Bug 272170
Summary: | [iOS 17.5 beta] Crash in WebKit::ExtensionCapabilityGrant::operator= | ||
---|---|---|---|
Product: | WebKit | Reporter: | Ali Juma <ajuma> |
Component: | WebKit Misc. | Assignee: | Per Arne Vollan <pvollan> |
Status: | RESOLVED FIXED | ||
Severity: | Normal | CC: | achristensen, aestes, mishal.rehman1787, pvollan, webkit-bug-importer |
Priority: | P2 | Keywords: | InRadar |
Version: | WebKit Nightly Build | ||
Hardware: | Unspecified | ||
OS: | Unspecified |
Ali Juma
Chrome for iOS is getting reports of a new crash in iOS 17.5 beta, in WebKit::ExtensionCapabilityGrant::operator=. We don't have steps to reproduce, but the crash happens after the following exception:
[Exception] BUG IN CLIENT OF RUNNINGBOARD: Dealloc called before invalidate for assertion <RBSAssertion:0x#| state:RBSAssertionStateValid descriptor:<<RBSAssertionDescriptor| "Browser Engine helper assertion targeting pid #" ID:#-#-# target:#<#-9-com.google.chrome.ios>>>
The stack is:
0x0000000187292014 (libobjc.A.dylib + 0x00016014) objc_exception_throw
0x000000018e8f7864 (Foundation + 0x006de864) -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:]
0x000000019e5edd08 (RunningBoardServices + 0x0001dd08) -[RBSAssertion dealloc]
0x000000022f8ce3f4 (BrowserEngineKit + 0x0001a3f4) __swift_memcpy0_1
0x000000018e03f368 (libswiftCore.dylib + 0x003ab368) _swift_release_dealloc
0x000000018e040484 (libswiftCore.dylib + 0x003ac484) bool swift::RefCounts<swift::RefCountBitsT<(swift::RefCountInlinedness)1>>::doDecrementSlow<(swift::PerformDeinit)1>(swift::RefCountBitsT<(swift::RefCountInlinedness)1>, unsigned int)
0x00000001a54f7974 (WebKit + 0x00697974) WebKit::ExtensionCapabilityGrant::operator=(WebKit::ExtensionCapabilityGrant&&)
0x00000001a54fc2fc (WebKit + 0x0069c2fc) WebKit::finalizeGrant(WTF::String const&, WebKit::AuxiliaryProcessProxy*, WebKit::ExtensionCapabilityGrant&&)
0x00000001a54fbde8 (WebKit + 0x0069bde8) WTF::Detail::CallableWrapper<auto WTF::NativePromise<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError, 0u>::whenSettled<WebKit::ExtensionCapabilityGranter::grant(WebKit::ExtensionCapability const&)::$_4>(WTF::RefCountedSerialFunctionDispatcher&, WebKit::ExtensionCapabilityGranter::grant(WebKit::ExtensionCapability const&)::$_4&&, WTF::Logger::LogSiteIdentifier const&)::'lambda'(std::experimental::fundamentals_v3::expected<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError>&&), void, auto WTF::NativePromise<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError, 0u>::whenSettled<WebKit::ExtensionCapabilityGranter::grant(WebKit::ExtensionCapability const&)::$_4>(WTF::RefCountedSerialFunctionDispatcher&, WebKit::ExtensionCapabilityGranter::grant(WebKit::ExtensionCapability const&)::$_4&&, WTF::Logger::LogSiteIdentifier const&)::'lambda'(std::experimental::fundamentals_v3::expected<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError>&&)>::call(auto WTF::NativePromise<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError, 0u>::whenSettled<WebKit::ExtensionCapabilityGranter::grant(WebKit::ExtensionCapability const&)::$_4>(WTF::RefCountedSerialFunctionDispatcher&, WebKit::ExtensionCapabilityGranter::grant(WebKit::ExtensionCapability const&)::$_4&&, WTF::Logger::LogSiteIdentifier const&)::'lambda'(std::experimental::fundamentals_v3::expected<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError>&&))
0x00000001a54fc910 (WebKit + 0x0069c910) WTF::NativePromise<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError, 0u>::ThenCallback<false, void>::processResult(std::experimental::fundamentals_v3::expected<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError>&)
0x00000001a54fb508 (WebKit + 0x0069b508) WTF::Detail::CallableWrapper<WTF::NativePromise<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError, 0u>::ThenCallbackBase::dispatch(WTF::NativePromise<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError, 0u>&, WTF::Locker<WTF::Lock>&)::'lambda'(), void>::call()
0x00000001a5e55cac (JavaScriptCore + 0x00059cac) WTF::RunLoop::performWork()
0x00000001a5e56bd4 (JavaScriptCore + 0x0005abd4) WTF::RunLoop::performWork(void*)
0x000000018f3c2870 (CoreFoundation + 0x00056870) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x000000018f3c2804 (CoreFoundation + 0x00056804) __CFRunLoopDoSource0
0x000000018f3c02d4 (CoreFoundation + 0x000542d4) __CFRunLoopDoSources0
0x000000018f3bf4c0 (CoreFoundation + 0x000534c0) __CFRunLoopRun
0x000000018f3bed14 (CoreFoundation + 0x00052d14) CFRunLoopRunSpecific
0x00000001d48311a4 (GraphicsServices + 0x000011a4) GSEventRunModal
0x00000001919f9fa8 (UIKitCore + 0x00408fa8) -[UIApplication _run]
0x0000000191aaded4 (UIKitCore + 0x004bced4) UIApplicationMain
0x00000001044a9e18 (Chrome -chrome_exe_main.mm:54) (anonymous namespace)::RunUIApplicationMain(int, char**)
0x00000001044a9e18 (Chrome -chrome_exe_main.mm:107) main
0x00000001b36d0e48 (dyld + 0x0003ce48) start
Attachments | ||
---|---|---|
Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/125984025>
Per Arne Vollan
Pull request: https://github.com/WebKit/WebKit/pull/26920
EWS
Committed 277141@main (e63aaa4c4c28): <https://commits.webkit.org/277141@main>
Reviewed commits have been landed. Closing PR #26920 and removing active labels.