Bug 199657

Summary: WebKit::WebProcessProxy::~WebProcessProxy crash
Product: WebKit Reporter: public-apollonian
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: achristensen, ap, cdumez, rniwa, sihui_liu
Priority: P2    
Version: Other   
Hardware: iPhone / iPad   
OS: Other   

public-apollonian
Reported 2019-07-09 21:34:13 PDT
Hardware Model: iPhone10,3 Code Type: ARM-64 (Native) Role: Foreground Parent Process: launchd [1] OS Version: iPhone OS 13.0 (17A5522g) Release Type: Beta Baseband Version: 4.03.02 Report Version: 104 Exception Type: EXC_BREAKPOINT (SIGTRAP) Exception Codes: 0x0000000000000001, 0x000000019926a8a8 Termination Signal: Trace/BPT trap: 5 Termination Reason: Namespace SIGNAL, Code 0x5 Terminating Process: exc handler [4778] Triggered by Thread: 19 Thread 19 name: WebThread Thread 19 Crashed: 0 WebKit 0x000000019926a8a8 WTFCrashWithInfo+ 116904 (int, char const*, char const*, int) + 20 1 WebKit 0x00000001994de1d4 WebKit::WebProcessProxy::~WebProcessProxy+ 2687444 () + 0 2 WebKit 0x00000001994de1fc WebKit::WebProcessProxy::~WebProcessProxy+ 2687484 () + 12 3 WebKit 0x00000001994f0690 WTF::Detail::CallableWrapper<WebKit::WebProcessProxy::deleteWebsiteData(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::WallTime, WTF::CompletionHandler<void ()>&&)::$_27, void>::~CallableWrapper+ 2762384 () + 192 4 WebKit 0x00000001994f0480 WTF::Detail::CallableWrapper<void IPC::Connection::sendWithAsyncReply<Messages::WebProcess::DeleteWebsiteData, WebKit::WebProcessProxy::deleteWebsiteData(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::WallTime, WTF::CompletionHandler<void ()>&&)::$_27>(Messages::WebProcess::DeleteWebsiteData&&, WebKit::WebProcessProxy::deleteWebsiteData(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::WallTime, WTF::CompletionHandler<void ()>&&)::$_27&&, unsigned long long)::'lambda'(IPC::Decoder*), void, IPC::Decoder*>::call+ 2761856 (IPC::Decoder*) + 116 5 WebKit 0x0000000199281274 IPC::clearAsyncReplyHandlers+ 209524 (IPC::Connection const&) + 200 6 WebKit 0x0000000199280f6c IPC::Connection::~Connection+ 208748 () + 96 7 WebKit 0x000000019927659c WTF::Detail::CallableWrapper<WTF::ThreadSafeRefCounted<IPC::Connection, (WTF::DestructionThread)1>::deref() const::'lambda'(), void>::call+ 165276 () + 20 8 JavaScriptCore 0x00000001a0ed83a0 WTF::dispatchFunctionsFromMainThread+ 156576 () + 316 9 Foundation 0x00000001921abe6c __NSThreadPerformPerform + 232 10 CoreFoundation 0x0000000191d445fc __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 11 CoreFoundation 0x0000000191d44554 __CFRunLoopDoSource0 + 80 12 CoreFoundation 0x0000000191d43cec __CFRunLoopDoSources0 + 180 13 CoreFoundation 0x0000000191d3ee38 __CFRunLoopRun + 1080 14 CoreFoundation 0x0000000191d3e6d8 CFRunLoopRunSpecific + 464 15 WebCore 0x0000000199c0baec RunWebThread+ 4250348 (void*) + 612 16 libsystem_pthread.dylib 0x0000000191ae4164 _pthread_start + 128 17 libsystem_pthread.dylib 0x0000000191ae7aac thread_start + 8
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2019-07-10 09:19:19 PDT
There is only one RELEASE_ASSERT in this function, that being: RELEASE_ASSERT(isMainThreadOrCheckDisabled()); The process uses both Legacy and Modern WebKit APIs, and we erroneously execute the IPC::Connection destructor on the WebThread instead of the UI thread. For Apple employees, this looks identical to rdar://problem/51577716&52224515.
Chris Dumez
Comment 2 2019-07-10 09:44:55 PDT
*** This bug has been marked as a duplicate of bug 199420 ***
Note You need to log in before you can comment on or make changes to this bug.