search

LadybirdBrowser / ladybird

Truly independent web browser
https://ladybird.org
BSD 2-Clause "Simplified" License
18.7k stars 738 forks source link

macOS: AppKit chrome crashes when opening a new tab after closing a tab #404

Open ivyjsgit opened 1 month ago

ivyjsgit commented 1 month ago

I'm currently encountering an issue where Ladybird will crash with the following error message

VERIFICATION FAILED: !is_error() at /Users/ivy/Documents/ladybird/AK/Error.h:180
0   liblagom-ak.0.0.0.dylib             0x00000001013557e4 ak_verification_failed + 216
1   Ladybird                            0x0000000100df0158 _ZN2AK8FunctionIFNS_13NonnullRefPtrIN7WebView16WebContentClientEEEvEE15CallableWrapperIZ38-[LadybirdWebView setWebViewCallbacks]E3$_4E4callEv + 228
2   Ladybird                            0x0000000100df9158 AK::Function<AK::NonnullRefPtr<WebView::WebContentClient> ()>::operator()() const + 76
3   Ladybird                            0x0000000100df8c34 Ladybird::WebViewBridge::initialize_client(WebView::ViewImplementation::CreateNewClient) + 152
4   Ladybird                            0x0000000100de8470 -[LadybirdWebView init:] + 740
5   Ladybird                            0x0000000100dfc914 -[Tab init] + 256
6   Ladybird                            0x0000000100e020f8 -[TabController showWindow:] + 44
7   Ladybird                            0x0000000100dddf88 -[ApplicationDelegate createNewTab:fromTab:] + 64
8   Ladybird                            0x0000000100dddb3c -[ApplicationDelegate createNewTab:fromTab:activateTab:] + 52
9   Ladybird                            0x0000000100dfee1c -[TabController createNewTab:] + 148
10  AppKit                              0x000000019ea2ff58 -[NSApplication(NSResponder) sendAction:to:from:] + 460
11  AppKit                              0x000000019eaf7910 -[NSMenuItem _corePerformAction] + 372
12  AppKit                              0x000000019f1bebac _NSMenuPerformActionWithHighlighting + 152
13  AppKit                              0x000000019f021ba0 -[NSMenu _performKeyEquivalentForItemAtIndex:] + 172
14  AppKit                              0x000000019eaf6964 -[NSMenu performKeyEquivalent:] + 356
15  AppKit                              0x000000019f19408c routeKeyEquivalent + 444
16  AppKit                              0x000000019f191f34 -[NSApplication(NSEventRouting) sendEvent:] + 648
17  Ladybird                            0x0000000100ddbf18 -[Application sendEvent:] + 88
18  Ladybird                            0x0000000100df0e5c _ZN2AK8FunctionIFvRKN3Web8KeyEventEEE15CallableWrapperIZ38-[LadybirdWebView setWebViewCallbacks]E4$_14E4callES4_ + 88
19  liblagom-webview.0.0.0.dylib        0x00000001010f55a0 AK::Function<void (AK::Vector<AK::ByteString, 0ul> const&)>::operator()(AK::Vector<AK::ByteString, 0ul> const&) const + 76
20  liblagom-webview.0.0.0.dylib        0x00000001011113b8 WebView::ViewImplementation::did_finish_handling_input_event(AK::Badge<WebView::WebContentClient>, bool) + 108
21  liblagom-webview.0.0.0.dylib        0x0000000101123b04 non-virtual thunk to WebView::WebContentClient::did_finish_handling_input_event(unsigned long long, bool) + 56
22  liblagom-webview.0.0.0.dylib        0x000000010112567c WebContentClientStub::handle(IPC::Message const&) + 2240
23  liblagom-ipc.0.0.0.dylib            0x0000000100f6c508 IPC::ConnectionBase::handle_messages() + 224
24  liblagom-ipc.0.0.0.dylib            0x0000000100f6ddd4 AK::Function<void ()>::CallableWrapper<IPC::ConnectionBase::ConnectionBase(IPC::Stub&, AK::NonnullOwnPtr<Core::LocalSocket>, unsigned int)::$_1>::call() + 92
25  liblagom-core.0.0.0.dylib           0x0000000101008470 AK::Function<void ()>::operator()() const + 76
26  liblagom-core.0.0.0.dylib           0x0000000101008470 AK::Function<void ()>::operator()() const + 76
27  liblagom-core.0.0.0.dylib           0x000000010100d2f4 Core::EventReceiver::dispatch_event(Core::Event&, Core::EventReceiver*) + 112
28  Ladybird                            0x0000000100de25e8 Ladybird::socket_notifier(__CFSocket*, unsigned long, __CFData const*, void const*, void*) + 284
29  CoreFoundation                      0x000000019ad91284 __CFSocketPerformV0 + 944
30  CoreFoundation                      0x000000019ad686b8 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28
31  CoreFoundation                      0x000000019ad6864c __CFRunLoopDoSource0 + 176
32  CoreFoundation                      0x000000019ad683b0 __CFRunLoopDoSources0 + 244
33  CoreFoundation                      0x000000019ad66fa4 __CFRunLoopRun + 856
34  CoreFoundation                      0x000000019ad665dc CFRunLoopRunSpecific + 608
35  HIToolbox                           0x00000001a664e8b8 RunCurrentEventLoopInMode + 292
36  HIToolbox                           0x00000001a66546a8 ReceiveNextEventCommon + 636
37  HIToolbox                           0x00000001a665480c _BlockUntilNextEventMatchingListInModeWithFilter + 76
38  AppKit                              0x000000019e88f6f0 _DPSNextEvent + 660
39  AppKit                              0x000000019f193530 -[NSApplication(NSEventRouting) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 688
40  AppKit                              0x000000019e8827fc -[NSApplication run] + 480
41  Ladybird                            0x0000000100de2e38 Ladybird::CFEventLoopImplementation::exec() + 32
42  liblagom-core.0.0.0.dylib           0x0000000101005d2c Core::EventLoop::exec() + 56
43  liblagom-webview.0.0.0.dylib        0x00000001010f51c0 WebView::Application::exec() + 24
44  Ladybird                            0x0000000100dd9a30 serenity_main(Main::Arguments) + 1884
45  Ladybird                            0x0000000100e04f90 main + 216
46  dyld                                0x000000019a8ff274 start + 2840

I am on macOS 14.2 on ARM.

To reproduce this crash, do these steps:

  1. Open youtube.com
  2. In a new tab, open wikipedia.org
  3. Using the mouse, close the Youtube tab.
  4. Use the cmd+t shortcut to open a new tab

    Expected behavior:

    The app does not crash when opening a new tab during step 4

    Actual behavior:

    The app crashes

    Video evidence

    https://github.com/LadybirdBrowser/ladybird/assets/34287279/e75aef97-6f2f-4d09-8517-21e88bc40c7c

keatonhasse commented 1 month ago

I was looking into this issue this morning and from what I can tell it is related to this line.

https://github.com/LadybirdBrowser/ladybird/blob/e1c61d654f543f30a35b74b5d2cf2be3e6a79ed9/Ladybird/AppKit/Application/ApplicationDelegate.mm#L139

This issue doesn’t seem to be producible while debugging if that is relevant.

ADKaster commented 1 month ago

Hmm. I recently added a bunch of weak refs into the AppKit chrome to avoid leaking tabs when closing them, as we had a bunch of Arc magic causing all of our callbacks to hold a strong ref to the web view when creating a tab.

We also no longer strongly hold onto the "current tab".

cc @trflynn89

keatonhasse commented 1 month ago

A possible solution would be to mark this property strong instead of weak. https://github.com/LadybirdBrowser/ladybird/blob/98e1ae49f5288c9f25ad018b13b106369af8f75c/Ladybird/AppKit/UI/LadybirdWebView.mm#L62 But I haven't dealt with ARC for a while so I am not sure if would affect the changes made in https://github.com/LadybirdBrowser/ladybird/commit/598144d09c484c6e8a9c88eb1b885ada3ff6203d.