Bug 240880

Summary: [iOS 15.4+] Crash in VideoFullscreenInterfaceAVKit::doEnterFullscreen
Product: WebKit Reporter: Ali Juma <ajuma>
Component: MediaAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: eric.carlson, gsnedders, jer.noble, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Crash log none

Ali Juma
Reported 2022-05-24 13:48:40 PDT
Created attachment 459733 [details] Crash log Chrome for iOS is getting a large number of crash reports on iOS 15.4+ (including on iOS 15.6 beta) for crashes in VideoFullscreenInterfaceAVKit::doEnterFullscreen. We don't have steps to reproduce, but the crash URLs are (unsurprisingly) video streaming sites. I've attached a crash log. Here's the crashing stack: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000032 Exception Codes: 0x0000000000000001, 0x0000000000000032 VM Region Info: 0x32 is not in any region. Bytes before following region: 4329193422 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL UNUSED SPACE AT START ---> __TEXT 1020a4000-1020a8000 [ 16K] r-x/r-x SM=COW ...le.app/Chrome Exception Note: EXC_CORPSE_NOTIFY Termination Reason: SIGNAL 11 Segmentation fault: 11 Terminating Process: exc handler [30331] Triggered by Thread: 0 Thread 0 name: Thread 0 name: Thread 0 Crashed: 0 WebCore 0x00000001e9bd5fa4 WebCore::VideoFullscreenInterfaceAVKit::doEnterFullscreen() + 840 (VideoFullscreenInterfaceAVKit.mm:1486) 1 WebCore 0x00000001e9bd5c9c WebCore::VideoFullscreenInterfaceAVKit::doEnterFullscreen() + 64 (VideoFullscreenInterfaceAVKit.mm:1440) 2 AVKit 0x00000001f285d918 __96-[AVPlayerViewController _transitionToAttachedFullScreenAnimated:interactive:completionHandler:]_block_invoke + 44 (AVPlayerViewController_Mobile.m:2775) 3 UIKitCore 0x00000001da8a2210 -[_UIViewControllerTransitionCoordinator _applyBlocks:releaseBlocks:] + 280 (UIViewControllerTransitioning.m:1148) 4 UIKitCore 0x00000001daad5898 -[_UIViewControllerTransitionContext _runAlongsideCompletions] + 160 (UIViewControllerTransitioning.m:380) 5 UIKitCore 0x00000001da8739dc -[_UIViewControllerTransitionContext completeTransition:] + 140 (UIViewControllerTransitioning.m:292) 6 AVKit 0x00000001f289a908 __35-[AVTransition completeTransition:]_block_invoke + 508 (AVTransition.m:513) 7 AVKit 0x00000001f285b1a4 -[AVPlayerViewController transitionController:transitionWillComplete:continueBlock:] + 788 (AVPlayerViewController_Mobile.m:3256) 8 AVKit 0x00000001f28b7c28 -[AVTransitionController transitionWillComplete:success:continueBlock:] + 96 (AVTransitionController.m:639) 9 AVKit 0x00000001f289a6d4 -[AVTransition completeTransition:] + 324 (AVTransition.m:487) 10 UIKitCore 0x00000001dab64964 -[UIViewPropertyAnimator _executeCompletionHandlerWithFinalPosition:] + 216 (UIViewPropertyAnimator.m:1994) 11 UIKitCore 0x00000001dac595c8 -[UIViewPropertyAnimator _runCompletions:finished:] + 128 (UIViewPropertyAnimator.m:2008) 12 UIKitCore 0x00000001da800104 __61-[UIViewPropertyAnimator _setupAssociatedViewAnimationState:]_block_invoke + 180 (UIViewPropertyAnimator.m:1721) 13 UIKitCore 0x00000001db8dce4c __UIVIEW_IS_EXECUTING_ANIMATION_COMPLETION_BLOCK__ + 36 (UIView.m:14960) 14 UIKitCore 0x00000001da8f7500 -[UIViewAnimationBlockDelegate _didEndBlockAnimation:finished:context:] + 728 (UIView.m:14993) 15 UIKitCore 0x00000001da7c33cc -[UIViewAnimationState sendDelegateAnimationDidStop:finished:] + 248 (UIView.m:0) 16 UIKitCore 0x00000001da7d7bcc -[UIViewAnimationState animationDidStop:finished:] + 244 (UIView.m:2291) 17 QuartzCore 0x00000001dbfc0824 CA::Layer::run_animation_callbacks(void*) + 280 (CALayer.mm:7203) 18 libdispatch.dylib 0x00000001d7ec4a2c _dispatch_client_callout + 20 (object.m:560) 19 libdispatch.dylib 0x00000001d7ed2f48 _dispatch_main_queue_drain + 928 (inline_internal.h:2622) 20 libdispatch.dylib 0x00000001d7ed2b98 _dispatch_main_queue_callback_4CF + 44 (queue.c:7770) 21 CoreFoundation 0x00000001d82162f0 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 16 (CFRunLoop.c:1795) 22 CoreFoundation 0x00000001d81d01f4 __CFRunLoopRun + 2532 (CFRunLoop.c:3144) 23 CoreFoundation 0x00000001d81e36b8 CFRunLoopRunSpecific + 600 (CFRunLoop.c:3268) 24 GraphicsServices 0x00000001f427d374 GSEventRunModal + 164 (GSEvent.c:2200) 25 UIKitCore 0x00000001dab48e88 -[UIApplication _run] + 1100 (UIApplication.m:3511) 26 UIKitCore 0x00000001da8ca5ec UIApplicationMain + 364 (UIApplication.m:5064) 27 Chrome 0x00000001020a8270 0x1020a4000 + 17008 28 dyld 0x000000010408dce4 start + 520 (dyldMain.cpp:879)
Attachments
Crash log (21.05 KB, text/plain)
2022-05-24 13:48 PDT, Ali Juma 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Sam Sneddon [:gsnedders]
Comment 1 2022-05-25 22:35:48 PDT
(In reply to Ali Juma from comment #0) > Thread 0 Crashed: > 0 WebCore 0x00000001e9bd5fa4 > WebCore::VideoFullscreenInterfaceAVKit::doEnterFullscreen() + 840 > (VideoFullscreenInterfaceAVKit.mm:1486) This is https://github.com/WebKit/WebKit/blob/releases/Apple/Safari-15.4-iOS-15.4.1/Source/WebCore/platform/ios/VideoFullscreenInterfaceAVKit.mm#L1486: m_fullscreenChangeObserver->didEnterFullscreen(size); UI process going away (jetsammed?) or something?
Sam Sneddon [:gsnedders]
Comment 2 2022-05-25 22:48:10 PDT
<rdar://93950796> (This is https://bugs.webkit.org/show_bug.cgi?id=240880)
Note You need to log in before you can comment on or make changes to this bug.