146098 – Assertion failure (m_eventListeners.contains(std::make_pair(&connection, storageMapID))) in StorageArea::removeListener after closing a Safari tab

Bug 146098 - Assertion failure (m_eventListeners.contains(std::make_pair(&connection, storageMapID))) in StorageArea::removeListener after closing a Safari tab

Summary: Assertion failure (m_eventListeners.contains(std::make_pair(&connection, stor...

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-06-17 21:12 PDT by mitz
Modified:	2015-06-22 08:04 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description mitz 2015-06-17 21:12:28 PDT

After closing a Safari tab, the assertion in StorageArea::removeListener failed with this backtrace:

#0	0x000000010280f3ba in WTFCrash at Source/WTF/wtf/Assertions.cpp:321
#1	0x0000000104b39c77 in WebKit::StorageManager::StorageArea::removeListener(IPC::Connection&, unsigned long long) at Source/WebKit2/UIProcess/Storage/StorageManager.cpp:202
#2	0x0000000104b53ce2 in WebKit::StorageManager::processDidCloseConnection(WebKit::WebProcessProxy&, IPC::Connection&)::$_4::operator()() const at Source/WebKit2/UIProcess/Storage/StorageManager.cpp:547
#3	0x0000000104b53b9c in decltype(std::__1::forward<WebKit::StorageManager::processDidCloseConnection(WebKit::WebProcessProxy&, IPC::Connection&)::$_4&>(fp)(std::__1::forward<>(fp0))) std::__1::__invoke<WebKit::StorageManager::processDidCloseConnection(WebKit::WebProcessProxy&, IPC::Connection&)::$_4&>(WebKit::StorageManager::processDidCloseConnection(WebKit::WebProcessProxy&, IPC::Connection&)::$_4&&&) [inlined] at /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.10.xctoolchain/usr/bin/../include/c++/v1/__functional_base:413
#4	0x0000000104b53b8b in std::__1::__function::__func<WebKit::StorageManager::processDidCloseConnection(WebKit::WebProcessProxy&, IPC::Connection&)::$_4, std::__1::allocator<WebKit::StorageManager::processDidCloseConnection(WebKit::WebProcessProxy&, IPC::Connection&)::$_4>, void ()>::operator()() at /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.10.xctoolchain/usr/bin/../include/c++/v1/functional:1370
#5	0x000000010231de0a in std::__1::function<void ()>::operator()() const at /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.10.xctoolchain/usr/bin/../include/c++/v1/functional:1755
#6	0x000000010282b229 in ___ZN3WTF9WorkQueue8dispatchENSt3__18functionIFvvEEE_block_invoke at Source/WTF/wtf/cocoa/WorkQueueCocoa.cpp:35

&connection was 0x000000011570ba40, m_eventListeners contained a single pair:

  first = {
    m_ptr = 0x000000011570ba40
  }
  second = 3

however, storageMapID was 4, not 3.

Comment 1 Michael Catanzaro 2015-06-22 08:04:10 PDT

You can reproduce this on this page: http://rt.com/usa/268756-jersey-city-party-shooting/

When I use the web inspector to view storage for this site, I see these warnings:

ERROR: Unhandled web process message 'StorageAreaMap:DispatchStorageEvent'
../../Source/WebKit2/WebProcess/WebProcess.cpp(641) : virtual void WebKit::WebProcess::didReceiveMessage(IPC::Connection &, IPC::MessageDecoder &)
ERROR: Unhandled web process message 'StorageAreaMap:DispatchStorageEvent'
../../Source/WebKit2/WebProcess/WebProcess.cpp(641) : virtual void WebKit::WebProcess::didReceiveMessage(IPC::Connection &, IPC::MessageDecoder &)