[Webkit-unassigned] [Bug 273386] New: ASSERT_NOT_REACHED in MessageReceiverMap::removeMessageReceiver
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Apr 28 22:51:49 PDT 2024
https://bugs.webkit.org/show_bug.cgi?id=273386
Bug ID: 273386
Summary: ASSERT_NOT_REACHED in
MessageReceiverMap::removeMessageReceiver
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Media
Assignee: webkit-unassigned at lists.webkit.org
Reporter: jean-yves.avenard at apple.com
When playing a movie in Netflix, refreshing the page, I often get an assertion:
```
void MessageReceiverMap::removeMessageReceiver(ReceiverName messageReceiverName, uint64_t destinationID)
{
auto it = m_messageReceivers.find(std::make_pair(messageReceiverName, destinationID));
if (it == m_messageReceivers.end()) {
ASSERT_NOT_REACHED(); <---- reaching here
return;
}
```
```
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x1e7a800180c21710)
Note: Possible pointer authentication failure detected.
Found value that failed to authenticate at address=0x180c21710.
frame #0: 0x00000001146a9634 WebKit`WTFCrashWithInfo(line=77, file="/Users/jyavenard/Work/webkit/OpenSource/Source/WebKit/Platform/IPC/MessageReceiverMap.cpp", function="void IPC::MessageReceiverMap::removeMessageReceiver(ReceiverName, uint64_t)", counter=3065) at Assertions.h:851:5
frame #1: 0x00000001182e92a4 WebKit`IPC::MessageReceiverMap::removeMessageReceiver(this=0x000000010f711530, messageReceiverName=RemoteCDMInstance, destinationID=15) at MessageReceiverMap.cpp:77:9
* frame #2: 0x000000011709aa80 WebKit`WebKit::RemoteCDMInstance::~RemoteCDMInstance(this=0x0000000381b72500) at RemoteCDMInstance.cpp:64:60
frame #3: 0x000000011709ab24 WebKit`WebKit::RemoteCDMInstance::~RemoteCDMInstance(this=0x0000000381b72500) at RemoteCDMInstance.cpp:59:1
frame #4: 0x000000011709ab70 WebKit`WebKit::RemoteCDMInstance::~RemoteCDMInstance(this=0x0000000381b72500) at RemoteCDMInstance.cpp:59:1
frame #5: 0x00000001499ac038 WebCore`std::__1::default_delete<WebCore::CDMInstance>::operator()[abi:sn180100](this=0x000000016f796337, __ptr=0x0000000381b72500) const at unique_ptr.h:66:5
frame #6: 0x00000001499abfcc WebCore`WTF::RefCounted<WebCore::CDMInstance, std::__1::default_delete<WebCore::CDMInstance>>::deref(this=0x0000000381b72508) const at RefCounted.h:220:13
frame #7: 0x00000001499abf54 WebCore`WTF::DefaultRefDerefTraits<WebCore::CDMInstance>::derefIfNotNull(ptr=0x0000000381b72500) at Ref.h:62:18
frame #8: 0x0000000149c77ff4 WebCore`WTF::Ref<WebCore::CDMInstance, WTF::RawPtrTraits<WebCore::CDMInstance>, WTF::DefaultRefDerefTraits<WebCore::CDMInstance>>::~Ref(this=0x00000003748a71e0) at Ref.h:82:13
frame #9: 0x0000000149c74d04 WebCore`WTF::Ref<WebCore::CDMInstance, WTF::RawPtrTraits<WebCore::CDMInstance>, WTF::DefaultRefDerefTraits<WebCore::CDMInstance>>::~Ref(this=0x00000003748a71e0) at Ref.h:76:5
frame #10: 0x0000000149c74c18 WebCore`WebCore::MediaKeys::~MediaKeys(this=0x00000003748a71a0) at MediaKeys.cpp:72:23
frame #11: 0x0000000149c74dc8 WebCore`WebCore::MediaKeys::~MediaKeys(this=0x00000003748a71a0) at MediaKeys.cpp:72:23
frame #12: 0x0000000149c7747c WebCore`std::__1::default_delete<WebCore::MediaKeys>::operator()[abi:sn180100](this=0x000000016f796447, __ptr=0x00000003748a71a0) const at unique_ptr.h:66:5
frame #13: 0x0000000149c77434 WebCore`WTF::RefCounted<WebCore::MediaKeys, std::__1::default_delete<WebCore::MediaKeys>>::deref(this=0x00000003748a71b8) const at RefCounted.h:220:13
frame #14: 0x0000000149c773c0 WebCore`WTF::DefaultRefDerefTraits<WebCore::MediaKeys>::derefIfNotNull(ptr=0x00000003748a71a0) at Ref.h:62:18
frame #15: 0x0000000149c77348 WebCore`WTF::Ref<WebCore::MediaKeys, WTF::RawPtrTraits<WebCore::MediaKeys>, WTF::DefaultRefDerefTraits<WebCore::MediaKeys>>::~Ref(this=0x00000003813de620) at Ref.h:82:13
frame #16: 0x0000000149c772ec WebCore`WTF::Ref<WebCore::MediaKeys, WTF::RawPtrTraits<WebCore::MediaKeys>, WTF::DefaultRefDerefTraits<WebCore::MediaKeys>>::~Ref(this=0x00000003813de620) at Ref.h:76:5
frame #17: 0x000000014ae38a08 WebCore`WebCore::JSDOMWrapper<WebCore::MediaKeys, WTF::RawPtrTraits<WebCore::MediaKeys>>::~JSDOMWrapper(this=0x00000003813de608) at JSDOMWrapper.h:74:7
frame #18: 0x000000014ae389d4 WebCore`WebCore::JSMediaKeys::~JSMediaKeys(this=0x00000003813de608) at JSMediaKeys.h:31:7
frame #19: 0x000000014adc0578 WebCore`WebCore::JSMediaKeys::~JSMediaKeys(this=0x00000003813de608) at JSMediaKeys.h:31:7
frame #20: 0x000000014adbff80 WebCore`WebCore::JSMediaKeys::destroy(cell=0x00000003813de608) at JSMediaKeys.cpp:172:30
frame #21: 0x0000000129a768f4 JavaScriptCore`JSC::JSDestructibleObjectDestroyFunc::operator()(this=0x000000016f796587, (null)=0x0000000110412000, cell=0x00000003813de608) const at JSDestructibleObjectHeapCellType.cpp:43:9
frame #22: 0x0000000129a768ac JavaScriptCore`JSC::JSDestructibleObjectHeapCellType::destroy(this=0x00000001104127b0, vm=0x0000000110412000, cell=0x00000003813de608) const at JSDestructibleObjectHeapCellType.cpp:63:5
frame #23: 0x00000001293c86a4 JavaScriptCore`JSC::Subspace::destroy(this=0x000000010f71ac00, vm=0x0000000110412000, cell=0x00000003813de608) at Subspace.cpp:68:21
frame #24: 0x00000001293bd100 JavaScriptCore`JSC::PreciseAllocation::sweep(this=0x00000003813de598) at PreciseAllocation.cpp:273:25
frame #25: 0x00000001293a04cc JavaScriptCore`JSC::MarkedSpace::sweepPreciseAllocations(this=0x0000000110412178) at MarkedSpace.cpp:235:21
frame #26: 0x00000001292e1704 JavaScriptCore`JSC::Heap::sweepInFinalize(this=0x00000001104120c8) at Heap.cpp:2284:19
frame #27: 0x00000001292e131c JavaScriptCore`JSC::Heap::finalize(this=0x00000001104120c8) at Heap.cpp:2217:9
frame #28: 0x00000001292e0a9c JavaScriptCore`JSC::Heap::handleNeedFinalize(this=0x00000001104120c8, oldState=13) at Heap.cpp:2155:9
frame #29: 0x00000001292dfa78 JavaScriptCore`JSC::Heap::handleNeedFinalize(this=0x00000001104120c8) at Heap.cpp:2166:12
frame #30: 0x00000001292dc1a0 JavaScriptCore`JSC::Heap::finishChangingPhase(this=0x00000001104120c8, conn=Mutator) at Heap.cpp:1762:17
frame #31: 0x00000001292dd7a8 JavaScriptCore`JSC::Heap::changePhase(this=0x00000001104120c8, conn=Mutator, nextPhase=NotRunning) at Heap.cpp:1736:12
frame #32: 0x00000001292dd74c JavaScriptCore`JSC::Heap::runEndPhase(this=0x00000001104120c8, conn=Mutator) at Heap.cpp:1726:12
frame #33: 0x00000001292dbab8 JavaScriptCore`JSC::Heap::runCurrentPhase(this=0x00000001104120c8, conn=Mutator, currentThreadState=0x000000016f796a90) at Heap.cpp:1372:18
frame #34: 0x00000001293379cc JavaScriptCore`JSC::Heap::collectInMutatorThread()::$_0::operator()(this=0x000000016f796af0, state=0x000000016f796a90) const at Heap.cpp:1993:52
frame #35: 0x0000000129337958 JavaScriptCore`WTF::ScopedLambdaFunctor<void (JSC::CurrentThreadState&), JSC::Heap::collectInMutatorThread()::$_0>::implFunction(argument=0x000000016f796ae0, arguments=0x000000016f796a90) at ScopedLambda.h:106:16
frame #36: 0x000000012939b460 JavaScriptCore`void WTF::ScopedLambda<void (JSC::CurrentThreadState&)>::operator()<JSC::CurrentThreadState&>(this=0x000000016f796ae0, arguments=0x000000016f796a90) const at ScopedLambda.h:58:16
frame #37: 0x000000012939b3f4 JavaScriptCore`JSC::callWithCurrentThreadState(lambda=0x000000016f796ae0) at MachineStackMarker.cpp:227:5
frame #38: 0x00000001292e0ba0 JavaScriptCore`JSC::Heap::collectInMutatorThread(this=0x00000001104120c8) at Heap.cpp:2005:13
frame #39: 0x00000001292e0934 JavaScriptCore`JSC::Heap::stopIfNecessarySlow(this=0x00000001104120c8, oldState=21) at Heap.cpp:1974:9
frame #40: 0x00000001292e1c7c JavaScriptCore`void JSC::Heap::waitForCollector<JSC::Heap::waitForCollection(unsigned long long)::$_0>(this=0x00000001104120c8, func=0x000000016f796bc0) at Heap.cpp:2031:13
frame #41: 0x00000001292db6e8 JavaScriptCore`JSC::Heap::waitForCollection(this=0x00000001104120c8, ticket=16) at Heap.cpp:2276:5
frame #42: 0x00000001292daff4 JavaScriptCore`JSC::Heap::collectSync(this=0x00000001104120c8, request=GCRequest @ 0x000000016f796c68) at Heap.cpp:1279:5
frame #43: 0x00000001292dad74 JavaScriptCore`JSC::Heap::collect(this=0x00000001104120c8, synchronousness=Sync, request=GCRequest @ 0x000000016f796cd8) at Heap.cpp:1199:9
frame #44: 0x00000001292c7198 JavaScriptCore`JSC::FullGCActivityCallback::doCollection(this=0x000000010f0d5440, vm=0x0000000110412000) at FullGCActivityCallback.cpp:55:10
frame #45: 0x000000014e95a890 WebCore`WebCore::OpportunisticTaskScheduler::FullGCActivityCallback::FullGCActivityCallback(JSC::Heap&)::$_0::operator()(this=0x000000010f0b4cb8) const at OpportunisticTaskScheduler.cpp:185:15
frame #46: 0x000000014e95a810 WebCore`WTF::Detail::CallableWrapper<WebCore::OpportunisticTaskScheduler::FullGCActivityCallback::FullGCActivityCallback(JSC::Heap&)::$_0, void>::call(this=0x000000010f0b4cb0) at Function.h:53:39
frame #47: 0x00000001498275f0 WebCore`WTF::Function<void ()>::operator()(this=0x000000010f1014c0) const at Function.h:82:35
frame #48: 0x000000014ec18458 WebCore`WebCore::RunLoopObserver::runLoopObserverFired(this=0x000000010f1014c0) at RunLoopObserver.cpp:41:5
frame #49: 0x000000014ed225c0 WebCore`WebCore::RunLoopObserver::runLoopObserverFired((null)=0x0000000387f0f8d0, (null)=128, context=0x000000010f1014c0) at RunLoopObserverCF.cpp:72:45
frame #50: 0x0000000180d4ada8 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 36
frame #51: 0x0000000180d4ac94 CoreFoundation`__CFRunLoopDoObservers + 552
frame #52: 0x0000000180d4999c CoreFoundation`CFRunLoopRunSpecific + 684
frame #53: 0x0000000181f39b68 Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212
frame #54: 0x0000000181fb151c Foundation`-[NSRunLoop(NSRunLoop) run] + 64
frame #55: 0x0000000180976e3c libxpc.dylib`_xpc_objc_main + 700
frame #56: 0x0000000180986aec libxpc.dylib`_xpc_main + 276
frame #57: 0x00000001809769d8 libxpc.dylib`xpc_main + 64
frame #58: 0x00000001159000e4 WebKit`WebKit::XPCServiceMain((null)=1, (null)=0x000000016f797400) at XPCServiceMain.mm:311:5
frame #59: 0x000000011820b560 WebKit`WKXPCServiceMain(argc=1, argv=0x000000016f797400, (null)=0x0000000000000000, darwinEnvp=0x000000016f797540) at WKMain.mm:42:12
frame #60: 0x000000010066bf8c com.apple.WebKit.WebContent.Development`main(argc=1, argv=0x000000016f797400, (null)=0x000000016f797410, darwinEnvp=0x000000016f797540) at AuxiliaryProcessMain.cpp:32:12
frame #61: 0x00000001808d9f48 dyld`start + 2028
```
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240429/f15d258e/attachment-0001.htm>
More information about the webkit-unassigned
mailing list