::DumbPtrTraits<WebKit::WebPage> >, WTF::ObjectIdentifierHash<WebCore::PageIdentifierType>, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::PageIdentifierType> >, WTF::HashTraits<WTF::RefPtr<WebKit::WebPage, WTF::DumbPtrTraits<WebKit::WebPage> > > >, WTF::HashTableValuesIterator<WTF::HashTable<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WTF::RefPtr<WebKit::WebPage, WTF::DumbPtrTraits<WebKit::WebPage> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WTF::RefPtr<WebKit::WebPage, WTF::DumbPtrTraits<WebKit::WebPage> > > >, WTF::ObjectIdentifierHash<WebCore::PageIdentifierType>, WTF::HashMap<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WTF::RefPtr<WebKit::WebPage, WTF::DumbPtrTraits<WebKit::WebPage> >, WTF::ObjectIdentifierHash<WebCore::PageIdentifierType>, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::PageIdentifierType> >, WTF::HashTraits<WTF::RefPtr<WebKit::WebPage, WTF::DumbPtrTraits<WebKit::WebPage> > > >::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::PageIdentifierType> > >, WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WTF::RefPtr<WebKit::WebPage, WTF::DumbPtrTraits<WebKit::WebPage> > > >, WebKit::WebProcess::updatePageScreenProperties()::$_3>(container=0x00007ffeef0de4d0, allOfFunction=(anonymous class) @ 0x00007ffeef0de410)::$_3) at Algorithms.h:51:14
    frame #5: 0x00000005f125c72e WebKit`WebKit::WebProcess::updatePageScreenProperties(this=0x000000061f7f4000) at WebProcessCocoa.mm:996:36
    frame #6: 0x00000005f16ea055 WebKit`WebKit::WebPage::windowScreenDidChange(this=0x00007fec40011608, displayID=4294967281) at WebPage.cpp:2006:29
    frame #7: 0x00000005f03a4c30 WebKit`WebKit::RemoteLayerTreeDrawingArea::RemoteLayerTreeDrawingArea(this=0x000000061f766000, webPage=0x00007fec40011608, parameters=0x00007ffeef0df028) at RemoteLayerTreeDrawingArea.mm:75:13
    frame #8: 0x00000005f03a6005 WebKit`WebKit::RemoteLayerTreeDrawingArea::RemoteLayerTreeDrawingArea(this=0x000000061f766000, webPage=0x00007fec40011608, parameters=0x00007ffeef0df028) at RemoteLayerTreeDrawingArea.mm:64:1
    frame #9: 0x00000005f150cef2 WebKit`std::__1::__unique_if<WebKit::RemoteLayerTreeDrawingArea>::__unique_single std::__1::make_unique<WebKit::RemoteLayerTreeDrawingArea, WebKit::WebPage&, WebKit::WebPageCreationParameters const&>(__args=0x00007fec40011608, __args=0x00007ffeef0df028) at memory:3131:32
    frame #10: 0x00000005f1505ba4 WebKit`decltype(args=0x00007fec40011608, args=0x00007ffeef0df028) WTF::makeUnique<WebKit::RemoteLayerTreeDrawingArea, WebKit::WebPage&, WebKit::WebPageCreationParameters const&>(WebKit::WebPage&, WebKit::WebPageCreationParameters const&) at StdLibExtras.h:483:12
    frame #11: 0x00000005f1505a83 WebKit`WebKit::DrawingArea::create(webPage=0x00007fec40011608, parameters=0x00007ffeef0df028) at DrawingArea.cpp:56:16
    frame #12: 0x00000005f16dbcd6 WebKit`WebKit::WebPage::WebPage(this=0x00007fec40011608, pageID=(m_identifier = 14), parameters=0x00007ffeef0df028) at WebPage.cpp:546:21
    frame #13: 0x00000005f16da7c5 WebKit`WebKit::WebPage::WebPage(this=0x00007fec40011608, pageID=(m_identifier = 14), parameters=0x00007ffeef0df028) at WebPage.cpp:456:1
    frame #14: 0x00000005f16da6d1 WebKit`WebKit::WebPage::create(pageID=(m_identifier = 14), parameters=0x00007ffeef0df028) at WebPage.cpp:381:39
    frame #15: 0x00000005f1270744 WebKit`WebKit::WebProcess::createWebPage(this=0x000000061f7f4000, pageID=(m_identifier = 14), parameters=0x00007ffeef0df028) at WebProcess.cpp:690:34
    frame #16: 0x00000005f19897ec WebKit`void IPC::callMemberFunctionImpl<WebKit::WebProcess, void (WebKit::WebProcess::*)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters&&), std::__1::tuple<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters>, 0ul, 1ul>(object=0x000000061f7f4000, function=60 06 27 f1 05 00 00 00 00 00 00 00 00 00 00 00, args=size=2, (null)=std::__1::index_sequence<0UL, 1UL> @ 0x00007ffeef0def58)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters&&), std::__1::tuple<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) at HandleMessage.h:41:5
    frame #17: 0x00000005f1988310 WebKit`void IPC::callMemberFunction<WebKit::WebProcess, void (WebKit::WebProcess::*)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters&&), std::__1::tuple<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(args=size=2, object=0x000000061f7f4000, function=60 06 27 f1 05 00 00 00 00 00 00 00 00 00 00 00)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters&&)) at HandleMessage.h:47:5
    frame #18: 0x00000005f198052b WebKit`void IPC::handleMessage<Messages::WebProcess::CreateWebPage, WebKit::WebProcess, void (WebKit::WebProcess::*)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters&&)>(decoder=0x000000061f7db150, object=0x000000061f7f4000, function=60 06 27 f1 05 00 00 00 00 00 00 00 00 00 00 00)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::WebPageCreationParameters&&)) at HandleMessage.h:120:5
    frame #19: 0x00000005f197d8c0 WebKit`WebKit::WebProcess::didReceiveWebProcessMessage(this=0x000000061f7f4000, connection=0x000000061f7e4000, decoder=0x000000061f7db150) at WebProcessMessageReceiver.cpp:294:9
    frame #20: 0x00000005f12711ab WebKit`WebKit::WebProcess::didReceiveMessage(this=0x000000061f7f4000, connection=0x000000061f7e4000, decoder=0x000000061f7db150) at WebProcess.cpp:755:9
    frame #21: 0x00000005f0071ba9 WebKit`IPC::Connection::dispatchMessage(this=0x000000061f7e4000, decoder=0x000000061f7db150) at Connection.cpp:1008:14
    frame #22: 0x00000005f0072502 WebKit`IPC::Connection::dispatchMessage(this=0x000000061f7e4000, message=unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> > @ 0x00007ffeef0e0460) at Connection.cpp:1077:9
    frame #23: 0x00000005f0072bb0 WebKit`IPC::Connection::dispatchOneIncomingMessage(this=0x000000061f7e4000) at Connection.cpp:1146:5
    frame #24: 0x00000005f00915ee WebKit`IPC::Connection::enqueueIncomingMessage(this=0x000000061f7dc048)::$_7::operator()() at Connection.cpp:985:28
    frame #25: 0x00000005f00914fe WebKit`WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_7, void>::call(this=0x000000061f7dc040) at Function.h:52:39
    frame #26: 0x0000000615f53f92 JavaScriptCore`WTF::Function<void ()>::operator(this=0x00007ffeef0e0528)() const at Function.h:84:35
    frame #27: 0x0000000615fc1348 JavaScriptCore`WTF::RunLoop::performWork(this=0x000000061f7f6000) at RunLoop.cpp:119:9
    frame #28: 0x0000000615fc1cf1 JavaScriptCore`WTF::RunLoop::performWork(context=0x000000061f7f6000) at RunLoopCF.cpp:38:37
    frame #29: 0x00007fff322aa552 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
    frame #30: 0x00007fff322aa4f1 CoreFoundation`__CFRunLoopDoSource0 + 103
    frame #31: 0x00007fff322aa30b CoreFoundation`__CFRunLoopDoSources0 + 209
    frame #32: 0x00007fff322a903a CoreFoundation`__CFRunLoopRun + 927
    frame #33: 0x00007fff322a863e CoreFoundation`CFRunLoopRunSpecific + 462
    frame #34: 0x00007fff3493c2a8 Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212
    frame #35: 0x00007fff349eed2f Foundation`-[NSRunLoop(NSRunLoop) run] + 76
    frame #36: 0x00007fff6c3ed51a libxpc.dylib`_xpc_objc_main.cold.4 + 49
    frame #37: 0x00007fff6c3ed460 libxpc.dylib`_xpc_objc_main + 559
    frame #38: 0x00007fff6c3ecf93 libxpc.dylib`xpc_main + 377
    frame #39: 0x00000005f07cd5d9 WebKit`WebKit::XPCServiceMain((null)=1, (null)=0x00007ffeef0e16b0) at XPCServiceMain.mm:164:5
    frame #40: 0x00000005f1a6abfb WebKit`WKXPCServiceMain(argc=1, argv=0x00007ffeef0e16b0) at WKMain.mm:33:12
    frame #41: 0x0000000100b1eeb2 com.apple.WebKit.WebContent.Development`main(argc=1, argv=0x00007ffeef0e16b0) at AuxiliaryProcessMain.cpp:30:12
    frame #42: 0x00007fff6c19fcc9 libdyld.dylib`start + 1
(lldb)

Comment 1 Simon Fraser (smfr) 2020-02-27 13:58:46 PST

WebProcess::createWebPage() is in WebPage::create() which hasn't yet set the value in the m_pageMap:

    if (result.isNewEntry) {
        ASSERT(!result.iterator->value);
        result.iterator->value = WebPage::create(pageID, WTFMove(parameters));

then WebProcess::updatePageScreenProperties() tries to iterate the map:

    bool allPagesAreOnHDRScreens = allOf(m_pageMap.values(), [] (auto& page) {
        return screenSupportsHighDynamicRange(page->mainFrameView());
    });

and gets a null page.

Comment 2 Simon Fraser (smfr) 2020-02-27 13:59:43 PST

Maybe RemoteLayerTreeDrawingArea::RemoteLayerTreeDrawingArea() shouldn't call windowScreenDidChange().

Comment 3 Alexey Proskuryakov 2020-03-12 19:52:25 PDT

rdar://problem/60395998

Comment 4 Kate Cheney 2020-03-13 08:44:07 PDT

Created attachment 393484 [details]
Patch

Comment 5 Kate Cheney 2020-03-13 08:47:39 PDT

(In reply to katherine_cheney from comment #4)
> Created attachment 393484 [details]
> Patch

Wrong bug :)

Comment 6 Simon Fraser (smfr) 2022-03-14 14:52:56 PDT

This doesn't happen any more.