Bug 149303

Summary:

Null dereference loading Blink layout test fast/frames/navigation-in-pagehide.html

Product:

WebKit

Reporter:

Jon Honeycutt <jhoneycutt>

Component:

Page Loading

Assignee:

Jiewen Tan <jiewen_tan>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bfulgham, commit-queue, jhoneycutt, jiewen_tan, webkit-bug-importer

Priority:

Keywords:

BlinkMergeCandidate, HasReduction, InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
crashing test	none
Patch	none

Jon Honeycutt

Reported 2015-09-17 15:22:22 PDT

Created attachment 261437 [details] crashing test Null dereference loading Blink layout test fast/frames/navigation-in-pagehide.html. Stack trace: Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY VM Regions Near 0: --> __TEXT 000000010c178000-000000010c17a000 [ 8K] r-x/rwx SM=COW /Users/USER/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development Application Specific Information: CRASHING TEST: temp-tests/fast/frames/navigation-in-pagehide.html Global Trace Buffer (reverse chronological seconds): 18446744023.973217 CFNetwork 0x00007fff88d43b97 Explicitly setting CF cookie storage singleton 18446744023.973648 CFNetwork 0x00007fff88d8f211 Explicitly setting cookie storage singleton Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000001140b3df7 WTF::HashTableAddResult<WTF::HashTableIterator<char const*, WTF::KeyValuePair<char const*, std::__1::unique_ptr<WebCore::Supplement<WebCore::Page>, std::__1::default_delete<WebCore::Supplement<WebCore::Page> > > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<char const*, std::__1::unique_ptr<WebCore::Supplement<WebCore::Page>, std::__1::default_delete<WebCore::Supplement<WebCore::Page> > > > >, WTF::PtrHash<char const*>, WTF::HashMap<char const*, std::__1::unique_ptr<WebCore::Supplement<WebCore::Page>, std::__1::default_delete<WebCore::Supplement<WebCore::Page> > >, WTF::PtrHash<char const*>, WTF::HashTraits<char const*>, WTF::HashTraits<std::__1::unique_ptr<WebCore::Supplement<WebCore::Page>, std::__1::default_delete<WebCore::Supplement<WebCore::Page> > > > >::KeyValuePairTraits, WTF::HashTraits<char const*> > > WTF::HashMap<char const*, std::__1::unique_ptr<WebCore::Supplement<WebCore::Page>, std::__1::default_delete<WebCore::Supplement<WebCore::Page> > >, WTF::PtrHash<char const*>, WTF::HashTraits<char const*>, WTF::HashTraits<std::__1::unique_ptr<WebCore::Supplement<WebCore::Page>, std::__1::default_delete<WebCore::Supplement<WebCore::Page> > > > >::inlineSet<char const* const&, std::__1::unique_ptr<WebCore::Supplement<WebCore::Page>, std::__1::default_delete<WebCore::Supplement<WebCore::Page> > > >(char const* const&&&, std::__1::unique_ptr<WebCore::Supplement<WebCore::Page>, std::__1::default_delete<WebCore::Supplement<WebCore::Page> > >&&) + 23 (HashTable.h:854) 1 com.apple.WebCore 0x0000000114dce604 WebCore::provideUserMediaTo(WebCore::Page*, WebCore::UserMediaClient*) + 116 (memory:2655) 2 libWebCoreTestSupport.dylib 0x00000001165b97c8 WebCore::Internals::create(WebCore::Document*) + 40 (PassRefPtr.h:82) 3 libWebCoreTestSupport.dylib 0x000000011660bb10 WebCoreTestSupport::injectInternalsObject(OpaqueJSContext const*) + 192 (PassRefPtr.h:63) 4 WebKitTestRunnerInjectedBundle 0x00000001165348a3 WTR::InjectedBundlePage::didClearWindowForFrame(OpaqueWKBundleFrame const*, OpaqueWKBundleScriptWorld const*) + 285 (InjectedBundlePage.cpp:974) 5 com.apple.WebKit 0x00000001125f24b4 WebKit::InjectedBundlePageLoaderClient::didClearWindowObjectForFrame(WebKit::WebPage*, WebKit::WebFrame*, WebCore::DOMWrapperWorld&) + 94 (StdLibExtras.h:366) 6 com.apple.WebCore 0x00000001142687cd WebCore::FrameLoader::dispatchDidClearWindowObjectInWorld(WebCore::DOMWrapperWorld&) + 141 (FrameLoader.cpp:3366) 7 com.apple.WebCore 0x000000011425a50b WebCore::FrameLoader::dispatchDidClearWindowObjectsInAllWorlds() + 107 (FrameLoader.cpp:3355) 8 com.apple.WebCore 0x000000011425a7d3 WebCore::FrameLoader::didBeginDocument(bool) + 211 (FrameLoader.cpp:701) 9 com.apple.WebCore 0x0000000114109578 WebCore::DocumentWriter::begin(WebCore::URL const&, bool, WebCore::Document*) + 696 (Ref.h:115) 10 com.apple.WebCore 0x00000001141091b3 WebCore::DocumentWriter::replaceDocument(WTF::String const&, WebCore::Document*) + 67 (RefPtr.h:71) 11 com.apple.WebCore 0x0000000114b63800 WebCore::ScriptController::executeIfJavaScriptURL(WebCore::URL const&, WebCore::ShouldReplaceDocumentIfJavaScriptURL) + 464 (RefCounted.h:99) 12 com.apple.WebCore 0x0000000114c9508f WebCore::SubframeLoader::requestFrame(WebCore::HTMLFrameOwnerElement&, WTF::String const&, WTF::AtomicString const&, WebCore::LockHistory, WebCore::LockBackForwardList) + 815 (SubframeLoader.cpp:92) 13 com.apple.WebCore 0x00000001143234ab WebCore::HTMLFrameElementBase::openURL(WebCore::LockHistory, WebCore::LockBackForwardList) + 187 (HTMLFrameElementBase.cpp:91) 14 com.apple.WebCore 0x00000001143237c6 WebCore::HTMLFrameElementBase::setLocation(WTF::String const&) + 166 (HTMLFrameElementBase.cpp:182) 15 com.apple.WebCore 0x000000011432362e WebCore::HTMLFrameElementBase::parseAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) + 366 (StdLibExtras.h:366) 16 com.apple.WebCore 0x00000001141ad4c8 WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&, WebCore::Element::AttributeModificationReason) + 712 (Document.h:942) 17 com.apple.WebCore 0x00000001141b3aa4 WebCore::Element::didModifyAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&) + 36 (InspectorInstrumentation.h:285) 18 com.apple.WebCore 0x00000001141b4841 WebCore::Element::setAttributeInternal(unsigned int, WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) + 465 (StdLibExtras.h:366) 19 com.apple.WebCore 0x00000001145d365a WebCore::setJSHTMLIFrameElementSrc(JSC::ExecState*, JSC::JSObject*, long long, long long) + 410 (StdLibExtras.h:366) 20 com.apple.JavaScriptCore 0x00000001137a0e0c JSC::JSObject::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 1468 (CustomGetterSetter.h:52) 21 com.apple.JavaScriptCore 0x000000011383a973 llint_slow_path_put_by_id + 531 (JSCJSValueInlines.h:751) 22 com.apple.JavaScriptCore 0x0000000113847ae5 llint_entry + 11294 23 com.apple.JavaScriptCore 0x000000011384a76f llint_entry + 22696 24 com.apple.JavaScriptCore 0x0000000113844ce4 vmEntryToJavaScript + 299 25 com.apple.JavaScriptCore 0x00000001137052d9 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 169 (JITCode.cpp:82) 26 com.apple.JavaScriptCore 0x00000001136eba10 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 10448 (Interpreter.cpp:945) 27 com.apple.JavaScriptCore 0x00000001133fe4c5 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 469 (Completion.cpp:104) 28 com.apple.WebCore 0x0000000114b618ec WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) + 284 (JSMainThreadExecState.h:62) 29 com.apple.WebCore 0x0000000114b635f0 WebCore::ScriptController::executeScript(WTF::String const&, bool) + 320 (Ref.h:55) 30 com.apple.WebCore 0x0000000114b63716 WebCore::ScriptController::executeIfJavaScriptURL(WebCore::URL const&, WebCore::ShouldReplaceDocumentIfJavaScriptURL) + 230 (StdLibExtras.h:366) 31 com.apple.WebCore 0x0000000114c9508f WebCore::SubframeLoader::requestFrame(WebCore::HTMLFrameOwnerElement&, WTF::String const&, WTF::AtomicString const&, WebCore::LockHistory, WebCore::LockBackForwardList) + 815 (SubframeLoader.cpp:92) 32 com.apple.WebCore 0x00000001143234ab WebCore::HTMLFrameElementBase::openURL(WebCore::LockHistory, WebCore::LockBackForwardList) + 187 (HTMLFrameElementBase.cpp:91) 33 com.apple.WebCore 0x00000001143237c6 WebCore::HTMLFrameElementBase::setLocation(WTF::String const&) + 166 (HTMLFrameElementBase.cpp:182) 34 com.apple.WebCore 0x000000011432362e WebCore::HTMLFrameElementBase::parseAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) + 366 (StdLibExtras.h:366) 35 com.apple.WebCore 0x00000001141ad4c8 WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&, WebCore::Element::AttributeModificationReason) + 712 (Document.h:942) 36 com.apple.WebCore 0x00000001141b3aa4 WebCore::Element::didModifyAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&) + 36 (InspectorInstrumentation.h:285) 37 com.apple.WebCore 0x00000001141b4841 WebCore::Element::setAttributeInternal(unsigned int, WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) + 465 (StdLibExtras.h:366) 38 com.apple.WebCore 0x00000001145d365a WebCore::setJSHTMLIFrameElementSrc(JSC::ExecState*, JSC::JSObject*, long long, long long) + 410 (StdLibExtras.h:366) 39 com.apple.JavaScriptCore 0x00000001137a0e0c JSC::JSObject::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 1468 (CustomGetterSetter.h:52) 40 com.apple.JavaScriptCore 0x000000011383a973 llint_slow_path_put_by_id + 531 (JSCJSValueInlines.h:751) 41 com.apple.JavaScriptCore 0x0000000113847ae5 llint_entry + 11294 42 com.apple.JavaScriptCore 0x0000000113844ce4 vmEntryToJavaScript + 299 43 com.apple.JavaScriptCore 0x00000001137052d9 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 169 (JITCode.cpp:82) 44 com.apple.JavaScriptCore 0x00000001136ebd12 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 450 (Interpreter.cpp:1008) 45 com.apple.JavaScriptCore 0x00000001133b78b7 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 71 (MarkedBlock.h:241) 46 com.apple.WebCore 0x0000000114572fa4 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 996 (JSMainThreadExecState.h:56) 47 com.apple.WebCore 0x00000001141d94db WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow, 16ul>&) + 635 (InspectorInstrumentation.h:285) 48 com.apple.WebCore 0x00000001141d91a0 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 224 (EventTarget.cpp:208) 49 com.apple.WebCore 0x0000000114165bf4 WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 260 (DOMWindow.cpp:1900) 50 com.apple.WebCore 0x0000000114259538 WebCore::FrameLoader::stopLoading(WebCore::UnloadEventPolicy) + 312 (StdLibExtras.h:366) 51 com.apple.WebCore 0x0000000114265c0d WebCore::FrameLoader::detachFromParent() + 109 (FrameLoader.cpp:537) 52 com.apple.WebCore 0x0000000114323fff WebCore::HTMLFrameOwnerElement::disconnectContentFrame() + 31 (HTMLFrameOwnerElement.cpp:84) 53 com.apple.WebCore 0x0000000113f7e91b WebCore::disconnectSubframes(WebCore::ContainerNode&, WebCore::SubframeDisconnectPolicy) + 267 (ContainerNodeAlgorithms.cpp:171) 54 com.apple.WebCore 0x00000001140cf8db WebCore::Document::prepareForDestruction() + 299 (RefPtr.h:75) 55 com.apple.WebCore 0x0000000114259d7e WebCore::FrameLoader::clear(WebCore::Document*, bool, bool, bool) + 142 (FrameLoader.cpp:610) 56 com.apple.WebCore 0x00000001141093f5 WebCore::DocumentWriter::begin(WebCore::URL const&, bool, WebCore::Document*) + 309 (StdLibExtras.h:366) 57 com.apple.WebCore 0x00000001141091b3 WebCore::DocumentWriter::replaceDocument(WTF::String const&, WebCore::Document*) + 67 (RefPtr.h:71) 58 com.apple.WebCore 0x0000000114b63800 WebCore::ScriptController::executeIfJavaScriptURL(WebCore::URL const&, WebCore::ShouldReplaceDocumentIfJavaScriptURL) + 464 (RefCounted.h:99) 59 com.apple.WebCore 0x0000000114c9508f WebCore::SubframeLoader::requestFrame(WebCore::HTMLFrameOwnerElement&, WTF::String const&, WTF::AtomicString const&, WebCore::LockHistory, WebCore::LockBackForwardList) + 815 (SubframeLoader.cpp:92) 60 com.apple.WebCore 0x00000001143234ab WebCore::HTMLFrameElementBase::openURL(WebCore::LockHistory, WebCore::LockBackForwardList) + 187 (HTMLFrameElementBase.cpp:91) 61 com.apple.WebCore 0x00000001143237c6 WebCore::HTMLFrameElementBase::setLocation(WTF::String const&) + 166 (HTMLFrameElementBase.cpp:182) 62 com.apple.WebCore 0x000000011432362e WebCore::HTMLFrameElementBase::parseAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) + 366 (StdLibExtras.h:366) 63 com.apple.WebCore 0x00000001141ad4c8 WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&, WebCore::Element::AttributeModificationReason) + 712 (Document.h:942) 64 com.apple.WebCore 0x00000001141b0c0e WebCore::Element::didAddAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) + 46 (InspectorInstrumentation.h:285) 65 com.apple.WebCore 0x00000001141b0bcb WebCore::Element::addAttributeInternal(WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) + 363 (Element.cpp:2034) 66 com.apple.WebCore 0x00000001145d365a WebCore::setJSHTMLIFrameElementSrc(JSC::ExecState*, JSC::JSObject*, long long, long long) + 410 (StdLibExtras.h:366) 67 com.apple.JavaScriptCore 0x00000001137a0e0c JSC::JSObject::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 1468 (CustomGetterSetter.h:52) 68 com.apple.JavaScriptCore 0x000000011383a973 llint_slow_path_put_by_id + 531 (JSCJSValueInlines.h:751) 69 com.apple.JavaScriptCore 0x0000000113847ae5 llint_entry + 11294 70 com.apple.JavaScriptCore 0x000000011384a76f llint_entry + 22696 71 com.apple.JavaScriptCore 0x000000011384a76f llint_entry + 22696 72 com.apple.JavaScriptCore 0x0000000113844ce4 vmEntryToJavaScript + 299 73 com.apple.JavaScriptCore 0x00000001137052d9 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 169 (JITCode.cpp:82) 74 com.apple.JavaScriptCore 0x00000001136eba10 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 10448 (Interpreter.cpp:945) 75 com.apple.JavaScriptCore 0x00000001133fe4c5 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 469 (Completion.cpp:104) 76 com.apple.WebCore 0x0000000114b618ec WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) + 284 (JSMainThreadExecState.h:62) 77 com.apple.WebCore 0x0000000114b635f0 WebCore::ScriptController::executeScript(WTF::String const&, bool) + 320 (Ref.h:55) 78 com.apple.WebCore 0x0000000114b63716 WebCore::ScriptController::executeIfJavaScriptURL(WebCore::URL const&, WebCore::ShouldReplaceDocumentIfJavaScriptURL) + 230 (StdLibExtras.h:366) 79 com.apple.WebCore 0x0000000114c9508f WebCore::SubframeLoader::requestFrame(WebCore::HTMLFrameOwnerElement&, WTF::String const&, WTF::AtomicString const&, WebCore::LockHistory, WebCore::LockBackForwardList) + 815 (SubframeLoader.cpp:92) 80 com.apple.WebCore 0x00000001143234ab WebCore::HTMLFrameElementBase::openURL(WebCore::LockHistory, WebCore::LockBackForwardList) + 187 (HTMLFrameElementBase.cpp:91) 81 com.apple.WebCore 0x0000000113f795ec WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) + 348 (ContainerNode.cpp:341) 82 com.apple.WebCore 0x0000000113f7909e WebCore::ContainerNode::updateTreeAfterInsertion(WebCore::Node&) + 30 (ContainerNode.cpp:826) 83 com.apple.WebCore 0x0000000113f78ead WebCore::ContainerNode::appendChild(WTF::Ref<WebCore::Node>&&, int&) + 509 (ContainerNode.cpp:691) 84 com.apple.WebCore 0x00000001148e7688 WebCore::Node::appendChild(WTF::PassRefPtr<WebCore::Node>, int&) + 56 (Node.cpp:479) 85 com.apple.WebCore 0x000000011468a1b9 WebCore::JSNode::appendChild(JSC::ExecState*) + 73 (JSNodeCustom.cpp:149) 86 ??? 0x000022f44fa01028 0 + 38432703254568 87 com.apple.JavaScriptCore 0x000000011384a76f llint_entry + 22696 88 com.apple.JavaScriptCore 0x000000011384a76f llint_entry + 22696 89 com.apple.JavaScriptCore 0x0000000113844ce4 vmEntryToJavaScript + 299 90 com.apple.JavaScriptCore 0x00000001137052d9 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 169 (JITCode.cpp:82) 91 com.apple.JavaScriptCore 0x00000001136ebd12 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 450 (Interpreter.cpp:1008) 92 com.apple.JavaScriptCore 0x00000001133b78b7 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 71 (MarkedBlock.h:241) 93 com.apple.WebCore 0x0000000114572fa4 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 996 (JSMainThreadExecState.h:56) 94 com.apple.WebCore 0x00000001141d94db WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow, 16ul>&) + 635 (InspectorInstrumentation.h:285) 95 com.apple.WebCore 0x00000001141d91a0 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 224 (EventTarget.cpp:208) 96 com.apple.WebCore 0x0000000114165bf4 WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 260 (DOMWindow.cpp:1900) 97 com.apple.WebCore 0x000000011416b30b WebCore::DOMWindow::dispatchLoadEvent() + 347 (StdLibExtras.h:366) 98 com.apple.WebCore 0x00000001140ce294 WebCore::Document::implicitClose() + 324 (Document.cpp:4077) 99 com.apple.WebCore 0x000000011425b003 WebCore::FrameLoader::checkCompleted() + 275 (FrameLoader.cpp:839) 100 com.apple.WebCore 0x000000011425995b WebCore::FrameLoader::finishedParsing() + 123 (FrameLoader.cpp:760) 101 com.apple.WebCore 0x00000001140d9281 WebCore::Document::finishedParsing() + 417 (Frame.h:377) 102 com.apple.WebCore 0x0000000114305e05 WebCore::HTMLDocumentParser::prepareToStopParsing() + 165 (RefCounted.h:99) 103 com.apple.WebCore 0x000000011410969a WebCore::DocumentWriter::end() + 58 (StdLibExtras.h:366) 104 com.apple.WebCore 0x00000001140f19ec WebCore::DocumentLoader::finishedLoading(double) + 268 (ResourceErrorBase.h:42) 105 com.apple.WebCore 0x0000000113f22179 WebCore::CachedResource::checkNotify() + 153 (CachedResourceClientWalker.h:51) 106 com.apple.WebCore 0x0000000113f1e433 WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) + 227 (CachedRawResource.cpp:104) 107 com.apple.WebCore 0x0000000114c99501 WebCore::SubresourceLoader::didFinishLoading(double) + 1153 (ResourceLoader.h:154) 108 com.apple.WebKit 0x00000001127df98d WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) + 561 (HandleMessage.h:16) 109 com.apple.WebKit 0x00000001125b91f1 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 127 (memory:2636) 110 com.apple.WebKit 0x00000001125bbb4a IPC::Connection::dispatchOneMessage() + 126 (memory:2656) 111 com.apple.JavaScriptCore 0x00000001139fd985 WTF::RunLoop::performWork() + 437 (functional:1742) 112 com.apple.JavaScriptCore 0x00000001139fdd32 WTF::RunLoop::performWork(void*) + 34 (RunLoopCF.cpp:39) 113 com.apple.CoreFoundation 0x00007fff949e2c01 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 114 com.apple.CoreFoundation 0x00007fff949d4b1c __CFRunLoopDoSources0 + 556 115 com.apple.CoreFoundation 0x00007fff949d403f __CFRunLoopRun + 927 116 com.apple.CoreFoundation 0x00007fff949d3a38 CFRunLoopRunSpecific + 296 117 com.apple.HIToolbox 0x00007fff88e673bd RunCurrentEventLoopInMode + 235 118 com.apple.HIToolbox 0x00007fff88e67153 ReceiveNextEventCommon + 432 119 com.apple.HIToolbox 0x00007fff88e66f93 _BlockUntilNextEventMatchingListInModeWithFilter + 71 120 com.apple.AppKit 0x00007fff870b81e7 _DPSNextEvent + 1076 121 com.apple.AppKit 0x00007fff8748490d -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454 122 com.apple.AppKit 0x00007fff870ae0b8 -[NSApplication run] + 682 123 com.apple.AppKit 0x00007fff87030396 NSApplicationMain + 1176 124 libxpc.dylib 0x00007fff8c70ff70 _xpc_objc_main + 793 125 libxpc.dylib 0x00007fff8c7116bf xpc_main + 494 126 com.apple.WebKit.WebContent.Development 0x000000010c179424 main + 409 (XPCServiceMain.Development.mm:187) 127 libdyld.dylib 0x00007fff93aa15ad start + 1

Attachments
crashing test (1.56 KB, text/html) 2015-09-17 15:22 PDT, Jon Honeycutt	no flags	Details
Patch (3.26 KB, patch) 2016-01-12 11:21 PST, Jiewen Tan	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2015-09-17 15:22:52 PDT

<rdar://problem/22747634>

Brent Fulgham

Comment 2 2016-01-08 17:06:04 PST

We can no longer reproduce this crash. We think that other work on WebKit this cycle has corrected the cause of this bug, but we cannot identify what change fixed this crash.

Brent Fulgham

Comment 3 2016-01-11 11:20:08 PST

This test case needs to be added to our regression suite.

Jiewen Tan

Comment 4 2016-01-12 11:21:34 PST

Created attachment 268785 [details] Patch

Brent Fulgham

Comment 5 2016-01-12 11:38:59 PST

Comment on attachment 268785 [details] Patch r=me. I'll cq+ it so that it will land once the tests pass.

WebKit Commit Bot

Comment 6 2016-01-12 12:29:09 PST

Comment on attachment 268785 [details] Patch Clearing flags on attachment: 268785 Committed r194919: <http://trac.webkit.org/changeset/194919>

WebKit Commit Bot

Comment 7 2016-01-12 12:29:13 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.