Bug 255102

Summary: REGRESSION (iOS 16.4): Chrome crashes in WebBackForwardCache::takeSuspendedPage
Product: WebKit Reporter: Ali Juma <ajuma>
Component: WebKit APIAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Crash log none

Ali Juma
Reported 2023-04-06 11:17:47 PDT
Created attachment 465798 [details] Crash log Chrome for iOS is getting crash reports from a new crash in iOS 16.4, in WebBackForwardCache::takeSuspendedPage. We don't have steps to reproduce, but this seems to be correlated with getting a memory warning and then navigating back. I've attached a crash log. Here's the crashing stack: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000010 0 WebKit 0x00000001b4de6f7c WebKit::WebBackForwardCache::takeSuspendedPage(WebKit::WebBackForwardListItem&) + 260 (WebBackForwardCache.cpp:120) 1 WebKit 0x00000001b4e41858 WebKit::WebPageProxy::receivedNavigationPolicyDecision(WebCore::PolicyAction, API::Navigation*, WTF::Ref<API::NavigationAction, WTF::RawPtrTraits<API::NavigationAction> >&&, WebKit::ProcessSwapRequ... + 1120 (WebPageProxy.cpp:3638) 2 WebKit 0x00000001b4e7d4a0 WebKit::WebProcessPool::processForNavigation(WebKit::WebPageProxy&, API::Navigation const&, WTF::Ref<WebKit::WebProcessProxy, WTF::RawPtrTraits<WebKit::WebProcessProxy> >&&, WTF::URL const&, WebKit... + 76 (WebProcessPool.cpp:1834) 3 WebKit 0x00000001b4d7bd68 WTF::Detail::CallableWrapper<WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<IPC::Connection::AsyncReplyHandler>, WebK... + 64 (Function.h:53) 4 WebKit 0x00000001b5255230 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 712 (Connection.cpp:1245) 5 WebKit 0x00000001b5257b50 WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_15, void>::call() + 188 (Function.h:53) 6 JavaScriptCore 0x00000001b54dc514 WTF::RunLoop::performWork() + 200 (RunLoop.cpp:147) 7 JavaScriptCore 0x00000001b54dd3e0 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:46) 8 CoreFoundation 0x00000001a1e68208 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 (CFRunLoop.c:1957) 9 CoreFoundation 0x00000001a1e74864 __CFRunLoopDoSource0 + 176 (CFRunLoop.c:2001) 10 CoreFoundation 0x00000001a1df96c8 __CFRunLoopDoSources0 + 244 (CFRunLoop.c:2038) 11 CoreFoundation 0x00000001a1e0f1c4 __CFRunLoopRun + 828 (CFRunLoop.c:2953) 12 CoreFoundation 0x00000001a1e144dc CFRunLoopRunSpecific + 612 (CFRunLoop.c:3418) 13 GraphicsServices 0x00000001dd06835c GSEventRunModal + 164 (GSEvent.c:2196) 14 UIKitCore 0x00000001a41a037c -[UIApplication _run] + 888 (UIApplication.m:3773) 15 UIKitCore 0x00000001a419ffe0 UIApplicationMain + 340 (UIApplication.m:5363) 16 Chrome 0x00000001026066d8 0x102594000 + 468696 17 dyld 0x00000001c1290dec start + 2220 (dyldMain.cpp:1165)
Attachments
Crash log (39.40 KB, text/plain)
2023-04-06 11:17 PDT, Ali Juma 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2023-04-06 13:03:33 PDT
<rdar://problem/107723629>
Chris Dumez
Comment 2 2023-04-06 19:26:23 PDT
Pull request: https://github.com/WebKit/WebKit/pull/12490
EWS
Comment 3 2023-04-07 09:24:56 PDT
Committed 262709@main (2dbbdbf493db): <https://commits.webkit.org/262709@main> Reviewed commits have been landed. Closing PR #12490 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.