Bug 283546

Summary: Crash in WebPageProxy::sendWheelEvent if the WebProcess takes too long to start
Product: WebKit Reporter: Lauro Moura <lmoura>
Component: WebKit Process ModelAssignee: Michael Catanzaro <mcatanzaro>
Status: RESOLVED FIXED    
Severity: Normal CC: bunnnywong, kdwkleung, mcatanzaro, nham, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
A crash report that probably relates to this issue none

Lauro Moura
Reported 2024-11-21 21:50:14 PST
WebPageProxy::sendWheelEvent() accesses the WebProcessProxy Connection object directly in order to send the event message, bypassing `AuxiliaryWebProcess::sendMessage` safeguard that stores the pending messages until the process finishes launching: This might trigger a `RELEASE_ASSERT` if the WebProcess takes too long to start, and we have wheel events right away, as is the case in the WPT WebDriver wheel tests (`test_null_response_value` test case), which are randomly asserting in my laptop. imported/w3c/webdriver/tests/classic/perform_actions/wheel.py Tentative patch incoming.
Attachments
A crash report that probably relates to this issue (383.33 KB, text/plain)
2025-01-14 08:34 PST, Ethan Wong 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Lauro Moura
Comment 1 2024-11-21 21:56:09 PST
Pull request: https://github.com/WebKit/WebKit/pull/37000
Radar WebKit Bug Importer
Comment 2 2024-11-28 21:51:13 PST
<rdar://problem/140682309>
Ethan Wong
Comment 3 2025-01-14 08:33:28 PST
We found some crashes starting on macOS 15.2 with an use case that the WKWebView slides in as side panel when a button is clicked. Users with certain mouse that could keep sending wheel events even when the scroller is released (typically logitech MX series) would likely to reproduce this release assertion. Bisecting shows it should be introduced at: https://commits.webkit.org/282353@main, where check for null connection was removed. https://github.com/WebKit/WebKit/commit/c5175b3ba737b9c4d0237e82c887d049bd24f9a1#diff-713e4ec79a64c4e41e2a80f757ce1074a599d2a2886c3cbaaba4ada4e531a625L3825
Ethan Wong
Comment 4 2025-01-14 08:34:06 PST
Created attachment 473899 [details] A crash report that probably relates to this issue
Michael Catanzaro
Comment 5 2025-11-06 14:50:35 PST
I think I probably fixed both Lauro's crash and Ethan's crash in 302030@main. However, I did so by *dropping* the wheel event. If it's important to actually process those wheel events, then we still need Lauro's changes. I had assumed these wheel events were occurring immediately after the web process is closed, not before it starts.
Michael Catanzaro
Comment 6 2025-11-06 15:27:45 PST
Well, I just hit the crash again with WebKitGTK 2.51.1, which contains that commit. (That I encountered the crash shortly after updating this bug is a coincidence.) Evidently my changes in bug #295679 are insufficient. I'm going to mark my bug as a duplicate of this one.
Michael Catanzaro
Comment 7 2025-11-06 15:28:04 PST
*** Bug 295679 has been marked as a duplicate of this bug. ***
Michael Catanzaro
Comment 8 2025-11-06 15:28:11 PST
*** Bug 299687 has been marked as a duplicate of this bug. ***
Michael Catanzaro
Comment 9 2025-11-06 15:28:33 PST
*** Bug 282384 has been marked as a duplicate of this bug. ***
Michael Catanzaro
Comment 10 2025-12-01 14:51:44 PST
Pull request: https://github.com/WebKit/WebKit/pull/54660
EWS
Comment 11 2025-12-03 14:58:28 PST
Committed 303867@main (1e6c25ac7d90): <https://commits.webkit.org/303867@main> Reviewed commits have been landed. Closing PR #54660 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.