Seen using a debug build of WebKit for iOS Simulator at r235759. Steps to reproduce: 1. Open an iPad simulator instance. 2. Visit <https://www.icloud.com>. 3. Tap the share button. Then tap Request Desktop Site from the share sheet. 4. Sign in to iCloud. 5. Tap Pages. 6. Tap the + icon at the top of the page to open the template chooser. 7. Press the return key on the keyboard. The the WebProcess crashes because ASSERT_UNUSED(overwriteExistingItem, overwriteExistingItem == OverwriteExistingItem::Yes || !idToHistoryItemMap().contains(itemID)) fails in WebBackForwardListProxy::addItemFromUIProcess().
#0 0x000000011413a0a0 in ::WTFCrash() at /Volumes/.../Source/WTF/wtf/Assertions.cpp:267 #1 0x0000000109223e1b in WTFCrashWithInfo(int, char const*, char const*, int) at /Volumes/Scratch/WebKitBuild/Debug-iphonesimulator/usr/local/include/wtf/Assertions.h:551 #2 0x0000000109f5c94a in WebKit::WebBackForwardListProxy::addItemFromUIProcess(WebCore::BackForwardItemIdentifier const&, WTF::Ref<WebCore::HistoryItem, WTF::DumbPtrTraits<WebCore::HistoryItem> >&&, unsigned long long, WebKit::WebBackForwardListProxy::OverwriteExistingItem) at /Volumes/.../Source/WebKit/WebProcess/WebPage/WebBackForwardListProxy.cpp:61 #3 0x000000010a04ebbb in WebKit::WebPage::restoreSessionInternal(WTF::Vector<WebKit::BackForwardListItemState, 0ul, WTF::CrashOnOverflow, 16ul> const&, WebKit::WebPage::WasRestoredByAPIRequest, WebKit::WebBackForwardListProxy::OverwriteExistingItem) at /Volumes/.../Source/WebKit/WebProcess/WebPage/WebPage.cpp:2490 #4 0x000000010a05ce66 in WebKit::WebPage::restoreSession(WTF::Vector<WebKit::BackForwardListItemState, 0ul, WTF::CrashOnOverflow, 16ul> const&) at /Volumes/.../Source/WebKit/WebProcess/WebPage/WebPage.cpp:2496 #5 0x000000010a0d44ea in void IPC::callMemberFunctionImpl<WebKit::WebPage, void (WebKit::WebPage::*)(WTF::Vector<WebKit::BackForwardListItemState, 0ul, WTF::CrashOnOverflow, 16ul> const&), std::__1::tuple<WTF::Vector<WebKit::BackForwardListItemState, 0ul, WTF::CrashOnOverflow, 16ul> >, 0ul>(WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::Vector<WebKit::BackForwardListItemState, 0ul, WTF::CrashOnOverflow, 16ul> const&), std::__1::tuple<WTF::Vector<WebKit::BackForwardListItemState, 0ul, WTF::CrashOnOverflow, 16ul> >&&, std::__1::integer_sequence<unsigned long, 0ul>) at /Volumes/.../Source/WebKit/Platform/IPC/HandleMessage.h:41 #6 0x000000010a0d4300 in void IPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WTF::Vector<WebKit::BackForwardListItemState, 0ul, WTF::CrashOnOverflow, 16ul> const&), std::__1::tuple<WTF::Vector<WebKit::BackForwardListItemState, 0ul, WTF::CrashOnOverflow, 16ul> >, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WTF::Vector<WebKit::BackForwardListItemState, 0ul, WTF::CrashOnOverflow, 16ul> >&&, WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::Vector<WebKit::BackForwardListItemState, 0ul, WTF::CrashOnOverflow, 16ul> const&)) at /Volumes/.../Source/WebKit/Platform/IPC/HandleMessage.h:47 #7 0x000000010a0bb770 in void IPC::handleMessage<Messages::WebPage::RestoreSession, WebKit::WebPage, void (WebKit::WebPage::*)(WTF::Vector<WebKit::BackForwardListItemState, 0ul, WTF::CrashOnOverflow, 16ul> const&)>(IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::Vector<WebKit::BackForwardListItemState, 0ul, WTF::CrashOnOverflow, 16ul> const&)) at /Volumes/.../Source/WebKit/Platform/IPC/HandleMessage.h:127 #8 0x000000010a0af90e in WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) at /Volumes/Scratch/WebKitBuild/Debug-iphonesimulator/DerivedSources/WebKit2/WebPageMessageReceiver.cpp:674 #9 0x000000010a06463e in WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::Decoder&) at /Volumes/.../Source/WebKit/WebProcess/WebPage/WebPage.cpp:4023 #10 0x00000001093178ca in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) at /Volumes/.../Source/WebKit/Platform/IPC/MessageReceiverMap.cpp:123 #11 0x0000000109c8aa5d in WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) at /Volumes/.../Source/WebKit/WebProcess/WebProcess.cpp:650 #12 0x00000001092e307a in IPC::Connection::dispatchMessage(IPC::Decoder&) at /Volumes/.../Source/WebKit/Platform/IPC/Connection.cpp:957 #13 0x00000001092d61b1 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) at /Volumes/.../Source/WebKit/Platform/IPC/Connection.cpp:984 #14 0x00000001092e3bf7 in IPC::Connection::dispatchOneIncomingMessage() at /Volumes/.../Source/WebKit/Platform/IPC/Connection.cpp:1053 #15 0x00000001092ffad8 in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() at /Volumes/.../Source/WebKit/Platform/IPC/Connection.cpp:950 #16 0x00000001092ff9e9 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() at /Volumes/Scratch/WebKitBuild/Debug-iphonesimulator/usr/local/include/wtf/Function.h:101 #17 0x000000011416120d in WTF::Function<void ()>::operator()() const at /Volumes/Scratch/WebKitBuild/Debug-iphonesimulator/usr/local/include/wtf/Function.h:56 #18 0x00000001141b938d in WTF::RunLoop::performWork() at /Volumes/.../Source/WTF/wtf/RunLoop.cpp:123 #19 0x00000001141b9c34 in WTF::RunLoop::performWork(void*) at /Volumes/.../Source/WTF/wtf/cf/RunLoopCF.cpp:38 #20 0x000000010e531b31 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ () #21 0x000000010e531464 in __CFRunLoopDoSources0 () #22 0x000000010e52ba4f in __CFRunLoopRun () #23 0x000000010e52b221 in CFRunLoopRunSpecific () #24 0x0000000108cab522 in -[NSRunLoop(NSRunLoop) runMode:beforeDate:] () #25 0x0000000108cab692 in -[NSRunLoop(NSRunLoop) run] () #26 0x000000011023f812 in _xpc_objc_main () #27 0x0000000110241cbd in xpc_main () #28 0x0000000108906bea in WebKit::XPCServiceMain() at /Volumes/.../Source/WebKit/Shared/EntryPointUtilities/mac/XPCService/XPCServiceMain.mm:157 #29 0x0000000108906f2b in main at /Volumes/.../Source/WebKit/Shared/EntryPointUtilities/mac/XPCService/XPCServiceMain.mm:165 #30 0x000000010fe92551 in start () #31 0x000000010fe92551 in start ()
<rdar://problem/44316300>