132174 – REGRESSION: Local debug build of Safari cannot open a new tab

Bug 132174 - REGRESSION: Local debug build of Safari cannot open a new tab

Summary: REGRESSION: Local debug build of Safari cannot open a new tab

Status:	RESOLVED INVALID

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-04-25 00:02 PDT by Ryosuke Niwa
Modified:	2014-04-26 00:01 PDT (History)
CC List:	6 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ryosuke Niwa 2014-04-25 00:02:10 PDT

At r167792, WebProcess instantly hits the following assertion and never opens a tab:

Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef

VM Regions Near 0xbbadbeef:
--> 
    __TEXT                 00000001020e9000-00000001020ea000 [    4K] r-x/rwx SM=COW  /System/Library/StagedFrameworks/Safari/WebKit2.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x000000010488b0aa WTFCrash + 42 (Assertions.cpp:333)
1   com.apple.WebKit2             	0x00000001028460d4 void IPC::handleMessage<Messages::WebProcess::CreateWebPage, WebKit::WebProcess, void (WebKit::WebProcess::*)(unsigned long long, WebKit::WebPageCreationParameters const&)>(IPC::MessageDecoder&, WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned long long, WebKit::WebPageCreationParameters const&)) + 244 (HandleMessage.h:116)
2   com.apple.WebKit2             	0x0000000102844877 WebKit::WebProcess::didReceiveWebProcessMessage(IPC::Connection*, IPC::MessageDecoder&) + 295 (WebProcessMessageReceiver.cpp:59)
3   com.apple.WebKit2             	0x0000000102820698 WebKit::WebProcess::didReceiveMessage(IPC::Connection*, IPC::MessageDecoder&) + 168 (WebProcess.cpp:591)
4   com.apple.WebKit2             	0x0000000102142e03 IPC::Connection::dispatchMessage(IPC::MessageDecoder&) + 51 (Connection.cpp:771)
5   com.apple.WebKit2             	0x000000010213b170 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 368 (Connection.cpp:791)
6   com.apple.WebKit2             	0x0000000102142b91 IPC::Connection::dispatchOneMessage() + 1377 (Connection.cpp:817)
7   com.apple.WebKit2             	0x00000001021558b2 WTF::FunctionWrapper<void (IPC::Connection::*)()>::operator()(IPC::Connection*) + 114 (Functional.h:218)
8   com.apple.WebKit2             	0x0000000102155835 WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (IPC::Connection::*)()>, void (IPC::Connection*)>::operator()() + 53 (Functional.h:496)
9   com.apple.WebKit2             	0x000000010215cbb2 WTF::Function<void ()>::operator()() const + 114 (Functional.h:704)
10  com.apple.WebKit2             	0x000000010215cb2c std::__1::__function::__func<WTF::Function<void ()>, std::__1::allocator<WTF::Function<void ()> >, void ()>::operator()() + 60 (functional:1059)
11  com.apple.JavaScriptCore      	0x00000001048b359a std::__1::function<void ()>::operator()() const + 26 (functional:1435)
12  com.apple.JavaScriptCore      	0x00000001048c2b64 WTF::RunLoop::performWork() + 276 (RunLoop.cpp:106)
13  com.apple.JavaScriptCore      	0x00000001048c4024 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38)
14  com.apple.CoreFoundation      	0x00007fff88697731 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 (CFRunLoop.c:1767)
15  com.apple.CoreFoundation      	0x00007fff88688ea2 __CFRunLoopDoSources0 + 242 (CFRunLoop.c:1792)
16  com.apple.CoreFoundation      	0x00007fff8868862f __CFRunLoopRun + 831 (CFRunLoop.c:2513)
17  com.apple.CoreFoundation      	0x00007fff886880b5 CFRunLoopRunSpecific + 309 (CFRunLoop.c:2770)
18  com.apple.HIToolbox           	0x00007fff8634da0d RunCurrentEventLoopInMode + 226 (EventLoop.c:440)
19  com.apple.HIToolbox           	0x00007fff8634d7b7 ReceiveNextEventCommon + 479 (EventBlocking.c:264)
20  com.apple.HIToolbox           	0x00007fff8634d5bc _BlockUntilNextEventMatchingListInModeWithFilter + 65 (EventBlocking.c:161)
21  com.apple.AppKit              	0x00007fff8da293de _DPSNextEvent + 1434 (CGDPSReplacement.m:458)
22  com.apple.AppKit              	0x00007fff8da28a2b -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 122 (NSApplication.m:5085)
23  com.apple.AppKit              	0x00007fff8da1cb2c -[NSApplication run] + 553 (NSApplication.m:3445)
24  com.apple.AppKit              	0x00007fff8da07913 NSApplicationMain + 940 (NSApplication.m:9977)
25  com.apple.XPCService          	0x00007fff89194c0f _xpc_main + 385 (XPCServiceMain.m:349)
26  libxpc.dylib                  	0x00007fff8a9ebbde xpc_main + 399 (init.c:1080)
27  com.apple.WebKit.WebContent   	0x00000001020e9ba0 main + 16 (XPCServiceMain.mm:32)
28  libdyld.dylib                 	0x00007fff859435fd start + 1

Comment 1 Alexey Proskuryakov 2014-04-25 11:30:27 PDT

I cannot reproduce this with r167808.

Comment 2 Ryosuke Niwa 2014-04-25 20:39:52 PDT

It looks like this is specific to run-safari.  When I launch Safari from Xcode, I don't encounter this crash.

Comment 3 Mark Rowe (bdash) 2014-04-25 22:08:59 PDT

It looks like you're hitting:

    if (!decoder.decode(arguments)) {
        ASSERT(decoder.isInvalid());

Is that right?

Comment 4 Alexey Proskuryakov 2014-04-25 23:01:15 PDT

Doesn't happen for me with run-safari either. Sounds like you may need to debug on your machine where it happens. What makes decode() return false?

Or perhaps a clean rebuild would do it.

Comment 5 Ryosuke Niwa 2014-04-26 00:01:58 PDT

It does look like this is an issue with my local setup.  I can't reproduce on my MBP either.

Sorry about the noise.