[Webkit-unassigned] [Bug 204796] New: [iOS 13] Crash in NetworkProcessProxy::takeUploadAssertion

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Dec 3 08:33:48 PST 2019 

https://bugs.webkit.org/show_bug.cgi?id=204796

            Bug ID: 204796
           Summary: [iOS 13] Crash in
                    NetworkProcessProxy::takeUploadAssertion
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Page Loading
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ajuma at chromium.org
                CC: beidson at apple.com, youennf at gmail.com

Chrome for iOS is getting a moderate number of crashes reported in NetworkProcessProxy::takeUploadAssertion, which seem to be from WebProcessPool::setWebProcessHasUploads calling takeUploadAssertion on a null m_networkProcess.

We don't have steps to reproduce, but this happens most commonly on https://www.homedepot.com, on various product pages and search pages (e.g., https://www.homedepot.com/p/Supreme-Oil-Supreme-Deep-Frying-Oil-with-PNT-Oil-384-fl-oz-1879/202532163, https://www.homedepot.com/s/fence%2520staples?searchtype=suggest&NCNI-5).

All reports are from iOS 13.0 and above, including 13.3 beta.

Would checking for a null m_networkProcess in WebProcessPool::setWebProcessHasUploads be an appropriate fix?

Here's a crash stack:
EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000020 ]
0x00000001cb9d6958      (WebKit + 0x00329958 )          WebKit::NetworkProcessProxy::takeUploadAssertion()
0x00000001cb93f6cc      (WebKit + 0x002926cc )          WebKit::WebProcessPool::setWebProcessHasUploads(WTF::ObjectIdentifier<WebCore::ProcessIdentifierType>)
0x00000001cb93f6cc      (WebKit + 0x002926cc )          WebKit::WebProcessPool::setWebProcessHasUploads(WTF::ObjectIdentifier<WebCore::ProcessIdentifierType>)
0x00000001cbba9bdc      (WebKit + 0x004fcbdc )          WebKit::WebProcessPool::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
0x00000001cb6f50e4      (WebKit + 0x000480e4 )          IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)
0x00000001cb94264c      (WebKit + 0x0029564c )          WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
0x00000001cb6df73c      (WebKit + 0x0003273c )          IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)
0x00000001cb6e258c      (WebKit + 0x0003558c )          IPC::Connection::dispatchIncomingMessages()
0x00000001d2da4a68      (JavaScriptCore + 0x00036a68 )          WTF::RunLoop::performWork()
0x00000001d2da4d28      (JavaScriptCore + 0x00036d28 )          WTF::RunLoop::performWork(void*)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191203/127c7deb/attachment.htm>

More information about the webkit-unassigned mailing list