WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
272170
[iOS 17.5 beta] Crash in WebKit::ExtensionCapabilityGrant::operator=
https://bugs.webkit.org/show_bug.cgi?id=272170
Summary
[iOS 17.5 beta] Crash in WebKit::ExtensionCapabilityGrant::operator=
Ali Juma
Reported
2024-04-04 10:59:49 PDT
Chrome for iOS is getting reports of a new crash in iOS 17.5 beta, in WebKit::ExtensionCapabilityGrant::operator=. We don't have steps to reproduce, but the crash happens after the following exception: [Exception] BUG IN CLIENT OF RUNNINGBOARD: Dealloc called before invalidate for assertion <RBSAssertion:0x#| state:RBSAssertionStateValid descriptor:<<RBSAssertionDescriptor| "Browser Engine helper assertion targeting pid #" ID:#-#-# target:#<#-9-com.google.chrome.ios>>> The stack is: 0x0000000187292014 (libobjc.A.dylib + 0x00016014) objc_exception_throw 0x000000018e8f7864 (Foundation + 0x006de864) -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] 0x000000019e5edd08 (RunningBoardServices + 0x0001dd08) -[RBSAssertion dealloc] 0x000000022f8ce3f4 (BrowserEngineKit + 0x0001a3f4) __swift_memcpy0_1 0x000000018e03f368 (libswiftCore.dylib + 0x003ab368) _swift_release_dealloc 0x000000018e040484 (libswiftCore.dylib + 0x003ac484) bool swift::RefCounts<swift::RefCountBitsT<(swift::RefCountInlinedness)1>>::doDecrementSlow<(swift::PerformDeinit)1>(swift::RefCountBitsT<(swift::RefCountInlinedness)1>, unsigned int) 0x00000001a54f7974 (WebKit + 0x00697974) WebKit::ExtensionCapabilityGrant::operator=(WebKit::ExtensionCapabilityGrant&&) 0x00000001a54fc2fc (WebKit + 0x0069c2fc) WebKit::finalizeGrant(WTF::String const&, WebKit::AuxiliaryProcessProxy*, WebKit::ExtensionCapabilityGrant&&) 0x00000001a54fbde8 (WebKit + 0x0069bde8) WTF::Detail::CallableWrapper<auto WTF::NativePromise<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError, 0u>::whenSettled<WebKit::ExtensionCapabilityGranter::grant(WebKit::ExtensionCapability const&)::$_4>(WTF::RefCountedSerialFunctionDispatcher&, WebKit::ExtensionCapabilityGranter::grant(WebKit::ExtensionCapability const&)::$_4&&, WTF::Logger::LogSiteIdentifier const&)::'lambda'(std::experimental::fundamentals_v3::expected<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError>&&), void, auto WTF::NativePromise<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError, 0u>::whenSettled<WebKit::ExtensionCapabilityGranter::grant(WebKit::ExtensionCapability const&)::$_4>(WTF::RefCountedSerialFunctionDispatcher&, WebKit::ExtensionCapabilityGranter::grant(WebKit::ExtensionCapability const&)::$_4&&, WTF::Logger::LogSiteIdentifier const&)::'lambda'(std::experimental::fundamentals_v3::expected<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError>&&)>::call(auto WTF::NativePromise<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError, 0u>::whenSettled<WebKit::ExtensionCapabilityGranter::grant(WebKit::ExtensionCapability const&)::$_4>(WTF::RefCountedSerialFunctionDispatcher&, WebKit::ExtensionCapabilityGranter::grant(WebKit::ExtensionCapability const&)::$_4&&, WTF::Logger::LogSiteIdentifier const&)::'lambda'(std::experimental::fundamentals_v3::expected<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError>&&)) 0x00000001a54fc910 (WebKit + 0x0069c910) WTF::NativePromise<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError, 0u>::ThenCallback<false, void>::processResult(std::experimental::fundamentals_v3::expected<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError>&) 0x00000001a54fb508 (WebKit + 0x0069b508) WTF::Detail::CallableWrapper<WTF::NativePromise<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError, 0u>::ThenCallbackBase::dispatch(WTF::NativePromise<WebKit::PlatformExtensionCapabilityGrants, WebKit::ExtensionCapabilityGrantError, 0u>&, WTF::Locker<WTF::Lock>&)::'lambda'(), void>::call() 0x00000001a5e55cac (JavaScriptCore + 0x00059cac) WTF::RunLoop::performWork() 0x00000001a5e56bd4 (JavaScriptCore + 0x0005abd4) WTF::RunLoop::performWork(void*) 0x000000018f3c2870 (CoreFoundation + 0x00056870) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x000000018f3c2804 (CoreFoundation + 0x00056804) __CFRunLoopDoSource0 0x000000018f3c02d4 (CoreFoundation + 0x000542d4) __CFRunLoopDoSources0 0x000000018f3bf4c0 (CoreFoundation + 0x000534c0) __CFRunLoopRun 0x000000018f3bed14 (CoreFoundation + 0x00052d14) CFRunLoopRunSpecific 0x00000001d48311a4 (GraphicsServices + 0x000011a4) GSEventRunModal 0x00000001919f9fa8 (UIKitCore + 0x00408fa8) -[UIApplication _run] 0x0000000191aaded4 (UIKitCore + 0x004bced4) UIApplicationMain 0x00000001044a9e18 (Chrome -chrome_exe_main.mm:54) (anonymous namespace)::RunUIApplicationMain(int, char**) 0x00000001044a9e18 (Chrome -chrome_exe_main.mm:107) main 0x00000001b36d0e48 (dyld + 0x0003ce48) start
Attachments
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2024-04-05 12:47:37 PDT
<
rdar://problem/125984025
>
Per Arne Vollan
Comment 2
2024-04-05 16:31:11 PDT
Pull request:
https://github.com/WebKit/WebKit/pull/26920
EWS
Comment 3
2024-04-05 18:04:23 PDT
Committed
277141@main
(e63aaa4c4c28): <
https://commits.webkit.org/277141@main
> Reviewed commits have been landed. Closing PR #26920 and removing active labels.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug