191780 – Debug Safari crashes in BrowserWKView dealloc after javascript redirect

Bug 191780 - Debug Safari crashes in BrowserWKView dealloc after javascript redirect

Summary: Debug Safari crashes in BrowserWKView dealloc after javascript redirect

Status:	RESOLVED DUPLICATE of bug 191734

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Page Loading (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified macOS 10.14

Importance:	P2 Critical
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-11-16 14:59 PST by Jay Mulani
Modified:	2018-11-17 12:18 PST (History)
CC List:	1 user (show)

See Also:

Attachments
test page to reproduce crash (181 bytes, text/html) 2018-11-16 14:59 PST, Jay Mulani	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jay Mulani 2018-11-16 14:59:40 PST

Created attachment 355136 [details]
test page to reproduce crash

Debug Safari crashes in BrowserWKView.mm dealloc method after a javascript redirect. The failed assertion is:
ASSERTION FAILED: m_messageReceivers.contains(std::make_pair(messageReceiverName, destinationID))

I have attached a simple test page that leads me to the crash on tip of tree.

2018-11-16 14:54:22.748080-0800 Safari[76684:4795683] ASSERTION FAILED: m_messageReceivers.contains(std::make_pair(messageReceiverName, destinationID))
ASSERTION FAILED: m_messageReceivers.contains(std::make_pair(messageReceiverName, destinationID))
2018-11-16 14:54:22.748137-0800 Safari[76684:4795683] /Volumes/Data/worker/liberty-debug-archive/build/OpenSource/Source/WebKit/Platform/IPC/MessageReceiverMap.cpp(72) : void IPC::MessageReceiverMap::removeMessageReceiver(IPC::StringReference, uint64_t)
/Volumes/Data/worker/liberty-debug-archive/build/OpenSource/Source/WebKit/Platform/IPC/MessageReceiverMap.cpp(72) : void IPC::MessageReceiverMap::removeMessageReceiver(IPC::StringReference, uint64_t)
2018-11-16 14:54:22.759044-0800 Safari[76684:4795683] 1   0x102866829 WTFCrash
1   0x102866829 WTFCrash
2018-11-16 14:54:22.769089-0800 Safari[76684:4795683] 2   0x10863aa2b WTFCrashWithInfo(int, char const*, char const*, int)
2   0x10863aa2b WTFCrashWithInfo(int, char const*, char const*, int)
2018-11-16 14:54:22.771031-0800 Safari[76684:4795683] 3   0x1086e8f40 IPC::MessageReceiverMap::removeMessageReceiver(IPC::StringReference, unsigned long long)
3   0x1086e8f40 IPC::MessageReceiverMap::removeMessageReceiver(IPC::StringReference, unsigned long long)
2018-11-16 14:54:22.772175-0800 Safari[76684:4795683] 4   0x108cc6827 WebKit::ChildProcessProxy::removeMessageReceiver(IPC::StringReference, unsigned long long)
4   0x108cc6827 WebKit::ChildProcessProxy::removeMessageReceiver(IPC::StringReference, unsigned long long)
2018-11-16 14:54:22.773399-0800 Safari[76684:4795683] 5   0x109199610 WebKit::ViewGestureController::~ViewGestureController()
5   0x109199610 WebKit::ViewGestureController::~ViewGestureController()
2018-11-16 14:54:22.774957-0800 Safari[76684:4795683] 6   0x109199815 WebKit::ViewGestureController::~ViewGestureController()
6   0x109199815 WebKit::ViewGestureController::~ViewGestureController()
2018-11-16 14:54:22.776542-0800 Safari[76684:4795683] 7   0x109199839 WebKit::ViewGestureController::~ViewGestureController()
7   0x109199839 WebKit::ViewGestureController::~ViewGestureController()
2018-11-16 14:54:22.778081-0800 Safari[76684:4795683] 8   0x108debd7c WebKit::WebViewImpl::~WebViewImpl()
8   0x108debd7c WebKit::WebViewImpl::~WebViewImpl()
2018-11-16 14:54:22.779668-0800 Safari[76684:4795683] 9   0x108dec295 WebKit::WebViewImpl::~WebViewImpl()
9   0x108dec295 WebKit::WebViewImpl::~WebViewImpl()
2018-11-16 14:54:22.781299-0800 Safari[76684:4795683] 10  0x108c565cf -[WKWebView .cxx_destruct]
10  0x108c565cf -[WKWebView .cxx_destruct]
2018-11-16 14:54:22.781359-0800 Safari[76684:4795683] 11  0x7fff7608c40c object_cxxDestructFromClass(objc_object*, objc_class*)
11  0x7fff7608c40c object_cxxDestructFromClass(objc_object*, objc_class*)
2018-11-16 14:54:22.781389-0800 Safari[76684:4795683] 12  0x7fff76084cd5 objc_destructInstance
12  0x7fff76084cd5 objc_destructInstance
2018-11-16 14:54:22.781414-0800 Safari[76684:4795683] 13  0x7fff76084c77 object_dispose
13  0x7fff76084c77 object_dispose
2018-11-16 14:54:22.781660-0800 Safari[76684:4795683] 14  0x7fff46c8f34d -[NSResponder dealloc]
14  0x7fff46c8f34d -[NSResponder dealloc]
2018-11-16 14:54:22.781903-0800 Safari[76684:4795683] 15  0x7fff46c8d6b8 -[NSView dealloc]
15  0x7fff46c8d6b8 -[NSView dealloc]
2018-11-16 14:54:22.783460-0800 Safari[76684:4795683] 16  0x108c4a9ee -[WKWebView dealloc]
16  0x108c4a9ee -[WKWebView dealloc]
2018-11-16 14:54:22.787825-0800 Safari[76684:4795683] 17  0x1007740ec -[BrowserWKView dealloc]
17  0x1007740ec -[BrowserWKView dealloc]
2018-11-16 14:54:22.787887-0800 Safari[76684:4795683] 18  0x7fff760859dc (anonymous namespace)::AutoreleasePoolPage::pop(void*)
18  0x7fff760859dc (anonymous namespace)::AutoreleasePoolPage::pop(void*)
2018-11-16 14:54:22.787947-0800 Safari[76684:4795683] 19  0x7fff4960fbc6 _CFAutoreleasePoolPop
19  0x7fff4960fbc6 _CFAutoreleasePoolPop
2018-11-16 14:54:22.788194-0800 Safari[76684:4795683] 20  0x7fff46e66cd2 _wrapRunLoopWithAutoreleasePoolHandler
20  0x7fff46e66cd2 _wrapRunLoopWithAutoreleasePoolHandler
2018-11-16 14:54:22.788259-0800 Safari[76684:4795683] 21  0x7fff4969b6ad __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__
21  0x7fff4969b6ad __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__
2018-11-16 14:54:22.788318-0800 Safari[76684:4795683] 22  0x7fff4969b5e2 __CFRunLoopDoObservers
22  0x7fff4969b5e2 __CFRunLoopDoObservers
2018-11-16 14:54:22.788370-0800 Safari[76684:4795683] 23  0x7fff4963ca64 CFRunLoopRunSpecific
23  0x7fff4963ca64 CFRunLoopRunSpecific
2018-11-16 14:54:22.788439-0800 Safari[76684:4795683] 24  0x7fff488d2b45 RunCurrentEventLoopInMode
24  0x7fff488d2b45 RunCurrentEventLoopInMode
2018-11-16 14:54:22.788523-0800 Safari[76684:4795683] 25  0x7fff488d287b ReceiveNextEventCommon
25  0x7fff488d287b ReceiveNextEventCommon
2018-11-16 14:54:22.788586-0800 Safari[76684:4795683] 26  0x7fff488d25f8 _BlockUntilNextEventMatchingListInModeWithFilter
26  0x7fff488d25f8 _BlockUntilNextEventMatchingListInModeWithFilter
2018-11-16 14:54:22.788823-0800 Safari[76684:4795683] 27  0x7fff46b8ca73 _DPSNextEvent
27  0x7fff46b8ca73 _DPSNextEvent
2018-11-16 14:54:22.789066-0800 Safari[76684:4795683] 28  0x7fff46b8b812 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
28  0x7fff46b8b812 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
2018-11-16 14:54:22.790188-0800 Safari[76684:4795683] 29  0x100530430 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
29  0x100530430 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
2018-11-16 14:54:22.790439-0800 Safari[76684:4795683] 30  0x7fff46b85875 -[NSApplication run]
30  0x7fff46b85875 -[NSApplication run]
2018-11-16 14:54:22.790674-0800 Safari[76684:4795683] 31  0x7fff46b74fb3 NSApplicationMain
31  0x7fff46b74fb3 NSApplicationMain

Comment 1 Alexey Proskuryakov 2018-11-17 12:18:19 PST


*** This bug has been marked as a duplicate of bug 191734 ***