Bug 247395

Summary: The crashy WebKit XPC service causes Safari to Crash on iOS
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: WebKit Process ModelAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, cdumez, david_quesada, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Michael Saboff
Reported 2022-11-02 17:21:35 PDT
We get crashes like: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 WebKit 0x1a434f6c0 void WebKit::WebProcessPool::sendToAllProcessesForSession<Messages::WebProcess::SetResourceLoadStatisticsEnabled>(Messages::WebProcess::SetResourceLoadStatisticsEnabled const&, PAL::SessionID) + 156 /Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h:132 1 WebKit 0x1a434f40c WebKit::WebsiteDataStore::setResourceLoadStatisticsEnabled(bool) + 168 /Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp:1605 2 WebKit 0x1a434f40c WebKit::WebsiteDataStore::setResourceLoadStatisticsEnabled(bool) + 168 /Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp:1605 3 WebKit 0x1a42569e8 WebKit::WebProcessPool::createNewWebProcess(WebKit::WebsiteDataStore*, WebKit::WebProcessProxy::CaptivePortalMode, WebKit::WebProcessProxy::IsPrewarmed, WebCore::CrossOriginMode) + 92 /Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/UIProcess/WebProcessPool.cpp:629 4 WebKit 0x1a4239648 WebKit::WebProcessPool::processForRegistrableDomain(WebKit::WebsiteDataStore&, WebCore::RegistrableDomain const&, WebKit::WebProcessProxy::CaptivePortalMode) + 888 /Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/UIProcess/WebProcessPool.cpp:1052 5 WebKit 0x1a427239c WebKit::WebProcessPool::createWebPage(WebKit::PageClient&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration> >&&) + 276 /Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/UIProcess/WebProcessPool.cpp:1098 6 WebKit 0x1a3c1a6a0 -[WKContentView _commonInitializationWithProcessPool:configuration:] + 68 /Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/UIProcess/ios/WKContentView.mm:172 7 WebKit 0x1a3c1a630 -[WKContentView initWithFrame:processPool:configuration:webView:] + 164 /Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/UIProcess/ios/WKContentView.mm:297 8 WebKit 0x1a3c18adc -[WKWebView _initializeWithConfiguration:] + 1096 /Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:386 9 WebKit 0x1a3c18680 -[WKWebView initWithFrame:configuration:] + 72 /Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:586 10 SafariSharedUI 0x1b18d0b70 __100-[WBSSiteMetadataManager siteMetadataProvider:getWebViewOfSize:withConfiguration:completionHandler:]_block_invoke + 56 /Library/Caches/com.apple.xbs/Sources/SafariShared/SafariShared/SiteMetadataManager/WBSSiteMetadataManager.m:784 11 SafariSharedUI 0x1b18d0aec -[WBSSiteMetadataManager siteMetadataProvider:getWebViewOfSize:withConfiguration:completionHandler:] + 712 /Library/Caches/com.apple.xbs/Sources/SafariShared/SafariShared/SiteMetadataManager/WBSSiteMetadataManager.m:790 12 SafariSharedUI 0x1b18e4818 -[WBSTouchIconCache webViewMetadataFetchOperation:getWebViewOfSize:withConfiguration:completionHandler:] + 100 /Library/Caches/com.apple.xbs/Sources/SafariShared/SafariShared/SiteMetadataManager/WBSTouchIconCache.mm:1008 13 SafariSharedUI 0x1b190aeb8 -[WBSWebViewMetadataFetchOperation _setUpWebViewAndStartOffscreenFetching] + 216 /Library/Caches/com.apple.xbs/Sources/SafariShared/SafariShared/SiteMetadataManager/WBSWebViewMetadataFetchOperation.m:52 14 libdispatch.dylib 0x1980d14b4 _dispatch_call_block_and_release + 32 /Library/Caches/com.apple.xbs/Sources/libdispatch/src/init.c:1518 15 libdispatch.dylib 0x1980d2fdc _dispatch_client_callout + 20 /Library/Caches/com.apple.xbs/Sources/libdispatch/src/object.m:560 16 libdispatch.dylib 0x1980e17f4 _dispatch_main_queue_drain + 928 /Library/Caches/com.apple.xbs/Sources/libdispatch/src/inline_internal.h:2632 17 libdispatch.dylib 0x1980e1444 _dispatch_main_queue_callback_4CF + 44 /Library/Caches/com.apple.xbs/Sources/libdispatch/src/queue.c:7887 18 CoreFoundation 0x190b566d8 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 16 /Library/Caches/com.apple.xbs/Sources/CoreFoundation/CoreFoundation/RunLoop.subproj/CFRunLoop.c:1780 19 CoreFoundation 0x190b3803c __CFRunLoopRun + 2036 /Library/Caches/com.ap The problem is that the WebProcessProxy for a crashing WebProcess doesn't have a WebsiteDataStore associated with it, so we can't get a SessionID for matching in sendToAllProcessesForSession().
Attachments
Add attachment proposed patch, testcase, etc.
Michael Saboff
Comment 1 2022-11-02 17:21:50 PDT
<rdar://101876374>
Michael Saboff
Comment 2 2022-11-02 17:32:55 PDT
Pull request: https://github.com/WebKit/WebKit/pull/6066
EWS
Comment 3 2022-11-07 17:20:32 PST
Committed 256434@main (2fb42dcd321a): <https://commits.webkit.org/256434@main> Reviewed commits have been landed. Closing PR #6066 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.