[Webkit-unassigned] [Bug 228065] New: [WinCairo] Crash in WebCore::Page::setActivityState

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Jul 18 14:52:27 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=228065

            Bug ID: 228065
           Summary: [WinCairo] Crash in WebCore::Page::setActivityState
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Hironori.Fujii at sony.com

[WinCairo] Crash in WebCore::Page::setActivityState

While browsing with WinCairo MiniBrowser r280018, I'm observing crashes of WebKitWebProcess.exe.

Callstack:

> WebKit2.dll!WebCore::Page::setActivityState(WTF::OptionSet<WebCore::ActivityState::Flag> activityState) Line 2352	C++
> WebKit2.dll!WebKit::WebPage::setActivityState(WTF::OptionSet<WebCore::ActivityState::Flag> activityState, unsigned __int64 activityStateChangeID, WTF::CompletionHandler<void ()> && callback) Line 3462	C++
> [Inline Frame] WebKit2.dll!IPC::callMemberFunctionImpl(WebKit::WebPage * object, void(WebKit::WebPage::*)(WTF::OptionSet<WebCore::ActivityState::Flag>, unsigned __int64, WTF::CompletionHandler<void ()> &&) function, WTF::CompletionHandler<void ()> && completionHandler, std::tuple<WTF::OptionSet<WebCore::ActivityState::Flag>,unsigned long long> && args, std::integer_sequence<unsigned long long,0,1>) Line 57	C++
> [Inline Frame] WebKit2.dll!IPC::callMemberFunction(std::tuple<WTF::OptionSet<WebCore::ActivityState::Flag>,unsigned long long> && args, WTF::CompletionHandler<void ()> && completionHandler, WebKit::WebPage * object, void(WebKit::WebPage::*)(WTF::OptionSet<WebCore::ActivityState::Flag>, unsigned __int64, WTF::CompletionHandler<void ()> &&) function) Line 63	C++
> WebKit2.dll!IPC::handleMessageAsync<Messages::WebPage::SetActivityState,WebKit::WebPage,void (WebKit::WebPage::*)(WTF::OptionSet<WebCore::ActivityState::Flag>, unsigned long long, WTF::CompletionHandler<void ()> &&)>(IPC::Connection & connection, IPC::Decoder & decoder, WebKit::WebPage * object, void(WebKit::WebPage::*)(WTF::OptionSet<WebCore::ActivityState::Flag>, unsigned __int64, WTF::CompletionHandler<void ()> &&) function) Line 198	C++
> WebKit2.dll!WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection & connection, IPC::Decoder & decoder) Line 2847	C++
> WebKit2.dll!IPC::MessageReceiverMap::dispatchMessage(IPC::Connection & connection, IPC::Decoder & decoder) Line 128	C++
> WebKit2.dll!WebKit::WebProcess::didReceiveMessage(IPC::Connection & connection, IPC::Decoder & decoder) Line 860	C++
> WebKit2.dll!IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder,std::default_delete<IPC::Decoder>> message) Line 1105	C++
> WebKit2.dll!IPC::Connection::dispatchOneIncomingMessage() Line 1173	C++
> [Inline Frame] WTF.dll!WTF::Function<void ()>::operator()() Line 82	C++
> WTF.dll!WTF::RunLoop::performWork() Line 134	C++
> [Inline Frame] WTF.dll!WTF::RunLoop::wndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 56	C++
> WTF.dll!WTF::RunLoop::RunLoopWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 39	C++
> user32.dll!00007ffd46a7e858()	Unknown
> user32.dll!00007ffd46a7e299()	Unknown
> WTF.dll!WTF::RunLoop::run() Line 73	C++
> [Inline Frame] WebKit2.dll!WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess,1>::run(int argc, char * * argv) Line 70	C++
> WebKit2.dll!WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainWin>(int argc, char * * argv) Line 96	C++
> WebKitWebProcess.exe!main(int argc, char * * argv) Line 35	C++
> [Inline Frame] WebKitWebProcess.exe!invoke_main() Line 78	C++
> WebKitWebProcess.exe!__scrt_common_main_seh() Line 288	C++
> kernel32.dll!00007ffd45127034()	Unknown
> ntdll.dll!00007ffd46f42651()	Unknown


>     for (auto* observer : m_activityStateChangeObservers)
>         observer->activityStateDidChange(oldActivityState, m_activityState);

'observer' seemed already destroyed.

I don't know how to reproduce the crash. I observe this crash by browsing 30-50 web sites.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210718/c3a4a9a5/attachment-0001.htm>

More information about the webkit-unassigned mailing list