RESOLVED FIXED 203341
WebBackForwardCache::removeEntriesMatching() may re-enter and crash 
https://bugs.webkit.org/show_bug.cgi?id=203341
Summary WebBackForwardCache::removeEntriesMatching() may re-enter and crash
Chris Dumez
Reported 2019-10-23 15:05:57 PDT
WebBackForwardCache::removeEntriesMatching() may re-enter and crash: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebKit 0x00007fff40acb34f WTF::Detail::CallableWrapper<WebKit::WebBackForwardCache::removeEntriesForProcess(WebKit::WebProcessProxy&)::$_1, bool, WebKit::WebBackForwardListItem&>::call(WebKit::WebBackForwardListItem&) + 11 1 com.apple.WebKit 0x00007fff40ac91db WebKit::WebBackForwardCache::removeEntriesMatching(WTF::Function<bool (WebKit::WebBackForwardListItem&)> const&) + 79 2 com.apple.WebKit 0x00007fff40ac940d WebKit::WebBackForwardCache::removeEntriesForProcess(WebKit::WebProcessProxy&) + 59 3 com.apple.WebKit 0x00007fff40b45047 WebKit::WebProcessPool::disconnectProcess(WebKit::WebProcessProxy*) + 91 4 com.apple.WebKit 0x00007fff40b3ef96 WebKit::WebProcessProxy::shutDown() + 920 5 com.apple.WebKit 0x00007fff40b52cb2 WebKit::WebProcessProxy::decrementSuspendedPageCount() + 42 6 com.apple.WebKit 0x00007fff40abc576 WebKit::SuspendedPageProxy::~SuspendedPageProxy() + 512 7 com.apple.WebKit 0x00007fff40abc6c8 WebKit::SuspendedPageProxy::~SuspendedPageProxy() + 14 8 com.apple.WebKit 0x00007fff40ac9967 WebKit::WebBackForwardCacheEntry::~WebBackForwardCacheEntry() + 723 9 com.apple.WebKit 0x00007fff40a0c5a7 std::__1::unique_ptr<WebKit::WebBackForwardCacheEntry, std::__1::default_delete<WebKit::WebBackForwardCacheEntry> >::reset(WebKit::WebBackForwardCacheEntry*) + 25 10 com.apple.WebKit 0x00007fff40ac91f0 WebKit::WebBackForwardCache::removeEntriesMatching(WTF::Function<bool (WebKit::WebBackForwardListItem&)> const&) + 100 11 com.apple.WebKit 0x00007fff40ac945a WebKit::WebBackForwardCache::removeEntriesForSession(PAL::SessionID) + 58 12 com.apple.WebKit 0x00007fff40c152e4 WebKit::WebsiteDataStore::removeData(WTF::OptionSet<WebKit::WebsiteDataType>, WTF::WallTime, WTF::Function<void ()>&&) + 972 13 com.apple.WebKit 0x00007fff40a504f3 -[WKWebsiteDataStore removeDataOfTypes:modifiedSince:completionHandler:] + 159 14 com.apple.Safari.Shared 0x00007fff5e92318b -[WBSSiteMetadataManager siteMetadataProvider:getWebViewOfSize:withConfiguration:completionHandler:] + 686 15 com.apple.Safari.Shared 0x00007fff5e9332f1 -[WBSTouchIconCache webViewMetadataFetchOperation:getWebViewOfSize:withConfiguration:completionHandler:] + 111 16 com.apple.Safari.Shared 0x00007fff5e93f869 -[WBSWebViewMetadataFetchOperation _setUpWebViewAndStartOffscreenFetching] + 200 17 libdispatch.dylib 0x7fff69d4183d _dispatch_call_block_and_release + 12 (src/init.c:1452) 18 libdispatch.dylib 0x7fff69d427d5 _dispatch_client_callout + 8 (src/object.m:495) 19 libdispatch.dylib 0x7fff69d4de23 _dispatch_main_queue_callback_4CF + 936 (src/inline_internal.h:2497) 20 com.apple.CoreFoundation 0x7fff2f6663a3 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 9 (RunLoop.subproj/CFRunLoop.c:1749) 21 com.apple.CoreFoundation 0x7fff2f66598a __CFRunLoopRun + 2042 (RunLoop.subproj/CFRunLoop.c:3069) 22 com.apple.CoreFoundation 0x7fff2f664f13 CFRunLoopRunSpecific + 466 (RunLoop.subproj/CFRunLoop.c:3192) 23 com.apple.HIToolbox 0x7fff2e16676d RunCurrentEventLoopInMode + 292 (./Events/EventsCore/EventLoop.c:455) 24 com.apple.HIToolbox 0x7fff2e166485 ReceiveNextEventCommon + 584 (./Events/EventsCore/EventBlocking.c:354) 25 com.apple.HIToolbox 0x7fff2e166229 _BlockUntilNextEventMatchingListInModeWithFilter + 64 (./Events/EventsCore/EventBlocking.c:174) 26 com.apple.AppKit 0x7fff2c7f55c3 _DPSNextEvent + 889 (GraphicsContext.subproj/CGDPSReplacement.m:584) 27 com.apple.AppKit 0x7fff2c7f439d -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1352 (Events.subproj/appEventRouting.m:1355) 28 com.apple.Safari.framework 0x00007fff5deda7c8 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 251 29 com.apple.AppKit 0x7fff2c7eead5 -[NSApplication run] + 658 (AppKit.subproj/NSApplication.m:3309) 30 com.apple.AppKit 0x7fff2c7e079b NSApplicationMain + 777 (AppKit.subproj/NSApplication.m:8678) 31 com.apple.Safari.framework 0x00007fff5dec77d0 SafariMain + 480 32 libdyld.dylib 0x00007fff69d928a5 start + 1
Attachments
Patch (6.11 KB, patch)
2019-10-23 15:10 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2019-10-23 15:06:08 PDT
<rdar://problem/56553939>
Chris Dumez
Comment 2 2019-10-23 15:10:46 PDT
Created attachment 381735 [details] Patch
Geoffrey Garen
Comment 3 2019-10-23 15:18:39 PDT
Comment on attachment 381735 [details] Patch r=me
Chris Dumez
Comment 4 2019-10-23 19:29:29 PDT
Comment on attachment 381735 [details] Patch Clearing flags on attachment: 381735 Committed r251523: <https://trac.webkit.org/changeset/251523>
Chris Dumez
Comment 5 2019-10-23 19:29:30 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.