212537 – ASSERTION FAILURE (r220931): !m_function in ~CompletionHandler() after switch tabs

RESOLVED FIXED 212537

ASSERTION FAILURE (r220931): !m_function in ~CompletionHandler() after switch tabs

https://bugs.webkit.org/show_bug.cgi?id=212537

Summary ASSERTION FAILURE (r220931): !m_function in ~CompletionHandler() after switch...

Daniel Bates

Reported 2020-05-29 11:30:00 PDT

Seen on iOS when switching tabs. Backtrace looks like: #0 0x000000013000120e in ::WTFCrash() #1 0x00000001010df977 in WTF::CompletionHandler<void ()>::~CompletionHandler() #2 0x00000001010dd155 in WTF::CompletionHandler<void ()>::~CompletionHandler() #3 0x00000001022f60ee in WebKit::WebProcess::prepareToSuspend(bool, WTF::CompletionHandler<void ()>&&)::$_8::~$_8() #4 0x00000001022e7495 in WebKit::WebProcess::prepareToSuspend(bool, WTF::CompletionHandler<void ()>&&)::$_8::~$_8() #5 0x0000000102314c95 in WTF::Detail::CallableWrapper<WebKit::WebProcess::prepareToSuspend(bool, WTF::CompletionHandler<void ()>&&)::$_8, void, bool>::~CallableWrapper() #6 0x0000000102314b95 in WTF::Detail::CallableWrapper<WebKit::WebProcess::prepareToSuspend(bool, WTF::CompletionHandler<void ()>&&)::$_8, void, bool>::~CallableWrapper() #7 0x0000000102314bbc in WTF::Detail::CallableWrapper<WebKit::WebProcess::prepareToSuspend(bool, WTF::CompletionHandler<void ()>&&)::$_8, void, bool>::~CallableWrapper() #8 0x000000010113e06f in std::__1::default_delete<WTF::Detail::CallableWrapperBase<void, bool> >::operator()(WTF::Detail::CallableWrapperBase<void, bool>*) #9 0x000000010113dfef in std::__1::unique_ptr<WTF::Detail::CallableWrapperBase<void, bool>, std::__1::default_delete<WTF::Detail::CallableWrapperBase<void, bool> > >::reset(WTF::Detail::CallableWrapperBase<void, bool>*) #10 0x000000010113df89 in std::__1::unique_ptr<WTF::Detail::CallableWrapperBase<void, bool>, std::__1::default_delete<WTF::Detail::CallableWrapperBase<void, bool> > >::~unique_ptr() #11 0x000000010113df65 in std::__1::unique_ptr<WTF::Detail::CallableWrapperBase<void, bool>, std::__1::default_delete<WTF::Detail::CallableWrapperBase<void, bool> > >::~unique_ptr() #12 0x000000010113df45 in WTF::Function<void (bool)>::~Function() #13 0x000000010113dec5 in WTF::Function<void (bool)>::~Function() #14 0x00000001022f6c7e in WebKit::WebProcess::markAllLayersVolatile(WTF::Function<void (bool)>&&)::$_2::~$_2() #15 0x00000001022e7585 in WebKit::WebProcess::markAllLayersVolatile(WTF::Function<void (bool)>&&)::$_2::~$_2() ...

Attachments
Patch (15.39 KB, patch) 2020-05-29 14:21 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2020-05-29 11:30:14 PDT

<rdar://problem/63766838>

Daniel Bates

Comment 2 2020-05-29 12:19:08 PDT

Steps to repro: 1. Open one tab to apple.com 2. Create a new tab showing favorites view 3. Switch to apple.com

Chris Dumez

Comment 3 2020-05-29 12:21:14 PDT

I suspect the issue could be related to WebProcess::cancelMarkAllLayersVolatile(), which I believe gets called when cancelling suspension. cancelMarkAllLayersVolatile() destroys m_pageMarkingLayersAsVolatileCounter which may not have called its CompletionHandler yet.

Chris Dumez

Comment 4 2020-05-29 12:50:51 PDT

(In reply to Chris Dumez from comment #3) > I suspect the issue could be related to > WebProcess::cancelMarkAllLayersVolatile(), which I believe gets called when > cancelling suspension. cancelMarkAllLayersVolatile() destroys > m_pageMarkingLayersAsVolatileCounter which may not have called its > CompletionHandler yet. Yes, this is what I see: Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 WebKit 0x0000000101014b20 WTFCrashWithInfo(int, char const*, char const*, int) + 20 1 WebKit 0x00000001014930c4 WTF::Detail::CallableWrapper<WebKit::WebProcess::markAllLayersVolatile(WTF::CompletionHandler<void (bool)>&&)::$_2, void, WTF::RefCounterEvent>::call(WTF::RefCounterEvent) + 0 2 WebKit 0x0000000101493560 std::__1::unique_ptr<WTF::RefCounter<WebKit::WebProcess::PageMarkingLayersAsVolatileCounterType>, std::__1::default_delete<WTF::RefCounter<WebKit::WebProcess::PageMarkingLayersAsVolatileCounterType> > >::reset(WTF::RefCounter<WebKit::WebProcess::PageMarkingLayersAsVolatileCounterType>*) + 76 3 WebKit 0x000000010148edfc WebKit::WebProcess::cancelMarkAllLayersVolatile() + 40 4 WebKit 0x000000010148f080 WebKit::WebProcess::processDidResume() + 192 5 WebKit 0x000000010102e4d0 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 204 6 WebKit 0x000000010102e780 IPC::Connection::dispatchOneIncomingMessage() + 232 7 JavaScriptCore 0x00000001039aa324 WTF::RunLoop::performWork() + 688 8 JavaScriptCore 0x00000001039aa4e0 WTF::RunLoop::performWork(void*) + 36 9 CoreFoundation 0x00000001b1c5bb04 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24

Chris Dumez

Comment 5 2020-05-29 14:21:10 PDT

Created attachment 400616 [details] Patch

EWS

Comment 6 2020-06-01 09:30:57 PDT

Committed r262380: <https://trac.webkit.org/changeset/262380> All reviewed patches have been landed. Closing bug and clearing flags on attachment 400616 [details].

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware iPhone / iPad

OS iOS 13

Product WebKit

Component WebKit Misc.

Assignee

Chris Dumez

Reported

2020-05-29 11:30 PDT

Modified

2020-06-01 09:30 PDT History

CC List

5 users Show

URL

Keywords InRadar, Regression

Depends on

175721

Blocks

Dependencies

tree graph