Bug 201119 - REGRESSION (?): Remote inspecting a MiniBrowser window crashes it
Summary: REGRESSION (?): Remote inspecting a MiniBrowser window crashes it
Status: RESOLVED CONFIGURATION CHANGED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Inspector (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-08-24 11:36 PDT by Simon Fraser (smfr)
Modified: 2019-09-03 14:25 PDT (History)
6 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Simon Fraser (smfr) 2019-08-24 11:36:43 PDT
Run MiniBrowser, make a WK1 window, remote-inspect it with STP. Crash:

* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x70)
  * frame #0: 0x000000010a505535 WebCore`std::__1::unique_ptr<WTF::Lock, std::__1::default_delete<WTF::Lock> >::operator*(this=0x0000000000000070) const at memory:2599:20
    frame #1: 0x000000010d3ee413 WebCore`WTF::HashTable<WebCore::Frame*, WTF::KeyValuePair<WebCore::Frame*, WTF::String>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::Frame*, WTF::String> >, WTF::PtrHash<WebCore::Frame*>, WTF::HashMap<WebCore::Frame*, WTF::String, WTF::PtrHash<WebCore::Frame*>, WTF::HashTraits<WebCore::Frame*>, WTF::HashTraits<WTF::String> >::KeyValuePairTraits, WTF::HashTraits<WebCore::Frame*> >::invalidateIterators(this={ tableSize = 0, keyCount = 0 }) at HashTable.h:1466:36
    frame #2: 0x000000010d410abb WebCore`WTF::HashTableAddResult<WTF::HashTableIterator<WebCore::Frame*, WTF::KeyValuePair<WebCore::Frame*, WTF::String>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::Frame*, WTF::String> >, WTF::PtrHash<WebCore::Frame*>, WTF::HashMap<WebCore::Frame*, WTF::String, WTF::PtrHash<WebCore::Frame*>, WTF::HashTraits<WebCore::Frame*>, WTF::HashTraits<WTF::String> >::KeyValuePairTraits, WTF::HashTraits<WebCore::Frame*> > > WTF::HashTable<WebCore::Frame*, WTF::KeyValuePair<WebCore::Frame*, WTF::String>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::Frame*, WTF::String> >, WTF::PtrHash<WebCore::Frame*>, WTF::HashMap<WebCore::Frame*, WTF::String, WTF::PtrHash<WebCore::Frame*>, WTF::HashTraits<WebCore::Frame*>, WTF::HashTraits<WTF::String> >::KeyValuePairTraits, WTF::HashTraits<WebCore::Frame*> >::add<WTF::HashMapEnsureTranslator<WTF::HashMap<WebCore::Frame*, WTF::String, WTF::PtrHash<WebCore::Frame*>, WTF::HashTraits<WebCore::Frame*>, WTF::HashTraits<WTF::String> >::KeyValuePairTraits, WTF::PtrHash<WebCore::Frame*> >, WebCore::Frame* const&, WebCore::InspectorPageAgent::frameId(this={ tableSize = 0, keyCount = 0 }, key={ origin = , url = , isMainFrame = 0, pageCacheState =  }, extra=0x00007ffeefbfd5e0)::$_10>(WebCore::Frame* const&, WebCore::InspectorPageAgent::frameId(WebCore::Frame*)::$_10&&) at HashTable.h:904:9
    frame #3: 0x000000010d410a54 WebCore`WTF::HashTableAddResult<WTF::HashTableIterator<WebCore::Frame*, WTF::KeyValuePair<WebCore::Frame*, WTF::String>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::Frame*, WTF::String> >, WTF::PtrHash<WebCore::Frame*>, WTF::HashMap<WebCore::Frame*, WTF::String, WTF::PtrHash<WebCore::Frame*>, WTF::HashTraits<WebCore::Frame*>, WTF::HashTraits<WTF::String> >::KeyValuePairTraits, WTF::HashTraits<WebCore::Frame*> > > WTF::HashMap<WebCore::Frame*, WTF::String, WTF::PtrHash<WebCore::Frame*>, WTF::HashTraits<WebCore::Frame*>, WTF::HashTraits<WTF::String> >::inlineEnsure<WebCore::Frame* const&, WebCore::InspectorPageAgent::frameId(this={ tableSize = 0, keyCount = 0 }, key={ origin = , url = , isMainFrame = 0, pageCacheState =  }, functor=0x00007ffeefbfd5e0)::$_10>(WebCore::Frame* const&, WebCore::InspectorPageAgent::frameId(WebCore::Frame*)::$_10&&) at HashMap.h:367:28
    frame #4: 0x000000010d3d352f WebCore`WTF::HashTableAddResult<WTF::HashTableIterator<WebCore::Frame*, WTF::KeyValuePair<WebCore::Frame*, WTF::String>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::Frame*, WTF::String> >, WTF::PtrHash<WebCore::Frame*>, WTF::HashMap<WebCore::Frame*, WTF::String, WTF::PtrHash<WebCore::Frame*>, WTF::HashTraits<WebCore::Frame*>, WTF::HashTraits<WTF::String> >::KeyValuePairTraits, WTF::HashTraits<WebCore::Frame*> > > WTF::HashMap<WebCore::Frame*, WTF::String, WTF::PtrHash<WebCore::Frame*>, WTF::HashTraits<WebCore::Frame*>, WTF::HashTraits<WTF::String> >::ensure<WebCore::InspectorPageAgent::frameId(this={ tableSize = 0, keyCount = 0 }, key={ origin = , url = , isMainFrame = 0, pageCacheState =  }, functor=0x00007ffeefbfd5e0)::$_10>(WebCore::Frame* const&, WebCore::InspectorPageAgent::frameId(WebCore::Frame*)::$_10&&) at HashMap.h:423:12
    frame #5: 0x000000010d3d2c30 WebCore`WebCore::InspectorPageAgent::frameId(this=0x0000000000000000, frame={ origin = file://, url = file:///Volumes/Data/Development/system/webkit/testcontent/reductions/pure-css-still-life-water-lemon-reduced.html, isMainFrame = 1, pageCacheState = NotInPageCache }) at InspectorPageAgent.cpp:707:32
    frame #6: 0x000000010d30fb33 WebCore`WebCore::InspectorStyleSheet::buildObjectForStyleSheetInfo(this=0x000000012d62e9f8) at InspectorStyleSheet.cpp:1026:34
    frame #7: 0x000000010d33ee32 WebCore`WebCore::InspectorCSSAgent::setActiveStyleSheetsForDocument(this=0x000000012d67e840, document={ origin = file://, url = file:///Volumes/Data/Development/system/webkit/testcontent/reductions/pure-css-still-life-water-lemon-reduced.html, inMainFrame = 1, pageCacheState = NotInPageCache }, activeStyleSheets={ size = 1, capacity = 16 }) at InspectorCSSAgent.cpp:395:72
    frame #8: 0x000000010d33e8f3 WebCore`WebCore::InspectorCSSAgent::activeStyleSheetsUpdated(this=0x000000012d67e840, document={ origin = file://, url = file:///Volumes/Data/Development/system/webkit/testcontent/reductions/pure-css-still-life-water-lemon-reduced.html, inMainFrame = 1, pageCacheState = NotInPageCache }) at InspectorCSSAgent.cpp:366:5
    frame #9: 0x000000010d33e762 WebCore`WebCore::InspectorCSSAgent::enable(this=0x000000012d67e840, (null)={ length = 0, contents = '' }) at InspectorCSSAgent.cpp:335:13
    frame #10: 0x00000001230372e7 JavaScriptCore`Inspector::CSSBackendDispatcher::enable(this=0x000000012d64ac08, requestId=9, (null)=0x00007ffeefbfdb38) at InspectorBackendDispatchers.cpp:472:14
    frame #11: 0x000000012303717b JavaScriptCore`Inspector::CSSBackendDispatcher::dispatch(this=0x000000012d64ac08, requestId=9, method={ length = 6, contents = 'enable' }, message=0x00007ffeefbfdc40) at InspectorBackendDispatchers.cpp:458:5
    frame #12: 0x0000000123031c5b JavaScriptCore`Inspector::BackendDispatcher::dispatch(this=0x000000012d6f1108, message={ length = 30, contents = '{"id":9,"method":"CSS.enable"}' }) at InspectorBackendDispatcher.cpp:180:27
    frame #13: 0x000000010d2e435c WebCore`WebCore::InspectorController::dispatchMessageFromFrontend(this=0x000000012d6e2000, message={ length = 30, contents = '{"id":9,"method":"CSS.enable"}' }) at InspectorController.cpp:395:26
    frame #14: 0x000000010d781009 WebCore`WebCore::PageDebuggable::dispatchMessageFromRemote(this=0x000000012d6a6758, message={ length = 30, contents = '{"id":9,"method":"CSS.enable"}' }) at PageDebuggable.cpp:84:34
    frame #15: 0x0000000122531bcf JavaScriptCore`::___ZN9Inspector24RemoteConnectionToTarget19sendMessageToTargetEP8NSString_block_invoke(.block_descriptor=0x0000600000c545d0) at RemoteConnectionToTargetCocoa.mm:233:21
    frame #16: 0x00000001225399dd JavaScriptCore`WTF::BlockPtr<void ()>::operator(this=0x000000012d6314d0)() const at BlockPtr.h:184:16
    frame #17: 0x000000012253969a JavaScriptCore`Inspector::RemoteTargetHandleRunSourceGlobal((null)=0x0000000000000000) at RemoteConnectionToTargetCocoa.mm:62:9
    frame #18: 0x00007fff50b91405 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
    frame #19: 0x00007fff50b913ab CoreFoundation`__CFRunLoopDoSource0 + 108
    frame #20: 0x00007fff50b74e51 CoreFoundation`__CFRunLoopDoSources0 + 195
    frame #21: 0x00007fff50b743fa CoreFoundation`__CFRunLoopRun + 1219
    frame #22: 0x00007fff50b73ce4 CoreFoundation`CFRunLoopRunSpecific + 463
    frame #23: 0x00007fff4fe0d895 HIToolbox`RunCurrentEventLoopInMode + 293
    frame #24: 0x00007fff4fe0d5cb HIToolbox`ReceiveNextEventCommon + 618
    frame #25: 0x00007fff4fe0d348 HIToolbox`_BlockUntilNextEventMatchingListInModeWithFilter + 64
    frame #26: 0x00007fff4e0ca95b AppKit`_DPSNextEvent + 997
    frame #27: 0x00007fff4e0c96fa AppKit`-[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1362
    frame #28: 0x00007fff4e0c375d AppKit`-[NSApplication run] + 699
    frame #29: 0x00007fff4e0b2e97 AppKit`NSApplicationMain + 780
    frame #30: 0x0000000100005fbb MiniBrowser`main(argc=5, argv=0x00007ffeefbff630) at main.m:32:12
    frame #31: 0x00007fff7dd67085 libdyld.dylib`start + 1
(lldb) 

In InspectorStyleSheet::buildObjectForStyleSheetInfo(), m_pageAgent is null so:
        .setFrameId(m_pageAgent->frameId(frame))
crashes.
Comment 1 Radar WebKit Bug Importer 2019-08-24 11:37:10 PDT
<rdar://problem/54674148>
Comment 2 Simon Fraser (smfr) 2019-08-24 11:38:14 PDT
Also happens with WK2.
Comment 3 Devin Rousso 2019-08-26 17:53:43 PDT
I think this was fixed in r248943 <https://trac.webkit.org/r248943> <https://webkit.org/b/200947>.

Does this reproduce with ToT (both Web Inspector (frontend) and MiniBrowser)?
Comment 4 Simon Fraser (smfr) 2019-09-03 14:25:16 PDT
Can't reproduce any more.