RESOLVED FIXED Bug 200674
Crash under IPC::Connection::markCurrentlyDispatchedMessageAsInvalid() 
https://bugs.webkit.org/show_bug.cgi?id=200674
Summary Crash under IPC::Connection::markCurrentlyDispatchedMessageAsInvalid()
Chris Dumez
Reported 2019-08-13 09:00:07 PDT
Crash under IPC::Connection::markCurrentlyDispatchedMessageAsInvalid(): Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000072 Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [1372] Triggered by Thread: 0 Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 WebKit 0x000000021a169b0c IPC::Connection::markCurrentlyDispatchedMessageAsInvalid() + 4 (Connection.cpp:395) 1 WebKit 0x000000021a327478 WebKit::WebPageProxy::didFailProvisionalLoadForFrameShared(WTF::Ref<WebKit::WebProcessProxy, WTF::DumbPtrTraits<WebKit::WebProcessProxy> >&&, unsigned long long, WebCore::SecurityOriginData const&, unsigned long long, WTF::String const&, WebCore::ResourceError const&, WebKit::UserData const&) + 736 (WebPageProxy.cpp:3978) 2 WebKit 0x000000021a2c45d0 WebKit::ProvisionalPageProxy::didFailProvisionalLoadForFrame(unsigned long long, WebCore::SecurityOriginData const&, unsigned long long, WTF::String const&, WebCore::ResourceError const&, WebKit::UserData const&) + 424 (ProvisionalPageProxy.cpp:244) 3 WebKit 0x000000021a2c432c WebKit::ProvisionalPageProxy::cancel() + 256 (ProvisionalPageProxy.cpp:116) 4 WebKit 0x000000021a3262a4 WebKit::WebPageProxy::didStartProvisionalLoadForFrameShared(WTF::Ref<WebKit::WebProcessProxy, WTF::DumbPtrTraits<WebKit::WebProcessProxy> >&&, unsigned long long, unsigned long long, WTF::URL&&, WTF::URL&&, WebKit::UserData const&) + 232 (WebPageProxy.cpp:3840) 5 WebKit 0x000000021a326184 WebKit::WebPageProxy::didStartProvisionalLoadForFrame(unsigned long long, unsigned long long, WTF::URL&&, WTF::URL&&, WebKit::UserData const&) + 64 (WebPageProxy.cpp:3827) 6 WebKit 0x000000021a54e0c4 void IPC::callMemberFunctionImpl<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long long, unsigned long long, WTF::URL&&, WTF::URL&&, WebKit::UserData const&), std::__1::tuple<unsigned long long, unsigned long long, WTF::URL, WTF::URL, WebKit::UserData>, 0ul, 1ul, 2ul, 3ul, 4ul>(WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(unsigned long long, unsigned long long, WTF::URL&&, WTF::URL&&, WebKit::UserData const&), std::__1::tuple<unsigned long long, unsigned long long, WTF::URL, WTF::URL, WebKit::UserData>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul>) + 80 (HandleMessage.h:41) 7 WebKit 0x000000021a544dcc void IPC::handleMessage<Messages::WebPageProxy::DidStartProvisionalLoadForFrame, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long long, unsigned long long, WTF::URL&&, WTF::URL&&, WebKit::UserData const&)>(IPC::Decoder&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(unsigned long long, unsigned long long, WTF::URL&&, WTF::URL&&, WebKit::UserData const&)) + 92 (HandleMessage.h:47) 8 WebKit 0x000000021a178d9c IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 128 (MessageReceiverMap.cpp:0) 9 WebKit 0x000000021a34d684 WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 36 (WebProcessProxy.cpp:714) 10 WebKit 0x000000021a16bf14 IPC::Connection::dispatchMessage(IPC::Decoder&) + 104 (Connection.cpp:978) 11 WebKit 0x000000021a168cb0 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 152 (Connection.cpp:1005) 12 WebKit 0x000000021a16b724 IPC::Connection::dispatchIncomingMessages() + 676 (Connection.cpp:1109) 13 JavaScriptCore 0x0000000211b23378 WTF::RunLoop::performWork() + 272 (Function.h:56) 14 JavaScriptCore 0x0000000211b23648 WTF::RunLoop::performWork(void*) + 40 (RunLoopCF.cpp:38) 15 CoreFoundation 0x000000020a84e444 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 (CFRunLoop.c:1980) 16 CoreFoundation 0x000000020a84e3c0 __CFRunLoopDoSource0 + 92 (CFRunLoop.c:2015) 17 CoreFoundation 0x000000020a84dc7c __CFRunLoopDoSources0 + 180 (CFRunLoop.c:2051) 18 CoreFoundation 0x000000020a848950 __CFRunLoopRun + 988 (CFRunLoop.c:2922) 19 CoreFoundation 0x000000020a848254 CFRunLoopRunSpecific + 452 (CFRunLoop.c:3247) 20 GraphicsServices 0x000000020ca87d8c GSEventRunModal + 108 (GSEvent.c:2245) 21 UIKitCore 0x0000000237b485b8 UIApplicationMain + 216 (UIApplication.m:4353) 22 MobileSafari 0x000000010080b204 main + 1504 (main.m:121) 23 libdyld.dylib 0x000000020a304fd8 start + 4
Attachments
Patch (6.23 KB, patch)
2019-08-13 09:04 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (6.22 KB, patch)
2019-08-13 09:12 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2019-08-13 09:00:23 PDT
<rdar://problem/50692748>
Chris Dumez
Comment 2 2019-08-13 09:04:06 PDT
Created attachment 376170 [details] Patch
EWS Watchlist
Comment 3 2019-08-13 09:06:42 PDT
Attachment 376170 [details] did not pass style-queue: ERROR: Source/WebKit/UIProcess/WebProcessProxy.cpp:1036: More than one command on the same line [whitespace/newline] [4] Total errors found: 1 in 5 files If any of these errors are false positives, please file a bug against check-webkit-style.
Geoffrey Garen
Comment 4 2019-08-13 09:10:14 PDT
Comment on attachment 376170 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=376170&action=review r=me > Source/WebKit/ChangeLog:9 > + When the clients terminates a provisional process (e.g. via the [WKWebView _killWebContentProcessAndResetState] clients => client > Source/WebKit/ChangeLog:12 > + would still think that they are in the middle of a provisional load the next time a load starts. This inconsistent are => were, starts => started
Chris Dumez
Comment 5 2019-08-13 09:12:19 PDT
Created attachment 376171 [details] Patch
EWS Watchlist
Comment 6 2019-08-13 09:13:46 PDT
Attachment 376171 [details] did not pass style-queue: ERROR: Source/WebKit/UIProcess/WebProcessProxy.cpp:1036: More than one command on the same line [whitespace/newline] [4] Total errors found: 1 in 5 files If any of these errors are false positives, please file a bug against check-webkit-style.
WebKit Commit Bot
Comment 7 2019-08-13 10:12:49 PDT
Comment on attachment 376171 [details] Patch Clearing flags on attachment: 376171 Committed r248598: <https://trac.webkit.org/changeset/248598>
WebKit Commit Bot
Comment 8 2019-08-13 10:12:51 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.