Bug 202519

Summary: WebKit crash during OAuth login process
Product: WebKit Reporter: djonesuk
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED MOVED    
Severity: Normal CC: ap
Priority: P2    
Version: Safari 12   
Hardware: Mac   
OS: macOS 10.14   
Attachments:
Description Flags
Crash log
none
Crash log
none
Crash log none

djonesuk
Reported 2019-10-03 02:59:48 PDT
Created attachment 380095 [details] Crash log I have had 2 users in the last 2 days of my MacOS app reporting problems logging into a service through OAuth. My app simply launches a WKWebView and sends it on its way to a URL. The page loads initially with a continue button that the user presses. After the next page loads, it quickly disappears to a white page and generates a crash log for com.apple.WebKit.WebContent I've attached the crash log, but pasted part of it here for any future searches to index. The user managed to get the page to load successfully only after a reboot of their Mac. Date/Time: 2019-09-30 15:55:35.460 +0100 OS Version: Mac OS X 10.14.6 (18G95) Report Version: 12 Bridge OS Version: 3.6 (16P6571) Anonymous UUID: 63B853AA-65AB-083C-A3A1-B9822F14E042 Sleep/Wake UUID: D98BDDD0-CA62-4BDC-9F07-C62BF1EB64B4 Time Awake Since Boot: 830000 seconds Time Since Wake: 24000 seconds System Integrity Protection: enabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [59937] VM Regions Near 0: --> __TEXT 000000010493c000-000000010493e000 [ 8K] r-x/rwx SM=COW /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 ??? 000000000000000000 0 + 0 1 libc++.1.dylib 0x00007fff787b16a8 std::__1::__call_once(unsigned long volatile&, void*, void (*)(void*)) + 139 2 libwebrtc.dylib 0x00007fff5be84ae8 webrtc::createWebKitEncoderFactory(webrtc::WebKitCodecSupport) + 72 3 com.apple.WebCore 0x00007fff5d4e7842 WebCore::LibWebRTCProviderCocoa::createEncoderFactory() + 18 4 com.apple.WebCore 0x00007fff5d4e6bd1 WebCore::LibWebRTCProvider::createPeerConnectionFactory(rtc::Thread*, rtc::Thread*, WebCore::LibWebRTCAudioModule*) + 81 5 com.apple.WebCore 0x00007fff5d4e68b2 WebCore::LibWebRTCProvider::factory() + 66 6 com.apple.WebCore 0x00007fff5c42135b WebCore::LibWebRTCMediaEndpoint::LibWebRTCMediaEndpoint(WebCore::LibWebRTCPeerConnectionBackend&, WebCore::LibWebRTCProvider&) + 75 7 com.apple.WebCore 0x00007fff5c42a7fb WebCore::createLibWebRTCPeerConnectionBackend(WebCore::RTCPeerConnection&) + 123 8 com.apple.WebCore 0x00007fff5cc62c83 WebCore::RTCPeerConnection::RTCPeerConnection(WebCore::ScriptExecutionContext&) + 211 9 com.apple.WebCore 0x00007fff5cc62ae9 WebCore::RTCPeerConnection::create(WebCore::ScriptExecutionContext&) + 41 10 com.apple.WebCore 0x00007fff5c8e5ebe std::__1::enable_if<JSDOMObjectInspector<WebCore::JSRTCPeerConnection>::isComplexWrapper, JSC::JSObject*>::type WebCore::createJSObject<WebCore::JSRTCPeerConnection>(WebCore::JSDOMBuiltinConstructor<WebCore::JSRTCPeerConnection>&) + 254 11 com.apple.WebCore 0x00007fff5c8e5d69 WebCore::JSDOMBuiltinConstructor<WebCore::JSRTCPeerConnection>::construct(JSC::ExecState*) + 25 12 com.apple.JavaScriptCore 0x00007fff532e2164 JSC::LLInt::setUpCall(JSC::ExecState*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) + 404 13 com.apple.JavaScriptCore 0x00007fff52ca75ad llint_entry + 63770 14 com.apple.JavaScriptCore 0x00007fff52c97ad9 vmEntryToJavaScript + 200 15 com.apple.JavaScriptCore 0x00007fff52926843 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 467 16 com.apple.JavaScriptCore 0x00007fff533e53fb JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 187 17 com.apple.WebCore 0x00007fff5cd52694 WebCore::JSExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 100 18 com.apple.WebCore 0x00007fff5cd7e3a4 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext&) + 484 19 com.apple.WebCore 0x00007fff5cd7e005 WebCore::ScheduledAction::execute(WebCore::Document&) + 149 20 com.apple.WebCore 0x00007fff5c25ea3c WebCore::DOMTimer::fired() + 620 21 com.apple.WebCore 0x00007fff5c19fd08 WebCore::ThreadTimers::sharedTimerFiredInternal() + 168 22 com.apple.WebCore 0x00007fff5c19fc4f WebCore::timerFired(__CFRunLoopTimer*, void*) + 31 23 com.apple.CoreFoundation 0x00007fff4f650060 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 24 com.apple.CoreFoundation 0x00007fff4f64fc0c __CFRunLoopDoTimer + 851 25 com.apple.CoreFoundation 0x00007fff4f64f752 __CFRunLoopDoTimers + 330 26 com.apple.CoreFoundation 0x00007fff4f630962 __CFRunLoopRun + 2130 27 com.apple.CoreFoundation 0x00007fff4f62febe CFRunLoopRunSpecific + 455 28 com.apple.Foundation 0x00007fff5189432f -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 280 29 com.apple.Foundation 0x00007fff51894204 -[NSRunLoop(NSRunLoop) run] + 76 30 libxpc.dylib 0x00007fff7b7be077 _xpc_objc_main + 552 31 libxpc.dylib 0x00007fff7b7bdb79 xpc_main + 433 32 com.apple.WebKit.WebContent 0x000000010493d6e2 0x10493c000 + 5858 33 com.apple.WebKit.WebContent 0x000000010493d867 0x10493c000 + 6247 34 libdyld.dylib 0x00007fff7b5853d5 start + 1
Attachments
Crash log (92.78 KB, text/plain)
2019-10-03 02:59 PDT, djonesuk 		no flags
Details
Crash log (92.86 KB, text/plain)
2019-10-03 03:00 PDT, djonesuk 		no flags
Details
Crash log (93.80 KB, text/plain)
2019-10-03 03:19 PDT, djonesuk 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
djonesuk
Comment 1 2019-10-03 03:00:29 PDT
Created attachment 380096 [details] Crash log
djonesuk
Comment 2 2019-10-03 03:19:06 PDT
Created attachment 380097 [details] Crash log I managed to get a crash log from the 2nd user too.
djonesuk
Comment 3 2019-10-04 06:08:07 PDT
Had a third user with this same issue today. Rebooting their Mac fixed the problem. The webpage loaded before the webkit crash is https://www.access.service.gov.uk/login/signin/creds
Alexey Proskuryakov
Comment 4 2019-10-04 19:19:04 PDT
This is an issue in system code below WebKit (rdar://problem/47464387 for any Apple engineers looking at this). It should be not be happening any more in recent beta releases of macOS Catalina. My guess is that something changed on the webpage, and it now creates a WebRTC connection during login for some reason.
djonesuk
Comment 5 2019-10-05 02:12:17 PDT
Thanks for the update. Can you give any insight into the issue and why I can’t reproduce it and a reboot fixes it? I’d like to help my users better than telling them to reboot.
Alexey Proskuryakov
Comment 6 2019-10-06 17:39:43 PDT
This is a low level issue similar to bug 193724, and I don't even know why rebooting would help. The root cause should be fixed in macOS Catalina beta versions. Maybe there is a way to prevent WebRTC from being (mis?)used in this context. The first step would be to figure out why an RTCPeerConnection is being created.
Note You need to log in before you can comment on or make changes to this bug.