NEW218022
[iOS] Hang in RemoteLayerTreeDrawingAreaProxy::waitForDidUpdateActivityState leading to crash 
https://bugs.webkit.org/show_bug.cgi?id=218022
Summary [iOS] Hang in RemoteLayerTreeDrawingAreaProxy::waitForDidUpdateActivityState ...
Ali Juma
Reported 2020-10-21 07:27:20 PDT
Chrome for iOS is getting a significant number of reports of hangs in RemoteLayerTreeDrawingAreaProxy::waitForDidUpdateActivityState leading to crashes. The crash stack is: Thread 1 (id: 0x00002407) CRASHED [EXC_BREAKPOINT / EXC_ARM_BREAKPOINT @ 0x000000018cae7d5c ] (libdispatch.dylib + 0x00011d5c) _dispatch_barrier_waiter_redirect_or_wake (libdispatch.dylib + 0x0000abf0) _dispatch_lane_invoke$VARIANT$mp (libdispatch.dylib + 0x00014514) _dispatch_workloop_worker_thread (libsystem_pthread.dylib + 0x0000b5a0) _pthread_wqthread But in all these reports, thread 0 seems to be hung inside waitForDidUpdateActivityState: 0x00000001b70e172c (libsystem_kernel.dylib + 0x0002672c) __psynch_cvwait 0x00000001d1b3832c (libsystem_pthread.dylib + 0x0000332c) _pthread_cond_wait$VARIANT$mp 0x00000001969495f8 (JavaScriptCore + 0x00dae5f8) WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) 0x00000001988d1114 (WebKit + 0x0002e114) bool WTF::Condition::waitUntil<std::__1::unique_lock<WTF::Lock> >(std::__1::unique_lock<WTF::Lock>&, WTF::TimeWithDynamicClockType const&) 0x00000001988d1008 (WebKit + 0x0002e008) IPC::Connection::waitForMessage(IPC::MessageName, unsigned long long, WTF::Seconds, WTF::OptionSet<IPC::WaitForOption>) 0x0000000198ba3764 (WebKit + 0x00300764) WebKit::RemoteLayerTreeDrawingAreaProxy::waitForDidUpdateActivityState(unsigned long long) 0x0000000198bbdd0c (WebKit + 0x0031ad0c) WebKit::WebPageProxy::dispatchActivityStateChange() 0x00000001988b60c0 (WebKit + 0x000130c0) -[WKApplicationStateTrackingView _applicationWillEnterForeground] 0x0000000198aa7ef8 (WebKit + 0x00204ef8) WebKit::ApplicationStateTracker::applicationWillEnterForeground() 0x0000000198aa7934 (WebKit + 0x00204934) ___ZN6WebKit23ApplicationStateTrackerC2EP6UIViewP13objc_selectorS4_S4_S4_S4__block_invoke.19 0x000000018e0a2f54 (Foundation + 0x00029f54) -[__NSObserver _doit:] 0x000000018ce61094 (CoreFoundation + 0x0007d094) __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ 0x000000018ce61054 (CoreFoundation + 0x0007d054) ___CFXRegistrationPost_block_invoke 0x000000018ce6064c (CoreFoundation + 0x0007c64c) _CFXRegistrationPost 0x000000018ce60044 (CoreFoundation + 0x0007c044) _CFXNotificationPost 0x000000018e07fb1c (Foundation + 0x00006b1c) -[NSNotificationCenter postNotificationName:object:userInfo:] 0x000000018ee17324 (UIKitCore + 0x001fb324) -[_UISceneLifecycleMonitor willEnterForeground] 0x000000018ee182e0 (UIKitCore + 0x001fc2e0) __111-[_UIWindowSceneFBSSceneLifecycleMonitor transitionToTargetState:fromState:withTransitionContext:preparations:]_block_invoke_2.113 0x000000018f342828 (UIKitCore + 0x00726828) _UIScenePerformActionsWithLifecycleActionMask 0x000000018ee1813c (UIKitCore + 0x001fc13c) __111-[_UIWindowSceneFBSSceneLifecycleMonitor transitionToTargetState:fromState:withTransitionContext:preparations:]_block_invoke.112 0x000000018ee2632c (UIKitCore + 0x0020a32c) ___UISceneLifecycleSettingsUpdateBlockWithCanvasAndTransitionContext_block_invoke_2 0x000000018ee17bf4 (UIKitCore + 0x001fbbf4) -[_UIWindowSceneFBSSceneLifecycleMonitor transitionToTargetState:fromState:withTransitionContext:preparations:] 0x000000018ee26074 (UIKitCore + 0x0020a074) ___UISceneLifecycleSettingsUpdateBlockWithCanvasAndTransitionContext_block_invoke 0x000000018ee27984 (UIKitCore + 0x0020b984) __186-[_UIWindowSceneFBSSceneTransitionContextDrivenLifecycleSettingsDiffAction _performActionsForUIScene:withUpdatedFBSScene:settingsDiff:fromSettings:transitionContext:lifecycleActionType:]_block_invoke 0x000000018f25c09c (UIKitCore + 0x0064009c) +[BSAnimationSettings(UIKit) tryAnimatingWithSettings:actions:completion:] 0x000000018f35a108 (UIKitCore + 0x0073e108) _UISceneSettingsDiffActionPerformChangesWithTransitionContext 0x000000018ee27750 (UIKitCore + 0x0020b750) -[_UIWindowSceneFBSSceneTransitionContextDrivenLifecycleSettingsDiffAction _performActionsForUIScene:withUpdatedFBSScene:settingsDiff:fromSettings:transitionContext:lifecycleActionType:] 0x000000018ec699b0 (UIKitCore + 0x0004d9b0) __64-[UIScene scene:didUpdateWithDiff:transitionContext:completion:]_block_invoke 0x000000018ec68450 (UIKitCore + 0x0004c450) -[UIScene _emitSceneSettingsUpdateResponseForCompletion:afterSceneUpdateWork:] 0x000000018ec695fc (UIKitCore + 0x0004d5fc) -[UIScene scene:didUpdateWithDiff:transitionContext:completion:] 0x000000018f282d80 (UIKitCore + 0x00666d80) -[UIApplicationSceneClientAgent scene:handleEvent:withCompletion:] 0x000000019b77d4ac (FrontBoardServices + 0x000094ac) -[FBSScene updater:didUpdateSettings:withDiff:transitionContext:completion:] 0x000000019b7a5ce8 (FrontBoardServices + 0x00031ce8) __94-[FBSWorkspaceScenesClient _queue_updateScene:withSettings:diff:transitionContext:completion:]_block_invoke_2 0x000000019b78a40c (FrontBoardServices + 0x0001640c) -[FBSWorkspace _calloutQueue_executeCalloutFromSource:withBlock:] 0x000000019b7a5c34 (FrontBoardServices + 0x00031c34) __94-[FBSWorkspaceScenesClient _queue_updateScene:withSettings:diff:transitionContext:completion:]_block_invoke 0x000000018cb3727c (libdispatch.dylib + 0x0006127c) _dispatch_client_callout 0x000000018cadcb08 (libdispatch.dylib + 0x00006b08) _dispatch_block_invoke_direct$VARIANT$mp 0x000000019b7c94b4 (FrontBoardServices + 0x000554b4) __FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK__ 0x000000019b7c917c (FrontBoardServices + 0x0005517c) -[FBSSerialQueue _targetQueue_performNextIfPossible] 0x000000019b7c9650 (FrontBoardServices + 0x00055650) -[FBSSerialQueue _performNextFromRunLoopSource] 0x000000018ce7e23c (CoreFoundation + 0x0009a23c) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x000000018ce7e13c (CoreFoundation + 0x0009a13c) __CFRunLoopDoSource0 0x000000018ce7d4e8 (CoreFoundation + 0x000994e8) __CFRunLoopDoSources0 0x000000018ce77a3c (CoreFoundation + 0x00093a3c) __CFRunLoopRun 0x000000018ce771fc (CoreFoundation + 0x000931fc) CFRunLoopRunSpecific 0x00000001a2f72594 (GraphicsServices + 0x00003594) GSEventRunModal 0x000000018f73d000 (UIKitCore + 0x00b21000) -[UIApplication _run] 0x000000018f7425d4 (UIKitCore + 0x00b265d4) UIApplicationMain 0x000000010492ed4c (Chrome -chrome_exe_main.mm:71) main 0x000000018cb56594 (libdyld.dylib + 0x00001594) start
Attachments
Crash log (125.79 KB, text/plain)
2021-03-16 08:00 PDT, Ali Juma 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Smoley
Comment 1 2020-10-22 11:52:49 PDT
Thanks for filing. I think we may need a full crash log or sysdiagnose to triage this issue. Please capture a sydiagnose after reproducing it, note the time and file a report at feebackassistant.apple.com. Please also note the Bugzilla report number in that report so we can associate the two. Thanks!
Radar WebKit Bug Importer
Comment 2 2020-10-22 11:53:01 PDT
<rdar://problem/70583051>
Smoley
Comment 3 2020-10-22 11:54:22 PDT
Edit: feedbackassistant.apple.com
Tim Horton
Comment 4 2020-10-22 11:55:39 PDT
One other data point that might be helpful: how many WKWebViews are in-window at this point? If it's just one, I'd expect the waitForDidUpdateActivityState timeout to be /plenty/ short enough to not get killed by the foregrounding watchdog (but maybe that's not what's happening, the full crash log will be somewhat illuminating).
Tim Horton
Comment 5 2020-10-22 11:56:15 PDT
Anyway, the syncwait is "expected", the crash is not.
Brent Fulgham
Comment 6 2021-03-15 17:00:06 PDT
Is this still being seen? We don't seem to be hearing about issues here.
Ali Juma
Comment 7 2021-03-16 08:00:35 PDT
Created attachment 423330 [details] Crash log We're still getting reports of this, even on 14.5 beta. I've attached a sample crash log. > One other data point that might be helpful: how many WKWebViews are in-window at this point? There's always at most one visible WKWebView per window. We can have additional non-visible WKWebViews for background tabs, but looking through the reports, this happens even where there is only a single tab.
Note You need to log in before you can comment on or make changes to this bug.