Bug 198006 - [PSON] Assertion hit when navigating back after a process swap forced by the client
Summary: [PSON] Assertion hit when navigating back after a process swap forced by the ...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-05-17 16:10 PDT by Chris Dumez
Modified: 2019-05-21 16:45 PDT (History)
6 users (show)

See Also:

Attachments
Patch (10.52 KB, patch)
2019-05-21 15:27 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2019-05-17 16:10:39 PDT 
Assertion hit when navigating back after a process swap forced by the client:

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x00000000bbadbeef
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [62330]

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x000000010ff09dee WTFCrash + 14 (Assertions.cpp:305)
1   com.apple.WebKit              	0x000000011d25a2ab WTFCrashWithInfo(int, char const*, char const*, int) + 27
2   com.apple.WebKit              	0x000000011db047fc WebKit::ProvisionalPageProxy::didCreateMainFrame(unsigned long long) + 332 (ProvisionalPageProxy.cpp:199)
3   com.apple.WebKit              	0x000000011db2f18a void IPC::callMemberFunctionImpl<WebKit::ProvisionalPageProxy, void (WebKit::ProvisionalPageProxy::*)(unsigned long long), std::__1::tuple<unsigned long long>, 0ul>(WebKit::ProvisionalPageProxy*, void (WebKit::ProvisionalPageProxy::*)(unsigned long long), std::__1::tuple<unsigned long long>&&, std::__1::integer_sequence<unsigned long, 0ul>) + 154 (HandleMessage.h:42)
4   com.apple.WebKit              	0x000000011db2f0e0 void IPC::callMemberFunction<WebKit::ProvisionalPageProxy, void (WebKit::ProvisionalPageProxy::*)(unsigned long long), std::__1::tuple<unsigned long long>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<unsigned long long>&&, WebKit::ProvisionalPageProxy*, void (WebKit::ProvisionalPageProxy::*)(unsigned long long)) + 112 (HandleMessage.h:48)
5   com.apple.WebKit              	0x000000011db079ae void IPC::handleMessage<Messages::WebPageProxy::DidCreateMainFrame, WebKit::ProvisionalPageProxy, void (WebKit::ProvisionalPageProxy::*)(unsigned long long)>(IPC::Decoder&, WebKit::ProvisionalPageProxy*, void (WebKit::ProvisionalPageProxy::*)(unsigned long long)) + 238 (HandleMessage.h:121)
6   com.apple.WebKit              	0x000000011db06915 WebKit::ProvisionalPageProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 2021 (ProvisionalPageProxy.cpp:439)
7   com.apple.WebKit              	0x000000011d330869 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 313 (MessageReceiverMap.cpp:124)
8   com.apple.WebKit              	0x000000011dadf804 WebKit::AuxiliaryProcessProxy::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 52 (AuxiliaryProcessProxy.cpp:155)
9   com.apple.WebKit              	0x000000011dd9381a WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 58 (WebProcessProxy.cpp:629)
10  com.apple.WebKit              	0x000000011d2b4679 IPC::Connection::dispatchMessage(IPC::Decoder&) + 473 (Connection.cpp:984)
11  com.apple.WebKit              	0x000000011d2ac932 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 370
12  com.apple.WebKit              	0x000000011d2b344b IPC::Connection::dispatchIncomingMessages() + 1067 (Connection.cpp:1114)
13  com.apple.WebKit              	0x000000011d2d67e5 IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() + 69 (Connection.cpp:959)
14  com.apple.WebKit              	0x000000011d2d6719 WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14, void>::call() + 25 (Function.h:52)
15  com.apple.JavaScriptCore      	0x000000010ff3456a WTF::Function<void ()>::operator()() const + 138 (Function.h:79)
16  com.apple.JavaScriptCore      	0x000000010ff96fa3 WTF::RunLoop::performWork() + 211 (RunLoop.cpp:107)
17  com.apple.JavaScriptCore      	0x000000010ff978fe WTF::RunLoop::performWork(void*) + 30 (RunLoopCF.cpp:39)
18  com.apple.CoreFoundation      	0x00007fff34294752 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
19  com.apple.CoreFoundation      	0x00007fff342946e2 __CFRunLoopDoSource0 + 112
20  com.apple.CoreFoundation      	0x00007fff34277f1b __CFRunLoopDoSources0 + 209
21  com.apple.CoreFoundation      	0x00007fff3427751e __CFRunLoopRun + 1272
22  com.apple.CoreFoundation      	0x00007fff34276da1 CFRunLoopRunSpecific + 499
23  com.apple.HIToolbox           	0x00007fff32ec726d RunCurrentEventLoopInMode + 292
24  com.apple.HIToolbox           	0x00007fff32ec6fae ReceiveNextEventCommon + 600
25  com.apple.HIToolbox           	0x00007fff32ec6d38 _BlockUntilNextEventMatchingListInModeWithFilter + 64
26  com.apple.AppKit              	0x00007fff315569a8 _DPSNextEvent + 990
27  com.apple.AppKit              	0x00007fff31555710 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1325
Comment 1 Chris Dumez 2019-05-21 15:27:37 PDT 
Created attachment 370347 [details]
Patch
Comment 2 WebKit Commit Bot 2019-05-21 16:44:22 PDT 
Comment on attachment 370347 [details]
Patch

Clearing flags on attachment: 370347

Committed r245601: <https://trac.webkit.org/changeset/245601>
Comment 3 WebKit Commit Bot 2019-05-21 16:44:23 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 4 Radar WebKit Bug Importer 2019-05-21 16:45:22 PDT 
<rdar://problem/51006852>