157282 2016-05-02 14:51:02 -0700 CrashTracer: [USER] com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::EditCommandComposition::unapply + 105 2016-05-04 00:44:07 -0700 1 1 1 Unclassified WebKit HTML Editing WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 jiewen_tan jiewen_tan commit-queue jiewen_tan rniwa webkit-bug-importer oldest_to_newest 1189522 0 277936 jiewen_tan 2016-05-02 14:51:02 -0700 Created attachment 277936 crash_case Safari crashes while trying to load the crash case. Process: com.apple.WebKit.WebContent.Development [21294] Path: /Users/USER/Documents/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development Identifier: com.apple.WebKit.WebContent.Development Version: 602+ (602.1.30+) Code Type: X86-64 (Native) Parent Process: ??? [1] Responsible: Safari [21238] User ID: 501 Date/Time: 2016-04-26 23:09:01.128 -0700 OS Version: Mac OS X 10.11.5 (15F27) Report Version: 11 Anonymous UUID: 959E954D-4D93-D4D4-8B62-15433989F34D Sleep/Wake UUID: F80568B2-DB72-4992-9684-8EE57515334B Time Awake Since Boot: 140000 seconds Time Since Wake: 26000 seconds System Integrity Protection: enabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef Exception Note: EXC_CORPSE_NOTIFY VM Regions Near 0xbbadbeef: --> __TEXT 0000000105c90000-0000000105c92000 [ 8K] r-x/rwx SM=COW /Users/USER/Documents/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development Application Specific Information: Bundle controller class: BrowserBundleController Process Model: Multiple Web Processes Global Trace Buffer (reverse chronological seconds): 72.671026 CFNetwork 0x00007fff90425ddf Explicitly setting CF cookie storage singleton 72.671281 CFNetwork 0x00007fff9045c78d Explicitly setting cookie storage singleton Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010a2d1e77 WTFCrash + 39 (Assertions.cpp:322) 1 com.apple.WebCore 0x000000010c8fddfc WebCore::EditCommandComposition::unapply() + 188 (CompositeEditCommand.cpp:215) 2 com.apple.WebKit 0x00000001063cc9be WebKit::WebPage::unapplyEditCommand(unsigned long long) + 78 (WebPage.cpp:3420) 3 com.apple.WebKit 0x000000010643a3c2 void IPC::callMemberFunctionImpl<WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long long), std::__1::tuple<unsigned long long>, 0ul>(WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned long long), std::__1::tuple<unsigned long long>&&, std::index_sequence<0ul>) + 162 (HandleMessage.h:17) 4 com.apple.WebKit 0x000000010643a318 void IPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long long), std::__1::tuple<unsigned long long>, std::make_index_sequence<1ul> >(std::__1::tuple<unsigned long long>&&, WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned long long)) + 88 (HandleMessage.h:23) 5 com.apple.WebKit 0x000000010642e722 void IPC::handleMessage<Messages::WebPage::UnapplyEditCommand, WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long long)>(IPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned long long)) + 226 (HandleMessage.h:93) 6 com.apple.WebKit 0x0000000106426064 WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::MessageDecoder&) + 8676 (WebPageMessageReceiver.cpp:712) 7 com.apple.WebKit 0x00000001063ce0f0 WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 384 (WebPage.cpp:3842) 8 com.apple.WebKit 0x00000001063ce137 non-virtual thunk to WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 55 (WebPage.cpp:3812) 9 com.apple.WebKit 0x0000000105e8f6e4 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::MessageDecoder&) + 468 (MessageReceiverMap.cpp:103) 10 com.apple.WebKit 0x00000001065645bd WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 61 (WebProcess.cpp:634) 11 com.apple.WebKit 0x0000000105d61a83 IPC::Connection::dispatchMessage(IPC::MessageDecoder&) + 51 (Connection.cpp:896) 12 com.apple.WebKit 0x0000000105d588b1 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 785 (Connection.cpp:928) 13 com.apple.WebKit 0x0000000105d5831b IPC::Connection::SyncMessageState::dispatchMessages(IPC::Connection*) + 811 (Connection.cpp:176) 14 com.apple.WebKit 0x0000000105d58b85 IPC::Connection::SyncMessageState::dispatchMessageAndResetDidScheduleDispatchMessagesForConnection(IPC::Connection&) + 229 (Connection.cpp:196) 15 com.apple.WebKit 0x0000000105d63f8f IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >&)::$_1::operator()() const + 47 (Connection.cpp:142) 16 com.apple.WebKit 0x0000000105d63f4d void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >&)::$_1&>(IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >&)::$_1&&&) + 45 (__functional_base:441) 17 com.apple.WebKit 0x0000000105d63d3c std::__1::__function::__func<IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >&)::$_1, std::__1::allocator<IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >&)::$_1>, void ()>::operator()() + 44 (functional:1407) 18 com.apple.JavaScriptCore 0x0000000109bc349a std::__1::function<void ()>::operator()() const + 26 (functional:1793) 19 com.apple.JavaScriptCore 0x000000010a31c8d2 WTF::RunLoop::performWork() + 306 (RunLoop.cpp:106) 20 com.apple.JavaScriptCore 0x000000010a31d0f4 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38) 21 com.apple.CoreFoundation 0x00007fff8f671881 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 22 com.apple.CoreFoundation 0x00007fff8f650fbc __CFRunLoopDoSources0 + 556 23 com.apple.CoreFoundation 0x00007fff8f6504df __CFRunLoopRun + 927 24 com.apple.CoreFoundation 0x00007fff8f64fed8 CFRunLoopRunSpecific + 296 25 com.apple.HIToolbox 0x00007fff91639935 RunCurrentEventLoopInMode + 235 26 com.apple.HIToolbox 0x00007fff9163976f ReceiveNextEventCommon + 432 27 com.apple.HIToolbox 0x00007fff916395af _BlockUntilNextEventMatchingListInModeWithFilter + 71 28 com.apple.AppKit 0x00007fff94c6edf6 _DPSNextEvent + 1067 29 com.apple.AppKit 0x00007fff94c6e226 -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454 30 com.apple.AppKit 0x00007fff94c62d80 -[NSApplication run] + 682 31 com.apple.AppKit 0x00007fff94c2c368 NSApplicationMain + 1176 32 libxpc.dylib 0x00007fff97c1a194 _xpc_objc_main + 795 33 libxpc.dylib 0x00007fff97c18bbe xpc_main + 494 34 com.apple.WebKit.WebContent.Development 0x0000000105c91100 main + 800 (XPCServiceMain.mm:114) 35 libdyld.dylib 0x00007fff8ab845ad start + 1 1189525 1 jiewen_tan 2016-05-02 14:51:58 -0700 <rdar://problem/25391441> 1189879 2 278035 jiewen_tan 2016-05-03 15:45:30 -0700 Created attachment 278035 Patch 1190002 3 278035 commit-queue 2016-05-04 00:44:03 -0700 Comment on attachment 278035 Patch Clearing flags on attachment: 278035 Committed r200410: <http://trac.webkit.org/changeset/200410> 1190003 4 commit-queue 2016-05-04 00:44:07 -0700 All reviewed patches have been landed. Closing bug. 277936 2016-05-02 14:51:02 -0700 2016-05-02 14:51:02 -0700 crash_case crash_case.zip application/zip 767 jiewen_tan UEsDBAoAAAAAAFB2okgAAAAAAAAAAAAAAAALABAAY3Jhc2hfY2FzZS9VWAwApcsnV6jLJ1f1ARQA UEsDBBQACAAIAOVYfEgAAAAAAAAAAAAAAAATABAAY3Jhc2hfY2FzZS9pZm0uaHRtbFVYDADNcvlW zXL5VvUBFACNUMtqwzAQPNdfoZscMPYHVPGl9EMUad0I1rtBWuE86L9XVkICxZQeh3nszpijzDg2 SpkD+4tiQrZ+r6d8vQb6and6VIUsdHIxnGSsQKkpk5PApJ7CW/O2Ep5dnoGkX+N6xyQFfPog9oCw l5jh/ZcQzuA+eJ4t+VYnQHBiEXW3ajvKiLs/HYESRFlbPCza1Eq1z2iGCvR/Mjh6iOAxJNm4vgTy vPTbAblwupsspk2T8OllXGIQaIvivuT3fd7hta8Z6uvN4/cfUEsHCMehXzrHAAAAogEAAFBLAwQU AAgACADlWHxIAAAAAAAAAAAAAAAAFgAQAGNyYXNoX2Nhc2UvcmVwb3J0Lmh0bWxVWAwAzXL5Vs1y +Vb1ARQAHY0xDoQgFER7TzGxQRvpd4G7IMruT4Bv5Fvo6UWnm0zeG/OXnFwHmJmXE1wS+8WqeFwX ld8wKoc2thiKu88rUPdgFcU8PaRqXc602h4bVxLi8qnihcIXPfQr1o/ZdUa/VzdQSwcItSdwYWIA AABxAAAAUEsBAhUDCgAAAAAAUHaiSAAAAAAAAAAAAAAAAAsADAAAAAAAAAAAQO1BAAAAAGNyYXNo X2Nhc2UvVVgIAKXLJ1eoyydXUEsBAhUDFAAIAAgA5Vh8SMehXzrHAAAAogEAABMADAAAAAAAAAAA QKSBOQAAAGNyYXNoX2Nhc2UvaWZtLmh0bWxVWAgAzXL5Vs1y+VZQSwECFQMUAAgACADlWHxItSdw YWIAAABxAAAAFgAMAAAAAAAAAABApIFRAQAAY3Jhc2hfY2FzZS9yZXBvcnQuaHRtbFVYCADNcvlW zXL5VlBLBQYAAAAAAwADAOIAAAAHAgAAAAA= 278035 2016-05-03 15:45:30 -0700 2016-05-04 00:44:03 -0700 Patch bug-157282-20160503154609.patch text/plain 1773 jiewen_tan U3VidmVyc2lvbiBSZXZpc2lvbjogMjAwMjczCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggMWQyYWFlMjA1NjQ2NDZh NTY4ZGUxM2Y3NWNkYjQ5ZjY4Yjc1MDI3OC4uNzNjZjc4ZGQxMzFkMDMyNThkZmFiODUxZjQ5MjRi NmMwOTVmYTgzNCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE4IEBACisyMDE2LTA1LTAzICBKaWV3 ZW4gVGFuICA8amlld2VuX3RhbkBhcHBsZS5jb20+CisKKyAgICAgICAgQ3Jhc2hUcmFjZXI6IFtV U0VSXSBjb20uYXBwbGUuV2ViS2l0LldlYkNvbnRlbnQgYXQg4oCmcGxlLldlYkNvcmU6IFdlYkNv cmU6OkVkaXRDb21tYW5kQ29tcG9zaXRpb246OnVuYXBwbHkgKyAxMDUKKyAgICAgICAgaHR0cHM6 Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE1NzI4MgorICAgICAgICA8cmRhcjov L3Byb2JsZW0vMjUzOTE0NDE+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISku CisKKyAgICAgICAgQSBmcmFtZSBjb3VsZCBiZSBkZXN0cm95ZWQgaW4gdGhlIG1pZGRsZSBvZiBl eGVjdXRpbmcgdW5kby9yZWRvIGNvbW1hbmQuCisgICAgICAgIFRoZXJlZm9yZSwgYWRkIGFuIGVh cmx5IHJldHVybi4KKworICAgICAgICAqIGVkaXRpbmcvQ29tcG9zaXRlRWRpdENvbW1hbmQuY3Bw OgorICAgICAgICAoV2ViQ29yZTo6RWRpdENvbW1hbmRDb21wb3NpdGlvbjo6dW5hcHBseSk6Cisg ICAgICAgIChXZWJDb3JlOjpFZGl0Q29tbWFuZENvbXBvc2l0aW9uOjpyZWFwcGx5KToKKwogMjAx Ni0wNC0yOSAgRXJpYyBDYXJsc29uICA8ZXJpYy5jYXJsc29uQGFwcGxlLmNvbT4KIAogICAgICAg ICBbaU9TXSBkbyBub3QgZXhpdCBBaXJQbGF5IHdoZW4gdGhlIHNjcmVlbiBsb2NrcwpkaWZmIC0t Z2l0IGEvU291cmNlL1dlYkNvcmUvZWRpdGluZy9Db21wb3NpdGVFZGl0Q29tbWFuZC5jcHAgYi9T b3VyY2UvV2ViQ29yZS9lZGl0aW5nL0NvbXBvc2l0ZUVkaXRDb21tYW5kLmNwcAppbmRleCA2NDlk ODQ5MjVhZmQxOGNjOWI4MzYyYjBkMjkzNzNkNWUwYmI2NGRkLi43NzE2NWJmYjliY2NkZmExNTc2 NDgwNTU2NDlhYjRlYzE0YjlkYjE0IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9lZGl0aW5n L0NvbXBvc2l0ZUVkaXRDb21tYW5kLmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9lZGl0aW5nL0Nv bXBvc2l0ZUVkaXRDb21tYW5kLmNwcApAQCAtMjEyLDcgKzIxMiw4IEBAIHZvaWQgRWRpdENvbW1h bmRDb21wb3NpdGlvbjo6dW5hcHBseSgpCiB7CiAgICAgQVNTRVJUKG1fZG9jdW1lbnQpOwogICAg IFJlZlB0cjxGcmFtZT4gZnJhbWUgPSBtX2RvY3VtZW50LT5mcmFtZSgpOwotICAgIEFTU0VSVChm cmFtZSk7CisgICAgaWYgKCFmcmFtZSkKKyAgICAgICAgcmV0dXJuOwogCiAgICAgbV9yZXBsYWNl ZFRleHQuY2FwdHVyZVRleHRUb0JlRGVsZXRlZEJ5VW5hcHBseSgpOwogCkBAIC0yNDMsNyArMjQ0 LDggQEAgdm9pZCBFZGl0Q29tbWFuZENvbXBvc2l0aW9uOjpyZWFwcGx5KCkKIHsKICAgICBBU1NF UlQobV9kb2N1bWVudCk7CiAgICAgUmVmUHRyPEZyYW1lPiBmcmFtZSA9IG1fZG9jdW1lbnQtPmZy YW1lKCk7Ci0gICAgQVNTRVJUKGZyYW1lKTsKKyAgICBpZiAoIWZyYW1lKQorICAgICAgICByZXR1 cm47CiAKICAgICBtX3JlcGxhY2VkVGV4dC5jYXB0dXJlVGV4dFRvQmVEZWxldGVkQnlSZWFwcGx5 KCk7CiAK