Bug 212537

Summary: ASSERTION FAILURE (r220931): !m_function in ~CompletionHandler() after switch tabs
Product: WebKit Reporter: Daniel Bates <dbates>
Component: WebKit Misc.Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, beidson, cdumez, ggaren, webkit-bug-importer
Priority: P2 Keywords: InRadar, Regression
Version: WebKit Local Build   
Hardware: iPhone / iPad   
OS: iOS 13   
Bug Depends on: 175721    
Bug Blocks:    
Attachments:
Description Flags
Patch none

Daniel Bates
Reported 2020-05-29 11:30:00 PDT
Seen on iOS when switching tabs. Backtrace looks like: #0 0x000000013000120e in ::WTFCrash() #1 0x00000001010df977 in WTF::CompletionHandler<void ()>::~CompletionHandler() #2 0x00000001010dd155 in WTF::CompletionHandler<void ()>::~CompletionHandler() #3 0x00000001022f60ee in WebKit::WebProcess::prepareToSuspend(bool, WTF::CompletionHandler<void ()>&&)::$_8::~$_8() #4 0x00000001022e7495 in WebKit::WebProcess::prepareToSuspend(bool, WTF::CompletionHandler<void ()>&&)::$_8::~$_8() #5 0x0000000102314c95 in WTF::Detail::CallableWrapper<WebKit::WebProcess::prepareToSuspend(bool, WTF::CompletionHandler<void ()>&&)::$_8, void, bool>::~CallableWrapper() #6 0x0000000102314b95 in WTF::Detail::CallableWrapper<WebKit::WebProcess::prepareToSuspend(bool, WTF::CompletionHandler<void ()>&&)::$_8, void, bool>::~CallableWrapper() #7 0x0000000102314bbc in WTF::Detail::CallableWrapper<WebKit::WebProcess::prepareToSuspend(bool, WTF::CompletionHandler<void ()>&&)::$_8, void, bool>::~CallableWrapper() #8 0x000000010113e06f in std::__1::default_delete<WTF::Detail::CallableWrapperBase<void, bool> >::operator()(WTF::Detail::CallableWrapperBase<void, bool>*) #9 0x000000010113dfef in std::__1::unique_ptr<WTF::Detail::CallableWrapperBase<void, bool>, std::__1::default_delete<WTF::Detail::CallableWrapperBase<void, bool> > >::reset(WTF::Detail::CallableWrapperBase<void, bool>*) #10 0x000000010113df89 in std::__1::unique_ptr<WTF::Detail::CallableWrapperBase<void, bool>, std::__1::default_delete<WTF::Detail::CallableWrapperBase<void, bool> > >::~unique_ptr() #11 0x000000010113df65 in std::__1::unique_ptr<WTF::Detail::CallableWrapperBase<void, bool>, std::__1::default_delete<WTF::Detail::CallableWrapperBase<void, bool> > >::~unique_ptr() #12 0x000000010113df45 in WTF::Function<void (bool)>::~Function() #13 0x000000010113dec5 in WTF::Function<void (bool)>::~Function() #14 0x00000001022f6c7e in WebKit::WebProcess::markAllLayersVolatile(WTF::Function<void (bool)>&&)::$_2::~$_2() #15 0x00000001022e7585 in WebKit::WebProcess::markAllLayersVolatile(WTF::Function<void (bool)>&&)::$_2::~$_2() ...
Attachments
Patch (15.39 KB, patch)
2020-05-29 14:21 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2020-05-29 11:30:14 PDT
<rdar://problem/63766838>
Daniel Bates
Comment 2 2020-05-29 12:19:08 PDT
Steps to repro: 1. Open one tab to apple.com 2. Create a new tab showing favorites view 3. Switch to apple.com
Chris Dumez
Comment 3 2020-05-29 12:21:14 PDT
I suspect the issue could be related to WebProcess::cancelMarkAllLayersVolatile(), which I believe gets called when cancelling suspension. cancelMarkAllLayersVolatile() destroys m_pageMarkingLayersAsVolatileCounter which may not have called its CompletionHandler yet.
Chris Dumez
Comment 4 2020-05-29 12:50:51 PDT
(In reply to Chris Dumez from comment #3) > I suspect the issue could be related to > WebProcess::cancelMarkAllLayersVolatile(), which I believe gets called when > cancelling suspension. cancelMarkAllLayersVolatile() destroys > m_pageMarkingLayersAsVolatileCounter which may not have called its > CompletionHandler yet. Yes, this is what I see: Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 WebKit 0x0000000101014b20 WTFCrashWithInfo(int, char const*, char const*, int) + 20 1 WebKit 0x00000001014930c4 WTF::Detail::CallableWrapper<WebKit::WebProcess::markAllLayersVolatile(WTF::CompletionHandler<void (bool)>&&)::$_2, void, WTF::RefCounterEvent>::call(WTF::RefCounterEvent) + 0 2 WebKit 0x0000000101493560 std::__1::unique_ptr<WTF::RefCounter<WebKit::WebProcess::PageMarkingLayersAsVolatileCounterType>, std::__1::default_delete<WTF::RefCounter<WebKit::WebProcess::PageMarkingLayersAsVolatileCounterType> > >::reset(WTF::RefCounter<WebKit::WebProcess::PageMarkingLayersAsVolatileCounterType>*) + 76 3 WebKit 0x000000010148edfc WebKit::WebProcess::cancelMarkAllLayersVolatile() + 40 4 WebKit 0x000000010148f080 WebKit::WebProcess::processDidResume() + 192 5 WebKit 0x000000010102e4d0 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 204 6 WebKit 0x000000010102e780 IPC::Connection::dispatchOneIncomingMessage() + 232 7 JavaScriptCore 0x00000001039aa324 WTF::RunLoop::performWork() + 688 8 JavaScriptCore 0x00000001039aa4e0 WTF::RunLoop::performWork(void*) + 36 9 CoreFoundation 0x00000001b1c5bb04 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24
Chris Dumez
Comment 5 2020-05-29 14:21:10 PDT
Created attachment 400616 [details] Patch
EWS
Comment 6 2020-06-01 09:30:57 PDT
Committed r262380: <https://trac.webkit.org/changeset/262380> All reviewed patches have been landed. Closing bug and clearing flags on attachment 400616 [details].
Note You need to log in before you can comment on or make changes to this bug.