[Webkit-unassigned] [Bug 253543] New: [UI-side compositing] Crash in displaylink::addObserver()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 7 16:34:12 PST 2023 

https://bugs.webkit.org/show_bug.cgi?id=253543

            Bug ID: 253543
           Summary: [UI-side compositing] Crash in
                    displaylink::addObserver()
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Process Model
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: simon.fraser at apple.com

If you close a window soon after a scroll gesture, you can hit this crash:

#0      0x0000000115512f84 in unsigned int std::__1::__cxx_atomic_fetch_add[abi:v15006]<unsigned int>(std::__1::__cxx_atomic_base_impl<unsigned int>*, unsigned int, std::__1::memory_order) at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/atomic:1009
#1      0x00000001154c5bec in std::__1::__atomic_base<unsigned int, true>::fetch_add[abi:v15006](unsigned int, std::__1::memory_order) at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/atomic:1659
#2      0x0000000115a41774 in std::__1::__atomic_base<unsigned int, true>::operator++[abi:v15006]() at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/atomic:1696
#3      0x0000000116eea7f0 in WTF::CanMakeCheckedPtrBase<std::__1::atomic<unsigned int>, unsigned int>::incrementPtrCount() const at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/CheckedRef.h:233
#4      0x0000000116eea7c4 in WTF::CheckedRef<WebKit::DisplayLink::Client, WTF::RawPtrTraits<WebKit::DisplayLink::Client> >::CheckedRef(WebKit::DisplayLink::Client&) at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/CheckedRef.h:54
#5      0x0000000116e91dd0 in WTF::CheckedRef<WebKit::DisplayLink::Client, WTF::RawPtrTraits<WebKit::DisplayLink::Client> >::CheckedRef(WebKit::DisplayLink::Client&) at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/CheckedRef.h:53
#6      0x0000000116e91b20 in WebKit::DisplayLink::addObserver(WebKit::DisplayLink::Client&, WTF::ObjectIdentifier<WebKit::DisplayLinkObserverIDType>, unsigned int) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/mac/DisplayLink.cpp:97
#7      0x0000000116e2b79c in WebKit::RemoteLayerTreeEventDispatcher::startDisplayLinkObserver() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:310
#8      0x0000000116e2b4c0 in WebKit::RemoteLayerTreeEventDispatcher::startOrStopDisplayLinkOnMainThread() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:292
#9      0x0000000116e2a358 in WebKit::RemoteLayerTreeEventDispatcher::startOrStopDisplayLink() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:266
#10     0x0000000116e2bc20 in WebKit::RemoteLayerTreeEventDispatcher::stopDisplayDidRefreshCallbacks(unsigned int) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:383
#11     0x00000001174f6fd0 in WebKit::MomentumEventDispatcher::stopDisplayLink() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/WebProcess/WebPage/MomentumEventDispatcher.cpp:306
#12     0x00000001174f6e48 in WebKit::MomentumEventDispatcher::~MomentumEventDispatcher() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/WebProcess/WebPage/MomentumEventDispatcher.cpp:49
#13     0x00000001174f70e4 in WebKit::MomentumEventDispatcher::~MomentumEventDispatcher() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/WebProcess/WebPage/MomentumEventDispatcher.cpp:48
#14     0x0000000116e4114c in std::__1::default_delete<WebKit::MomentumEventDispatcher>::operator()[abi:v15006](WebKit::MomentumEventDispatcher*) const at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/__memory/unique_ptr.h:48
#15     0x0000000116e410b4 in std::__1::unique_ptr<WebKit::MomentumEventDispatcher, std::__1::default_delete<WebKit::MomentumEventDispatcher> >::reset[abi:v15006](WebKit::MomentumEventDispatcher*) at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/__memory/unique_ptr.h:305
#16     0x0000000116e41038 in std::__1::unique_ptr<WebKit::MomentumEventDispatcher, std::__1::default_delete<WebKit::MomentumEventDispatcher> >::~unique_ptr[abi:v15006]() at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/__memory/unique_ptr.h:259
#17     0x0000000116e29ccc in std::__1::unique_ptr<WebKit::MomentumEventDispatcher, std::__1::default_delete<WebKit::MomentumEventDispatcher> >::~unique_ptr[abi:v15006]() at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/__memory/unique_ptr.h:259
#18     0x0000000116e29c40 in WebKit::RemoteLayerTreeEventDispatcher::~RemoteLayerTreeEventDispatcher() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:104
#19     0x0000000116e29e00 in WebKit::RemoteLayerTreeEventDispatcher::~RemoteLayerTreeEventDispatcher() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:104
#20     0x0000000116e29e30 in WebKit::RemoteLayerTreeEventDispatcher::~RemoteLayerTreeEventDispatcher() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:104
#21     0x0000000116698514 in WTF::ThreadSafeRefCounted<WebKit::RemoteLayerTreeEventDispatcher, (WTF::DestructionThread)0>::deref() const::'lambda'()::operator()() const at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/ThreadSafeRefCounted.h:115
#22     0x0000000116698470 in WTF::ThreadSafeRefCounted<WebKit::RemoteLayerTreeEventDispatcher, (WTF::DestructionThread)0>::deref() const at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/ThreadSafeRefCounted.h:127
#23     0x000000011669867c in WTF::DefaultRefDerefTraits<WebKit::RemoteLayerTreeEventDispatcher>::derefIfNotNull(WebKit::RemoteLayerTreeEventDispatcher*) at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/RefPtr.h:42
#24     0x0000000116698638 in WTF::RefPtr<WebKit::RemoteLayerTreeEventDispatcher, WTF::RawPtrTraits<WebKit::RemoteLayerTreeEventDispatcher>, WTF::DefaultRefDerefTraits<WebKit::RemoteLayerTreeEventDispatcher> >::~RefPtr() at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/RefPtr.h:74
#25     0x000000011667d52c in WTF::RefPtr<WebKit::RemoteLayerTreeEventDispatcher, WTF::RawPtrTraits<WebKit::RemoteLayerTreeEventDispatcher>, WTF::DefaultRefDerefTraits<WebKit::RemoteLayerTreeEventDispatcher> >::~RefPtr() at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/RefPtr.h:74
#26     0x000000011667d5b8 in WebKit::RemoteScrollingCoordinatorProxyMac::~RemoteScrollingCoordinatorProxyMac() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteScrollingCoordinatorProxyMac.mm:62
#27     0x000000011667d61c in WebKit::RemoteScrollingCoordinatorProxyMac::~RemoteScrollingCoordinatorProxyMac() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteScrollingCoordinatorProxyMac.mm:58
#28     0x000000011667d64c in WebKit::RemoteScrollingCoordinatorProxyMac::~RemoteScrollingCoordinatorProxyMac() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteScrollingCoordinatorProxyMac.mm:58
#29     0x0000000116b27d1c in std::__1::default_delete<WebKit::RemoteScrollingCoordinatorProxy>::operator()[abi:v15006](WebKit::RemoteScrollingCoordinatorProxy*) const at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/__memory/unique_ptr.h:48
#30     0x0000000116b27c60 in std::__1::unique_ptr<WebKit::RemoteScrollingCoordinatorProxy, std::__1::default_delete<WebKit::RemoteScrollingCoordinatorProxy> >::reset[abi:v15006](WebKit::RemoteScrollingCoordinatorProxy*) at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/__memory/unique_ptr.h:305
#31     0x0000000116aa8944 in std::__1::unique_ptr<WebKit::RemoteScrollingCoordinatorProxy, std::__1::default_delete<WebKit::RemoteScrollingCoordinatorProxy> >::operator=[abi:v15006](std::nullptr_t) at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/__memory/unique_ptr.h:263
#32     0x0000000116aa7518 in WebKit::WebPageProxy::setDrawingArea(std::__1::unique_ptr<WebKit::DrawingAreaProxy, std::__1::default_delete<WebKit::DrawingAreaProxy> >&&) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/WebPageProxy.cpp:1148
#33     0x0000000116aaa408 in WebKit::WebPageProxy::resetState(WebKit::WebPageProxy::ResetStateReason) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/WebPageProxy.cpp:8392
#34     0x0000000116aa2798 in WebKit::WebPageProxy::close() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/WebPageProxy.cpp:1257
#35     0x000000011605038c in -[WKWebView dealloc] at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:663

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230308/703db762/attachment-0001.htm>

More information about the webkit-unassigned mailing list