NEW 189660
iOS Crash in WebKit IPC::Connection::markCurrentlyDispatchedMessageAsInvalid() 
https://bugs.webkit.org/show_bug.cgi?id=189660
Summary iOS Crash in WebKit IPC::Connection::markCurrentlyDispatchedMessageAsInvalid()
Elena
Reported 2018-09-17 04:28:49 PDT
I have multiple crash reports from the iOS-app which is using WebKit. Couldn't reproduce it. Most of the crashes appear on iOS 11, one of them is from iOS 12(15C114). The crashlog for the crashed thread is the following: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x000000000000006a VM Region Info: 0x6a is not in any region. Bytes before following region: 4312285078 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL UNUSED SPACE AT START ---> __TEXT 0000000101084000-0000000101088000 [ 16K] r-x/r-x SM=COW ...p.app/MyApp Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [0] Triggered by Thread: 0 Thread 0 name: Thread 0 Crashed: 0 WebKit 0x00000001934d0fd0 IPC::Connection::markCurrentlyDispatchedMessageAsInvalid() + 4 (Connection.cpp:358) 1 WebKit 0x0000000193561774 WebKit::NetworkProcessProxy::didReceiveAuthenticationChallenge(unsigned long long, unsigned long long, WebCore::AuthenticationChallenge const&, unsigned long long) + 200 (NetworkProcessProxy.cpp:290) 2 WebKit 0x00000001935645d0 void IPC::handleMessage<Messages::NetworkProcessProxy::DidReceiveAuthenticationChallenge, WebKit::NetworkProcessProxy, void (WebKit::NetworkProcessProxy::*)(unsigned long long, unsigned long long, WebCore::AuthenticationChallenge const&, unsigned long long)>(IPC::Decoder&, WebKit::NetworkProcessProxy*, void (WebKit::NetworkProcessProxy::*)(unsigned long long, unsigned long long, WebCore::AuthenticationChallenge const&, unsigned long long)) + 164 (HandleMessage.h:40) 3 WebKit 0x00000001934d0618 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 164 (Connection.cpp:907) 4 WebKit 0x00000001934d3020 IPC::Connection::dispatchOneMessage() + 232 (Connection.cpp:965) 5 JavaScriptCore 0x000000018b138198 WTF::RunLoop::performWork() + 348 (Function.h:56) 6 JavaScriptCore 0x000000018b138408 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38) 7 CoreFoundation 0x0000000183aab404 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 (CFRunLoop.c:1982) 8 CoreFoundation 0x0000000183aaac2c __CFRunLoopDoSources0 + 276 (CFRunLoop.c:2017) 9 CoreFoundation 0x0000000183aa879c __CFRunLoopRun + 1204 (CFRunLoop.c:2920) 10 CoreFoundation 0x00000001839c8da8 CFRunLoopRunSpecific + 552 (CFRunLoop.c:3245) 11 GraphicsServices 0x00000001859ad020 GSEventRunModal + 100 (GSEvent.c:2245) 12 UIKit 0x000000018d9e5758 UIApplicationMain + 236 (UIApplication.m:3965) 13 MyApp 0x00000001012836d8 main + 96 (main.mm:15) 14 libdyld.dylib 0x0000000183459fc0 start + 4
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2018-09-19 10:19:27 PDT
> Couldn't reproduce it. Most of the crashes appear on iOS 11, one of them is from iOS 12(15C114). Could you please verify if there are any iOS 12 crashes? 15C114 is iOS 11.2, not 12. I don't know of a specific fix, however there were many changes to networking code, so this may well have gone away. Would you mind uploading a complete unredacted crash log? You can also file an Apple bug via https://bugreport.apple.com if you don't want it to be publicly visible. Please reference the bug number here if you do. See also (for Apple employees): rdar://problem/35955090
Elena
Comment 2 2018-09-20 03:43:55 PDT
(In reply to Alexey Proskuryakov from comment #1) > > Couldn't reproduce it. Most of the crashes appear on iOS 11, one of them is from iOS 12(15C114). > > Could you please verify if there are any iOS 12 crashes? 15C114 is iOS 11.2, > not 12. I don't know of a specific fix, however there were many changes to > networking code, so this may well have gone away. My mistake, there are three crashes on iOS 12 - one for 16A5364a and two for 16A366. > Would you mind uploading a complete unredacted crash log? You can also file > an Apple bug via https://bugreport.apple.com if you don't want it to be > publicly visible. Please reference the bug number here if you do. I have filled the bug with attached full crashlogs here: https://bugreport.apple.com/web/?problemID=44636009
Alexey Proskuryakov
Comment 3 2018-09-20 09:40:04 PDT
rdar://problem/44636009
Note You need to log in before you can comment on or make changes to this bug.