Bug 240880

Summary:

[iOS 15.4+] Crash in VideoFullscreenInterfaceAVKit::doEnterFullscreen

Product:

WebKit

Reporter:

Ali Juma <ajuma>

Component:

Media

Assignee:

Nobody <webkit-unassigned>

Status:

NEW ---

Severity:

Normal

CC:

eric.carlson, gsnedders, jer.noble, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Crash log	none

Description Ali Juma 2022-05-24 13:48:40 PDT

Created attachment 459733 [details]
Crash log

Chrome for iOS is getting a large number of crash reports on iOS 15.4+ (including on iOS 15.6 beta) for crashes in VideoFullscreenInterfaceAVKit::doEnterFullscreen. We don't have steps to reproduce, but the crash URLs are (unsurprisingly) video streaming sites.

I've attached a crash log. Here's the crashing stack:

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000032
Exception Codes: 0x0000000000000001, 0x0000000000000032
VM Region Info: 0x32 is not in any region.  Bytes before following region: 4329193422
      REGION TYPE                 START - END      [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                   1020a4000-1020a8000 [   16K] r-x/r-x SM=COW  ...le.app/Chrome
Exception Note:  EXC_CORPSE_NOTIFY
Termination Reason: SIGNAL 11 Segmentation fault: 11
Terminating Process: exc handler [30331]

Triggered by Thread:  0


Thread 0 name:
Thread 0 name:
Thread 0 Crashed:
0   WebCore                       	0x00000001e9bd5fa4 WebCore::VideoFullscreenInterfaceAVKit::doEnterFullscreen() + 840 (VideoFullscreenInterfaceAVKit.mm:1486)
1   WebCore                       	0x00000001e9bd5c9c WebCore::VideoFullscreenInterfaceAVKit::doEnterFullscreen() + 64 (VideoFullscreenInterfaceAVKit.mm:1440)
2   AVKit                         	0x00000001f285d918 __96-[AVPlayerViewController _transitionToAttachedFullScreenAnimated:interactive:completionHandler:]_block_invoke + 44 (AVPlayerViewController_Mobile.m:2775)
3   UIKitCore                     	0x00000001da8a2210 -[_UIViewControllerTransitionCoordinator _applyBlocks:releaseBlocks:] + 280 (UIViewControllerTransitioning.m:1148)
4   UIKitCore                     	0x00000001daad5898 -[_UIViewControllerTransitionContext _runAlongsideCompletions] + 160 (UIViewControllerTransitioning.m:380)
5   UIKitCore                     	0x00000001da8739dc -[_UIViewControllerTransitionContext completeTransition:] + 140 (UIViewControllerTransitioning.m:292)
6   AVKit                         	0x00000001f289a908 __35-[AVTransition completeTransition:]_block_invoke + 508 (AVTransition.m:513)
7   AVKit                         	0x00000001f285b1a4 -[AVPlayerViewController transitionController:transitionWillComplete:continueBlock:] + 788 (AVPlayerViewController_Mobile.m:3256)
8   AVKit                         	0x00000001f28b7c28 -[AVTransitionController transitionWillComplete:success:continueBlock:] + 96 (AVTransitionController.m:639)
9   AVKit                         	0x00000001f289a6d4 -[AVTransition completeTransition:] + 324 (AVTransition.m:487)
10  UIKitCore                     	0x00000001dab64964 -[UIViewPropertyAnimator _executeCompletionHandlerWithFinalPosition:] + 216 (UIViewPropertyAnimator.m:1994)
11  UIKitCore                     	0x00000001dac595c8 -[UIViewPropertyAnimator _runCompletions:finished:] + 128 (UIViewPropertyAnimator.m:2008)
12  UIKitCore                     	0x00000001da800104 __61-[UIViewPropertyAnimator _setupAssociatedViewAnimationState:]_block_invoke + 180 (UIViewPropertyAnimator.m:1721)
13  UIKitCore                     	0x00000001db8dce4c __UIVIEW_IS_EXECUTING_ANIMATION_COMPLETION_BLOCK__ + 36 (UIView.m:14960)
14  UIKitCore                     	0x00000001da8f7500 -[UIViewAnimationBlockDelegate _didEndBlockAnimation:finished:context:] + 728 (UIView.m:14993)
15  UIKitCore                     	0x00000001da7c33cc -[UIViewAnimationState sendDelegateAnimationDidStop:finished:] + 248 (UIView.m:0)
16  UIKitCore                     	0x00000001da7d7bcc -[UIViewAnimationState animationDidStop:finished:] + 244 (UIView.m:2291)
17  QuartzCore                    	0x00000001dbfc0824 CA::Layer::run_animation_callbacks(void*) + 280 (CALayer.mm:7203)
18  libdispatch.dylib             	0x00000001d7ec4a2c _dispatch_client_callout + 20 (object.m:560)
19  libdispatch.dylib             	0x00000001d7ed2f48 _dispatch_main_queue_drain + 928 (inline_internal.h:2622)
20  libdispatch.dylib             	0x00000001d7ed2b98 _dispatch_main_queue_callback_4CF + 44 (queue.c:7770)
21  CoreFoundation                	0x00000001d82162f0 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 16 (CFRunLoop.c:1795)
22  CoreFoundation                	0x00000001d81d01f4 __CFRunLoopRun + 2532 (CFRunLoop.c:3144)
23  CoreFoundation                	0x00000001d81e36b8 CFRunLoopRunSpecific + 600 (CFRunLoop.c:3268)
24  GraphicsServices              	0x00000001f427d374 GSEventRunModal + 164 (GSEvent.c:2200)
25  UIKitCore                     	0x00000001dab48e88 -[UIApplication _run] + 1100 (UIApplication.m:3511)
26  UIKitCore                     	0x00000001da8ca5ec UIApplicationMain + 364 (UIApplication.m:5064)
27  Chrome                        	0x00000001020a8270 0x1020a4000 + 17008
28  dyld                          	0x000000010408dce4 start + 520 (dyldMain.cpp:879)

Comment 1 Sam Sneddon [:gsnedders] 2022-05-25 22:35:48 PDT

(In reply to Ali Juma from comment #0)
> Thread 0 Crashed:
> 0   WebCore                       	0x00000001e9bd5fa4
> WebCore::VideoFullscreenInterfaceAVKit::doEnterFullscreen() + 840
> (VideoFullscreenInterfaceAVKit.mm:1486)

This is https://github.com/WebKit/WebKit/blob/releases/Apple/Safari-15.4-iOS-15.4.1/Source/WebCore/platform/ios/VideoFullscreenInterfaceAVKit.mm#L1486:

m_fullscreenChangeObserver->didEnterFullscreen(size);

UI process going away (jetsammed?) or something?

Comment 2 Sam Sneddon [:gsnedders] 2022-05-25 22:48:10 PDT

<rdar://93950796>

(This is https://bugs.webkit.org/show_bug.cgi?id=240880)