212790 – UIProcess may crash after its prewarmed WebProcess gets terminated

Bug 212790 - UIProcess may crash after its prewarmed WebProcess gets terminated

Summary: UIProcess may crash after its prewarmed WebProcess gets terminated

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-06-04 16:04 PDT by Chris Dumez
Modified:	2020-06-04 17:04 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
Patch (4.40 KB, patch) 2020-06-04 16:06 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2020-06-04 16:04:24 PDT

UIProcess may crash after its prewarmed WebProcess gets terminated:
 ASSERTION FAILED: m_websiteDataStore
 Source/WebKit/UIProcess/WebProcessProxy.cpp(1610) : PAL::SessionID WebKit::WebProcessProxy::sessionID() const
 1   0x1021b9a9c WTFCrash
 2   0x108cb2f14 WTF::DumbPtrTraits<WTF::StringImpl>::unwrap(WTF::StringImpl* const&)
 3   0x109b7f708 WebKit::WebProcessProxy::sessionID() const
 4   0x109b7f478 WebKit::WebProcessPool::disconnectProcess(WebKit::WebProcessProxy*)
 5   0x109b756f0 WebKit::WebProcessProxy::shutDown()
 6   0x109b8e87c WebKit::WebProcessProxy::processDidTerminateOrFailedToLaunch()
 7   0x109b8e614 WebKit::WebProcessProxy::didClose(IPC::Connection&)
 8   0x108d4bad4 IPC::Connection::connectionDidClose()::$_6::operator()()
 9   0x108d4b9c0 WTF::Detail::CallableWrapper<IPC::Connection::connectionDidClose()::$_6, void>::call()
 10  0x10397e8dc WTF::Function<void ()>::operator()() const
 11  0x102244d70 WTF::RunLoop::performWork()
 12  0x1022457d0 WTF::RunLoop::performWork(void*)

Comment 1 Chris Dumez 2020-06-04 16:04:37 PDT

<rdar://problem/63696191>

Comment 2 Chris Dumez 2020-06-04 16:06:43 PDT

Created attachment 401086 [details]
Patch

Comment 3 Geoffrey Garen 2020-06-04 16:12:57 PDT

Comment on attachment 401086 [details]
Patch

r=me

Comment 4 Darin Adler 2020-06-04 16:18:16 PDT

Comment on attachment 401086 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=401086&action=review

> Source/WebKit/UIProcess/WebProcessPool.cpp:1200
> +        auto removedProcess = m_dummyProcessProxies.take(process->sessionID());
> +        ASSERT_UNUSED(removedProcess, removedProcess == process);

Could also write this:

    ASSERT(m_dummyProcessProxies.get(process->sessionID()) == process);
    m_dummyProcessProxies.remove(process->sessionID());

Comment 5 EWS 2020-06-04 17:04:18 PDT

Committed r262588: <https://trac.webkit.org/changeset/262588>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 401086 [details].