Bug 275060

Summary: UI process crash in WebPageProxy::activityStateDidChange
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: WebKit2Assignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: cdumez, kkinnunen, mcatanzaro, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Full backtrace none

Description Michael Catanzaro 2024-06-03 08:34:00 PDT 
Created attachment 471573 [details]
Full backtrace

I triggered this crash by pressing Ctrl+C while Epiphany was running in my terminal. Unfortunately I cannot reproduce it; normally it works perfectly fine.

(gdb) bt
#0  WebKit::PageClient::ref (this=0x0) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/UIProcess/PageClient.h:231
#1  WTF::DefaultRefDerefTraits<WebKit::PageClient>::ref (ref=...) at WTF/Headers/wtf/Ref.h:55
#2  WTF::Ref<WebKit::PageClient, WTF::RawPtrTraits<WebKit::PageClient>, WTF::DefaultRefDerefTraits<WebKit::PageClient> >::Ref (object=..., 
    this=<optimized out>) at WTF/Headers/wtf/Ref.h:86
#3  WebKit::WebPageProxy::activityStateDidChange (this=0x7f8d4213a340, mayHaveChanged=..., 
    dispatchMode=WebKit::WebPageProxy::ActivityStateChangeDispatchMode::Deferrable, 
    replyMode=WebKit::WebPageProxy::ActivityStateChangeReplyMode::Asynchronous)
    at /home/mcatanzaro/Projects/WebKit/Source/WebKit/UIProcess/WebPageProxy.cpp:2635
#4  0x00007f8d53000bdc in WebKit::PageLoadState::commitChanges (this=0x7f8cc9026280)
    at /home/mcatanzaro/Projects/WebKit/Source/WebKit/UIProcess/PageLoadState.cpp:134
#5  0x00007f8d5300059d in WebKit::PageLoadState::endTransaction (this=0x7f8d4213a340)
    at /home/mcatanzaro/Projects/WebKit/Source/WebKit/UIProcess/PageLoadState.cpp:86
#6  WebKit::PageLoadState::Transaction::~Transaction (this=0x7f8d42005350) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/UIProcess/PageLoadState.cpp:65
#7  0x00007f8d530b3208 in WTF::VectorDestructor<true, WebKit::PageLoadState::Transaction>::destruct (begin=0x7f8d42005350, end=0x7f8d42005360)
    at WTF/Headers/wtf/Vector.h:70
#8  WTF::VectorTypeOperations<WebKit::PageLoadState::Transaction>::destruct (begin=0x7f8d42005350, end=0x7f8d42005360) at WTF/Headers/wtf/Vector.h:253
#9  WTF::Vector<WebKit::PageLoadState::Transaction, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::~Vector (this=<optimized out>)
    at WTF/Headers/wtf/Vector.h:781
#10 WebKit::WebProcessProxy::processDidTerminateOrFailedToLaunch (this=0x7f8d421380c0, reason=<optimized out>)
    at /home/mcatanzaro/Projects/WebKit/Source/WebKit/UIProcess/WebProcessProxy.cpp:1254
#11 0x00007f8d52fc16b7 in IPC::Connection::dispatchDidCloseAndInvalidate()::$_0::operator()() const (this=0x7f8d423b40d8)
    at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1232
#12 WTF::Detail::CallableWrapper<IPC::Connection::dispatchDidCloseAndInvalidate()::$_0, void>::call() (this=0x7f8d423b40d0) at WTF/Headers/wtf/Function.h:53
#13 0x00007f8d51cece4b in WTF::Function<void ()>::operator()() const (this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/Function.h:82
#14 WTF::RunLoop::performWork (this=0x7f8d420140e0) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/RunLoop.cpp:147
#15 0x00007f8d51d48ef6 in WTF::RunLoop::RunLoop()::$_0::operator()(void*) const (userData=0x7f8d4213a340, userData@entry=0x7f8d420140e0, 
    this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:80
#16 WTF::RunLoop::RunLoop()::$_0::__invoke(void*) (userData=0x7f8d4213a340, userData@entry=0x7f8d420140e0)
    at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:79
#17 0x00007f8d51d4820a in WTF::RunLoop::$_0::operator() (source=0x231e8e0, callback=0x7f8d51d48ef0 <WTF::RunLoop::RunLoop()::$_0::__invoke(void*)>, 
    userData=0x7f8d420140e0, this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:53
#18 WTF::RunLoop::$_0::__invoke (source=0x231e8e0, callback=0x7f8d51d48ef0 <WTF::RunLoop::RunLoop()::$_0::__invoke(void*)>, userData=0x7f8d420140e0)
    at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:45
#19 0x00007f8d589bed3b in g_main_dispatch (context=0x22c93e0) at ../../../../Projects/glib/glib/gmain.c:3348
#20 0x00007f8d589c00f0 in g_main_context_dispatch_unlocked (context=0x22c93e0) at ../../../../Projects/glib/glib/gmain.c:4197
#21 0x00007f8d589c02b1 in g_main_context_iterate_unlocked (context=0x22c93e0, block=1, dispatch=1, self=0x22ce3f0)
    at ../../../../Projects/glib/glib/gmain.c:4262
#22 0x00007f8d589c03df in g_main_context_iteration (context=0x22c93e0, may_block=1) at ../../../../Projects/glib/glib/gmain.c:4327
#23 0x00007f8d58723eaf in g_application_run (application=0x230daa0, argc=1, argv=0x7ffd3cd52f58) at ../../../../Projects/glib/gio/gapplication.c:2712
#24 0x0000000000404f3f in main (argc=1, argv=0x7ffd3cd52f58) at ../../../../Projects/epiphany/src/ephy-main.c:461
Comment 1 Michael Catanzaro 2024-06-03 08:38:35 PDT 
Problem here is straightforward:

Ref pageClient = this->pageClient();

A WeakPtr is assigned to a Ref unconditionally, but if it were expected to be nonnull then it surely shouldn't use WeakPtr. It's the exact same problem as in bug #272248.
Comment 2 Radar WebKit Bug Importer 2024-06-10 08:34:16 PDT 
<rdar://problem/129508953>