WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
194871
Crash in DOMWindowExtension::suspendForPageCache
https://bugs.webkit.org/show_bug.cgi?id=194871
Summary
Crash in DOMWindowExtension::suspendForPageCache
Ryosuke Niwa
Reported
2019-02-20 14:24:21 PST
e.g. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00007fff47af3f3c WebCore::DOMWindowExtension::suspendForPageCache() + 28 1 com.apple.WebCore 0x00007fff46967fe9 WebCore::DOMWindow::suspendForPageCache() + 233 2 com.apple.WebCore 0x00007fff47861a68 WebCore::CachedFrame::CachedFrame(WebCore::Frame&) + 504 3 com.apple.WebCore 0x00007fff47863869 WebCore::PageCache::addIfCacheable(WebCore::HistoryItem&, WebCore::Page*) + 457 4 com.apple.WebCore 0x00007fff4691a3c7 WebCore::FrameLoader::commitProvisionalLoad() + 263 5 com.apple.WebCore 0x00007fff46967b81 WebCore::DocumentLoader::commitLoad(char const*, int) + 81 6 com.apple.WebCore 0x00007fff47aca1b0 WTF::Function<void ()>::CallableWrapper<WebCore::CachedRawResource::didAddClient(WebCore::CachedResourceClient&)::$_0::operator()(WebCore::ResourceRequest&&)::'lambda'()>::call() + 80 7 com.apple.WebCore 0x00007fff47a559bb WTF::Function<void (WebCore::PolicyAction)>::CallableWrapper<WebCore::DocumentLoader::responseReceived(WebCore::ResourceResponse const&, WTF::CompletionHandler<void ()>&&)::$_7>::call(WebCore::PolicyAction) + 59 8 com.apple.WebKit 0x00007fff488666e9 WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse(WebCore::ResourceResponse const&, WebCore::ResourceRequest const&, WTF::Function<void (WebCore::PolicyAction)>&&) + 121 9 com.apple.WebCore 0x00007fff47a4cdd8 WebCore::DocumentLoader::responseReceived(WebCore::ResourceResponse const&, WTF::CompletionHandler<void ()>&&) + 1992 10 com.apple.WebCore 0x00007fff47aca02e WTF::Function<void (WebCore::ResourceRequest&&)>::CallableWrapper<WebCore::CachedRawResource::didAddClient(WebCore::CachedResourceClient&)::$_0>::call(WebCore::ResourceRequest&&) + 350 11 com.apple.WebCore 0x00007fff47abe328 WebCore::iterateRedirects(WebCore::CachedResourceHandle<WebCore::CachedRawResource>&&, WebCore::CachedRawResourceClient&, WTF::Vector<std::__1::pair<WebCore::ResourceRequest, WebCore::ResourceResponse>, 0ul, WTF::CrashOnOverflow, 16ul>&&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&) + 1448 12 com.apple.WebCore 0x00007fff47abd9b1 WebCore::CachedRawResource::didAddClient(WebCore::CachedResourceClient&) + 657 13 com.apple.WebCore 0x00007fff4690f398 WebCore::ThreadTimers::sharedTimerFiredInternal() + 168 14 com.apple.WebCore 0x00007fff4690f2df WebCore::timerFired(__CFRunLoopTimer*, void*) + 31 <
rdar://problem/47380794
>
Attachments
Fix attempt
(4.80 KB, patch)
2019-02-20 14:57 PST
,
Ryosuke Niwa
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1
2019-02-20 14:25:15 PST
We're also seeing crashes in DOMWindowExtension::willDestroyGlobalObjectInCachedFrame() e.g. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00007fff52579040 WebCore::DOMWindowExtension::willDestroyGlobalObjectInCachedFrame() + 16 1 com.apple.WebCore 0x00007fff514da36a WebCore::DOMWindow::willDestroyCachedFrame() + 234 2 com.apple.WebCore 0x00007fff514da185 WebCore::CachedFrame::destroy() + 37 3 com.apple.WebCore 0x00007fff522e84d4 WebCore::PageCache::prune(WebCore::PruningReason) + 100 4 com.apple.WebCore 0x00007fff522e8458 WebCore::PageCache::pruneToSizeNow(unsigned int, WebCore::PruningReason) + 24 5 com.apple.WebKit 0x00007fff52fc5a98 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 108 6 com.apple.WebKit 0x00007fff52fc924b IPC::Connection::dispatchOneIncomingMessage() + 181 7 com.apple.JavaScriptCore 0x00007fff47874734 WTF::RunLoop::performWork() + 228 8 com.apple.JavaScriptCore 0x00007fff478749c2 WTF::RunLoop::performWork(void*) + 34 9 com.apple.CoreFoundation 0x00007fff443526a3 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 10 com.apple.CoreFoundation 0x00007fff44352649 __CFRunLoopDoSource0 + 108 11 com.apple.CoreFoundation 0x00007fff44335ffb __CFRunLoopDoSources0 + 195 12 com.apple.CoreFoundation 0x00007fff443355c5 __CFRunLoopRun + 1189 13 com.apple.CoreFoundation 0x00007fff44334ece CFRunLoopRunSpecific + 455 14 com.apple.Foundation 0x00007fff4664da9f -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 280 15 com.apple.Foundation 0x00007fff4664d974 -[NSRunLoop(NSRunLoop) run] + 76 16 libxpc.dylib 0x00007fff709ec1d7 _xpc_objc_main + 552 17 libxpc.dylib 0x00007fff709ebcd9 xpc_main + 433 18 com.apple.WebKit.WebContent 0x1013b26e2 WebKit::XPCServiceMain(int, char const**) + 547 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebKit2/WebKit2-7607.1.30/Shared/EntryPointUtilities/mac/XPCService/XPCServiceMain.mm:157) 19 com.apple.WebKit.WebContent 0x1013b2867 main + 9 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebKit2/WebKit2-7607.1.30/Shared/EntryPointUtilities/mac/XPCService/XPCServiceMain.mm:165) 20 libdyld.dylib 0x00007fff707b93ed start + 1
Ryosuke Niwa
Comment 2
2019-02-20 14:28:03 PST
I suspect what might be happening here is that DOMWindowExtension is getting removed / unregistered inside the client delegate callbacks in dispatchWillDisconnectDOMWindowExtensionFromGlobalObject and dispatchWillDestroyGlobalObjectForDOMWindowExtension. In DOMWindow::willDestroyCachedFrame, for example, there is a comment about how this may happen: // It is necessary to copy m_properties to a separate vector because the DOMWindowProperties may // unregister themselves from the DOMWindow as a result of the call to willDestroyGlobalObjectInFrame. I think what we didn't account is notifying one DOMWindowExtension removing another DOMWindowExtension.
Ryosuke Niwa
Comment 3
2019-02-20 14:57:17 PST
Created
attachment 362547
[details]
Fix attempt
Ryosuke Niwa
Comment 4
2019-02-20 15:09:52 PST
Waiting for EWS...
Ryosuke Niwa
Comment 5
2019-02-20 16:06:29 PST
Comment on
attachment 362547
[details]
Fix attempt Clearing flags on attachment: 362547 Committed
r241848
: <
https://trac.webkit.org/changeset/241848
>
Ryosuke Niwa
Comment 6
2019-02-20 16:06:31 PST
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug