213891 – Crash under WebKit::NetworkProcessProxy::updateProcessAssertion()

Bug 213891 - Crash under WebKit::NetworkProcessProxy::updateProcessAssertion()

Summary: Crash under WebKit::NetworkProcessProxy::updateProcessAssertion()

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-07-02 10:43 PDT by Chris Dumez
Modified:	2020-07-02 11:45 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Patch (2.26 KB, patch) 2020-07-02 10:47 PDT, Chris Dumez	achristensen: review+ achristensen: commit-queue-	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2020-07-02 10:43:31 PDT

Crash under WebKit::NetworkProcessProxy::updateProcessAssertion():
Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0   WebKit                        	0x000000018c95be14 WebKit::NetworkProcessProxy::updateProcessAssertion() + 184 (ProcessThrottler.h:80)
1   WebKit                        	0x000000018c89d9c8 WebKit::WebProcessPool::updateProcessAssertions() + 32 (WebProcessPool.cpp:2109)
2   WebKit                        	0x000000018c89d9c8 WebKit::WebProcessPool::updateProcessAssertions() + 32 (WebProcessPool.cpp:2109)
3   WebKit                        	0x000000018c8a3634 WebKit::WebProcessProxy::didSetAssertionType(WebKit::ProcessAssertionType) + 1124 (Function.h:84)
4   WebKit                        	0x000000018c817044 WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType) + 396 (ProcessThrottler.cpp:135)
5   WebKit                        	0x000000018c816d54 WebKit::ProcessThrottler::updateAssertionIfNeeded() + 412 (ProcessThrottler.cpp:163)
6   WebKit                        	0x000000018c7d8cdc WebKit::ProcessThrottler::Activity<(WebKit::ProcessThrottler::ActivityType)0>::Activity(WebKit::ProcessThrottler&, WTF::ASCIILiteral) + 76 (ProcessThrottler.cpp:64)
7   WebKit                        	0x000000018c7fa9b4 WebKit::AuxiliaryProcessProxy::sendMessage(std::__1::unique_ptr<IPC::Encoder, std::__1::default_delete<IPC::Encoder> >, WTF::OptionSet<IPC::SendOption>, WTF::Optional<std::__1::pair<WTF::CompletionHandler<void (IPC::Decoder*)>, unsigned long long> >&&, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity) + 152 (ProcessThrottler.h:66)
8   WebKit                        	0x000000018c84001c WebKit::WebBackForwardCacheEntry::~WebBackForwardCacheEntry() + 324 (AuxiliaryProcessProxy.h:187)
9   WebKit                        	0x000000018c7821e0 std::__1::unique_ptr<WebKit::WebBackForwardCacheEntry, std::__1::default_delete<WebKit::WebBackForwardCacheEntry> >::reset(WebKit::WebBackForwardCacheEntry*) + 28 (WebBackForwardCacheEntry.cpp:50)
10  WebKit                        	0x000000018c83f6a0 WebKit::WebBackForwardCache::removeEntry(WebKit::WebBackForwardListItem&) + 132 (memory:2517)
11  WebKit                        	0x000000018c83fccc WebKit::WebBackForwardCache::pruneToSize(unsigned int) + 136 (WebBackForwardCache.cpp:54)
12  WebKit                        	0x000000018c836dd4 WebKit::WebProcessPool::applicationIsAboutToSuspend() + 124 (WebProcessPoolCocoa.mm:892)
13  WebKit                        	0x000000018c836e40 WebKit::WebProcessPool::notifyProcessPoolsApplicationIsAboutToSuspend() + 56 (WebProcessPoolCocoa.mm:899)
14  WebKit                        	0x000000018c8e3df8 -[WKProcessAssertionBackgroundTaskManager _releaseBackgroundTask] + 140 (ProcessAssertionIOS.mm:257)
15  WebKit                        	0x000000018c8e4bb0 WebKit::ProcessAndUIAssertion::~ProcessAndUIAssertion() + 72 (ProcessAssertionIOS.mm:496)
16  WebKit                        	0x000000018c8e4be8 WebKit::ProcessAndUIAssertion::~ProcessAndUIAssertion() + 12 (ProcessAssertionIOS.mm:494)
17  WebKit                        	0x000000018c81700c WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType) + 340 (ProcessThrottler.cpp:0)
18  WebKit                        	0x000000018c8174b8 WebKit::ProcessThrottler::sendPrepareToSuspendIPC(WebKit::IsSuspensionImminent) + 588 (ProcessThrottler.cpp:217)
19  WebKit                        	0x000000018c816e70 WebKit::ProcessThrottler::removeActivity(WebKit::ProcessThrottler::Activity<(WebKit::ProcessThrottler::ActivityType)0>&) + 112 (ProcessThrottler.cpp:76)
20  WebKit                        	0x000000018c650f74 WebKit::ProcessThrottler::Activity<(WebKit::ProcessThrottler::ActivityType)0>::invalidate() + 196 (ProcessThrottler.h:94)
21  WebKit                        	0x000000018c650e94 std::__1::unique_ptr<WebKit::ProcessThrottler::Activity<(WebKit::ProcessThrottler::ActivityType)0>, std::__1::default_delete<WebKit::ProcessThrottler::Activity<(WebKit::ProcessThrottler::ActivityType)0> > >::reset(WebKit::ProcessThrottler::Activity<(WebKit::ProcessThrottler::ActivityType)0>*) + 40 (ProcessThrottler.h:77)
22  WebKit                        	0x000000018c95be9c WebKit::NetworkProcessProxy::updateProcessAssertion() + 320 (Variant.h:1471)
23  WebKit                        	0x000000018c89d9c8 WebKit::WebProcessPool::updateProcessAssertions() + 32 (WebProcessPool.cpp:2109)
24  WebKit                        	0x000000018c8a3364 WebKit::WebProcessProxy::didSetAssertionType(WebKit::ProcessAssertionType) + 404 (Function.h:84)
25  WebKit                        	0x000000018c817044 WebKit::ProcessThrottler::setAssertionType(WebKit::ProcessAssertionType) + 396 (ProcessThrottler.cpp:135)
26  WebKit                        	0x000000018c81692c WebKit::ProcessThrottler::prepareToSuspendTimeoutTimerFired() + 144 (ProcessThrottler.cpp:181)
27  JavaScriptCore                	0x00000001958fa568 WTF::RunLoop::TimerBase::timerFired(__CFRunLoopTimer*, void*) + 40 (RunLoopCF.cpp:91)

Comment 1 Chris Dumez 2020-07-02 10:43:42 PDT

<rdar://problem/65017909>

Comment 2 Chris Dumez 2020-07-02 10:47:40 PDT

Created attachment 403377 [details]
Patch

Comment 3 Alex Christensen 2020-07-02 10:50:30 PDT

Comment on attachment 403377 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=403377&action=review

> Source/WebKit/ChangeLog:12
> +        to get call again, in which case we may dereference m_activityFromWebProcesses and

called

> Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp:1529
> +    // function while in the middle of the assignment.

during the destructor before setting m_activityFromWebProcesses

Comment 4 Chris Dumez 2020-07-02 11:45:40 PDT

Committed r263852: <https://trac.webkit.org/changeset/263852>