Possible image creation related crash on iOS 18.2+

[kylehickinson]

A new crash has appeared only for users currently using iOS 18.2 (which is in beta currently), the main stack trace lists the crashing function as vFlatten_RGBA8888_GV_vec on a background thread which is not called directly by Brave and there isn't other useful information about whats happening in the app at the time.

There is one possible clue which is that with the latest Xcode we've seen warnings in the logs while debugging the app:

writeImageAtIndex:1012: :o:️ ERROR: 'Client' is trying to save an opaque image (1179x1965) with 'AlphaPremulLast'. This would unnecessarily increase the file size and will double (!!!) the required memory when decoding the image --> ignoring alpha.

Its possible that this "ignoring alpha" path in iOS calls to this vFlatten method and crashes

Crash Log

``` Incident Identifier: 9FD51F4F-9618-43B7-B18F-76337357685D Distributor ID: com.apple.AppStore Hardware Model: iPhone14,2 Process: Client [21213] Path: /private/var/containers/Bundle/Application/6C0E1386-3D44-4F7D-80D6-72BC4EDB14F2/Client.app/Client Identifier: com.brave.ios.browser Version: 1.71 (125) AppStoreTools: 16B39 AppVariant: 1:iPhone14,2:18 Code Type: ARM-64 (Native) Role: Foreground Parent Process: launchd [1] Coalition: com.brave.ios.browser [2591] Date/Time: 2024-11-12 14:57:53.0757 +0100 Launch Time: 2024-11-12 14:57:19.4222 +0100 OS Version: iPhone OS 18.2 (22C5125e) Release Type: Beta Baseband Version: 4.20.01 Report Version: 104 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000127d10000 Exception Codes: 0x0000000000000001, 0x0000000127d10000 VM Region Info: 0x127d10000 is not in any region. Bytes after previous region: 25329665 Bytes before following region: 52461568 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL mapped file 126104000-1264e8000 [ 3984K] r--/rw- SM=COW Object_id=1ceb3700 ---> GAP OF 0x4a30000 BYTES mapped file 12af18000-12b9c8000 [ 10.7M] r--/r-- SM=ALI Object_id=64c632d0 Termination Reason: SIGNAL 11 Segmentation fault: 11 Terminating Process: exc handler [21213] Triggered by Thread: 3 Thread 0: 0 libsystem_kernel.dylib 0x00000001e1f55c7c pread + 8 1 libsqlite3.dylib 0x00000001bea763ec seekAndRead + 96 (sqlite3.c:44033) 2 libsqlite3.dylib 0x00000001be9ec338 unixRead + 208 (sqlite3.c:44125) 3 libsqlite3.dylib 0x00000001be9ff434 readDbPage + 180 (sqlite3.c:66910) 4 libsqlite3.dylib 0x00000001bea8051c getPageNormal + 548 (sqlite3.c:69519) 5 libsqlite3.dylib 0x00000001bea40f04 accessPayload + 564 (sqlite3.c:82042) 6 libsqlite3.dylib 0x00000001bea88d90 vdbeColumnFromOverflow + 628 (sqlite3.c:100728) 7 libsqlite3.dylib 0x00000001bea1a23c sqlite3VdbeExec + 37564 (sqlite3.c:103156) 8 libsqlite3.dylib 0x00000001bea106c0 sqlite3_step + 960 (sqlite3.c:97886) 9 CoreData 0x0000000197c05e14 _execute + 128 (NSSQLiteConnection.m:4597) 10 CoreData 0x0000000197c183a8 -[NSSQLiteConnection execute] + 1816 (NSSQLiteConnection.m:5071) 11 CoreData 0x0000000197c42030 newFetchedRowsForFetchPlan_MT + 500 (NSSQLPerformanceDefinitions.m:2693) 12 CoreData 0x0000000197c7adf4 _executeFetchRequest + 56 (NSSQLCore_Functions.m:5452) 13 CoreData 0x0000000197c417bc -[NSSQLFetchRequestContext executeRequestCore:] + 36 (NSSQLFetchRequestContext.m:533) 14 CoreData 0x0000000197c6663c -[NSSQLStoreRequestContext executeRequestUsingConnection:] + 240 (NSSQLStoreRequestContext.m:183) 15 CoreData 0x0000000197c66364 __52-[NSSQLDefaultConnectionManager handleStoreRequest:]_block_invoke + 60 (NSSQLConnectionManager.m:307) 16 CoreData 0x0000000197c6629c __37-[NSSQLiteConnection performAndWait:]_block_invoke + 48 (NSSQLiteConnection.m:743) 17 libdispatch.dylib 0x00000001979c3fa8 _dispatch_client_callout + 20 (object.m:576) 18 libdispatch.dylib 0x00000001979d37fc _dispatch_lane_barrier_sync_invoke_and_complete + 56 (queue.c:1104) 19 CoreData 0x0000000197c20e80 -[NSSQLiteConnection performAndWait:] + 176 (NSSQLiteConnection.m:740) 20 CoreData 0x0000000197c20d44 -[NSSQLDefaultConnectionManager handleStoreRequest:] + 248 (NSSQLConnectionManager.m:302) 21 CoreData 0x0000000197c20c14 -[NSSQLCoreDispatchManager routeStoreRequest:] + 228 (NSSQLCoreDispatchManager.m:60) 22 CoreData 0x0000000197c20a18 -[NSSQLCore dispatchRequest:withRetries:] + 172 (NSSQLCore.m:4044) 23 CoreData 0x0000000197c3a6c0 -[NSSQLCore executeRequest:withContext:error:] + 3744 (NSSQLCore.m:2995) 24 CoreData 0x0000000197c73ff4 __65-[NSPersistentStoreCoordinator executeRequest:withContext:error:]_block_invoke.547 + 4232 (NSPersistentStoreCoordinator.m:3030) 25 CoreData 0x0000000197c41918 -[NSPersistentStoreCoordinator _routeHeavyweightBlock:] + 264 (NSPersistentStoreCoordinator.m:662) 26 CoreData 0x0000000197c49fe4 -[NSPersistentStoreCoordinator executeRequest:withContext:error:] + 1200 (NSPersistentStoreCoordinator.m:2804) 27 CoreData 0x0000000197c129e8 -[NSManagedObjectContext executeFetchRequest:error:] + 700 (NSManagedObjectContext.m:2234) 28 CoreData 0x0000000197c7b618 -[NSManagedObjectContext executeRequest:error:] + 316 (NSManagedObjectContext.m:1936) 29 CoreData 0x0000000197c7b404 NSManagedObjectContext.fetch(_:) + 84 (NSManagedObjectContext.swift:21) 30 Client 0x0000000100872e28 specialized static Readable.all(where:sortDescriptors:fetchLimit:fetchBatchSize:context:) + 264 31 Client 0x000000010089cb20 static RecentlyClosed.all() + 244 (RecentlyClosed.swift:48) 32 Client 0x000000010037b3f4 BrowserViewController.updateToolbarUsingTabManager(_:) + 3784 (BVC+TabManagerDelegate.swift:405) 33 Client 0x00000001003b9594 specialized BrowserViewController.webView(_:didFinish:) + 1944 (BVC+WKNavigationDelegate.swift:1085) 34 Client 0x00000001003ace58 BrowserViewController.webView(_:didFinish:) + 12 (/:0) 35 Client 0x00000001003ace58 @objc BrowserViewController.webView(_:didFinish:) + 68 36 Client 0x00000001005a9684 TabManagerNavDelegate.webView(_:didReceiveServerRedirectForProvisionalNavigation:) + 180 37 Client 0x00000001005a96f4 @objc TabManagerNavDelegate.webView(_:didFinish:) + 72 (/:0) 38 WebKit 0x00000001a67e9da0 WebKit::NavigationState::NavigationClient::didFinishNavigation(WebKit::WebPageProxy&, API::Navigation*, API::Object*) + 176 (NavigationState.mm:989) 39 WebKit 0x00000001a6961738 WebKit::WebPageProxy::didFinishLoadForFrame(IPC::Connection&, WebCore::ProcessQualified) + 252 (Connection.cpp:1451) 44 WebKit 0x00000001a61787a4 IPC::Connection::dispatchIncomingMessages() + 580 (Connection.cpp:1563) 45 JavaScriptCore 0x00000001a74c405c WTF::RunLoop::performWork() + 204 (RunLoop.cpp:147) 46 JavaScriptCore 0x00000001a74c3f70 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:46) 47 CoreFoundation 0x000000018fc8636c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 (CFRunLoop.c:1970) 48 CoreFoundation 0x000000018fc86300 __CFRunLoopDoSource0 + 176 (CFRunLoop.c:2014) 49 CoreFoundation 0x000000018fc88fc4 __CFRunLoopDoSources0 + 344 (CFRunLoop.c:2059) 50 CoreFoundation 0x000000018fc8815c __CFRunLoopRun + 840 (CFRunLoop.c:2969) 51 CoreFoundation 0x000000018fcda664 CFRunLoopRunSpecific + 588 (CFRunLoop.c:3434) 52 GraphicsServices 0x00000001ddb5d4c0 GSEventRunModal + 164 (GSEvent.c:2196) 53 UIKitCore 0x00000001928277a0 0x192438000 + 4126624 (UIApplication.m:3853) 54 UIKitCore 0x000000019244d6a4 UIApplicationMain + 340 (UIApplication.m:5510) 55 UIKitCore 0x0000000192b88ed4 UIApplicationMain(_:_:_:_:) + 104 (UIKit.swift:565) 56 Client 0x00000001002e7048 specialized static UIApplicationDelegate.main() + 28 (/:38) 57 Client 0x00000001002e7048 static AppDelegate.$main() + 28 (AppDelegate.swift:0) 58 Client 0x00000001002e7048 main + 120 59 dyld 0x00000001b6bbade8 start + 2724 (dyldMain.cpp:1338) Thread 1: 0 libsystem_kernel.dylib 0x00000001e1f55788 mach_msg2_trap + 8 1 libsystem_kernel.dylib 0x00000001e1f58e98 mach_msg2_internal + 80 (mach_msg.c:201) 2 libsystem_kernel.dylib 0x00000001e1f58db0 mach_msg_overwrite + 424 (mach_msg.c:0) 3 libsystem_kernel.dylib 0x00000001e1f58bfc mach_msg + 24 (mach_msg.c:323) 4 libdispatch.dylib 0x00000001979def4c _dispatch_mach_send_and_wait_for_reply + 544 (mach.c:1980) 5 libdispatch.dylib 0x00000001979df2ec dispatch_mach_send_with_result_and_wait_for_reply + 60 (mach.c:2017) 6 libxpc.dylib 0x000000021b133930 xpc_connection_send_message_with_reply_sync + 256 (connection.c:4014) 7 Foundation 0x000000018e8f3c7c __NSXPCCONNECTION_IS_WAITING_FOR_A_SYNCHRONOUS_REPLY__ + 16 (NSXPCConnection.m:223) 8 Foundation 0x000000018e8f29a4 -[NSXPCConnection _sendInvocation:orArguments:count:methodSignature:selector:withProxy:] + 2160 (NSXPCConnection.m:1673) 9 CoreFoundation 0x000000018fc427bc ___forwarding___ + 1004 (NSForwarding.m:3646) 10 CoreFoundation 0x000000018fc42310 _CF_forwarding_prep_0 + 96 11 CFNetwork 0x00000001911a0690 -[__NSURLBackgroundSession setupBackgroundSession] + 800 (BackgroundSession.mm:461) 12 CFNetwork 0x000000019119ae20 -[__NSURLBackgroundSession ensureRemoteSession] + 304 (BackgroundSession.mm:429) 13 CFNetwork 0x00000001911979ac __47-[__NSURLBackgroundSession cameIntoForeground:]_block_invoke + 276 (BackgroundSession.mm:642) 14 libdispatch.dylib 0x00000001979c2248 _dispatch_call_block_and_release + 32 (init.c:1549) 15 libdispatch.dylib 0x00000001979c3fa8 _dispatch_client_callout + 20 (object.m:576) 16 libdispatch.dylib 0x00000001979cb5cc _dispatch_lane_serial_drain + 768 (queue.c:3934) 17 libdispatch.dylib 0x00000001979cc158 _dispatch_lane_invoke + 432 (queue.c:4025) 18 libdispatch.dylib 0x00000001979d738c _dispatch_root_queue_drain_deferred_wlh + 288 (queue.c:7193) 19 libdispatch.dylib 0x00000001979d6bd8 _dispatch_workloop_worker_thread + 540 (queue.c:6787) 20 libsystem_pthread.dylib 0x000000021b0db680 _pthread_wqthread + 288 (pthread.c:2696) 21 libsystem_pthread.dylib 0x000000021b0d9474 start_wqthread + 8 Thread 2: 0 libsystem_kernel.dylib 0x00000001e1f5b090 __psynch_cvwait + 8 1 libsystem_pthread.dylib 0x000000021b0dbf98 _pthread_cond_wait + 1204 (pthread_cond.c:862) 2 GRDWireGuardKit 0x000000010935ad78 0x1092c0000 + 634232 3 GRDWireGuardKit 0x00000001093596e8 0x1092c0000 + 628456 Thread 3 Crashed: 0 vImage 0x0000000195d096f4 vFlatten_RGBA8888_GV_vec + 712 (Conversion_Flatten_vector2.0.c:1009) 1 vImage 0x0000000195b6665c __vImageFlatten_RGBA8888_block_invoke + 124 (Conversion_Flatten.c:167) 2 libdispatch.dylib 0x00000001979c3fe8 _dispatch_client_callout2 + 20 (object.m:588) 3 libdispatch.dylib 0x00000001979d8740 _dispatch_apply_invoke3 + 336 (apply.c:161) 4 libdispatch.dylib 0x00000001979c3fa8 _dispatch_client_callout + 20 (object.m:576) 5 libdispatch.dylib 0x00000001979c57f4 _dispatch_once_callout + 32 (once.c:52) 6 libdispatch.dylib 0x00000001979d776c _dispatch_apply_invoke + 252 (apply.c:262) 7 libdispatch.dylib 0x00000001979c3fa8 _dispatch_client_callout + 20 (object.m:576) 8 libdispatch.dylib 0x00000001979d6094 _dispatch_root_queue_drain + 860 (queue.c:7331) 9 libdispatch.dylib 0x00000001979d66c4 _dispatch_worker_thread2 + 156 (queue.c:7399) 10 libsystem_pthread.dylib 0x000000021b0db644 _pthread_wqthread + 228 (pthread.c:2709) 11 libsystem_pthread.dylib 0x000000021b0d9474 start_wqthread + 8 ... Thread 3 crashed with ARM Thread State (64-bit): x0: 0x00000000000000ff x1: 0x0000000000000128 x2: 0x00000000ff000000 x3: 0x0000000001010102 x4: 0x00000000000000ff x5: 0x000000013247c010 x6: 0x0000000127d10000 x7: 0x00000000000001f2 x8: 0x0000000132325180 x9: 0x0000000000001280 x10: 0x0000000000001280 x11: 0x0000000000000492 x12: 0x00000000ff000000 x13: 0x0000000000000000 x14: 0x0000000127bb9180 x15: 0x000000000000013b x16: 0x0000000000000000 x17: 0x0000000000000000 x18: 0x0000000000000000 x19: 0x0000000000000000 x20: 0x0000000000000000 x21: 0x0000000000000000 x22: 0x00000000000000ff x23: 0x0000000000000000 x24: 0x00000000000000ff x25: 0x0000000000000000 x26: 0x0000000000000006 x27: 0x0000000000000001 x28: 0x0000000000000000 fp: 0x000000016fddada0 lr: 0x0000000195b6665c sp: 0x000000016fddad10 pc: 0x0000000195d096f4 cpsr: 0x20001000 esr: 0x92000047 (Data Abort) byte write Translation fault Binary Images: 0x1002dc000 - 0x101673fff Client arm64 <89f1811698013dcb86a7a91aa6f36f99> /private/var/containers/Bundle/Application/6C0E1386-3D44-4F7D-80D6-72BC4EDB14F2/Client.app/Client 0x103d30000 - 0x103d77fff GuardianConnect arm64 /private/var/containers/Bundle/Application/6C0E1386-3D44-4F7D-80D6-72BC4EDB14F2/Client.app/Frameworks/GuardianConnect.framework/GuardianConnect 0x103f34000 - 0x107343fff BraveCore arm64 <4c4c443255553144a180649a5fc5ef32> /private/var/containers/Bundle/Application/6C0E1386-3D44-4F7D-80D6-72BC4EDB14F2/Client.app/Frameworks/BraveCore.framework/BraveCore 0x107a1c000 - 0x107beffff MaterialComponents arm64 <4c4c442255553144a1dc76fe1943920c> /private/var/containers/Bundle/Application/6C0E1386-3D44-4F7D-80D6-72BC4EDB14F2/Client.app/Frameworks/MaterialComponents.framework/MaterialComponents 0x107c6c000 - 0x107e2bfff Lottie arm64 <0a9c45e37652378fb398c6b9b8e0a0c3> /private/var/containers/Bundle/Application/6C0E1386-3D44-4F7D-80D6-72BC4EDB14F2/Client.app/Frameworks/Lottie.framework/Lottie 0x107ed4000 - 0x10834ffff JitsiMeetSDK arm64 <471b6b021b3530cb8e6f66d5017f2af7> /private/var/containers/Bundle/Application/6C0E1386-3D44-4F7D-80D6-72BC4EDB14F2/Client.app/Frameworks/JitsiMeetSDK.framework/JitsiMeetSDK 0x10885c000 - 0x109187fff WebRTC arm64 <4c4c446b55553144a1c5dff75b5e5dd3> /private/var/containers/Bundle/Application/6C0E1386-3D44-4F7D-80D6-72BC4EDB14F2/Client.app/Frameworks/WebRTC.framework/WebRTC 0x1092c0000 - 0x109433fff GRDWireGuardKit arm64 /private/var/containers/Bundle/Application/6C0E1386-3D44-4F7D-80D6-72BC4EDB14F2/Client.app/Frameworks/GRDWireGuardKit.framework/GRDWireGuardKit 0x10c4b4000 - 0x10c4bffff libobjc-trampolines.dylib arm64e /private/preboot/Cryptexes/OS/usr/lib/libobjc-trampolines.dylib 0x10c59c000 - 0x10c5affff GAXClient arm64e <9ea520ef81603c90ba8895324c70dff1> /System/Library/AccessibilityBundles/GAXClient.bundle/GAXClient 0x125350000 - 0x125353fff iCloudDriveFileProviderOverride arm64e /System/Library/Frameworks/FileProvider.framework/OverrideBundles/iCloudDriveFileProviderOverride.bundle/iCloudDriveFileProviderOverride 0x18e83b000 - 0x18f54afff Foundation arm64e /System/Library/Frameworks/Foundation.framework/Foundation 0x18fc13000 - 0x190155fff CoreFoundation arm64e <994f713a8dcb3c97a813c0f89131c959> /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation 0x19110d000 - 0x1914d1fff CFNetwork arm64e <9c6a22d5f00c3611821582363deb64a1> /System/Library/Frameworks/CFNetwork.framework/CFNetwork 0x192438000 - 0x194349fff UIKitCore arm64e <4bb4aaa7623632d593a9b65994b0bf87> /System/Library/PrivateFrameworks/UIKitCore.framework/UIKitCore 0x19560a000 - 0x195aeafff ImageIO arm64e <46e84e2ce85e3966b082438ce0e4f8d8> /System/Library/Frameworks/ImageIO.framework/ImageIO 0x195aeb000 - 0x195e15fcf vImage arm64e <411b5b6d4b6e3e1fa29b69274b687d69> /System/Library/Frameworks/Accelerate.framework/Frameworks/vImage.framework/vImage 0x1979c0000 - 0x197a05fff libdispatch.dylib arm64e /usr/lib/system/libdispatch.dylib 0x197a06000 - 0x197a85ffb libsystem_c.dylib arm64e /usr/lib/system/libsystem_c.dylib 0x197c02000 - 0x197f8dfff CoreData arm64e <51a0612115a839629ce6eefa164e9f72> /System/Library/Frameworks/CoreData.framework/CoreData 0x1a60f4000 - 0x1a71c8fff WebKit arm64e <0e70f9d5cf96332b8f50ba322a209ef2> /System/Library/Frameworks/WebKit.framework/WebKit 0x1a71c9000 - 0x1a8995f7f JavaScriptCore arm64e <091b78e760903bfd8d61afc77370c815> /System/Library/Frameworks/JavaScriptCore.framework/JavaScriptCore 0x1b6b8b000 - 0x1b6c0e13f dyld arm64e /usr/lib/dyld 0x1be9e5000 - 0x1beb65ff3 libsqlite3.dylib arm64e <9f76aad2f7643c6fba580795e71bbd2d> /usr/lib/libsqlite3.dylib 0x1ddb5c000 - 0x1ddb64fff GraphicsServices arm64e <7d77aa212977370f972f2042dd46f5a4> /System/Library/PrivateFrameworks/GraphicsServices.framework/GraphicsServices 0x1e1f54000 - 0x1e1f8dff3 libsystem_kernel.dylib arm64e <1012cf61a24c3873b721eecd238fb1cc> /usr/lib/system/libsystem_kernel.dylib 0x21b02c000 - 0x21b033fe3 libsystem_platform.dylib arm64e /usr/lib/system/libsystem_platform.dylib 0x21b0d8000 - 0x21b0e4ff3 libsystem_pthread.dylib arm64e <95f6b535bee0329cb349f56841564040> /usr/lib/system/libsystem_pthread.dylib 0x21b123000 - 0x21b16afff libxpc.dylib arm64e <01e46026086630f0861d2083bf7de23c> /usr/lib/system/libxpc.dylib ```

FWIW: I suspect the log warning ("...is trying to save an opaque image...") is not related to the crashes you're experiencing.

I happened across your issue report searching on that exact log text, which I'm seeing in a completely different app I'm writing. My app isn't crashing, but I do see the error message emitted any time UIImage's .jpegData(compressionQuality:) method is called to create a JPEG image from a bitmap. It's probably just log noise new in iOS 18.2. Good luck with your debugging!