Bug 156842 - REGRESSION (r199734): WebKit crashes loading numerous websites in iOS Simulator
Summary: REGRESSION (r199734): WebKit crashes loading numerous websites in iOS Simulator
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Local Build
Hardware: iPhone / iPad All
: P1 Blocker
Assignee: Andy Estes
URL:
Keywords: InRadar, Regression
Depends on: 156720
Blocks:
  Show dependency treegraph
 
Reported: 2016-04-21 03:05 PDT by Andy Estes
Modified: 2019-05-03 19:21 PDT (History)
12 users (show)

See Also:


Attachments
Patch (1.51 KB, patch)
2016-04-21 03:50 PDT, Andy Estes
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andy Estes 2016-04-21 03:05:19 PDT
Due to http://trac.webkit.org/changeset/199734, Safari in iOS Simulator crashes loading most sites, including apple.com and webkit.org.


Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGBUS)
Exception Codes:       KERN_PROTECTION_FAILURE at 0x000005f45b2511ff
Exception Note:        EXC_CORPSE_NOTIFY

VM Regions Near 0x5f45b2511ff:
    JS JIT generated code  000005f45b250000-000005f45b251000 [    4K] rwx/rwx SM=SHM  
--> JS JIT generated code  000005f45b251000-000005f49b250000 [  1.0G] r-x/rwx SM=SHM  
    JS JIT generated code  000005f49b250000-000005f49b251000 [    4K] ---/rwx SM=NUL  

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   JavaScriptCore                	0x0000000110fd38c2 JSC::X86Assembler::setInt32(void*, int) + 18 (X86Assembler.h:2975)
1   JavaScriptCore                	0x0000000110fd387f JSC::X86Assembler::setRel32(void*, void*) + 111 (X86Assembler.h:2989)
2   JavaScriptCore                	0x0000000111316645 JSC::X86Assembler::linkJump(void*, JSC::AssemblerLabel, void*) + 101 (X86Assembler.h:2720)
3   JavaScriptCore                	0x00000001113168ac JSC::AbstractMacroAssembler<JSC::X86Assembler, JSC::MacroAssemblerX86Common>::linkJump(void*, JSC::AbstractMacroAssembler<JSC::X86Assembler, JSC::MacroAssemblerX86Common>::Jump, JSC::CodeLocationLabel) + 60 (AbstractMacroAssembler.h:968)
4   JavaScriptCore                	0x000000011130fe7b JSC::LinkBuffer::link(JSC::AbstractMacroAssembler<JSC::X86Assembler, JSC::MacroAssemblerX86Common>::Jump, JSC::CodeLocationLabel) + 91 (LinkBuffer.h:145)
5   JavaScriptCore                	0x000000011168387d JSC::LinkBuffer::link(JSC::AbstractMacroAssembler<JSC::X86Assembler, JSC::MacroAssemblerX86Common>::JumpList const&, JSC::CodeLocationLabel) + 125 (LinkBuffer.h:149)
6   JavaScriptCore                	0x0000000111a97239 JSC::SpecializedThunkJIT::finalize(JSC::MacroAssemblerCodePtr, char const*) + 153 (SpecializedThunkJIT.h:174)
7   JavaScriptCore                	0x0000000111a97450 JSC::charAtThunkGenerator(JSC::VM*) + 208 (ThunkGenerators.cpp:586)
8   JavaScriptCore                	0x00000001116a6697 JSC::JITThunks::hostFunctionStub(JSC::VM*, long long (*)(JSC::ExecState*), JSC::MacroAssemblerCodeRef (*)(JSC::VM*), JSC::Intrinsic, WTF::String const&) + 983 (JITThunks.cpp:112)
9   JavaScriptCore                	0x0000000111ac8562 JSC::VM::getHostFunction(long long (*)(JSC::ExecState*), JSC::Intrinsic, WTF::String const&) + 210 (VM.cpp:510)
10  JavaScriptCore                	0x00000001116f7a4e JSC::JSFunction::lookUpOrCreateNativeExecutable(JSC::VM&, long long (*)(JSC::ExecState*), JSC::Intrinsic, long long (*)(JSC::ExecState*), WTF::String const&) + 142 (JSFunction.cpp:92)
11  JavaScriptCore                	0x00000001116f7abf JSC::JSFunction::create(JSC::VM&, JSC::JSGlobalObject*, int, WTF::String const&, long long (*)(JSC::ExecState*), JSC::Intrinsic, long long (*)(JSC::ExecState*)) + 63 (JSFunction.cpp:100)
12  JavaScriptCore                	0x0000000111784087 JSC::JSObject::putDirectNativeFunctionWithoutTransition(JSC::VM&, JSC::JSGlobalObject*, JSC::PropertyName const&, unsigned int, long long (*)(JSC::ExecState*), JSC::Intrinsic, unsigned int) + 247 (JSObject.cpp:2622)
13  JavaScriptCore                	0x0000000111a57256 JSC::StringPrototype::finishCreation(JSC::VM&, JSC::JSGlobalObject*, JSC::JSString*) + 662 (StringPrototype.cpp:132)
14  JavaScriptCore                	0x0000000111a5c833 JSC::StringPrototype::create(JSC::VM&, JSC::JSGlobalObject*, JSC::Structure*) + 115 (StringPrototype.cpp:187)
15  JavaScriptCore                	0x000000011170280f JSC::JSGlobalObject::init(JSC::VM&) + 16735 (JSGlobalObject.cpp:400)
16  com.apple.WebCore             	0x00000001148cce5c JSC::JSGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*) + 124 (JSGlobalObject.h:394)
17  com.apple.WebCore             	0x00000001148ccd7a WebCore::JSDOMGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*) + 58 (JSDOMGlobalObject.cpp:114)
18  com.apple.WebCore             	0x000000011496ab68 WebCore::JSDOMWindowBase::finishCreation(JSC::VM&, WebCore::JSDOMWindowShell*) + 72 (JSDOMWindowBase.cpp:80)
19  com.apple.WebCore             	0x0000000114901ed6 WebCore::JSDOMWindow::finishCreation(JSC::VM&, WebCore::JSDOMWindowShell*) + 70 (JSDOMWindow.cpp:5816)
20  com.apple.WebCore             	0x0000000114988a09 WebCore::JSDOMWindow::create(JSC::VM&, JSC::Structure*, WTF::Ref<WebCore::DOMWindow>&&, WebCore::JSDOMWindowShell*) + 137 (JSDOMWindow.h:38)
21  com.apple.WebCore             	0x0000000114988545 WebCore::JSDOMWindowShell::setWindow(WTF::PassRefPtr<WebCore::DOMWindow>) + 341 (JSDOMWindowShell.cpp:86)
22  com.apple.WebCore             	0x00000001149883af WebCore::JSDOMWindowShell::finishCreation(JSC::VM&, WTF::PassRefPtr<WebCore::DOMWindow>) + 143 (JSDOMWindowShell.cpp:56)
23  com.apple.WebCore             	0x00000001156262dc WebCore::JSDOMWindowShell::create(JSC::VM&, WTF::PassRefPtr<WebCore::DOMWindow>, JSC::Structure*, WebCore::DOMWrapperWorld&) + 140 (JSDOMWindowShell.h:56)
24  com.apple.WebCore             	0x0000000115626135 WebCore::ScriptController::createWindowShell(WebCore::DOMWrapperWorld&) + 229 (ScriptController.cpp:133)
25  com.apple.WebCore             	0x0000000115626e3d WebCore::ScriptController::initScript(WebCore::DOMWrapperWorld&) + 125 (ScriptController.cpp:252)
26  com.apple.WebKit              	0x00000001094318d1 WebCore::ScriptController::windowShell(WebCore::DOMWrapperWorld&) + 145 (ScriptController.h:90)
27  com.apple.WebKit              	0x00000001094310cd WebCore::ScriptController::globalObject(WebCore::DOMWrapperWorld&) + 29 (ScriptController.h:99)
28  com.apple.WebKit              	0x0000000109605626 WebKit::WebFrame::jsContextForWorld(WebKit::InjectedBundleScriptWorld*) + 54 (WebFrame.cpp:482)
29  com.apple.WebKit              	0x0000000109abdd18 -[WKWebProcessPlugInFrame jsContextForWorld:] + 88 (WKWebProcessPlugInFrame.mm:66)
30  com.apple.mobilesafari.Safari 	0x0000000120d7901b 0x120d74000 + 20507
31  com.apple.WebKit              	0x0000000109aba9d9 globalObjectIsAvailableForFrame(OpaqueWKBundlePage const*, OpaqueWKBundleFrame const*, OpaqueWKBundleScriptWorld const*, void const*) + 265 (WKWebProcessPlugInBrowserContextController.mm:114)
32  com.apple.WebKit              	0x000000010921d36c WebKit::InjectedBundlePageLoaderClient::globalObjectIsAvailableForFrame(WebKit::WebPage*, WebKit::WebFrame*, WebCore::DOMWrapperWorld&) + 172 (InjectedBundlePageLoaderClient.cpp:303)
33  com.apple.WebKit              	0x0000000109613586 WebKit::WebFrameLoaderClient::dispatchGlobalObjectAvailable(WebCore::DOMWrapperWorld&) + 86 (WebFrameLoaderClient.cpp:1599)
34  com.apple.WebCore             	0x00000001142aa991 WebCore::FrameLoader::dispatchGlobalObjectAvailableInAllWorlds() + 145 (FrameLoader.cpp:3451)
35  com.apple.WebCore             	0x00000001142aa457 WebCore::FrameLoader::receivedFirstData() + 55 (FrameLoader.cpp:642)
36  com.apple.WebCore             	0x0000000113f61181 WebCore::DocumentLoader::commitData(char const*, unsigned long) + 337 (DocumentLoader.cpp:879)
37  com.apple.WebKit              	0x000000010960ff3f WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 79 (WebFrameLoaderClient.cpp:950)
38  com.apple.WebCore             	0x0000000113f6415d WebCore::DocumentLoader::commitLoad(char const*, int) + 205 (DocumentLoader.cpp:832)
39  com.apple.WebCore             	0x0000000113f649f9 WebCore::DocumentLoader::dataReceived(WebCore::CachedResource*, char const*, int) + 585 (DocumentLoader.cpp:943)
40  com.apple.WebCore             	0x0000000113ad07e8 WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) + 152 (CachedRawResource.cpp:118)
41  com.apple.WebCore             	0x0000000113ad0672 WebCore::CachedRawResource::addDataBuffer(WebCore::SharedBuffer&) + 194 (CachedRawResource.cpp:70)
42  com.apple.WebCore             	0x000000011589d0f5 WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::PassRefPtr<WebCore::SharedBuffer>, long long, WebCore::DataPayloadType) + 485 (SubresourceLoader.cpp:322)
43  com.apple.WebCore             	0x000000011589d212 WebCore::SubresourceLoader::didReceiveBuffer(WTF::PassRefPtr<WebCore::SharedBuffer>, long long, WebCore::DataPayloadType) + 66 (SubresourceLoader.cpp:303)
44  com.apple.WebKit              	0x00000001098d05ad WebKit::WebResourceLoader::didReceiveResource(WebKit::ShareableResource::Handle const&, double) + 765 (WebResourceLoader.cpp:206)
45  com.apple.WebKit              	0x00000001098d582d void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&, double), std::__1::tuple<WebKit::ShareableResource::Handle, double>, 0ul, 1ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&, double), std::__1::tuple<WebKit::ShareableResource::Handle, double>&&, std::index_sequence<0ul, 1ul>) + 189 (HandleMessage.h:17)
46  com.apple.WebKit              	0x00000001098d5608 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&, double), std::__1::tuple<WebKit::ShareableResource::Handle, double>, std::make_index_sequence<2ul> >(std::__1::tuple<WebKit::ShareableResource::Handle, double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&, double)) + 88 (HandleMessage.h:23)
47  com.apple.WebKit              	0x00000001098d4823 void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveResource, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&, double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&, double)) + 291 (HandleMessage.h:93)
48  com.apple.WebKit              	0x00000001098d3d1e WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) + 1038 (WebResourceLoaderMessageReceiver.cpp:81)
49  com.apple.WebKit              	0x000000010936b28d WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 157 (NetworkProcessConnection.cpp:60)
50  com.apple.WebKit              	0x000000010913fa93 IPC::Connection::dispatchMessage(IPC::MessageDecoder&) + 51 (Connection.cpp:896)
51  com.apple.WebKit              	0x0000000109135422 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 770 (Connection.cpp:928)
52  com.apple.WebKit              	0x0000000109140080 IPC::Connection::dispatchOneMessage() + 1504 (Connection.cpp:957)
53  com.apple.WebKit              	0x00000001091623bd IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const + 29 (Connection.cpp:890)
54  com.apple.WebKit              	0x000000010916238d void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&>(IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&&&) + 45 (__functional_base:469)
55  com.apple.WebKit              	0x00000001091621f9 std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10>, void ()>::operator()() + 41 (functional:1437)
56  JavaScriptCore                	0x000000011156b5ea std::__1::function<void ()>::operator()() const + 26 (functional:1817)
57  JavaScriptCore                	0x0000000111b79e67 WTF::RunLoop::performWork() + 631 (RunLoop.cpp:123)
58  JavaScriptCore                	0x0000000111b7a4d4 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38)
59  com.apple.CoreFoundation      	0x000000010c0017e1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
60  com.apple.CoreFoundation      	0x000000010bfe6637 __CFRunLoopDoSources0 + 423
61  com.apple.CoreFoundation      	0x000000010bfe5ba6 __CFRunLoopRun + 918
62  com.apple.CoreFoundation      	0x000000010bfe55ad CFRunLoopRunSpecific + 285
63  com.apple.Foundation          	0x0000000108b4b600 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 274
64  com.apple.Foundation          	0x0000000108b4b4db -[NSRunLoop(NSRunLoop) run] + 76
65  libxpc.dylib                  	0x000000010d801759 _xpc_objc_main + 400
66  libxpc.dylib                  	0x000000010d803a84 xpc_main + 189
67  com.apple.WebKit.WebContent.Development	0x0000000108ab1dcc main + 892 (XPCServiceMain.mm:114)
68  libdyld.dylib                 	0x000000010d508679 st
Comment 1 Radar WebKit Bug Importer 2016-04-21 03:07:19 PDT
<rdar://problem/25850543>
Comment 2 Andy Estes 2016-04-21 03:50:42 PDT
Created attachment 276906 [details]
Patch
Comment 3 Daniel Bates 2016-04-21 08:56:49 PDT
Comment on attachment 276906 [details]
Patch

r=me
Comment 4 Oliver Hunt 2016-04-21 09:23:28 PDT
Ugh, sorry!
Comment 5 WebKit Commit Bot 2016-04-21 09:44:31 PDT
Comment on attachment 276906 [details]
Patch

Clearing flags on attachment: 276906

Committed r199820: <http://trac.webkit.org/changeset/199820>
Comment 6 WebKit Commit Bot 2016-04-21 09:44:35 PDT
All reviewed patches have been landed.  Closing bug.