[Webkit-unassigned] [Bug 210794] WebKit.WebContent process crashes when web developer tools are opened in Safari

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Apr 29 13:39:09 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=210794

Devin Rousso <drousso at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
           Assignee|webkit-unassigned at lists.web |drousso at apple.com
                   |kit.org                     |
 Attachment #397995|                            |review?, commit-queue-
              Flags|                            |

--- Comment #7 from Devin Rousso <drousso at apple.com> ---
Created attachment 397995

  --> https://bugs.webkit.org/attachment.cgi?id=397995&action=review

[Patch] WIP

Speculative fix that seems to work.

Before this change, this was the order of events by adding `WTFReportBacktrace();` inside
 - the lambda given to the `ScriptExecutionContext::Task` created in `WorkerMessagingProxy::postMessageToWorkerGlobalScope`
 - in `WorkerScriptController::scheduleExecutionTermination` right before `m_isTerminatingExecution = true;`
 - in `WorkerScriptController::isTerminatingExecution` right before `return m_isTerminatingExecution;`

>>> m_isTerminatingExecution == false
1   0x1975840f5 WebCore::WorkerScriptController::isTerminatingExecution() const
2   0x1996ba5ad WebCore::WorkerRunLoop::Task::performTask(WebCore::WorkerGlobalScope*)
3   0x1996b9ad7 WebCore::WorkerRunLoop::runInMode(WebCore::WorkerGlobalScope*, WebCore::ModePredicate const&, WebCore::WorkerRunLoop::WaitMode)
4   0x1996b96d8 WebCore::WorkerRunLoop::run(WebCore::WorkerGlobalScope*)
5   0x1996bd518 WebCore::WorkerThread::runEventLoop()
6   0x19969e634 WebCore::DedicatedWorkerThread::runEventLoop()
7   0x1996bcfe1 WebCore::WorkerThread::workerThread()
8   0x1996d0118 WebCore::WorkerThread::start(WTF::Function<void (WTF::String const&)>&&)::$_16::operator()() const
9   0x1996d00ce WTF::Detail::CallableWrapper<WebCore::WorkerThread::start(WTF::Function<void (WTF::String const&)>&&)::$_16, void>::call()
10  0x1b06e5792 WTF::Function<void ()>::operator()() const
11  0x1b078be58 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*)
12  0x1b0797588 WTF::wtfThreadEntryPoint(void*)
13  0x7fff6bc80109 _pthread_start
14  0x7fff6bc7bb8b thread_start
>>> m_askedToTerminate == true



>>> m_isTerminatingExecution = true
1   0x1975842fe WebCore::WorkerScriptController::scheduleExecutionTermination()
2   0x1996b8ce2 WebCore::WorkerThread::stop(WTF::Function<void ()>&&)
3   0x1996b91b0 WebCore::WorkerMessagingProxy::terminateWorkerGlobalScope()
4   0x19969f7f4 WebCore::Worker::terminate()
5   0x1968ede4e WebCore::jsWorkerPrototypeFunctionTerminateBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWorker*, JSC::ThrowScope&)
6   0x196868932 long long WebCore::IDLOperation<WebCore::JSWorker>::call<&(WebCore::jsWorkerPrototypeFunctionTerminateBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSWorker*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)
7   0x196868614 WebCore::jsWorkerPrototypeFunctionTerminate(JSC::JSGlobalObject*, JSC::CallFrame*)
8   0x5a8095e011d8
9   0x1b0bdee3f llint_entry
10  0x1b0bbf763 vmEntryToJavaScript
11  0x1b197d277 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
12  0x1b197d9f1 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
13  0x1b1cd51ad JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
14  0x1b1cd528f JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
15  0x1b1cd5572 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
16  0x1974c77de WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
17  0x1974e43bc WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&)
18  0x197b33a57 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase)
19  0x197b2fd60 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase)
20  0x197ba6002 WebCore::Node::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase)
21  0x197b1e4a1 WebCore::EventContext::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) const
22  0x197b1e6db WebCore::MouseOrFocusEventContext::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) const
23  0x197b1ef6f WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&)
24  0x197b1eaa7 WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&)
25  0x197ba605d WebCore::Node::dispatchEvent(WebCore::Event&)
26  0x197ad573e WebCore::Element::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WTF::AtomString const&, int, WebCore::Element*)
27  0x19869aa1d WebCore::EventHandler::dispatchMouseEvent(WTF::AtomString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool)
28  0x19869d8e4 WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&)
29  0x199284923 WebCore::UserInputBridge::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&, WebCore::InputSource)
30  0x1898b6847 WebKit::handleMouseEvent(WebKit::WebMouseEvent const&, WebKit::WebPage*)
31  0x1898b6609 WebKit::WebPage::mouseEvent(WebKit::WebMouseEvent const&)



>>> m_isTerminatingExecution == true
1   0x1975840f5 WebCore::WorkerScriptController::isTerminatingExecution() const
2   0x1974e447e WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&)
3   0x197b33a57 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase)
4   0x197b2fd60 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase)
5   0x197b3354d WebCore::EventTarget::dispatchEvent(WebCore::Event&)
6   0x1996c5b2f WebCore::WorkerMessagingProxy::postMessageToWorkerGlobalScope(WebCore::MessageWithMessagePorts&&)::$_5::operator()(WebCore::ScriptExecutionContext&)
7   0x1996c58f3 WTF::Detail::CallableWrapper<WebCore::WorkerMessagingProxy::postMessageToWorkerGlobalScope(WebCore::MessageWithMessagePorts&&)::$_5, void, WebCore::ScriptExecutionContext&>::call(WebCore::ScriptExecutionContext&)
8   0x19735f44a WTF::Function<void (WebCore::ScriptExecutionContext&)>::operator()(WebCore::ScriptExecutionContext&) const
9   0x19734abdd WebCore::ScriptExecutionContext::Task::performTask(WebCore::ScriptExecutionContext&)
10  0x1996ba5e0 WebCore::WorkerRunLoop::Task::performTask(WebCore::WorkerGlobalScope*)
11  0x1996b9ad7 WebCore::WorkerRunLoop::runInMode(WebCore::WorkerGlobalScope*, WebCore::ModePredicate const&, WebCore::WorkerRunLoop::WaitMode)
12  0x1996b96d8 WebCore::WorkerRunLoop::run(WebCore::WorkerGlobalScope*)
13  0x1996bd518 WebCore::WorkerThread::runEventLoop()
14  0x19969e634 WebCore::DedicatedWorkerThread::runEventLoop()
15  0x1996bcfe1 WebCore::WorkerThread::workerThread()
16  0x1996d0118 WebCore::WorkerThread::start(WTF::Function<void (WTF::String const&)>&&)::$_16::operator()() const
17  0x1996d00ce WTF::Detail::CallableWrapper<WebCore::WorkerThread::start(WTF::Function<void (WTF::String const&)>&&)::$_16, void>::call()
18  0x1b06e5792 WTF::Function<void ()>::operator()() const
19  0x1b078be58 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*)
20  0x1b0797588 WTF::wtfThreadEntryPoint(void*)
21  0x7fff6bc80109 _pthread_start
22  0x7fff6bc7bb8b thread_start



SHOULD NEVER BE REACHED
./bindings/ScriptValue.cpp(45) : RefPtr<JSON::Value> Inspector::jsToInspectorValue(JSC::JSGlobalObject *, JSC::JSValue, int)
1   0x1b06be9e9 WTFCrash
2   0x1b0e031bb WTFCrashWithInfo(int, char const*, char const*, int)
3   0x1b100b193 Inspector::jsToInspectorValue(JSC::JSGlobalObject*, JSC::JSValue, int)
4   0x1b100b0f9 Inspector::toInspectorValue(JSC::JSGlobalObject*, JSC::JSValue)
5   0x1b184c920 Inspector::InjectedScriptBase::makeCall(Deprecated::ScriptFunctionCall&)
6   0x1b184ee10 Inspector::InjectedScript::clearEventValue()
7   0x1b185160a Inspector::InjectedScriptManager::clearEventValue()
8   0x1982df1f9 WebCore::InspectorDOMDebuggerAgent::didHandleEvent()
9   0x198218e41 WebCore::InspectorInstrumentation::didHandleEventImpl(WebCore::InstrumentingAgents&)
10  0x197b33f9a WebCore::InspectorInstrumentation::didHandleEvent(WebCore::ScriptExecutionContext&)
11  0x197b33a60 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase)
12  0x197b2fd60 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase)
13  0x197b3354d WebCore::EventTarget::dispatchEvent(WebCore::Event&)
14  0x1996c5b2f WebCore::WorkerMessagingProxy::postMessageToWorkerGlobalScope(WebCore::MessageWithMessagePorts&&)::$_5::operator()(WebCore::ScriptExecutionContext&)
15  0x1996c58f3 WTF::Detail::CallableWrapper<WebCore::WorkerMessagingProxy::postMessageToWorkerGlobalScope(WebCore::MessageWithMessagePorts&&)::$_5, void, WebCore::ScriptExecutionContext&>::call(WebCore::ScriptExecutionContext&)
16  0x19735f44a WTF::Function<void (WebCore::ScriptExecutionContext&)>::operator()(WebCore::ScriptExecutionContext&) const
17  0x19734abdd WebCore::ScriptExecutionContext::Task::performTask(WebCore::ScriptExecutionContext&)
18  0x1996ba5e0 WebCore::WorkerRunLoop::Task::performTask(WebCore::WorkerGlobalScope*)
19  0x1996b9ad7 WebCore::WorkerRunLoop::runInMode(WebCore::WorkerGlobalScope*, WebCore::ModePredicate const&, WebCore::WorkerRunLoop::WaitMode)
20  0x1996b96d8 WebCore::WorkerRunLoop::run(WebCore::WorkerGlobalScope*)
21  0x1996bd518 WebCore::WorkerThread::runEventLoop()
22  0x19969e634 WebCore::DedicatedWorkerThread::runEventLoop()
23  0x1996bcfe1 WebCore::WorkerThread::workerThread()
24  0x1996d0118 WebCore::WorkerThread::start(WTF::Function<void (WTF::String const&)>&&)::$_16::operator()() const
25  0x1996d00ce WTF::Detail::CallableWrapper<WebCore::WorkerThread::start(WTF::Function<void (WTF::String const&)>&&)::$_16, void>::call()
26  0x1b06e5792 WTF::Function<void ()>::operator()() const
27  0x1b078be58 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*)
28  0x1b0797588 WTF::wtfThreadEntryPoint(void*)
29  0x7fff6bc80109 _pthread_start
30  0x7fff6bc7bb8b thread_start

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200429/8d6caaa0/attachment.htm>

More information about the webkit-unassigned mailing list