Bug 191780

Summary: Debug Safari crashes in BrowserWKView dealloc after javascript redirect
Product: WebKit Reporter: Jay Mulani <jmulani>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Critical CC: beidson
Priority: P2    
Version: WebKit Local Build   
Hardware: Unspecified   
OS: macOS 10.14   
Attachments:
Description Flags
test page to reproduce crash none

Jay Mulani
Reported 2018-11-16 14:59:40 PST
Created attachment 355136 [details] test page to reproduce crash Debug Safari crashes in BrowserWKView.mm dealloc method after a javascript redirect. The failed assertion is: ASSERTION FAILED: m_messageReceivers.contains(std::make_pair(messageReceiverName, destinationID)) I have attached a simple test page that leads me to the crash on tip of tree. 2018-11-16 14:54:22.748080-0800 Safari[76684:4795683] ASSERTION FAILED: m_messageReceivers.contains(std::make_pair(messageReceiverName, destinationID)) ASSERTION FAILED: m_messageReceivers.contains(std::make_pair(messageReceiverName, destinationID)) 2018-11-16 14:54:22.748137-0800 Safari[76684:4795683] /Volumes/Data/worker/liberty-debug-archive/build/OpenSource/Source/WebKit/Platform/IPC/MessageReceiverMap.cpp(72) : void IPC::MessageReceiverMap::removeMessageReceiver(IPC::StringReference, uint64_t) /Volumes/Data/worker/liberty-debug-archive/build/OpenSource/Source/WebKit/Platform/IPC/MessageReceiverMap.cpp(72) : void IPC::MessageReceiverMap::removeMessageReceiver(IPC::StringReference, uint64_t) 2018-11-16 14:54:22.759044-0800 Safari[76684:4795683] 1 0x102866829 WTFCrash 1 0x102866829 WTFCrash 2018-11-16 14:54:22.769089-0800 Safari[76684:4795683] 2 0x10863aa2b WTFCrashWithInfo(int, char const*, char const*, int) 2 0x10863aa2b WTFCrashWithInfo(int, char const*, char const*, int) 2018-11-16 14:54:22.771031-0800 Safari[76684:4795683] 3 0x1086e8f40 IPC::MessageReceiverMap::removeMessageReceiver(IPC::StringReference, unsigned long long) 3 0x1086e8f40 IPC::MessageReceiverMap::removeMessageReceiver(IPC::StringReference, unsigned long long) 2018-11-16 14:54:22.772175-0800 Safari[76684:4795683] 4 0x108cc6827 WebKit::ChildProcessProxy::removeMessageReceiver(IPC::StringReference, unsigned long long) 4 0x108cc6827 WebKit::ChildProcessProxy::removeMessageReceiver(IPC::StringReference, unsigned long long) 2018-11-16 14:54:22.773399-0800 Safari[76684:4795683] 5 0x109199610 WebKit::ViewGestureController::~ViewGestureController() 5 0x109199610 WebKit::ViewGestureController::~ViewGestureController() 2018-11-16 14:54:22.774957-0800 Safari[76684:4795683] 6 0x109199815 WebKit::ViewGestureController::~ViewGestureController() 6 0x109199815 WebKit::ViewGestureController::~ViewGestureController() 2018-11-16 14:54:22.776542-0800 Safari[76684:4795683] 7 0x109199839 WebKit::ViewGestureController::~ViewGestureController() 7 0x109199839 WebKit::ViewGestureController::~ViewGestureController() 2018-11-16 14:54:22.778081-0800 Safari[76684:4795683] 8 0x108debd7c WebKit::WebViewImpl::~WebViewImpl() 8 0x108debd7c WebKit::WebViewImpl::~WebViewImpl() 2018-11-16 14:54:22.779668-0800 Safari[76684:4795683] 9 0x108dec295 WebKit::WebViewImpl::~WebViewImpl() 9 0x108dec295 WebKit::WebViewImpl::~WebViewImpl() 2018-11-16 14:54:22.781299-0800 Safari[76684:4795683] 10 0x108c565cf -[WKWebView .cxx_destruct] 10 0x108c565cf -[WKWebView .cxx_destruct] 2018-11-16 14:54:22.781359-0800 Safari[76684:4795683] 11 0x7fff7608c40c object_cxxDestructFromClass(objc_object*, objc_class*) 11 0x7fff7608c40c object_cxxDestructFromClass(objc_object*, objc_class*) 2018-11-16 14:54:22.781389-0800 Safari[76684:4795683] 12 0x7fff76084cd5 objc_destructInstance 12 0x7fff76084cd5 objc_destructInstance 2018-11-16 14:54:22.781414-0800 Safari[76684:4795683] 13 0x7fff76084c77 object_dispose 13 0x7fff76084c77 object_dispose 2018-11-16 14:54:22.781660-0800 Safari[76684:4795683] 14 0x7fff46c8f34d -[NSResponder dealloc] 14 0x7fff46c8f34d -[NSResponder dealloc] 2018-11-16 14:54:22.781903-0800 Safari[76684:4795683] 15 0x7fff46c8d6b8 -[NSView dealloc] 15 0x7fff46c8d6b8 -[NSView dealloc] 2018-11-16 14:54:22.783460-0800 Safari[76684:4795683] 16 0x108c4a9ee -[WKWebView dealloc] 16 0x108c4a9ee -[WKWebView dealloc] 2018-11-16 14:54:22.787825-0800 Safari[76684:4795683] 17 0x1007740ec -[BrowserWKView dealloc] 17 0x1007740ec -[BrowserWKView dealloc] 2018-11-16 14:54:22.787887-0800 Safari[76684:4795683] 18 0x7fff760859dc (anonymous namespace)::AutoreleasePoolPage::pop(void*) 18 0x7fff760859dc (anonymous namespace)::AutoreleasePoolPage::pop(void*) 2018-11-16 14:54:22.787947-0800 Safari[76684:4795683] 19 0x7fff4960fbc6 _CFAutoreleasePoolPop 19 0x7fff4960fbc6 _CFAutoreleasePoolPop 2018-11-16 14:54:22.788194-0800 Safari[76684:4795683] 20 0x7fff46e66cd2 _wrapRunLoopWithAutoreleasePoolHandler 20 0x7fff46e66cd2 _wrapRunLoopWithAutoreleasePoolHandler 2018-11-16 14:54:22.788259-0800 Safari[76684:4795683] 21 0x7fff4969b6ad __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ 21 0x7fff4969b6ad __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ 2018-11-16 14:54:22.788318-0800 Safari[76684:4795683] 22 0x7fff4969b5e2 __CFRunLoopDoObservers 22 0x7fff4969b5e2 __CFRunLoopDoObservers 2018-11-16 14:54:22.788370-0800 Safari[76684:4795683] 23 0x7fff4963ca64 CFRunLoopRunSpecific 23 0x7fff4963ca64 CFRunLoopRunSpecific 2018-11-16 14:54:22.788439-0800 Safari[76684:4795683] 24 0x7fff488d2b45 RunCurrentEventLoopInMode 24 0x7fff488d2b45 RunCurrentEventLoopInMode 2018-11-16 14:54:22.788523-0800 Safari[76684:4795683] 25 0x7fff488d287b ReceiveNextEventCommon 25 0x7fff488d287b ReceiveNextEventCommon 2018-11-16 14:54:22.788586-0800 Safari[76684:4795683] 26 0x7fff488d25f8 _BlockUntilNextEventMatchingListInModeWithFilter 26 0x7fff488d25f8 _BlockUntilNextEventMatchingListInModeWithFilter 2018-11-16 14:54:22.788823-0800 Safari[76684:4795683] 27 0x7fff46b8ca73 _DPSNextEvent 27 0x7fff46b8ca73 _DPSNextEvent 2018-11-16 14:54:22.789066-0800 Safari[76684:4795683] 28 0x7fff46b8b812 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] 28 0x7fff46b8b812 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] 2018-11-16 14:54:22.790188-0800 Safari[76684:4795683] 29 0x100530430 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] 29 0x100530430 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] 2018-11-16 14:54:22.790439-0800 Safari[76684:4795683] 30 0x7fff46b85875 -[NSApplication run] 30 0x7fff46b85875 -[NSApplication run] 2018-11-16 14:54:22.790674-0800 Safari[76684:4795683] 31 0x7fff46b74fb3 NSApplicationMain 31 0x7fff46b74fb3 NSApplicationMain
Attachments
test page to reproduce crash (181 bytes, text/html)
2018-11-16 14:59 PST, Jay Mulani 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2018-11-17 12:18:19 PST
*** This bug has been marked as a duplicate of bug 191734 ***
Note You need to log in before you can comment on or make changes to this bug.