Bug 188283

Summary: Regression(r234486): assertion hit in ~CallbackAggregator()
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebKit2Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, commit-queue, ggaren, sihui_liu, simon.fraser, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=188084
Attachments:
Description Flags
Patch none

Chris Dumez
Reported 2018-08-02 16:14:21 PDT
Regression(r234486): assertion hit in ~CallbackAggregator(): Thread 5 Crashed:: Dispatch queue: com.apple.CFNetwork.CookieServerEndpoint-queue-0x7f9c2500d300 0 com.apple.JavaScriptCore 0x000000011d1872d0 WTFCrash + 16 (Assertions.cpp:267) 1 com.apple.WebKit 0x0000000109cfb08b WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:545) 2 com.apple.WebKit 0x0000000109dd4fcf WTF::CallbackAggregator::~CallbackAggregator() + 127 (CallbackAggregator.h:40) 3 com.apple.WebKit 0x0000000109dd4f45 WTF::CallbackAggregator::~CallbackAggregator() + 21 (CallbackAggregator.h:43) 4 com.apple.WebKit 0x0000000109dd4f17 WTF::ThreadSafeRefCounted<WTF::CallbackAggregator, (WTF::DestructionThread)0>::deref() const + 71 (ThreadSafeRefCounted.h:76) 5 com.apple.WebKit 0x000000010a12fe81 void WTF::derefIfNotNull<WTF::CallbackAggregator>(WTF::CallbackAggregator*) + 49 (RefPtr.h:46) 6 com.apple.WebKit 0x000000010a12fe49 WTF::RefPtr<WTF::CallbackAggregator, WTF::DumbPtrTraits<WTF::CallbackAggregator> >::~RefPtr() + 41 (RefPtr.h:70) 7 com.apple.WebKit 0x000000010a12e5a5 WTF::RefPtr<WTF::CallbackAggregator, WTF::DumbPtrTraits<WTF::CallbackAggregator> >::~RefPtr() + 21 (RefPtr.h:70) 8 com.apple.WebKit 0x000000010a1306a5 auto WebKit::NetworkProcess::platformSyncAllCookies(WTF::CompletionHandler<void ()>&&)::$_2::operator()<WebCore::NetworkStorageSession const>(WebCore::NetworkStorageSession const&) const::'lambda'()::~() + 21 (NetworkProcessCocoa.mm:223) 9 com.apple.WebKit 0x000000010a130625 auto WebKit::NetworkProcess::platformSyncAllCookies(WTF::CompletionHandler<void ()>&&)::$_2::operator()<WebCore::NetworkStorageSession const>(WebCore::NetworkStorageSession const&) const::'lambda'()::~() + 21 (NetworkProcessCocoa.mm:223) 10 com.apple.WebKit 0x000000010a130609 __destroy_helper_block_ + 25 (NetworkProcessCocoa.mm:223) 11 libsystem_blocks.dylib 0x00007fff76e5c988 _Block_release + 109 12 libsystem_blocks.dylib 0x00007fff76e5c988 _Block_release + 109 13 libsystem_blocks.dylib 0x00007fff76e5c988 _Block_release + 109 14 libsystem_blocks.dylib 0x00007fff76e5c988 _Block_release + 109 15 libdispatch.dylib 0x00007fff76dc3de3 _dispatch_client_callout + 8 16 libdispatch.dylib 0x00007fff76dca148 _dispatch_lane_serial_drain + 618 17 libdispatch.dylib 0x00007fff76dcac00 _dispatch_lane_invoke + 388 18 libdispatch.dylib 0x00007fff76dd30b3 _dispatch_workloop_worker_thread + 603 19 libsystem_pthread.dylib 0x00007fff770025b4 _pthread_wqthread + 409 20 libsystem_pthread.dylib 0x00007fff770023ad start_wqthread + 13 On trunk, CallbackAggregators need to be destroyed on the thread they were created on (since r234288). Unfortunately, the CFNetwork _saveCookies SPI is calling us back on a background queue, even though we are calling it on the main thread.
Attachments
Patch (2.89 KB, patch)
2018-08-02 16:37 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2018-08-02 16:27:04 PDT
<rdar://problem/42851342>
Chris Dumez
Comment 2 2018-08-02 16:37:16 PDT
Created attachment 346429 [details] Patch
WebKit Commit Bot
Comment 3 2018-08-02 17:24:20 PDT
Comment on attachment 346429 [details] Patch Clearing flags on attachment: 346429 Committed r234529: <https://trac.webkit.org/changeset/234529>
WebKit Commit Bot
Comment 4 2018-08-02 17:24:22 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.