[Webkit-unassigned] [Bug 218022] New: [iOS] Hang in RemoteLayerTreeDrawingAreaProxy::waitForDidUpdateActivityState leading to crash

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Oct 21 07:27:20 PDT 2020


https://bugs.webkit.org/show_bug.cgi?id=218022

            Bug ID: 218022
           Summary: [iOS] Hang in
                    RemoteLayerTreeDrawingAreaProxy::waitForDidUpdateActiv
                    ityState leading to crash
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ajuma at chromium.org
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    thorton at apple.com, zalan at apple.com

Chrome for iOS is getting a significant number of reports of hangs in RemoteLayerTreeDrawingAreaProxy::waitForDidUpdateActivityState leading to crashes.

The crash stack is:
Thread 1 (id: 0x00002407) CRASHED [EXC_BREAKPOINT / EXC_ARM_BREAKPOINT @ 0x000000018cae7d5c ]
(libdispatch.dylib + 0x00011d5c)                _dispatch_barrier_waiter_redirect_or_wake
(libdispatch.dylib + 0x0000abf0)                _dispatch_lane_invoke$VARIANT$mp
(libdispatch.dylib + 0x00014514)                _dispatch_workloop_worker_thread
(libsystem_pthread.dylib + 0x0000b5a0)          _pthread_wqthread

But in all these reports, thread 0 seems to be hung inside waitForDidUpdateActivityState:
0x00000001b70e172c      (libsystem_kernel.dylib + 0x0002672c)           __psynch_cvwait
0x00000001d1b3832c      (libsystem_pthread.dylib + 0x0000332c)          _pthread_cond_wait$VARIANT$mp
0x00000001969495f8      (JavaScriptCore + 0x00dae5f8)           WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&)
0x00000001988d1114      (WebKit + 0x0002e114)           bool WTF::Condition::waitUntil<std::__1::unique_lock<WTF::Lock> >(std::__1::unique_lock<WTF::Lock>&, WTF::TimeWithDynamicClockType const&)
0x00000001988d1008      (WebKit + 0x0002e008)           IPC::Connection::waitForMessage(IPC::MessageName, unsigned long long, WTF::Seconds, WTF::OptionSet<IPC::WaitForOption>)
0x0000000198ba3764      (WebKit + 0x00300764)           WebKit::RemoteLayerTreeDrawingAreaProxy::waitForDidUpdateActivityState(unsigned long long)
0x0000000198bbdd0c      (WebKit + 0x0031ad0c)           WebKit::WebPageProxy::dispatchActivityStateChange()
0x00000001988b60c0      (WebKit + 0x000130c0)           -[WKApplicationStateTrackingView _applicationWillEnterForeground]
0x0000000198aa7ef8      (WebKit + 0x00204ef8)           WebKit::ApplicationStateTracker::applicationWillEnterForeground()
0x0000000198aa7934      (WebKit + 0x00204934)           ___ZN6WebKit23ApplicationStateTrackerC2EP6UIViewP13objc_selectorS4_S4_S4_S4__block_invoke.19
0x000000018e0a2f54      (Foundation + 0x00029f54)               -[__NSObserver _doit:]
0x000000018ce61094      (CoreFoundation + 0x0007d094)           __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__
0x000000018ce61054      (CoreFoundation + 0x0007d054)           ___CFXRegistrationPost_block_invoke
0x000000018ce6064c      (CoreFoundation + 0x0007c64c)           _CFXRegistrationPost
0x000000018ce60044      (CoreFoundation + 0x0007c044)           _CFXNotificationPost
0x000000018e07fb1c      (Foundation + 0x00006b1c)               -[NSNotificationCenter postNotificationName:object:userInfo:]
0x000000018ee17324      (UIKitCore + 0x001fb324)                -[_UISceneLifecycleMonitor willEnterForeground]
0x000000018ee182e0      (UIKitCore + 0x001fc2e0)                __111-[_UIWindowSceneFBSSceneLifecycleMonitor transitionToTargetState:fromState:withTransitionContext:preparations:]_block_invoke_2.113
0x000000018f342828      (UIKitCore + 0x00726828)                _UIScenePerformActionsWithLifecycleActionMask
0x000000018ee1813c      (UIKitCore + 0x001fc13c)                __111-[_UIWindowSceneFBSSceneLifecycleMonitor transitionToTargetState:fromState:withTransitionContext:preparations:]_block_invoke.112
0x000000018ee2632c      (UIKitCore + 0x0020a32c)                ___UISceneLifecycleSettingsUpdateBlockWithCanvasAndTransitionContext_block_invoke_2
0x000000018ee17bf4      (UIKitCore + 0x001fbbf4)                -[_UIWindowSceneFBSSceneLifecycleMonitor transitionToTargetState:fromState:withTransitionContext:preparations:]
0x000000018ee26074      (UIKitCore + 0x0020a074)                ___UISceneLifecycleSettingsUpdateBlockWithCanvasAndTransitionContext_block_invoke
0x000000018ee27984      (UIKitCore + 0x0020b984)                __186-[_UIWindowSceneFBSSceneTransitionContextDrivenLifecycleSettingsDiffAction _performActionsForUIScene:withUpdatedFBSScene:settingsDiff:fromSettings:transitionContext:lifecycleActionType:]_block_invoke
0x000000018f25c09c      (UIKitCore + 0x0064009c)                +[BSAnimationSettings(UIKit) tryAnimatingWithSettings:actions:completion:]
0x000000018f35a108      (UIKitCore + 0x0073e108)                _UISceneSettingsDiffActionPerformChangesWithTransitionContext
0x000000018ee27750      (UIKitCore + 0x0020b750)                -[_UIWindowSceneFBSSceneTransitionContextDrivenLifecycleSettingsDiffAction _performActionsForUIScene:withUpdatedFBSScene:settingsDiff:fromSettings:transitionContext:lifecycleActionType:]
0x000000018ec699b0      (UIKitCore + 0x0004d9b0)                __64-[UIScene scene:didUpdateWithDiff:transitionContext:completion:]_block_invoke
0x000000018ec68450      (UIKitCore + 0x0004c450)                -[UIScene _emitSceneSettingsUpdateResponseForCompletion:afterSceneUpdateWork:]
0x000000018ec695fc      (UIKitCore + 0x0004d5fc)                -[UIScene scene:didUpdateWithDiff:transitionContext:completion:]
0x000000018f282d80      (UIKitCore + 0x00666d80)                -[UIApplicationSceneClientAgent scene:handleEvent:withCompletion:]
0x000000019b77d4ac      (FrontBoardServices + 0x000094ac)               -[FBSScene updater:didUpdateSettings:withDiff:transitionContext:completion:]
0x000000019b7a5ce8      (FrontBoardServices + 0x00031ce8)               __94-[FBSWorkspaceScenesClient _queue_updateScene:withSettings:diff:transitionContext:completion:]_block_invoke_2
0x000000019b78a40c      (FrontBoardServices + 0x0001640c)               -[FBSWorkspace _calloutQueue_executeCalloutFromSource:withBlock:]
0x000000019b7a5c34      (FrontBoardServices + 0x00031c34)               __94-[FBSWorkspaceScenesClient _queue_updateScene:withSettings:diff:transitionContext:completion:]_block_invoke
0x000000018cb3727c      (libdispatch.dylib + 0x0006127c)                _dispatch_client_callout
0x000000018cadcb08      (libdispatch.dylib + 0x00006b08)                _dispatch_block_invoke_direct$VARIANT$mp
0x000000019b7c94b4      (FrontBoardServices + 0x000554b4)               __FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK__
0x000000019b7c917c      (FrontBoardServices + 0x0005517c)               -[FBSSerialQueue _targetQueue_performNextIfPossible]
0x000000019b7c9650      (FrontBoardServices + 0x00055650)               -[FBSSerialQueue _performNextFromRunLoopSource]
0x000000018ce7e23c      (CoreFoundation + 0x0009a23c)           __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x000000018ce7e13c      (CoreFoundation + 0x0009a13c)           __CFRunLoopDoSource0
0x000000018ce7d4e8      (CoreFoundation + 0x000994e8)           __CFRunLoopDoSources0
0x000000018ce77a3c      (CoreFoundation + 0x00093a3c)           __CFRunLoopRun
0x000000018ce771fc      (CoreFoundation + 0x000931fc)           CFRunLoopRunSpecific
0x00000001a2f72594      (GraphicsServices + 0x00003594)         GSEventRunModal
0x000000018f73d000      (UIKitCore + 0x00b21000)                -[UIApplication _run]
0x000000018f7425d4      (UIKitCore + 0x00b265d4)                UIApplicationMain
0x000000010492ed4c      (Chrome -chrome_exe_main.mm:71)         main
0x000000018cb56594      (libdyld.dylib + 0x00001594)            start

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201021/8a55f5b9/attachment.htm>


More information about the webkit-unassigned mailing list