[Webkit-unassigned] [Bug 191780] New: Debug Safari crashes in BrowserWKView dealloc after javascript redirect

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Nov 16 14:59:40 PST 2018 

https://bugs.webkit.org/show_bug.cgi?id=191780

            Bug ID: 191780
           Summary: Debug Safari crashes in BrowserWKView dealloc after
                    javascript redirect
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: macOS 10.14
            Status: NEW
          Severity: Critical
          Priority: P2
         Component: Page Loading
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jmulani at apple.com
                CC: beidson at apple.com

Created attachment 355136

  --> https://bugs.webkit.org/attachment.cgi?id=355136&action=review

test page to reproduce crash

Debug Safari crashes in BrowserWKView.mm dealloc method after a javascript redirect. The failed assertion is:
ASSERTION FAILED: m_messageReceivers.contains(std::make_pair(messageReceiverName, destinationID))

I have attached a simple test page that leads me to the crash on tip of tree.

2018-11-16 14:54:22.748080-0800 Safari[76684:4795683] ASSERTION FAILED: m_messageReceivers.contains(std::make_pair(messageReceiverName, destinationID))
ASSERTION FAILED: m_messageReceivers.contains(std::make_pair(messageReceiverName, destinationID))
2018-11-16 14:54:22.748137-0800 Safari[76684:4795683] /Volumes/Data/worker/liberty-debug-archive/build/OpenSource/Source/WebKit/Platform/IPC/MessageReceiverMap.cpp(72) : void IPC::MessageReceiverMap::removeMessageReceiver(IPC::StringReference, uint64_t)
/Volumes/Data/worker/liberty-debug-archive/build/OpenSource/Source/WebKit/Platform/IPC/MessageReceiverMap.cpp(72) : void IPC::MessageReceiverMap::removeMessageReceiver(IPC::StringReference, uint64_t)
2018-11-16 14:54:22.759044-0800 Safari[76684:4795683] 1   0x102866829 WTFCrash
1   0x102866829 WTFCrash
2018-11-16 14:54:22.769089-0800 Safari[76684:4795683] 2   0x10863aa2b WTFCrashWithInfo(int, char const*, char const*, int)
2   0x10863aa2b WTFCrashWithInfo(int, char const*, char const*, int)
2018-11-16 14:54:22.771031-0800 Safari[76684:4795683] 3   0x1086e8f40 IPC::MessageReceiverMap::removeMessageReceiver(IPC::StringReference, unsigned long long)
3   0x1086e8f40 IPC::MessageReceiverMap::removeMessageReceiver(IPC::StringReference, unsigned long long)
2018-11-16 14:54:22.772175-0800 Safari[76684:4795683] 4   0x108cc6827 WebKit::ChildProcessProxy::removeMessageReceiver(IPC::StringReference, unsigned long long)
4   0x108cc6827 WebKit::ChildProcessProxy::removeMessageReceiver(IPC::StringReference, unsigned long long)
2018-11-16 14:54:22.773399-0800 Safari[76684:4795683] 5   0x109199610 WebKit::ViewGestureController::~ViewGestureController()
5   0x109199610 WebKit::ViewGestureController::~ViewGestureController()
2018-11-16 14:54:22.774957-0800 Safari[76684:4795683] 6   0x109199815 WebKit::ViewGestureController::~ViewGestureController()
6   0x109199815 WebKit::ViewGestureController::~ViewGestureController()
2018-11-16 14:54:22.776542-0800 Safari[76684:4795683] 7   0x109199839 WebKit::ViewGestureController::~ViewGestureController()
7   0x109199839 WebKit::ViewGestureController::~ViewGestureController()
2018-11-16 14:54:22.778081-0800 Safari[76684:4795683] 8   0x108debd7c WebKit::WebViewImpl::~WebViewImpl()
8   0x108debd7c WebKit::WebViewImpl::~WebViewImpl()
2018-11-16 14:54:22.779668-0800 Safari[76684:4795683] 9   0x108dec295 WebKit::WebViewImpl::~WebViewImpl()
9   0x108dec295 WebKit::WebViewImpl::~WebViewImpl()
2018-11-16 14:54:22.781299-0800 Safari[76684:4795683] 10  0x108c565cf -[WKWebView .cxx_destruct]
10  0x108c565cf -[WKWebView .cxx_destruct]
2018-11-16 14:54:22.781359-0800 Safari[76684:4795683] 11  0x7fff7608c40c object_cxxDestructFromClass(objc_object*, objc_class*)
11  0x7fff7608c40c object_cxxDestructFromClass(objc_object*, objc_class*)
2018-11-16 14:54:22.781389-0800 Safari[76684:4795683] 12  0x7fff76084cd5 objc_destructInstance
12  0x7fff76084cd5 objc_destructInstance
2018-11-16 14:54:22.781414-0800 Safari[76684:4795683] 13  0x7fff76084c77 object_dispose
13  0x7fff76084c77 object_dispose
2018-11-16 14:54:22.781660-0800 Safari[76684:4795683] 14  0x7fff46c8f34d -[NSResponder dealloc]
14  0x7fff46c8f34d -[NSResponder dealloc]
2018-11-16 14:54:22.781903-0800 Safari[76684:4795683] 15  0x7fff46c8d6b8 -[NSView dealloc]
15  0x7fff46c8d6b8 -[NSView dealloc]
2018-11-16 14:54:22.783460-0800 Safari[76684:4795683] 16  0x108c4a9ee -[WKWebView dealloc]
16  0x108c4a9ee -[WKWebView dealloc]
2018-11-16 14:54:22.787825-0800 Safari[76684:4795683] 17  0x1007740ec -[BrowserWKView dealloc]
17  0x1007740ec -[BrowserWKView dealloc]
2018-11-16 14:54:22.787887-0800 Safari[76684:4795683] 18  0x7fff760859dc (anonymous namespace)::AutoreleasePoolPage::pop(void*)
18  0x7fff760859dc (anonymous namespace)::AutoreleasePoolPage::pop(void*)
2018-11-16 14:54:22.787947-0800 Safari[76684:4795683] 19  0x7fff4960fbc6 _CFAutoreleasePoolPop
19  0x7fff4960fbc6 _CFAutoreleasePoolPop
2018-11-16 14:54:22.788194-0800 Safari[76684:4795683] 20  0x7fff46e66cd2 _wrapRunLoopWithAutoreleasePoolHandler
20  0x7fff46e66cd2 _wrapRunLoopWithAutoreleasePoolHandler
2018-11-16 14:54:22.788259-0800 Safari[76684:4795683] 21  0x7fff4969b6ad __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__
21  0x7fff4969b6ad __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__
2018-11-16 14:54:22.788318-0800 Safari[76684:4795683] 22  0x7fff4969b5e2 __CFRunLoopDoObservers
22  0x7fff4969b5e2 __CFRunLoopDoObservers
2018-11-16 14:54:22.788370-0800 Safari[76684:4795683] 23  0x7fff4963ca64 CFRunLoopRunSpecific
23  0x7fff4963ca64 CFRunLoopRunSpecific
2018-11-16 14:54:22.788439-0800 Safari[76684:4795683] 24  0x7fff488d2b45 RunCurrentEventLoopInMode
24  0x7fff488d2b45 RunCurrentEventLoopInMode
2018-11-16 14:54:22.788523-0800 Safari[76684:4795683] 25  0x7fff488d287b ReceiveNextEventCommon
25  0x7fff488d287b ReceiveNextEventCommon
2018-11-16 14:54:22.788586-0800 Safari[76684:4795683] 26  0x7fff488d25f8 _BlockUntilNextEventMatchingListInModeWithFilter
26  0x7fff488d25f8 _BlockUntilNextEventMatchingListInModeWithFilter
2018-11-16 14:54:22.788823-0800 Safari[76684:4795683] 27  0x7fff46b8ca73 _DPSNextEvent
27  0x7fff46b8ca73 _DPSNextEvent
2018-11-16 14:54:22.789066-0800 Safari[76684:4795683] 28  0x7fff46b8b812 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
28  0x7fff46b8b812 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
2018-11-16 14:54:22.790188-0800 Safari[76684:4795683] 29  0x100530430 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
29  0x100530430 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
2018-11-16 14:54:22.790439-0800 Safari[76684:4795683] 30  0x7fff46b85875 -[NSApplication run]
30  0x7fff46b85875 -[NSApplication run]
2018-11-16 14:54:22.790674-0800 Safari[76684:4795683] 31  0x7fff46b74fb3 NSApplicationMain
31  0x7fff46b74fb3 NSApplicationMain

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181116/1364915c/attachment-0001.html>

More information about the webkit-unassigned mailing list