Bug 218022

Summary:

[iOS] Hang in RemoteLayerTreeDrawingAreaProxy::waitForDidUpdateActivityState leading to crash

Product:

WebKit

Reporter:

Ali Juma <ajuma>

Component:

Layout and Rendering

Assignee:

Nobody <webkit-unassigned>

Status:

NEW ---

Severity:

Normal

CC:

ap, bfulgham, simon.fraser, smoley, thorton, webkit-bug-importer, zalan

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Crash log	none

Description Ali Juma 2020-10-21 07:27:20 PDT

Chrome for iOS is getting a significant number of reports of hangs in RemoteLayerTreeDrawingAreaProxy::waitForDidUpdateActivityState leading to crashes.

The crash stack is:
Thread 1 (id: 0x00002407) CRASHED [EXC_BREAKPOINT / EXC_ARM_BREAKPOINT @ 0x000000018cae7d5c ]
(libdispatch.dylib + 0x00011d5c)		_dispatch_barrier_waiter_redirect_or_wake
(libdispatch.dylib + 0x0000abf0)		_dispatch_lane_invoke$VARIANT$mp
(libdispatch.dylib + 0x00014514)		_dispatch_workloop_worker_thread
(libsystem_pthread.dylib + 0x0000b5a0)		_pthread_wqthread

But in all these reports, thread 0 seems to be hung inside waitForDidUpdateActivityState:
0x00000001b70e172c	(libsystem_kernel.dylib + 0x0002672c)		__psynch_cvwait
0x00000001d1b3832c	(libsystem_pthread.dylib + 0x0000332c)		_pthread_cond_wait$VARIANT$mp
0x00000001969495f8	(JavaScriptCore + 0x00dae5f8)		WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&)
0x00000001988d1114	(WebKit + 0x0002e114)		bool WTF::Condition::waitUntil<std::__1::unique_lock<WTF::Lock> >(std::__1::unique_lock<WTF::Lock>&, WTF::TimeWithDynamicClockType const&)
0x00000001988d1008	(WebKit + 0x0002e008)		IPC::Connection::waitForMessage(IPC::MessageName, unsigned long long, WTF::Seconds, WTF::OptionSet<IPC::WaitForOption>)
0x0000000198ba3764	(WebKit + 0x00300764)		WebKit::RemoteLayerTreeDrawingAreaProxy::waitForDidUpdateActivityState(unsigned long long)
0x0000000198bbdd0c	(WebKit + 0x0031ad0c)		WebKit::WebPageProxy::dispatchActivityStateChange()
0x00000001988b60c0	(WebKit + 0x000130c0)		-[WKApplicationStateTrackingView _applicationWillEnterForeground]
0x0000000198aa7ef8	(WebKit + 0x00204ef8)		WebKit::ApplicationStateTracker::applicationWillEnterForeground()
0x0000000198aa7934	(WebKit + 0x00204934)		___ZN6WebKit23ApplicationStateTrackerC2EP6UIViewP13objc_selectorS4_S4_S4_S4__block_invoke.19
0x000000018e0a2f54	(Foundation + 0x00029f54)		-[__NSObserver _doit:]
0x000000018ce61094	(CoreFoundation + 0x0007d094)		__CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__
0x000000018ce61054	(CoreFoundation + 0x0007d054)		___CFXRegistrationPost_block_invoke
0x000000018ce6064c	(CoreFoundation + 0x0007c64c)		_CFXRegistrationPost
0x000000018ce60044	(CoreFoundation + 0x0007c044)		_CFXNotificationPost
0x000000018e07fb1c	(Foundation + 0x00006b1c)		-[NSNotificationCenter postNotificationName:object:userInfo:]
0x000000018ee17324	(UIKitCore + 0x001fb324)		-[_UISceneLifecycleMonitor willEnterForeground]
0x000000018ee182e0	(UIKitCore + 0x001fc2e0)		__111-[_UIWindowSceneFBSSceneLifecycleMonitor transitionToTargetState:fromState:withTransitionContext:preparations:]_block_invoke_2.113
0x000000018f342828	(UIKitCore + 0x00726828)		_UIScenePerformActionsWithLifecycleActionMask
0x000000018ee1813c	(UIKitCore + 0x001fc13c)		__111-[_UIWindowSceneFBSSceneLifecycleMonitor transitionToTargetState:fromState:withTransitionContext:preparations:]_block_invoke.112
0x000000018ee2632c	(UIKitCore + 0x0020a32c)		___UISceneLifecycleSettingsUpdateBlockWithCanvasAndTransitionContext_block_invoke_2
0x000000018ee17bf4	(UIKitCore + 0x001fbbf4)		-[_UIWindowSceneFBSSceneLifecycleMonitor transitionToTargetState:fromState:withTransitionContext:preparations:]
0x000000018ee26074	(UIKitCore + 0x0020a074)		___UISceneLifecycleSettingsUpdateBlockWithCanvasAndTransitionContext_block_invoke
0x000000018ee27984	(UIKitCore + 0x0020b984)		__186-[_UIWindowSceneFBSSceneTransitionContextDrivenLifecycleSettingsDiffAction _performActionsForUIScene:withUpdatedFBSScene:settingsDiff:fromSettings:transitionContext:lifecycleActionType:]_block_invoke
0x000000018f25c09c	(UIKitCore + 0x0064009c)		+[BSAnimationSettings(UIKit) tryAnimatingWithSettings:actions:completion:]
0x000000018f35a108	(UIKitCore + 0x0073e108)		_UISceneSettingsDiffActionPerformChangesWithTransitionContext
0x000000018ee27750	(UIKitCore + 0x0020b750)		-[_UIWindowSceneFBSSceneTransitionContextDrivenLifecycleSettingsDiffAction _performActionsForUIScene:withUpdatedFBSScene:settingsDiff:fromSettings:transitionContext:lifecycleActionType:]
0x000000018ec699b0	(UIKitCore + 0x0004d9b0)		__64-[UIScene scene:didUpdateWithDiff:transitionContext:completion:]_block_invoke
0x000000018ec68450	(UIKitCore + 0x0004c450)		-[UIScene _emitSceneSettingsUpdateResponseForCompletion:afterSceneUpdateWork:]
0x000000018ec695fc	(UIKitCore + 0x0004d5fc)		-[UIScene scene:didUpdateWithDiff:transitionContext:completion:]
0x000000018f282d80	(UIKitCore + 0x00666d80)		-[UIApplicationSceneClientAgent scene:handleEvent:withCompletion:]
0x000000019b77d4ac	(FrontBoardServices + 0x000094ac)		-[FBSScene updater:didUpdateSettings:withDiff:transitionContext:completion:]
0x000000019b7a5ce8	(FrontBoardServices + 0x00031ce8)		__94-[FBSWorkspaceScenesClient _queue_updateScene:withSettings:diff:transitionContext:completion:]_block_invoke_2
0x000000019b78a40c	(FrontBoardServices + 0x0001640c)		-[FBSWorkspace _calloutQueue_executeCalloutFromSource:withBlock:]
0x000000019b7a5c34	(FrontBoardServices + 0x00031c34)		__94-[FBSWorkspaceScenesClient _queue_updateScene:withSettings:diff:transitionContext:completion:]_block_invoke
0x000000018cb3727c	(libdispatch.dylib + 0x0006127c)		_dispatch_client_callout
0x000000018cadcb08	(libdispatch.dylib + 0x00006b08)		_dispatch_block_invoke_direct$VARIANT$mp
0x000000019b7c94b4	(FrontBoardServices + 0x000554b4)		__FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK__
0x000000019b7c917c	(FrontBoardServices + 0x0005517c)		-[FBSSerialQueue _targetQueue_performNextIfPossible]
0x000000019b7c9650	(FrontBoardServices + 0x00055650)		-[FBSSerialQueue _performNextFromRunLoopSource]
0x000000018ce7e23c	(CoreFoundation + 0x0009a23c)		__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x000000018ce7e13c	(CoreFoundation + 0x0009a13c)		__CFRunLoopDoSource0
0x000000018ce7d4e8	(CoreFoundation + 0x000994e8)		__CFRunLoopDoSources0
0x000000018ce77a3c	(CoreFoundation + 0x00093a3c)		__CFRunLoopRun
0x000000018ce771fc	(CoreFoundation + 0x000931fc)		CFRunLoopRunSpecific
0x00000001a2f72594	(GraphicsServices + 0x00003594)		GSEventRunModal
0x000000018f73d000	(UIKitCore + 0x00b21000)		-[UIApplication _run]
0x000000018f7425d4	(UIKitCore + 0x00b265d4)		UIApplicationMain
0x000000010492ed4c	(Chrome -chrome_exe_main.mm:71)		main
0x000000018cb56594	(libdyld.dylib + 0x00001594)		start

Comment 1 Smoley 2020-10-22 11:52:49 PDT

Thanks for filing. I think we may need a full crash log or sysdiagnose to triage this issue. Please capture a sydiagnose after reproducing it, note the time and file a report at feebackassistant.apple.com. Please also note the Bugzilla report number in that report so we can associate the two. Thanks!

Comment 2 Radar WebKit Bug Importer 2020-10-22 11:53:01 PDT

<rdar://problem/70583051>

Comment 3 Smoley 2020-10-22 11:54:22 PDT

Edit: feedbackassistant.apple.com

Comment 4 Tim Horton 2020-10-22 11:55:39 PDT

One other data point that might be helpful: how many WKWebViews are in-window at this point? If it's just one, I'd expect the waitForDidUpdateActivityState timeout to be /plenty/ short enough to not get killed by the foregrounding watchdog (but maybe that's not what's happening, the full crash log will be somewhat illuminating).

Comment 5 Tim Horton 2020-10-22 11:56:15 PDT

Anyway, the syncwait is "expected", the crash is not.

Comment 6 Brent Fulgham 2021-03-15 17:00:06 PDT

Is this still being seen? We don't seem to be hearing about issues here.

Comment 7 Ali Juma 2021-03-16 08:00:35 PDT

Created attachment 423330 [details]
Crash log

We're still getting reports of this, even on 14.5 beta. I've attached a sample crash log.

> One other data point that might be helpful: how many WKWebViews are in-window at this point?

There's always at most one visible WKWebView per window. We can have additional non-visible WKWebViews for background tabs, but looking through the reports, this happens even where there is only a single tab.