Bug 255102

Summary: REGRESSION (iOS 16.4): Chrome crashes in WebBackForwardCache::takeSuspendedPage
Product: WebKit Reporter: Ali Juma <ajuma>
Component: WebKit APIAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Crash log none

Description Ali Juma 2023-04-06 11:17:47 PDT 
Created attachment 465798 [details]
Crash log

Chrome for iOS is getting crash reports from a new crash in iOS 16.4, in WebBackForwardCache::takeSuspendedPage. We don't have steps to reproduce, but this seems to be correlated with getting a memory warning and then navigating back.

I've attached a crash log.

Here's the crashing stack:
Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000010
0   WebKit                        	0x00000001b4de6f7c WebKit::WebBackForwardCache::takeSuspendedPage(WebKit::WebBackForwardListItem&) + 260 (WebBackForwardCache.cpp:120)
1   WebKit                        	0x00000001b4e41858 WebKit::WebPageProxy::receivedNavigationPolicyDecision(WebCore::PolicyAction, API::Navigation*, WTF::Ref<API::NavigationAction, WTF::RawPtrTraits<API::NavigationAction> >&&, WebKit::ProcessSwapRequ... + 1120 (WebPageProxy.cpp:3638)
2   WebKit                        	0x00000001b4e7d4a0 WebKit::WebProcessPool::processForNavigation(WebKit::WebPageProxy&, API::Navigation const&, WTF::Ref<WebKit::WebProcessProxy, WTF::RawPtrTraits<WebKit::WebProcessProxy> >&&, WTF::URL const&, WebKit... + 76 (WebProcessPool.cpp:1834)
3   WebKit                        	0x00000001b4d7bd68 WTF::Detail::CallableWrapper<WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<IPC::Connection::AsyncReplyHandler>, WebK... + 64 (Function.h:53)
4   WebKit                        	0x00000001b5255230 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 712 (Connection.cpp:1245)
5   WebKit                        	0x00000001b5257b50 WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_15, void>::call() + 188 (Function.h:53)
6   JavaScriptCore                	0x00000001b54dc514 WTF::RunLoop::performWork() + 200 (RunLoop.cpp:147)
7   JavaScriptCore                	0x00000001b54dd3e0 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:46)
8   CoreFoundation                	0x00000001a1e68208 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 (CFRunLoop.c:1957)
9   CoreFoundation                	0x00000001a1e74864 __CFRunLoopDoSource0 + 176 (CFRunLoop.c:2001)
10  CoreFoundation                	0x00000001a1df96c8 __CFRunLoopDoSources0 + 244 (CFRunLoop.c:2038)
11  CoreFoundation                	0x00000001a1e0f1c4 __CFRunLoopRun + 828 (CFRunLoop.c:2953)
12  CoreFoundation                	0x00000001a1e144dc CFRunLoopRunSpecific + 612 (CFRunLoop.c:3418)
13  GraphicsServices              	0x00000001dd06835c GSEventRunModal + 164 (GSEvent.c:2196)
14  UIKitCore                     	0x00000001a41a037c -[UIApplication _run] + 888 (UIApplication.m:3773)
15  UIKitCore                     	0x00000001a419ffe0 UIApplicationMain + 340 (UIApplication.m:5363)
16  Chrome                        	0x00000001026066d8 0x102594000 + 468696
17  dyld                          	0x00000001c1290dec start + 2220 (dyldMain.cpp:1165)
Comment 1 Radar WebKit Bug Importer 2023-04-06 13:03:33 PDT 
<rdar://problem/107723629>
Comment 2 Chris Dumez 2023-04-06 19:26:23 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/12490
Comment 3 EWS 2023-04-07 09:24:56 PDT 
Committed 262709@main (2dbbdbf493db): <https://commits.webkit.org/262709@main>

Reviewed commits have been landed. Closing PR #12490 and removing active labels.