Bug 191689

Summary: Crash in [WKWebView _addUpdateVisibleContentRectPreCommitHandler]
Product: WebKit Reporter: Volodymyr <vkosmirak>
Component: WebKit APIAssignee: Nobody <webkit-unassigned>
Status: REOPENED    
Severity: Normal CC: ddkilzer, simon.fraser, thorton, vkosmirak, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: iPhone / iPad   
OS: All   
URL: https://openradar.appspot.com/radar?id=6067351325769728
See Also: https://bugs.webkit.org/show_bug.cgi?id=187376
Attachments:
Description Flags
Crashes 1) iOS 11.4.1, 2) iOS 11.2.6 3) Crash iOS 12.0.0 (app in background) none

Volodymyr
Reported 2018-11-15 07:29:21 PST
Created attachment 354931 [details] Crashes 1) iOS 11.4.1, 2) iOS 11.2.6 3) Crash iOS 12.0.0 (app in background) Environment: iPad iOS 11.2.6, 11.4.1, 12.0.0 Summary: Fantom rare crash (0.01%) happens inside WKWebView for our users (through Crashlitic). Not able to reproduce in debug mode. ```
 #0. Crashed: com.apple.main-thread 0 libobjc.A.dylib 0x180960910 objc_msgSend + 16 1 WebKit 0x1914b5aac __57-[WKWebView _addUpdateVisibleContentRectPreCommitHandler]_block_invoke + 32 2 QuartzCore 0x1858b4650 CA::Transaction::run_commit_handlers(CATransactionPhase) + 64 3 QuartzCore 0x18588cd08 CA::Context::commit_transaction(CA::Transaction*) + 1920 4 QuartzCore 0x1858b41b0 CA::Transaction::commit() + 580 5 QuartzCore 0x1858b5030 CA::Transaction::observer_callback(__CFRunLoopObserver*, unsigned long, void*) + 92 6 CoreFoundation 0x18173a910 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 32 7 CoreFoundation 0x181738238 __CFRunLoopDoObservers + 412 8 CoreFoundation 0x181738884 __CFRunLoopRun + 1436 9 CoreFoundation 0x181658da8 CFRunLoopRunSpecific + 552 10 GraphicsServices 0x18363e020 GSEventRunModal + 100 11 UIKit 0x18b678758 UIApplicationMain + 236 12 OCE 0x100c36d50 main (main.swift:29) 13 libdyld.dylib 0x1810e9fc0 start + 4
 ``` Steps to reproduce: None. Happens occasionally Attachment: Full crash logs
Attachments
Crashes 1) iOS 11.4.1, 2) iOS 11.2.6 3) Crash iOS 12.0.0 (app in background) (26.53 KB, text/plain)
2018-11-15 07:29 PST, Volodymyr 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2018-11-18 08:45:29 PST
<rdar://problem/46095080>
David Kilzer (:ddkilzer)
Comment 2 2018-11-18 08:50:57 PST
I wrote myself a note from WWDC 2018 about this method because another external developer talked to me about this crash as well. The only thing I wrote down is that we should use a weak reference instead of a strong reference in the block: <https://trac.webkit.org/browser/trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm#L2775> The only reason to use a weak reference here would be to protect against some other code over-releasing the WKWebView object, though, because the strong reference should work just fine. Interestingly, Simon Fraser made this change during iOS 12 development (during the public seeds): Bug 187376: Address two possible causes of missing tiles in iOS Safari, and add logging to gather more data about other possible causes <https://bugs.webkit.org/show_bug.cgi?id=187376> <https://trac.webkit.org/r233561> According to our internal crash data, this crash was last seen in iOS 12 Dev Seed 3/Public Seed 2 (build 16A5318d). Are you seeing this crash after that build? It seems like this is fixed in iOS 12.0 and later.
David Kilzer (:ddkilzer)
Comment 3 2018-11-18 08:54:48 PST
Also, prior to iOS 12, the crash signature looks like this: 1 WebKit 0x1914b5aac __57-[WKWebView _addUpdateVisibleContentRectPreCommitHandler]_block_invoke + 32 In your iOS 12 crash (build 16A366), the signature looks like this: 1 WebKit 0x22ecce2a8 -[WKWebView _addUpdateVisibleContentRectPreCommitHandler]::$_2::operator()() const + 56 So it seems like the crash signature changed.
David Kilzer (:ddkilzer)
Comment 4 2018-11-18 09:07:22 PST
Tracking internally with this earlier radar: <rdar://problem/40640475>
Note You need to log in before you can comment on or make changes to this bug.