Bug 275060

Summary: UI process crash in WebPageProxy::activityStateDidChange
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: WebKit2Assignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: cdumez, kkinnunen, mcatanzaro, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Full backtrace none

Michael Catanzaro
Reported 2024-06-03 08:34:00 PDT
Created attachment 471573 [details] Full backtrace I triggered this crash by pressing Ctrl+C while Epiphany was running in my terminal. Unfortunately I cannot reproduce it; normally it works perfectly fine. (gdb) bt #0 WebKit::PageClient::ref (this=0x0) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/UIProcess/PageClient.h:231 #1 WTF::DefaultRefDerefTraits<WebKit::PageClient>::ref (ref=...) at WTF/Headers/wtf/Ref.h:55 #2 WTF::Ref<WebKit::PageClient, WTF::RawPtrTraits<WebKit::PageClient>, WTF::DefaultRefDerefTraits<WebKit::PageClient> >::Ref (object=..., this=<optimized out>) at WTF/Headers/wtf/Ref.h:86 #3 WebKit::WebPageProxy::activityStateDidChange (this=0x7f8d4213a340, mayHaveChanged=..., dispatchMode=WebKit::WebPageProxy::ActivityStateChangeDispatchMode::Deferrable, replyMode=WebKit::WebPageProxy::ActivityStateChangeReplyMode::Asynchronous) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/UIProcess/WebPageProxy.cpp:2635 #4 0x00007f8d53000bdc in WebKit::PageLoadState::commitChanges (this=0x7f8cc9026280) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/UIProcess/PageLoadState.cpp:134 #5 0x00007f8d5300059d in WebKit::PageLoadState::endTransaction (this=0x7f8d4213a340) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/UIProcess/PageLoadState.cpp:86 #6 WebKit::PageLoadState::Transaction::~Transaction (this=0x7f8d42005350) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/UIProcess/PageLoadState.cpp:65 #7 0x00007f8d530b3208 in WTF::VectorDestructor<true, WebKit::PageLoadState::Transaction>::destruct (begin=0x7f8d42005350, end=0x7f8d42005360) at WTF/Headers/wtf/Vector.h:70 #8 WTF::VectorTypeOperations<WebKit::PageLoadState::Transaction>::destruct (begin=0x7f8d42005350, end=0x7f8d42005360) at WTF/Headers/wtf/Vector.h:253 #9 WTF::Vector<WebKit::PageLoadState::Transaction, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::~Vector (this=<optimized out>) at WTF/Headers/wtf/Vector.h:781 #10 WebKit::WebProcessProxy::processDidTerminateOrFailedToLaunch (this=0x7f8d421380c0, reason=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/UIProcess/WebProcessProxy.cpp:1254 #11 0x00007f8d52fc16b7 in IPC::Connection::dispatchDidCloseAndInvalidate()::$_0::operator()() const (this=0x7f8d423b40d8) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1232 #12 WTF::Detail::CallableWrapper<IPC::Connection::dispatchDidCloseAndInvalidate()::$_0, void>::call() (this=0x7f8d423b40d0) at WTF/Headers/wtf/Function.h:53 #13 0x00007f8d51cece4b in WTF::Function<void ()>::operator()() const (this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/Function.h:82 #14 WTF::RunLoop::performWork (this=0x7f8d420140e0) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/RunLoop.cpp:147 #15 0x00007f8d51d48ef6 in WTF::RunLoop::RunLoop()::$_0::operator()(void*) const (userData=0x7f8d4213a340, userData@entry=0x7f8d420140e0, this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:80 #16 WTF::RunLoop::RunLoop()::$_0::__invoke(void*) (userData=0x7f8d4213a340, userData@entry=0x7f8d420140e0) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:79 #17 0x00007f8d51d4820a in WTF::RunLoop::$_0::operator() (source=0x231e8e0, callback=0x7f8d51d48ef0 <WTF::RunLoop::RunLoop()::$_0::__invoke(void*)>, userData=0x7f8d420140e0, this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:53 #18 WTF::RunLoop::$_0::__invoke (source=0x231e8e0, callback=0x7f8d51d48ef0 <WTF::RunLoop::RunLoop()::$_0::__invoke(void*)>, userData=0x7f8d420140e0) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:45 #19 0x00007f8d589bed3b in g_main_dispatch (context=0x22c93e0) at ../../../../Projects/glib/glib/gmain.c:3348 #20 0x00007f8d589c00f0 in g_main_context_dispatch_unlocked (context=0x22c93e0) at ../../../../Projects/glib/glib/gmain.c:4197 #21 0x00007f8d589c02b1 in g_main_context_iterate_unlocked (context=0x22c93e0, block=1, dispatch=1, self=0x22ce3f0) at ../../../../Projects/glib/glib/gmain.c:4262 #22 0x00007f8d589c03df in g_main_context_iteration (context=0x22c93e0, may_block=1) at ../../../../Projects/glib/glib/gmain.c:4327 #23 0x00007f8d58723eaf in g_application_run (application=0x230daa0, argc=1, argv=0x7ffd3cd52f58) at ../../../../Projects/glib/gio/gapplication.c:2712 #24 0x0000000000404f3f in main (argc=1, argv=0x7ffd3cd52f58) at ../../../../Projects/epiphany/src/ephy-main.c:461
Attachments
Full backtrace (7.05 KB, text/plain)
2024-06-03 08:34 PDT, Michael Catanzaro 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2024-06-03 08:38:35 PDT
Problem here is straightforward: Ref pageClient = this->pageClient(); A WeakPtr is assigned to a Ref unconditionally, but if it were expected to be nonnull then it surely shouldn't use WeakPtr. It's the exact same problem as in bug #272248.
Radar WebKit Bug Importer
Comment 2 2024-06-10 08:34:16 PDT
<rdar://problem/129508953>
Michael Catanzaro
Comment 3 2025-02-11 08:54:24 PST
Still broken. This UI process crash may occur after a web process crash.
Note You need to log in before you can comment on or make changes to this bug.