Bug 253543
| Summary: | [UI-side compositing] Crash in displaylink::addObserver() | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Simon Fraser (smfr) <simon.fraser> |
| Component: | WebKit Process Model | Assignee: | Simon Fraser (smfr) <simon.fraser> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | simon.fraser, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=255800 | ||
Simon Fraser (smfr)
If you close a window soon after a scroll gesture, you can hit this crash:
#0 0x0000000115512f84 in unsigned int std::__1::__cxx_atomic_fetch_add[abi:v15006]<unsigned int>(std::__1::__cxx_atomic_base_impl<unsigned int>*, unsigned int, std::__1::memory_order) at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/atomic:1009
#1 0x00000001154c5bec in std::__1::__atomic_base<unsigned int, true>::fetch_add[abi:v15006](unsigned int, std::__1::memory_order) at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/atomic:1659
#2 0x0000000115a41774 in std::__1::__atomic_base<unsigned int, true>::operator++[abi:v15006]() at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/atomic:1696
#3 0x0000000116eea7f0 in WTF::CanMakeCheckedPtrBase<std::__1::atomic<unsigned int>, unsigned int>::incrementPtrCount() const at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/CheckedRef.h:233
#4 0x0000000116eea7c4 in WTF::CheckedRef<WebKit::DisplayLink::Client, WTF::RawPtrTraits<WebKit::DisplayLink::Client> >::CheckedRef(WebKit::DisplayLink::Client&) at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/CheckedRef.h:54
#5 0x0000000116e91dd0 in WTF::CheckedRef<WebKit::DisplayLink::Client, WTF::RawPtrTraits<WebKit::DisplayLink::Client> >::CheckedRef(WebKit::DisplayLink::Client&) at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/CheckedRef.h:53
#6 0x0000000116e91b20 in WebKit::DisplayLink::addObserver(WebKit::DisplayLink::Client&, WTF::ObjectIdentifier<WebKit::DisplayLinkObserverIDType>, unsigned int) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/mac/DisplayLink.cpp:97
#7 0x0000000116e2b79c in WebKit::RemoteLayerTreeEventDispatcher::startDisplayLinkObserver() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:310
#8 0x0000000116e2b4c0 in WebKit::RemoteLayerTreeEventDispatcher::startOrStopDisplayLinkOnMainThread() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:292
#9 0x0000000116e2a358 in WebKit::RemoteLayerTreeEventDispatcher::startOrStopDisplayLink() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:266
#10 0x0000000116e2bc20 in WebKit::RemoteLayerTreeEventDispatcher::stopDisplayDidRefreshCallbacks(unsigned int) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:383
#11 0x00000001174f6fd0 in WebKit::MomentumEventDispatcher::stopDisplayLink() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/WebProcess/WebPage/MomentumEventDispatcher.cpp:306
#12 0x00000001174f6e48 in WebKit::MomentumEventDispatcher::~MomentumEventDispatcher() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/WebProcess/WebPage/MomentumEventDispatcher.cpp:49
#13 0x00000001174f70e4 in WebKit::MomentumEventDispatcher::~MomentumEventDispatcher() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/WebProcess/WebPage/MomentumEventDispatcher.cpp:48
#14 0x0000000116e4114c in std::__1::default_delete<WebKit::MomentumEventDispatcher>::operator()[abi:v15006](WebKit::MomentumEventDispatcher*) const at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/__memory/unique_ptr.h:48
#15 0x0000000116e410b4 in std::__1::unique_ptr<WebKit::MomentumEventDispatcher, std::__1::default_delete<WebKit::MomentumEventDispatcher> >::reset[abi:v15006](WebKit::MomentumEventDispatcher*) at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/__memory/unique_ptr.h:305
#16 0x0000000116e41038 in std::__1::unique_ptr<WebKit::MomentumEventDispatcher, std::__1::default_delete<WebKit::MomentumEventDispatcher> >::~unique_ptr[abi:v15006]() at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/__memory/unique_ptr.h:259
#17 0x0000000116e29ccc in std::__1::unique_ptr<WebKit::MomentumEventDispatcher, std::__1::default_delete<WebKit::MomentumEventDispatcher> >::~unique_ptr[abi:v15006]() at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/__memory/unique_ptr.h:259
#18 0x0000000116e29c40 in WebKit::RemoteLayerTreeEventDispatcher::~RemoteLayerTreeEventDispatcher() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:104
#19 0x0000000116e29e00 in WebKit::RemoteLayerTreeEventDispatcher::~RemoteLayerTreeEventDispatcher() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:104
#20 0x0000000116e29e30 in WebKit::RemoteLayerTreeEventDispatcher::~RemoteLayerTreeEventDispatcher() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteLayerTreeEventDispatcher.cpp:104
#21 0x0000000116698514 in WTF::ThreadSafeRefCounted<WebKit::RemoteLayerTreeEventDispatcher, (WTF::DestructionThread)0>::deref() const::'lambda'()::operator()() const at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/ThreadSafeRefCounted.h:115
#22 0x0000000116698470 in WTF::ThreadSafeRefCounted<WebKit::RemoteLayerTreeEventDispatcher, (WTF::DestructionThread)0>::deref() const at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/ThreadSafeRefCounted.h:127
#23 0x000000011669867c in WTF::DefaultRefDerefTraits<WebKit::RemoteLayerTreeEventDispatcher>::derefIfNotNull(WebKit::RemoteLayerTreeEventDispatcher*) at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/RefPtr.h:42
#24 0x0000000116698638 in WTF::RefPtr<WebKit::RemoteLayerTreeEventDispatcher, WTF::RawPtrTraits<WebKit::RemoteLayerTreeEventDispatcher>, WTF::DefaultRefDerefTraits<WebKit::RemoteLayerTreeEventDispatcher> >::~RefPtr() at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/RefPtr.h:74
#25 0x000000011667d52c in WTF::RefPtr<WebKit::RemoteLayerTreeEventDispatcher, WTF::RawPtrTraits<WebKit::RemoteLayerTreeEventDispatcher>, WTF::DefaultRefDerefTraits<WebKit::RemoteLayerTreeEventDispatcher> >::~RefPtr() at /Volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/RefPtr.h:74
#26 0x000000011667d5b8 in WebKit::RemoteScrollingCoordinatorProxyMac::~RemoteScrollingCoordinatorProxyMac() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteScrollingCoordinatorProxyMac.mm:62
#27 0x000000011667d61c in WebKit::RemoteScrollingCoordinatorProxyMac::~RemoteScrollingCoordinatorProxyMac() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteScrollingCoordinatorProxyMac.mm:58
#28 0x000000011667d64c in WebKit::RemoteScrollingCoordinatorProxyMac::~RemoteScrollingCoordinatorProxyMac() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/RemoteLayerTree/mac/RemoteScrollingCoordinatorProxyMac.mm:58
#29 0x0000000116b27d1c in std::__1::default_delete<WebKit::RemoteScrollingCoordinatorProxy>::operator()[abi:v15006](WebKit::RemoteScrollingCoordinatorProxy*) const at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/__memory/unique_ptr.h:48
#30 0x0000000116b27c60 in std::__1::unique_ptr<WebKit::RemoteScrollingCoordinatorProxy, std::__1::default_delete<WebKit::RemoteScrollingCoordinatorProxy> >::reset[abi:v15006](WebKit::RemoteScrollingCoordinatorProxy*) at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/__memory/unique_ptr.h:305
#31 0x0000000116aa8944 in std::__1::unique_ptr<WebKit::RemoteScrollingCoordinatorProxy, std::__1::default_delete<WebKit::RemoteScrollingCoordinatorProxy> >::operator=[abi:v15006](std::nullptr_t) at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.Internal.sdk/usr/include/c++/v1/__memory/unique_ptr.h:263
#32 0x0000000116aa7518 in WebKit::WebPageProxy::setDrawingArea(std::__1::unique_ptr<WebKit::DrawingAreaProxy, std::__1::default_delete<WebKit::DrawingAreaProxy> >&&) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/WebPageProxy.cpp:1148
#33 0x0000000116aaa408 in WebKit::WebPageProxy::resetState(WebKit::WebPageProxy::ResetStateReason) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/WebPageProxy.cpp:8392
#34 0x0000000116aa2798 in WebKit::WebPageProxy::close() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/WebPageProxy.cpp:1257
#35 0x000000011605038c in -[WKWebView dealloc] at /Volumes/Data/WebKit/OpenSource/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:663
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Simon Fraser (smfr)
<rdar://59960084>
Simon Fraser (smfr)
Pull request: https://github.com/WebKit/WebKit/pull/11202
EWS
Committed 261404@main (355ad2b87eea): <https://commits.webkit.org/261404@main>
Reviewed commits have been landed. Closing PR #11202 and removing active labels.