Bug 231346

Summary: _WKRemoteObjectRegistry's ReplyBlockCallChecker should always dealloc on the main thread
Product: WebKit Reporter: Timothy Hatcher <timothy>
Component: WebKit Misc.Assignee: Timothy Hatcher <timothy>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, thorton, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Timothy Hatcher 2021-10-06 21:07:57 PDT 
It is currently hitting this ASSERT.

Thread 11 Queue:
#0    0x0000000136cbaf95 in WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<std::__1::pair<WTF::CompletionHandler<void (IPC::Decoder*)>, unsigned long long> >&&, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity) at Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp:187
#1    0x0000000136e55740 in WebKit::WebPageProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<std::__1::pair<WTF::CompletionHandler<void (IPC::Decoder*)>, unsigned long long> >&&) at Source/WebKit/UIProcess/WebPageProxy.cpp:6756
#2    0x00000001363da27a in bool IPC::MessageSender::send<Messages::RemoteObjectRegistry::ReleaseUnusedReplyBlock>(Messages::RemoteObjectRegistry::ReleaseUnusedReplyBlock const&, unsigned long long, WTF::OptionSet<IPC::SendOption>) at Source/WebKit/Platform/IPC/MessageSender.h:50
#3    0x00000001363da1aa in WebKit::RemoteObjectRegistry::sendUnusedReply(unsigned long long) at Source/WebKit/Shared/API/Cocoa/RemoteObjectRegistry.mm:64
#4    0x0000000136405681 in -[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker::~ReplyBlockCallChecker() at Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:306
#5    0x00000001364055b5 in -[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker::~ReplyBlockCallChecker() at Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:296
#6    0x000000013640558a in WTF::ThreadSafeRefCounted<-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker, (WTF::DestructionThread)0>::deref() const::'lambda'()::operator()() const at /usr/local/include/wtf/ThreadSafeRefCounted.h:117
#7    0x0000000136405507 in WTF::ThreadSafeRefCounted<-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker, (WTF::DestructionThread)0>::deref() const at /usr/local/include/wtf/ThreadSafeRefCounted.h:129
#8    0x00000001364057ee in WTF::DefaultRefDerefTraits<-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker>::derefIfNotNull(-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker*) at /usr/local/include/wtf/RefPtr.h:42
#9    0x00000001364057b9 in WTF::RefPtr<-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker, WTF::RawPtrTraits<-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker>, WTF::DefaultRefDerefTraits<-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker> >::~RefPtr() at /usr/local/include/wtf/RefPtr.h:73
#10    0x00000001363f5df5 in WTF::RefPtr<-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker, WTF::RawPtrTraits<-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker>, WTF::DefaultRefDerefTraits<-[_WKRemoteObjectRegistry _invokeMethod:]::ReplyBlockCallChecker> >::~RefPtr() at /usr/local/include/wtf/RefPtr.h:73
#11    0x00000001363ff1bd in -[_WKRemoteObjectRegistry _invokeMethod:]::$_1::~$_1() at Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:324
#12    0x00000001363f5d65 in -[_WKRemoteObjectRegistry _invokeMethod:]::$_1::~$_1() at Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:324
#13    0x00000001363f5d49 in __destroy_helper_block_e8_32c54_ZTSKZ41-[_WKRemoteObjectRegistry _invokeMethod:]E3$_1 ()
#14    0x00007ff819613651 in _Block_release ()
#15    0x00007ff819613651 in _Block_release ()
#16    0x000000010c2b8bad in __destroy_helper_block_ea8_32s ()
#17    0x00007ff819613651 in _Block_release ()
#18    0x000000010cd22bc3 in __destroy_helper_block_ea8_32s40s48s ()
#19    0x00007ff819613651 in _Block_release ()
#20    0x000000010cd20ab8 in __destroy_helper_block_ea8_32s40s ()
#21    0x00007ff819613651 in _Block_release ()
#22    0x00007ff81a7ca985 in -[_NSXPCConnectionExpectedReplyInfo dealloc] ()
#23    0x00007ff81a7cdbbf in __destroy_helper_block_e8_32o40o48o ()
#24    0x00007ff819613651 in _Block_release ()
#25    0x00007ff819622669 in _xpc_connection_call_reply_async ()
#26    0x00007ff8196281b9 in do_mach_notify_send_once ()
#27    0x00007ff81962812a in _Xmach_notify_send_once ()
#28    0x00007ff819626d12 in notify_server ()
#29    0x00007ff819626c49 in _xpc_connection_pass2mig ()
#30    0x000000010adae8da in _dispatch_client_callout3 ()
#31    0x000000010adcf517 in _dispatch_mach_msg_async_reply_invoke ()
#32    0x000000010adb5e09 in _dispatch_lane_serial_drain ()
#33    0x000000010adb6f20 in _dispatch_lane_invoke ()
#34    0x000000010adc4d1d in _dispatch_workloop_worker_thread ()
#35    0x000000010a51e7e7 in _pthread_wqthread ()
#36    0x000000010a524ceb in start_wqthread ()
Comment 1 Radar WebKit Bug Importer 2021-10-06 21:08:11 PDT 
<rdar://problem/83965481>
Comment 2 Timothy Hatcher 2021-10-06 21:10:29 PDT 
Created attachment 440465 [details]
Patch
Comment 3 Chris Dumez 2021-10-06 21:23:11 PDT 
Comment on attachment 440465 [details]
Patch

R=me
Comment 4 EWS 2021-10-06 22:33:42 PDT 
Committed r283701 (242627@main): <https://commits.webkit.org/242627@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 440465 [details].