WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
224388
UI process can assert in DisplayLink::decrementFullSpeedRequestClientCount()
https://bugs.webkit.org/show_bug.cgi?id=224388
Summary
UI process can assert in DisplayLink::decrementFullSpeedRequestClientCount()
Simon Fraser (smfr)
Reported
2021-04-09 13:38:00 PDT
This can happen when we have a process swap between m_wheelEventActivityHysteresis start and stop. To reproduce: 1. Load a page 2. Scroll 3. Load another page that immediately triggers a rendering update 4. Wait a few seconds. 0 com.apple.JavaScriptCore 0x0000000143c9d1be WTFCrash + 14 (Assertions.cpp:305) 1 com.apple.WebKit 0x000000011a5f681b WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:671) 2 com.apple.WebKit 0x000000011c0dbb52 WebKit::DisplayLink::decrementFullSpeedRequestClientCount(IPC::Connection&) + 290 (DisplayLink.cpp:177) 3 com.apple.WebKit 0x000000011b92894a WebKit::WebProcessPool::setDisplayLinkForDisplayWantsFullSpeedUpdates(IPC::Connection&, unsigned int, bool) + 170 (WebProcessPoolCocoa.mm:831) 4 com.apple.WebKit 0x000000011bb63c36 WebKit::WebPageProxy::wheelEventHysteresisUpdated(PAL::HysteresisState) + 214 (WebPageProxy.cpp:2712) 5 com.apple.WebKit 0x000000011bbc238e WebKit::WebPageProxy::WebPageProxy(WebKit::PageClient&, WebKit::WebProcessProxy&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration> >&&)::$_6::operator()(PAL::HysteresisState) const + 30 (WebPageProxy.cpp:486) 6 com.apple.WebKit 0x000000011bbc2321 WTF::Detail::CallableWrapper<WebKit::WebPageProxy::WebPageProxy(WebKit::PageClient&, WebKit::WebProcessProxy&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration> >&&)::$_6, void, PAL::HysteresisState>::call(PAL::HysteresisState) + 49 (Function.h:52) 7 com.apple.WebKit 0x000000011a5fc9c8 WTF::Function<void (PAL::HysteresisState)>::operator()(PAL::HysteresisState) const + 152 (Function.h:83) 8 com.apple.WebKit 0x000000011b6273a4 PAL::HysteresisActivity::hysteresisTimerFired() + 52 (HysteresisActivity.h:88) 9 com.apple.WebKit 0x000000011b627d37 decltype(*(std::__1::forward<PAL::HysteresisActivity*&>(fp0)).*fp()) std::__1::__invoke<void (PAL::HysteresisActivity::*&)(), PAL::HysteresisActivity*&, void>(void (PAL::HysteresisActivity::*&)(), PAL::HysteresisActivity*&) + 119 (type_traits:3688) 10 com.apple.WebKit 0x000000011b627cb0 std::__1::__bind_return<void (PAL::HysteresisActivity::*)(), std::__1::tuple<PAL::HysteresisActivity*>, std::__1::tuple<>, __is_valid_bind_return<void (PAL::HysteresisActivity::*)(), std::__1::tuple<PAL::HysteresisActivity*>, std::__1::tuple<> >::value>::type std::__1::__apply_functor<void (PAL::HysteresisActivity::*)(), std::__1::tuple<PAL::HysteresisActivity*>, 0ul, std::__1::tuple<> >(void (PAL::HysteresisActivity::*&)(), std::__1::tuple<PAL::HysteresisActivity*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) + 64 (functional:2852) 11 com.apple.WebKit 0x000000011b627c69 std::__1::__bind_return<void (PAL::HysteresisActivity::*)(), std::__1::tuple<PAL::HysteresisActivity*>, std::__1::tuple<>, __is_valid_bind_return<void (PAL::HysteresisActivity::*)(), std::__1::tuple<PAL::HysteresisActivity*>, std::__1::tuple<> >::value>::type std::__1::__bind<void (PAL::HysteresisActivity::*&)(), PAL::HysteresisActivity*&>::operator()<>() + 41 (functional:2885) 12 com.apple.WebKit 0x000000011b627bee WTF::Detail::CallableWrapper<std::__1::__bind<void (PAL::HysteresisActivity::*&)(), PAL::HysteresisActivity*&>, void>::call() + 30 (Function.h:52) 13 com.apple.WebKit 0x000000011a63dc32 WTF::Function<void ()>::operator()() const + 130 (Function.h:83) 14 com.apple.WebKit 0x000000011a63db7e WTF::RunLoop::Timer<PAL::HysteresisActivity>::fired() + 30 (RunLoop.h:187) 15 com.apple.JavaScriptCore 0x0000000143d5442c WTF::RunLoop::TimerBase::start(WTF::Seconds, bool)::$_1::operator()(__CFRunLoopTimer*, void*) const + 76 (RunLoopCF.cpp:126) 16 com.apple.JavaScriptCore 0x0000000143d543cd WTF::RunLoop::TimerBase::start(WTF::Seconds, bool)::$_1::__invoke(__CFRunLoopTimer*, void*) + 29 (RunLoopCF.cpp:119) 17 com.apple.CoreFoundation 0x00007fff204813c9 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
Attachments
Patch
(4.70 KB, patch)
2021-04-09 14:00 PDT
,
Simon Fraser (smfr)
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Simon Fraser (smfr)
Comment 1
2021-04-09 14:00:19 PDT
Created
attachment 425648
[details]
Patch
EWS
Comment 2
2021-04-15 11:37:10 PDT
Committed
r276036
(
236580@main
): <
https://commits.webkit.org/236580@main
> All reviewed patches have been landed. Closing bug and clearing flags on
attachment 425648
[details]
.
Radar WebKit Bug Importer
Comment 3
2021-04-15 11:38:14 PDT
<
rdar://problem/76714742
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug