RESOLVED FIXED 191734
ASSERTION FAILED: m_messageReceivers.contains(...) under ViewGestureController removeMessageReceiver 
https://bugs.webkit.org/show_bug.cgi?id=191734
Summary ASSERTION FAILED: m_messageReceivers.contains(...) under ViewGestureControlle...
Joseph Pecoraro
Reported 2018-11-15 21:43:56 PST
ASSERTION FAILED: m_messageReceivers.contains(...) under ViewGestureController removeMessageReceiver Steps to Reproduce: 1. Load a web page in Safari 2. Kill WebContent Process for that page (kill -9) 3. Kill WebContent Process for that page again (kill -9) 4. Click the "Reload" button in Safari 5. Kill WebContent Process for that page again (kill -9) => ASSERT ASSERTION FAILED: m_messageReceivers.contains(std::make_pair(messageReceiverName, destinationID)) /Volumes/Data/Code/safari/OpenSource/Source/WebKit/Platform/IPC/MessageReceiverMap.cpp(72) : void IPC::MessageReceiverMap::removeMessageReceiver(IPC::StringReference, uint64_t) 1 0x110a97299 WTFCrash 2 0x119dad6ab WTFCrashWithInfo(int, char const*, char const*, int) 3 0x119e5c380 IPC::MessageReceiverMap::removeMessageReceiver(IPC::StringReference, unsigned long long) 4 0x11a4430a7 WebKit::ChildProcessProxy::removeMessageReceiver(IPC::StringReference, unsigned long long) 5 0x11a9172f0 WebKit::ViewGestureController::~ViewGestureController() 6 0x11a9174f5 WebKit::ViewGestureController::~ViewGestureController() 7 0x11a917519 WebKit::ViewGestureController::~ViewGestureController() 8 0x11a569269 WebKit::WebViewImpl::processDidExit() 9 0x11a813eeb WebKit::PageClientImpl::processDidExit() 10 0x11a67c8ba WebKit::WebPageProxy::resetStateAfterProcessExited(WebKit::ProcessTerminationReason) 11 0x11a649067 WebKit::WebPageProxy::processDidTerminate(WebKit::ProcessTerminationReason) 12 0x11a73af38 WebKit::WebProcessProxy::processDidTerminateOrFailedToLaunch() 13 0x11a73acbc WebKit::WebProcessProxy::didClose(IPC::Connection&) 14 0x119e157d6 IPC::Connection::connectionDidClose()::$_13::operator()() ... Notes: - Seems a receiver is being removed that wasn't registered? - This doesn't happen on simple process restarts, but does happen after the special safari "Reload" case, what is different?
Attachments
API test (2.90 KB, patch)
2018-11-17 13:45 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (8.89 KB, patch)
2018-11-17 14:03 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (8.88 KB, patch)
2018-11-17 14:10 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (8.95 KB, patch)
2018-11-17 14:44 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Tim Horton
Comment 1 2018-11-16 00:48:15 PST
A bit odd since we add in the constructor and remove in the destructor. Maybe something else emptied out the map?
Alexey Proskuryakov
Comment 2 2018-11-17 12:18:19 PST
*** Bug 191780 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 3 2018-11-17 12:20:46 PST
More practical steps to reproduce in bug 191780. Possibly a recent regression, given that both reports are recent. Chris, is this related to r237615?
Radar WebKit Bug Importer
Comment 4 2018-11-17 12:21:34 PST
<rdar://problem/46151497>
Chris Dumez
Comment 5 2018-11-17 12:27:38 PST
Could be related to PSON or process prewarming if this is recent. I'll investigate.
Chris Dumez
Comment 6 2018-11-17 12:36:19 PST
After clicking the reload button in Safari I see: CHRIS: addMessageReceiver(1, 0x7fce56c3dd90), process is 0x1324e3400 Then we killing the process I see: CHRIS: removeMessageReceiver(1, 0x7fce56c3dd90) process is 0x135ce1400 I added itself as a message receiver from one process and is trying to unregister itself from another.
Chris Dumez
Comment 7 2018-11-17 12:40:31 PST
Yes, this is a PSON regression. This is due to us not destroying the gesture controller in WebViewImpl::processWillSwap(). We only do it in WebViewImpl::processDidExit(). We did this to fix Bug 191083. I will fix it shortly.
Chris Dumez
Comment 8 2018-11-17 13:45:52 PST
Created attachment 355200 [details] API test
Chris Dumez
Comment 9 2018-11-17 14:03:22 PST
Created attachment 355201 [details] Patch
Ryosuke Niwa
Comment 10 2018-11-17 14:08:10 PST
Comment on attachment 355201 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=355201&action=review Looks sane to me. I guess we should wait for EWS. > Source/WebKit/ChangeLog:10 > + after we've relaunched a new Webprocess. The ViewGestureController controller takes care Nit: Web*P*rocess. > Source/WebKit/ChangeLog:19 > + To address the issue, we now take sure the ViewGestureController unregisters itself from we now *make* sure?
Chris Dumez
Comment 11 2018-11-17 14:10:26 PST
Created attachment 355204 [details] Patch
Chris Dumez
Comment 12 2018-11-17 14:44:35 PST
Created attachment 355207 [details] Patch
WebKit Commit Bot
Comment 13 2018-11-17 16:25:27 PST
Comment on attachment 355207 [details] Patch Clearing flags on attachment: 355207 Committed r238356: <https://trac.webkit.org/changeset/238356>
WebKit Commit Bot
Comment 14 2018-11-17 16:25:29 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.