Bug 231346

Summary: _WKRemoteObjectRegistry's ReplyBlockCallChecker should always dealloc on the main thread
Product: WebKit Reporter: Timothy Hatcher <timothy>
Component: WebKit Misc.Assignee: Timothy Hatcher <timothy>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, thorton, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Timothy Hatcher
Reported 2021-10-06 21:07:57 PDT
It is currently hitting this ASSERT. Thread 11 Queue: #0 0x0000000136cbaf95 in WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<std::__1::pair<WTF::CompletionHandler<void (IPC::Decoder*)>, unsigned long long> >&&, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity) at Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp:187 #1 0x0000000136e55740 in WebKit::WebPageProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<std::__1::pair<WTF::CompletionHandler<void (IPC::Decoder*)>, unsigned long long> >&&) at Source/WebKit/UIProcess/WebPageProxy.cpp:6756 #2 0x00000001363da27a in bool IPC::MessageSender::send<Messages::RemoteObjectRegistry::ReleaseUnusedReplyBlock>(Messages::RemoteObjectRegistry::ReleaseUnusedReplyBlock const&, unsigned long long, WTF::OptionSet<IPC::SendOption>) at Source/WebKit/Platform/IPC/MessageSender.h:50 #3 0x00000001363da1aa in WebKit::RemoteObjectRegistry::sendUnusedReply(unsigned long long) at Source/WebKit/Shared/API/Cocoa/RemoteObjectRegistry.mm:64 #4 0x0000000136405681 in -[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker::~ReplyBlockCallChecker() at Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:306 #5 0x00000001364055b5 in -[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker::~ReplyBlockCallChecker() at Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:296 #6 0x000000013640558a in WTF::ThreadSafeRefCounted<-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker, (WTF::DestructionThread)0>::deref() const::'lambda'()::operator()() const at /usr/local/include/wtf/ThreadSafeRefCounted.h:117 #7 0x0000000136405507 in WTF::ThreadSafeRefCounted<-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker, (WTF::DestructionThread)0>::deref() const at /usr/local/include/wtf/ThreadSafeRefCounted.h:129 #8 0x00000001364057ee in WTF::DefaultRefDerefTraits<-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker>::derefIfNotNull(-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker*) at /usr/local/include/wtf/RefPtr.h:42 #9 0x00000001364057b9 in WTF::RefPtr<-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker, WTF::RawPtrTraits<-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker>, WTF::DefaultRefDerefTraits<-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker> >::~RefPtr() at /usr/local/include/wtf/RefPtr.h:73 #10 0x00000001363f5df5 in WTF::RefPtr<-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker, WTF::RawPtrTraits<-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker>, WTF::DefaultRefDerefTraits<-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker> >::~RefPtr() at /usr/local/include/wtf/RefPtr.h:73 #11 0x00000001363ff1bd in -[_WKRemoteObjectRegistry _invokeMethod:]::$_1::~$_1() at Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:324 #12 0x00000001363f5d65 in -[_WKRemoteObjectRegistry _invokeMethod:]::$_1::~$_1() at Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:324 #13 0x00000001363f5d49 in __destroy_helper_block_e8_32c54_ZTSKZ41-[_WKRemoteObjectRegistry _invokeMethod:]E3$_1 () #14 0x00007ff819613651 in _Block_release () #15 0x00007ff819613651 in _Block_release () #16 0x000000010c2b8bad in __destroy_helper_block_ea8_32s () #17 0x00007ff819613651 in _Block_release () #18 0x000000010cd22bc3 in __destroy_helper_block_ea8_32s40s48s () #19 0x00007ff819613651 in _Block_release () #20 0x000000010cd20ab8 in __destroy_helper_block_ea8_32s40s () #21 0x00007ff819613651 in _Block_release () #22 0x00007ff81a7ca985 in -[_NSXPCConnectionExpectedReplyInfo dealloc] () #23 0x00007ff81a7cdbbf in __destroy_helper_block_e8_32o40o48o () #24 0x00007ff819613651 in _Block_release () #25 0x00007ff819622669 in _xpc_connection_call_reply_async () #26 0x00007ff8196281b9 in do_mach_notify_send_once () #27 0x00007ff81962812a in _Xmach_notify_send_once () #28 0x00007ff819626d12 in notify_server () #29 0x00007ff819626c49 in _xpc_connection_pass2mig () #30 0x000000010adae8da in _dispatch_client_callout3 () #31 0x000000010adcf517 in _dispatch_mach_msg_async_reply_invoke () #32 0x000000010adb5e09 in _dispatch_lane_serial_drain () #33 0x000000010adb6f20 in _dispatch_lane_invoke () #34 0x000000010adc4d1d in _dispatch_workloop_worker_thread () #35 0x000000010a51e7e7 in _pthread_wqthread () #36 0x000000010a524ceb in start_wqthread ()
Attachments
Patch (1.78 KB, patch)
2021-10-06 21:10 PDT, Timothy Hatcher 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-10-06 21:08:11 PDT
<rdar://problem/83965481>
Timothy Hatcher
Comment 2 2021-10-06 21:10:29 PDT
Created attachment 440465 [details] Patch
Chris Dumez
Comment 3 2021-10-06 21:23:11 PDT
Comment on attachment 440465 [details] Patch R=me
EWS
Comment 4 2021-10-06 22:33:42 PDT
Committed r283701 (242627@main): <https://commits.webkit.org/242627@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 440465 [details].
Note You need to log in before you can comment on or make changes to this bug.