| Summary: | REGRESSION (r263328): Crash in bool WTF::WeakHashSet<WebKit::AudioSessionRoutingArbitratorProxy, WTF::EmptyCounter>::contains<WebKit::AudioSessionRoutingArbitratorProxy> const | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Jer Noble <jer.noble> | ||||||||
| Component: | New Bugs | Assignee: | Jer Noble <jer.noble> | ||||||||
| Status: | RESOLVED FIXED | ||||||||||
| Severity: | Normal | CC: | eric.carlson, ews-watchlist, glenn, peng.liu6, philipj, sergio, slewis, webkit-bug-importer | ||||||||
| Priority: | P2 | Keywords: | InRadar | ||||||||
| Version: | WebKit Nightly Build | ||||||||||
| Hardware: | Unspecified | ||||||||||
| OS: | Unspecified | ||||||||||
| Attachments: |
|
||||||||||
|
Description
Jer Noble
2020-06-23 12:29:30 PDT
Created attachment 402582 [details]
Patch
Created attachment 402588 [details]
Patch
No crashes when running tests locally. Whelp, I updated sources, re-built, and re-ran tests and crashes aplenty. The crash log shows an assertion in the UniqueRef operator->() called from WebProcessProxy::shutDown(). So the underlying cause /must/ be that WebProcessProxy was dealloc'd (and it's UniqueRef member's destructor called) sometime before shutDown(). Oh! I bet WebProcessPool::disconnectProcess(WebProcessProxy*) has the side-effect of destroying the WebProcessProxy! And the next line is the UniqueRef operator->() which is showing a crash result. That means the underlying problem has nothing to do with the ASSERT in the patch above, but instead that any call after disconnectProcess(this) is a potential unsafe access of freed memory. Created attachment 402624 [details]
Patch
The above fix definitely eliminated all the crashes seen previously when running run-webkit-tests against a release build. Committed r263456: <https://trac.webkit.org/changeset/263456> All reviewed patches have been landed. Closing bug and clearing flags on attachment 402624 [details]. |