Bug 200674

Summary:

Crash under IPC::Connection::markCurrentlyDispatchedMessageAsInvalid()

Product:

WebKit

Reporter:

Chris Dumez <cdumez>

Component:

WebKit2

Assignee:

Chris Dumez <cdumez>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, beidson, commit-queue, ews-watchlist, ggaren, webkit-bug-importer, youennf

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none

Description Chris Dumez 2019-08-13 09:00:07 PDT

Crash under IPC::Connection::markCurrentlyDispatchedMessageAsInvalid():
Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000072

Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [1372]
Triggered by Thread:  0

Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0   WebKit                        	0x000000021a169b0c IPC::Connection::markCurrentlyDispatchedMessageAsInvalid() + 4 (Connection.cpp:395)
1   WebKit                        	0x000000021a327478 WebKit::WebPageProxy::didFailProvisionalLoadForFrameShared(WTF::Ref<WebKit::WebProcessProxy, WTF::DumbPtrTraits<WebKit::WebProcessProxy> >&&, unsigned long long, WebCore::SecurityOriginData const&, unsigned long long, WTF::String const&, WebCore::ResourceError const&, WebKit::UserData const&) + 736 (WebPageProxy.cpp:3978)
2   WebKit                        	0x000000021a2c45d0 WebKit::ProvisionalPageProxy::didFailProvisionalLoadForFrame(unsigned long long, WebCore::SecurityOriginData const&, unsigned long long, WTF::String const&, WebCore::ResourceError const&, WebKit::UserData const&) + 424 (ProvisionalPageProxy.cpp:244)
3   WebKit                        	0x000000021a2c432c WebKit::ProvisionalPageProxy::cancel() + 256 (ProvisionalPageProxy.cpp:116)
4   WebKit                        	0x000000021a3262a4 WebKit::WebPageProxy::didStartProvisionalLoadForFrameShared(WTF::Ref<WebKit::WebProcessProxy, WTF::DumbPtrTraits<WebKit::WebProcessProxy> >&&, unsigned long long, unsigned long long, WTF::URL&&, WTF::URL&&, WebKit::UserData const&) + 232 (WebPageProxy.cpp:3840)
5   WebKit                        	0x000000021a326184 WebKit::WebPageProxy::didStartProvisionalLoadForFrame(unsigned long long, unsigned long long, WTF::URL&&, WTF::URL&&, WebKit::UserData const&) + 64 (WebPageProxy.cpp:3827)
6   WebKit                        	0x000000021a54e0c4 void IPC::callMemberFunctionImpl<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long long, unsigned long long, WTF::URL&&, WTF::URL&&, WebKit::UserData const&), std::__1::tuple<unsigned long long, unsigned long long, WTF::URL, WTF::URL, WebKit::UserData>, 0ul, 1ul, 2ul, 3ul, 4ul>(WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(unsigned long long, unsigned long long, WTF::URL&&, WTF::URL&&, WebKit::UserData const&), std::__1::tuple<unsigned long long, unsigned long long, WTF::URL, WTF::URL, WebKit::UserData>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul>) + 80 (HandleMessage.h:41)
7   WebKit                        	0x000000021a544dcc void IPC::handleMessage<Messages::WebPageProxy::DidStartProvisionalLoadForFrame, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long long, unsigned long long, WTF::URL&&, WTF::URL&&, WebKit::UserData const&)>(IPC::Decoder&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(unsigned long long, unsigned long long, WTF::URL&&, WTF::URL&&, WebKit::UserData const&)) + 92 (HandleMessage.h:47)
8   WebKit                        	0x000000021a178d9c IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 128 (MessageReceiverMap.cpp:0)
9   WebKit                        	0x000000021a34d684 WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 36 (WebProcessProxy.cpp:714)
10  WebKit                        	0x000000021a16bf14 IPC::Connection::dispatchMessage(IPC::Decoder&) + 104 (Connection.cpp:978)
11  WebKit                        	0x000000021a168cb0 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 152 (Connection.cpp:1005)
12  WebKit                        	0x000000021a16b724 IPC::Connection::dispatchIncomingMessages() + 676 (Connection.cpp:1109)
13  JavaScriptCore                	0x0000000211b23378 WTF::RunLoop::performWork() + 272 (Function.h:56)
14  JavaScriptCore                	0x0000000211b23648 WTF::RunLoop::performWork(void*) + 40 (RunLoopCF.cpp:38)
15  CoreFoundation                	0x000000020a84e444 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 (CFRunLoop.c:1980)
16  CoreFoundation                	0x000000020a84e3c0 __CFRunLoopDoSource0 + 92 (CFRunLoop.c:2015)
17  CoreFoundation                	0x000000020a84dc7c __CFRunLoopDoSources0 + 180 (CFRunLoop.c:2051)
18  CoreFoundation                	0x000000020a848950 __CFRunLoopRun + 988 (CFRunLoop.c:2922)
19  CoreFoundation                	0x000000020a848254 CFRunLoopRunSpecific + 452 (CFRunLoop.c:3247)
20  GraphicsServices              	0x000000020ca87d8c GSEventRunModal + 108 (GSEvent.c:2245)
21  UIKitCore                     	0x0000000237b485b8 UIApplicationMain + 216 (UIApplication.m:4353)
22  MobileSafari                  	0x000000010080b204 main + 1504 (main.m:121)
23  libdyld.dylib                 	0x000000020a304fd8 start + 4

Comment 1 Chris Dumez 2019-08-13 09:00:23 PDT

<rdar://problem/50692748>

Comment 2 Chris Dumez 2019-08-13 09:04:06 PDT

Created attachment 376170 [details]
Patch

Comment 3 EWS Watchlist 2019-08-13 09:06:42 PDT

Attachment 376170 [details] did not pass style-queue:


ERROR: Source/WebKit/UIProcess/WebProcessProxy.cpp:1036:  More than one command on the same line  [whitespace/newline] [4]
Total errors found: 1 in 5 files


If any of these errors are false positives, please file a bug against check-webkit-style.

Comment 4 Geoffrey Garen 2019-08-13 09:10:14 PDT

Comment on attachment 376170 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=376170&action=review

r=me

> Source/WebKit/ChangeLog:9
> +        When the clients terminates a provisional process (e.g. via the [WKWebView _killWebContentProcessAndResetState]

clients => client

> Source/WebKit/ChangeLog:12
> +        would still think that they are in the middle of a provisional load the next time a load starts. This inconsistent

are => were, starts => started

Comment 5 Chris Dumez 2019-08-13 09:12:19 PDT

Created attachment 376171 [details]
Patch

Comment 6 EWS Watchlist 2019-08-13 09:13:46 PDT

Attachment 376171 [details] did not pass style-queue:


ERROR: Source/WebKit/UIProcess/WebProcessProxy.cpp:1036:  More than one command on the same line  [whitespace/newline] [4]
Total errors found: 1 in 5 files


If any of these errors are false positives, please file a bug against check-webkit-style.

Comment 7 WebKit Commit Bot 2019-08-13 10:12:49 PDT

Comment on attachment 376171 [details]
Patch

Clearing flags on attachment: 376171

Committed r248598: <https://trac.webkit.org/changeset/248598>

Comment 8 WebKit Commit Bot 2019-08-13 10:12:51 PDT

All reviewed patches have been landed.  Closing bug.