[Webkit-unassigned] [Bug 224388] New: UI process can assert in DisplayLink::decrementFullSpeedRequestClientCount()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Apr 9 13:38:00 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=224388

            Bug ID: 224388
           Summary: UI process can assert in
                    DisplayLink::decrementFullSpeedRequestClientCount()
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: simon.fraser at apple.com
                CC: kkinnunen at apple.com

This can happen when we have a process swap between m_wheelEventActivityHysteresis start and stop. To reproduce:

1. Load a page
2. Scroll
3. Load another page that immediately triggers a rendering update
4. Wait a few seconds.

0   com.apple.JavaScriptCore            0x0000000143c9d1be WTFCrash + 14 (Assertions.cpp:305)
1   com.apple.WebKit                    0x000000011a5f681b WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:671)
2   com.apple.WebKit                    0x000000011c0dbb52 WebKit::DisplayLink::decrementFullSpeedRequestClientCount(IPC::Connection&) + 290 (DisplayLink.cpp:177)
3   com.apple.WebKit                    0x000000011b92894a WebKit::WebProcessPool::setDisplayLinkForDisplayWantsFullSpeedUpdates(IPC::Connection&, unsigned int, bool) + 170 (WebProcessPoolCocoa.mm:831)
4   com.apple.WebKit                    0x000000011bb63c36 WebKit::WebPageProxy::wheelEventHysteresisUpdated(PAL::HysteresisState) + 214 (WebPageProxy.cpp:2712)
5   com.apple.WebKit                    0x000000011bbc238e WebKit::WebPageProxy::WebPageProxy(WebKit::PageClient&, WebKit::WebProcessProxy&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration> >&&)::$_6::operator()(PAL::HysteresisState) const + 30 (WebPageProxy.cpp:486)
6   com.apple.WebKit                    0x000000011bbc2321 WTF::Detail::CallableWrapper<WebKit::WebPageProxy::WebPageProxy(WebKit::PageClient&, WebKit::WebProcessProxy&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration> >&&)::$_6, void, PAL::HysteresisState>::call(PAL::HysteresisState) + 49 (Function.h:52)
7   com.apple.WebKit                    0x000000011a5fc9c8 WTF::Function<void (PAL::HysteresisState)>::operator()(PAL::HysteresisState) const + 152 (Function.h:83)
8   com.apple.WebKit                    0x000000011b6273a4 PAL::HysteresisActivity::hysteresisTimerFired() + 52 (HysteresisActivity.h:88)
9   com.apple.WebKit                    0x000000011b627d37 decltype(*(std::__1::forward<PAL::HysteresisActivity*&>(fp0)).*fp()) std::__1::__invoke<void (PAL::HysteresisActivity::*&)(), PAL::HysteresisActivity*&, void>(void (PAL::HysteresisActivity::*&)(), PAL::HysteresisActivity*&) + 119 (type_traits:3688)
10  com.apple.WebKit                    0x000000011b627cb0 std::__1::__bind_return<void (PAL::HysteresisActivity::*)(), std::__1::tuple<PAL::HysteresisActivity*>, std::__1::tuple<>, __is_valid_bind_return<void (PAL::HysteresisActivity::*)(), std::__1::tuple<PAL::HysteresisActivity*>, std::__1::tuple<> >::value>::type std::__1::__apply_functor<void (PAL::HysteresisActivity::*)(), std::__1::tuple<PAL::HysteresisActivity*>, 0ul, std::__1::tuple<> >(void (PAL::HysteresisActivity::*&)(), std::__1::tuple<PAL::HysteresisActivity*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) + 64 (functional:2852)
11  com.apple.WebKit                    0x000000011b627c69 std::__1::__bind_return<void (PAL::HysteresisActivity::*)(), std::__1::tuple<PAL::HysteresisActivity*>, std::__1::tuple<>, __is_valid_bind_return<void (PAL::HysteresisActivity::*)(), std::__1::tuple<PAL::HysteresisActivity*>, std::__1::tuple<> >::value>::type std::__1::__bind<void (PAL::HysteresisActivity::*&)(), PAL::HysteresisActivity*&>::operator()<>() + 41 (functional:2885)
12  com.apple.WebKit                    0x000000011b627bee WTF::Detail::CallableWrapper<std::__1::__bind<void (PAL::HysteresisActivity::*&)(), PAL::HysteresisActivity*&>, void>::call() + 30 (Function.h:52)
13  com.apple.WebKit                    0x000000011a63dc32 WTF::Function<void ()>::operator()() const + 130 (Function.h:83)
14  com.apple.WebKit                    0x000000011a63db7e WTF::RunLoop::Timer<PAL::HysteresisActivity>::fired() + 30 (RunLoop.h:187)
15  com.apple.JavaScriptCore            0x0000000143d5442c WTF::RunLoop::TimerBase::start(WTF::Seconds, bool)::$_1::operator()(__CFRunLoopTimer*, void*) const + 76 (RunLoopCF.cpp:126)
16  com.apple.JavaScriptCore            0x0000000143d543cd WTF::RunLoop::TimerBase::start(WTF::Seconds, bool)::$_1::__invoke(__CFRunLoopTimer*, void*) + 29 (RunLoopCF.cpp:119)
17  com.apple.CoreFoundation            0x00007fff204813c9 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210409/10251f8e/attachment-0001.htm>

More information about the webkit-unassigned mailing list