WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
240545
Crash under RemoteDisplayListRecorder::restore()
https://bugs.webkit.org/show_bug.cgi?id=240545
Summary
Crash under RemoteDisplayListRecorder::restore()
Simon Fraser (smfr)
Reported
2022-05-17 15:57:08 PDT
Created
attachment 459519
[details]
Crash log EWS shows a crash under RemoteDisplayListRecorder::restore():
https://ews-build.s3-us-west-2.amazonaws.com/macOS-BigSur-Release-WK2-Tests-EWS/459507-7519/fast/mediastream/granted-denied-request-management2-crash-log.txt
Thread 30 Crashed:: RemoteRenderingBackend work queue 0 com.apple.WebCore 0x000000011482a475 WebCore::Color::operator=(WebCore::Color const&) + 229 1 com.apple.WebCore 0x00000001148a7c62 WebCore::GraphicsContextState::operator=(WebCore::GraphicsContextState const&) + 34 2 com.apple.WebCore 0x00000001148a7b97 WebCore::GraphicsContext::restore() + 55 3 com.apple.WebCore 0x0000000114933e07 WebCore::GraphicsContextCG::restore() + 23 4 com.apple.WebKit 0x000000010f092a5c WebKit::RemoteDisplayListRecorder::restore() + 34 5 com.apple.WebKit 0x000000010f27e5e8 IPC::StreamServerConnection::dispatchStreamMessage(IPC::Decoder&&, IPC::StreamMessageReceiver&) + 32 6 com.apple.WebKit 0x000000010f27d953 IPC::StreamServerConnection::dispatchStreamMessages(unsigned long) + 377 7 com.apple.WebKit 0x000000010f27d6bf IPC::StreamConnectionWorkQueue::processStreams() + 435 8 com.apple.WebKit 0x000000010f27ee3a WTF::Detail::CallableWrapper<IPC::StreamConnectionWorkQueue::startProcessingThread()::$_0, void>::call() + 46 9 com.apple.JavaScriptCore 0x0000000117e7bbdc WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 124 10 com.apple.JavaScriptCore 0x0000000117e7e209 WTF::wtfThreadEntryPoint(void*) + 9 11 libsystem_pthread.dylib 0x00007fff2045a8fc _pthread_start + 224 12 libsystem_pthread.dylib 0x00007fff20456443 thread_start + 15 Main thread is in: Thread 0:: Dispatch queue: com.apple.main-thread 0 libsystem_malloc.dylib 0x00007fff202865f0 tiny_free_no_lock + 997 1 libsystem_malloc.dylib 0x00007fff202860c9 free_tiny + 442 2 com.apple.CoreGraphics 0x00007fff24fb0e8d CGGStateRelease + 44 3 com.apple.CoreGraphics 0x00007fff24fbb804 CGGStackReset + 44 4 com.apple.CoreGraphics 0x00007fff24fbb7c9 CGGStackRelease + 19 5 com.apple.CoreGraphics 0x00007fff24fbb755 context_finalize + 67 6 com.apple.CoreFoundation 0x00007fff2061c967 _CFRelease + 244 7 com.apple.WebCore 0x000000011493a6e5 WebCore::IOSurfacePool::willAddSurface(WebCore::IOSurface&, bool) + 85 8 com.apple.WebCore 0x000000011493b208 WebCore::IOSurfacePool::addSurface(std::__1::unique_ptr<WebCore::IOSurface, std::__1::default_delete<WebCore::IOSurface> >&&) + 104 9 com.apple.WebCore 0x0000000114946ee7 WebCore::ImageBufferIOSurfaceBackend::~ImageBufferIOSurfaceBackend() + 71 10 com.apple.WebKit 0x000000010f098fbf std::__1::unique_ptr<WebKit::ImageBufferShareableMappedIOSurfaceBackend, std::__1::default_delete<WebKit::ImageBufferShareableMappedIOSurfaceBackend> >::reset(WebKit::ImageBufferShareableMappedIOSurfaceBackend*) + 25 11 com.apple.WebKit 0x000000010f098ede WebKit::RemoteImageBuffer<WebKit::ImageBufferShareableMappedIOSurfaceBackend>::~RemoteImageBuffer() + 120 12 com.apple.WebKit 0x000000010f098780 WebKit::RemoteImageBuffer<WebKit::ImageBufferShareableMappedIOSurfaceBackend>::~RemoteImageBuffer() + 14 13 com.apple.JavaScriptCore 0x0000000117e617c1 WTF::RunLoop::performWork() + 545 14 com.apple.JavaScriptCore 0x0000000117e62072 WTF::RunLoop::performWork(void*) + 34 15 com.apple.CoreFoundation 0x00007fff205520dc __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 16 com.apple.CoreFoundation 0x00007fff20552044 __CFRunLoopDoSource0 + 180 17 com.apple.CoreFoundation 0x00007fff20551dba __CFRunLoopDoSources0 + 242 18 com.apple.CoreFoundation 0x00007fff205507c8 __CFRunLoopRun + 897 19 com.apple.CoreFoundation 0x00007fff2054fd80 CFRunLoopRunSpecific + 567 20 com.apple.Foundation 0x00007fff2120b607 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 21 com.apple.Foundation 0x00007fff212994d1 -[NSRunLoop(NSRunLoop) run] + 76 22 libxpc.dylib 0x00007fff201a938d _xpc_objc_main + 825
Attachments
Crash log
(86.12 KB, text/plain)
2022-05-17 15:57 PDT
,
Simon Fraser (smfr)
no flags
Details
Patch
(2.03 KB, patch)
2022-05-18 07:06 PDT
,
Kimmo Kinnunen
no flags
Details
Formatted Diff
Diff
For landing.
(2.03 KB, patch)
2022-05-24 04:27 PDT
,
Kimmo Kinnunen
dino
: commit-queue+
Details
Formatted Diff
Diff
[fast-cq] Patch for landing
(2.03 KB, patch)
2022-05-30 14:05 PDT
,
Dean Jackson
no flags
Details
Formatted Diff
Diff
Show Obsolete
(2)
View All
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2022-05-17 15:57:26 PDT
<
rdar://problem/93459252
>
Simon Fraser (smfr)
Comment 2
2022-05-17 15:59:39 PDT
Another one:
https://ews-build.s3-us-west-2.amazonaws.com/macOS-AppleSilicon-Big-Sur-Debug-WK2-Tests-EWS/459507-31028/fast/mediastream/media-stream-video-track-interrupted-from-audio-crash-log.txt
Simon Fraser (smfr)
Comment 3
2022-05-17 16:42:33 PDT
Also here:
https://ews-build.s3-us-west-2.amazonaws.com/macOS-AppleSilicon-Big-Sur-Debug-WK2-Tests-EWS/459463-30950/results.html
Kimmo Kinnunen
Comment 4
2022-05-18 07:06:09 PDT
Created
attachment 459540
[details]
Patch
Kimmo Kinnunen
Comment 5
2022-05-18 07:10:05 PDT
I could not repro the issue, but I didn't have the exact same configuration. The strange thing is that dereferencing a disengaged std::optional should assert if the patch is fixing what it thinks it is fixing. However, I could not make std::optional assert in our builds. However, I seem to remember seeing such an assertion, so I don't know which is wrong -- my try or my recollection.
Kimmo Kinnunen
Comment 6
2022-05-18 08:08:42 PDT
I was in fact thinking of std::optional::value() which throws bad_optional_access. It appears we don't compile with libc++ debug assertions even on debug. From this perspective the patch is still consistent (potentially fixing the issue)
Kimmo Kinnunen
Comment 7
2022-05-24 04:27:06 PDT
Created
attachment 459713
[details]
For landing.
Dean Jackson
Comment 8
2022-05-27 14:23:56 PDT
Landed in
https://github.com/WebKit/WebKit/commit/6576dbdb63c07525a7a864408705aaf879251174
Dean Jackson
Comment 9
2022-05-27 14:39:52 PDT
Ignore that commit. It was landed incorrectly.
Dean Jackson
Comment 10
2022-05-30 13:59:47 PDT
Why isn't the commit-queue picking this up?
Dean Jackson
Comment 11
2022-05-30 14:05:15 PDT
Created
attachment 459873
[details]
[fast-cq] Patch for landing Trying to poke the cq.
Dean Jackson
Comment 12
2022-05-30 14:34:07 PDT
I guess all cq patches have to go via github now.
Kimmo Kinnunen
Comment 13
2022-05-31 00:21:33 PDT
Somehow commit queue already applied this but never heralded.
Kimmo Kinnunen
Comment 14
2022-05-31 00:21:40 PDT
https://github.com/WebKit/WebKit/commit/14ed9c21095a08133731340ac78c049d26169424
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug