[Webkit-unassigned] [Bug 255102] New: [iOS 16.4] Chrome crashes in WebBackForwardCache::takeSuspendedPage
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 6 11:17:47 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=255102
Bug ID: 255102
Summary: [iOS 16.4] Chrome crashes in
WebBackForwardCache::takeSuspendedPage
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit API
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ajuma at chromium.org
CC: cdumez at apple.com
Created attachment 465798
--> https://bugs.webkit.org/attachment.cgi?id=465798&action=review
Crash log
Chrome for iOS is getting crash reports from a new crash in iOS 16.4, in WebBackForwardCache::takeSuspendedPage. We don't have steps to reproduce, but this seems to be correlated with getting a memory warning and then navigating back.
I've attached a crash log.
Here's the crashing stack:
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000010
0 WebKit 0x00000001b4de6f7c WebKit::WebBackForwardCache::takeSuspendedPage(WebKit::WebBackForwardListItem&) + 260 (WebBackForwardCache.cpp:120)
1 WebKit 0x00000001b4e41858 WebKit::WebPageProxy::receivedNavigationPolicyDecision(WebCore::PolicyAction, API::Navigation*, WTF::Ref<API::NavigationAction, WTF::RawPtrTraits<API::NavigationAction> >&&, WebKit::ProcessSwapRequ... + 1120 (WebPageProxy.cpp:3638)
2 WebKit 0x00000001b4e7d4a0 WebKit::WebProcessPool::processForNavigation(WebKit::WebPageProxy&, API::Navigation const&, WTF::Ref<WebKit::WebProcessProxy, WTF::RawPtrTraits<WebKit::WebProcessProxy> >&&, WTF::URL const&, WebKit... + 76 (WebProcessPool.cpp:1834)
3 WebKit 0x00000001b4d7bd68 WTF::Detail::CallableWrapper<WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<IPC::Connection::AsyncReplyHandler>, WebK... + 64 (Function.h:53)
4 WebKit 0x00000001b5255230 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 712 (Connection.cpp:1245)
5 WebKit 0x00000001b5257b50 WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_15, void>::call() + 188 (Function.h:53)
6 JavaScriptCore 0x00000001b54dc514 WTF::RunLoop::performWork() + 200 (RunLoop.cpp:147)
7 JavaScriptCore 0x00000001b54dd3e0 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:46)
8 CoreFoundation 0x00000001a1e68208 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 (CFRunLoop.c:1957)
9 CoreFoundation 0x00000001a1e74864 __CFRunLoopDoSource0 + 176 (CFRunLoop.c:2001)
10 CoreFoundation 0x00000001a1df96c8 __CFRunLoopDoSources0 + 244 (CFRunLoop.c:2038)
11 CoreFoundation 0x00000001a1e0f1c4 __CFRunLoopRun + 828 (CFRunLoop.c:2953)
12 CoreFoundation 0x00000001a1e144dc CFRunLoopRunSpecific + 612 (CFRunLoop.c:3418)
13 GraphicsServices 0x00000001dd06835c GSEventRunModal + 164 (GSEvent.c:2196)
14 UIKitCore 0x00000001a41a037c -[UIApplication _run] + 888 (UIApplication.m:3773)
15 UIKitCore 0x00000001a419ffe0 UIApplicationMain + 340 (UIApplication.m:5363)
16 Chrome 0x00000001026066d8 0x102594000 + 468696
17 dyld 0x00000001c1290dec start + 2220 (dyldMain.cpp:1165)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230406/91aaf6a3/attachment.htm>
More information about the webkit-unassigned
mailing list