NEW 264188
NSInternalInconsistencyException raised in NSView, followed by crash 
https://bugs.webkit.org/show_bug.cgi?id=264188
Summary NSInternalInconsistencyException raised in NSView, followed by crash
Rich Siegel
Reported 2023-11-03 17:19:54 PDT
Recently we've been getting some crash report submissions from Yojimbo customers, with the crash occurring in code that uses legacy WebKit to generate a PDF from a web site. (This code predates WKWebView and the public WebKit2 APIs for generating PDFs, so we have to keep supporting it in the field for a while.) I've been able to reproduce it using Paparazzi <https://derailer.org/paparazzi/> , so I don't think it is a bug in our code specifically. A public URL which reproduces this crash is <https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-s2s.html>; you can plug that into Paparazzi's address bar to reproduce. The crash takes the form of an internal exception: Exception Name: NSInternalInconsistencyException Description: <WebLayerHostingFlippedView 0x7f9550f23c30> has reached dealloc but still has a super view. Super views strongly reference their children, so this is being over-released, or has been over-released in the past. User Info: { NSAssertFile = "NSView.m"; NSAssertLine = 1551; } 0 CoreFoundation 0x00007ff804258b72 __exceptionPreprocess + 242 1 libobjc.A.dylib 0x00007ff803d8041c objc_exception_throw + 48 2 Foundation 0x00007ff80508fcd8 -[NSCalendarDate initWithCoder:] + 0 3 AppKit 0x00007ff8072254fb -[NSView dealloc] + 322 4 libobjc.A.dylib 0x00007ff803d785fc _ZN19AutoreleasePoolPage12releaseUntilEPP11objc_object + 168 5 libobjc.A.dylib 0x00007ff803d75a89 objc_autoreleasePoolPop + 227 6 CoreFoundation 0x00007ff8041a5a26 _CFAutoreleasePoolPop + 22 7 CoreFoundation 0x00007ff8042ad912 __CFRunLoopPerCalloutARPEnd + 41 8 CoreFoundation 0x00007ff8041e18d0 __CFRunLoopRun + 2490 9 CoreFoundation 0x00007ff8041e08bc CFRunLoopRunSpecific + 560 10 HIToolbox 0x00007ff80e12bf3d RunCurrentEventLoopInMode + 292 11 HIToolbox 0x00007ff80e12bd4e ReceiveNextEventCommon + 657 12 HIToolbox 0x00007ff80e12baa8 _BlockUntilNextEventMatchingListInModeWithFilter + 64 13 AppKit 0x00007ff8071dc25c _DPSNextEvent + 858 14 AppKit 0x00007ff8071db106 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1214 15 AppKit 0x00007ff8071cd788 -[NSApplication run] + 586 16 AppKit 0x00007ff8071a19a1 NSApplicationMain + 817 17 dyld 0x0000000204e6a41f start + 1903 If the application is allowed to continue past this point, the exception is raised again, and subsequently the application will crash with what looks like an overrelease. The WebKit framework version on my machine (macOS 13.6.1, M1) is "18615.3.12.11.2". I do not yet know what the oldest WebKit version is that reproduces this crash. I *think* the issue is of recent onset, coincident with Safari 17 and the contemporary WebKit version, but I don't have a regression test case to back that up. I have also filed this using Feedback Assistant as FB13332340, in case that is useful.
Attachments
Crash log for Yojimbo as requested (136.32 KB, text/plain)
2023-11-06 10:59 PST, Rich Siegel 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2023-11-06 10:30:07 PST
rdar://117923158 Thank you for the report! With steps to reproduce and the sysdiagnose in Feedback Assistant, this should be actionable, however here are a few questions and comments that should help us better navigate the issue. - Yojimbo and Paparazzi are separate products if I understand correctly; are you saying that it's happening while unreproducible in Yojimbo, and reproduces at will in Paparazzi? - As you pointed out, the version of WebKit used corresponds to what shipped with the OS (aligned with Safari 16.x); installing Safari 17 on the machine should have to effect on these apps. - Could you please attach some more crash logs to FB13332340, including some from Yojimbo? The one included doesn't match anything captured automatically for some reason. - Do you happen to k ow if this reproduces in any other OS versions, especially macOS 14? My guess at this point is that this could be a WebKit or AppKit change that went into macOS 13.6.1 or some release around that, not a Safari 17 change.
Rich Siegel
Comment 2 2023-11-06 10:59:49 PST
Created attachment 468495 [details] Crash log for Yojimbo as requested
Rich Siegel
Comment 3 2023-11-06 11:06:40 PST
To answer your questions: > - Yojimbo and Paparazzi are separate products if I understand correctly; are you saying that it's happening while unreproducible in Yojimbo, and reproduces at will in Paparazzi? Yojimbo and Paparzzi are indeed distinct products. Using the test URL I provided, both products exhibit the same exception and crash. > - Could you please attach some more crash logs to FB13332340, including some from Yojimbo? The one included doesn't match anything captured automatically for some reason. Done, and I have attached a crash log from Yojimbo here as well. (The backtrace for the crash is different from the backtrace shown for the InternalConsistencyException.) > - Do you happen to k ow if this reproduces in any other OS versions, especially macOS 14? I have just reproduced it on macOS 14.2 (23C5030f) beta, and the backtrace is the same. The reported WebKit version from /System/Library/Frameworks is "19617.1.11.11.3".
Note You need to log in before you can comment on or make changes to this bug.