Bug 205677

Summary:

[13.3]Crash on [WKProcessAssertionBackgroundTaskManager _notifyAssertionsOfImminentSuspension]

Product:

WebKit

Reporter:

rhythm <rhythmkay>

Component:

WebKit Misc.

Assignee:

Nobody <webkit-unassigned>

Status:

NEW

Severity:

Normal

CC:

cdumez, jhebst8810, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

Other

Hardware:

iPhone / iPad

OS:

iOS 13

Attachments:

Description	Flags
the crash log	none

rhythm

Reported 2020-01-01 19:25:48 PST

Created attachment 386593 [details] the crash log iOS13.3, arm64 devices(excluding arm64e) crash at 0xfffffffffffffff8. According to our statistics, the app using WKWebView will randomly crash when entering background. The crash log can be found on the attachment. We disassemble the Webkit.framework and find that the execution of function 'copyToVector' returns invalid vector which cause the crash. Exception Type: SIGSEGV Exception Codes: SEGV_ACCERR at 0xfffffffffffffff8 Crashed Thread: 0 Thread 0 Crashed: 1 WebKit 0x0000000198682640 -[WKProcessAssertionBackgroundTaskManager _notifyAssertionsOfImminentSuspension] + 64 2 WebKit 0x00000001986828d0 ___64-[WKProcessAssertionBackgroundTaskManager _updateBackgroundTask]_block_invoke + 72 3 UIKitCore 0x0000000194ea4d60 -[_UIBackgroundTaskInfo fireExpirationHandler] + 60 4 UIKitCore 0x0000000194eae830 __fireBackgroundExpirationHandlers + 636 5 UIKitCore 0x0000000194eae4e0 -[UIApplication workspaceNoteAssertionExpirationImminent:] + 136 6 FrontBoardServices 0x0000000195f570c0 ___45-[FBSUIApplicationWorkspaceShim setDelegate:]_block_invoke_3 + 36 7 libdispatch.dylib 0x0000000190b0b180 __dispatch_client_callout + 12 8 libdispatch.dylib 0x0000000190ae5420 __dispatch_block_invoke_direct$VARIANT$armv81 + 216 9 FrontBoardServices 0x0000000195fa8410 ___FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK__ + 32 + 32 10 FrontBoardServices 0x0000000195fa80e0 -[FBSSerialQueue _queue_performNextIfPossible] + 400 11 FrontBoardServices 0x0000000195fa8600 -[FBSSerialQueue _performNextFromRunLoopSource] + 16 12 CoreFoundation 0x0000000190dbca00 ___CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 + 24 13 CoreFoundation 0x0000000190dbc950 ___CFRunLoopDoSource0 + 72 14 CoreFoundation 0x0000000190dbc0f0 ___CFRunLoopDoSources0 + 180 15 CoreFoundation 0x0000000190db7230 ___CFRunLoopRun + 1068 16 CoreFoundation 0x0000000190db6ad0 CFRunLoopRunSpecific + 452 17 GraphicsServices 0x000000019ad3c320 GSEventRunModal + 96 18 UIKitCore 0x0000000194eb1ae0 UIApplicationMain + 1936 19 mttlite 0x00000001009e2c80 main (main.mm:34) 20 libdyld.dylib 0x0000000190c40360 _start + 4

Attachments
the crash log (18.94 KB, text/plain) 2020-01-01 19:25 PST, rhythm	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2020-01-03 22:11:43 PST

<rdar://problem/58313653>

Chris Dumez

Comment 2 2020-01-06 08:57:52 PST

We do not use copyToVector() since https://trac.webkit.org/changeset/252811.

Note You need to log in before you can comment on or make changes to this bug.