[Webkit-unassigned] [Bug 205677] New: [13.3]Crash on [WKProcessAssertionBackgroundTaskManager _notifyAssertionsOfImminentSuspension]

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jan 1 19:25:48 PST 2020 

https://bugs.webkit.org/show_bug.cgi?id=205677

            Bug ID: 205677
           Summary: [13.3]Crash on
                    [WKProcessAssertionBackgroundTaskManager
                    _notifyAssertionsOfImminentSuspension]
           Product: WebKit
           Version: Other
          Hardware: iPhone / iPad
                OS: iOS 13
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rhythmkay at 163.com

Created attachment 386593

  --> https://bugs.webkit.org/attachment.cgi?id=386593&action=review

the crash log

iOS13.3, arm64 devices(excluding arm64e) crash at 0xfffffffffffffff8.
According to our statistics, the app using WKWebView will randomly crash when entering background.
The crash log can be found on the attachment.

We disassemble the Webkit.framework and find that the execution of function 'copyToVector' returns invalid vector which cause the crash.

Exception Type: SIGSEGV
Exception Codes: SEGV_ACCERR at 0xfffffffffffffff8
Crashed Thread: 0

Thread 0 Crashed: 
1  WebKit                         0x0000000198682640 -[WKProcessAssertionBackgroundTaskManager _notifyAssertionsOfImminentSuspension] +  64
2  WebKit                         0x00000001986828d0 ___64-[WKProcessAssertionBackgroundTaskManager _updateBackgroundTask]_block_invoke +  72
3  UIKitCore                      0x0000000194ea4d60 -[_UIBackgroundTaskInfo fireExpirationHandler] +  60
4  UIKitCore                      0x0000000194eae830 __fireBackgroundExpirationHandlers +  636
5  UIKitCore                      0x0000000194eae4e0 -[UIApplication workspaceNoteAssertionExpirationImminent:] +  136
6  FrontBoardServices             0x0000000195f570c0 ___45-[FBSUIApplicationWorkspaceShim setDelegate:]_block_invoke_3 +  36
7  libdispatch.dylib              0x0000000190b0b180 __dispatch_client_callout +  12
8  libdispatch.dylib              0x0000000190ae5420 __dispatch_block_invoke_direct$VARIANT$armv81 +  216
9  FrontBoardServices             0x0000000195fa8410 ___FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK__ +  32
 +  32
10 FrontBoardServices             0x0000000195fa80e0 -[FBSSerialQueue _queue_performNextIfPossible] +  400
11 FrontBoardServices             0x0000000195fa8600 -[FBSSerialQueue _performNextFromRunLoopSource] +  16
12 CoreFoundation                 0x0000000190dbca00 ___CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ +  24
 +  24
13 CoreFoundation                 0x0000000190dbc950 ___CFRunLoopDoSource0 +  72
14 CoreFoundation                 0x0000000190dbc0f0 ___CFRunLoopDoSources0 +  180
15 CoreFoundation                 0x0000000190db7230 ___CFRunLoopRun +  1068
16 CoreFoundation                 0x0000000190db6ad0 CFRunLoopRunSpecific + 452
17 GraphicsServices               0x000000019ad3c320 GSEventRunModal + 96
18 UIKitCore                      0x0000000194eb1ae0 UIApplicationMain + 1936
19 mttlite                        0x00000001009e2c80 main (main.mm:34)
20 libdyld.dylib                  0x0000000190c40360 _start +  4

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200102/6713a487/attachment.htm>

More information about the webkit-unassigned mailing list