Bug 253383

Summary: REGRESSION (261190@main): Lots of tests crashing in WebPageProxy::createNewPage()
Product: WebKit Reporter: Simon Fraser (smfr) <simon.fraser>
Component: WebKit Misc.Assignee: Simon Fraser (smfr) <simon.fraser>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, bfulgham, pascoe, simon.fraser, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=253385

Description Simon Fraser (smfr) 2023-03-03 23:18:18 PST 
Lots of test crashes here:

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000010
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [842]

VM Regions Near 0x10:
--> 
    __TEXT                      10302d000-1030f5000    [  800K] r-x/r-x SM=COW  /Volumes/*

Application Specific Information:
CRASHING TEST: fast/html/broadcast-channel-between-different-sessions.html

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebKit              	0x0000000105d97369 WebKit::WebProcessProxy::consumeIfNotVerifiablyFromUIProcess(API::UserInitiatedAction&, std::__1::optional<WTF::UUID>) + 95
1   com.apple.WebKit              	0x0000000105d541c4 WebKit::WebPageProxy::createNewPage(WebKit::FrameInfoData&&, WTF::ObjectIdentifier<WebKit::WebPageProxyIdentifierType>, WebCore::ResourceRequest&&, WebCore::WindowFeatures&&, WebKit::NavigationActionData&&, WTF::CompletionHandler<void (std::__1::optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> >, std::__1::optional<WebKit::WebPageCreationParameters>)>&&) + 728
2   com.apple.WebKit              	0x00000001060b712e WebKit::WebPageProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) + 704
3   com.apple.WebKit              	0x000000010616b59e IPC::MessageReceiverMap::dispatchSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) + 272
4   com.apple.WebKit              	0x0000000105d95e0d WebKit::WebProcessProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) + 31
5   com.apple.WebKit              	0x0000000106167065 IPC::Connection::dispatchSyncMessage(IPC::Decoder&) + 259
6   com.apple.WebKit              	0x000000010616729a IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 216
7   com.apple.WebKit              	0x0000000106163d00 IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage::dispatch() + 42
8   com.apple.WebKit              	0x0000000106163f13 IPC::Connection::SyncMessageState::dispatchMessagesAndResetDidScheduleDispatchMessagesForConnection(IPC::Connection&) + 493
9   com.apple.JavaScriptCore      	0x00000001034bbbc1 WTF::RunLoop::performWork() + 545
10  com.apple.JavaScriptCore      	0x00000001034bc5c2 WTF::RunLoop::performWork(void*) + 34
11  com.apple.CoreFoundation      	0x00007fff2068ca8c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
12  com.apple.CoreFoundation      	0x00007fff2068c9f4 __CFRunLoopDoSource0 + 180
13  com.apple.CoreFoundation      	0x00007fff2068c76a __CFRunLoopDoSources0 + 242
14  com.apple.CoreFoundation      	0x00007fff2068b188 __CFRunLoopRun + 897
15  com.apple.CoreFoundation      	0x00007fff2068a740 CFRunLoopRunSpecific + 567
Comment 1 Radar WebKit Bug Importer 2023-03-03 23:18:41 PST 
<rdar://problem/106227636>
Comment 2 Simon Fraser (smfr) 2023-03-03 23:26:31 PST 
I am going to commit this to make tests not crash, but I don't know if it's correct:

diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp
index 27b1e5e2875635df87907564c6fb56647158751a..f629709a4b10642f5f1a702f3181f46d4db55148 100644
--- a/Source/WebKit/UIProcess/WebPageProxy.cpp
+++ b/Source/WebKit/UIProcess/WebPageProxy.cpp
@@ -6298,7 +6298,8 @@ void WebPageProxy::createNewPage(FrameInfoData&& originatingFrameInfoData, WebPa
     else
 #endif
         userInitiatedActivity = m_process->userInitiatedActivity(navigationActionData.userGestureTokenIdentifier);
-    if (m_preferences->verifyWindowOpenUserGestureFromUIProcess() && request.url().string() != Quirks::staticRadioPlayerURLString())
+
+    if (userInitiatedActivity && m_preferences->verifyWindowOpenUserGestureFromUIProcess() && request.url().string() != Quirks::staticRadioPlayerURLString())
         m_process->consumeIfNotVerifiablyFromUIProcess(*userInitiatedActivity, navigationActionData.userGestureAuthorizationToken);
 
     bool shouldOpenAppLinks = originatingFrameInfo->request().url().host() != request.url().host();
Comment 3 Simon Fraser (smfr) 2023-03-03 23:28:15 PST 
Pull request: https://github.com/WebKit/WebKit/pull/11065
Comment 4 EWS 2023-03-03 23:31:26 PST 
Committed 261215@main (5b368793a8c0): <https://commits.webkit.org/261215@main>

Reviewed commits have been landed. Closing PR #11065 and removing active labels.