WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
156842
REGRESSION (
r199734
): WebKit crashes loading numerous websites in iOS Simulator
https://bugs.webkit.org/show_bug.cgi?id=156842
Summary
REGRESSION (r199734): WebKit crashes loading numerous websites in iOS Simulator
Andy Estes
Reported
2016-04-21 03:05:19 PDT
Due to
http://trac.webkit.org/changeset/199734
, Safari in iOS Simulator crashes loading most sites, including apple.com and webkit.org. Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x000005f45b2511ff Exception Note: EXC_CORPSE_NOTIFY VM Regions Near 0x5f45b2511ff: JS JIT generated code 000005f45b250000-000005f45b251000 [ 4K] rwx/rwx SM=SHM --> JS JIT generated code 000005f45b251000-000005f49b250000 [ 1.0G] r-x/rwx SM=SHM JS JIT generated code 000005f49b250000-000005f49b251000 [ 4K] ---/rwx SM=NUL Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 JavaScriptCore 0x0000000110fd38c2 JSC::X86Assembler::setInt32(void*, int) + 18 (X86Assembler.h:2975) 1 JavaScriptCore 0x0000000110fd387f JSC::X86Assembler::setRel32(void*, void*) + 111 (X86Assembler.h:2989) 2 JavaScriptCore 0x0000000111316645 JSC::X86Assembler::linkJump(void*, JSC::AssemblerLabel, void*) + 101 (X86Assembler.h:2720) 3 JavaScriptCore 0x00000001113168ac JSC::AbstractMacroAssembler<JSC::X86Assembler, JSC::MacroAssemblerX86Common>::linkJump(void*, JSC::AbstractMacroAssembler<JSC::X86Assembler, JSC::MacroAssemblerX86Common>::Jump, JSC::CodeLocationLabel) + 60 (AbstractMacroAssembler.h:968) 4 JavaScriptCore 0x000000011130fe7b JSC::LinkBuffer::link(JSC::AbstractMacroAssembler<JSC::X86Assembler, JSC::MacroAssemblerX86Common>::Jump, JSC::CodeLocationLabel) + 91 (LinkBuffer.h:145) 5 JavaScriptCore 0x000000011168387d JSC::LinkBuffer::link(JSC::AbstractMacroAssembler<JSC::X86Assembler, JSC::MacroAssemblerX86Common>::JumpList const&, JSC::CodeLocationLabel) + 125 (LinkBuffer.h:149) 6 JavaScriptCore 0x0000000111a97239 JSC::SpecializedThunkJIT::finalize(JSC::MacroAssemblerCodePtr, char const*) + 153 (SpecializedThunkJIT.h:174) 7 JavaScriptCore 0x0000000111a97450 JSC::charAtThunkGenerator(JSC::VM*) + 208 (ThunkGenerators.cpp:586) 8 JavaScriptCore 0x00000001116a6697 JSC::JITThunks::hostFunctionStub(JSC::VM*, long long (*)(JSC::ExecState*), JSC::MacroAssemblerCodeRef (*)(JSC::VM*), JSC::Intrinsic, WTF::String const&) + 983 (JITThunks.cpp:112) 9 JavaScriptCore 0x0000000111ac8562 JSC::VM::getHostFunction(long long (*)(JSC::ExecState*), JSC::Intrinsic, WTF::String const&) + 210 (VM.cpp:510) 10 JavaScriptCore 0x00000001116f7a4e JSC::JSFunction::lookUpOrCreateNativeExecutable(JSC::VM&, long long (*)(JSC::ExecState*), JSC::Intrinsic, long long (*)(JSC::ExecState*), WTF::String const&) + 142 (JSFunction.cpp:92) 11 JavaScriptCore 0x00000001116f7abf JSC::JSFunction::create(JSC::VM&, JSC::JSGlobalObject*, int, WTF::String const&, long long (*)(JSC::ExecState*), JSC::Intrinsic, long long (*)(JSC::ExecState*)) + 63 (JSFunction.cpp:100) 12 JavaScriptCore 0x0000000111784087 JSC::JSObject::putDirectNativeFunctionWithoutTransition(JSC::VM&, JSC::JSGlobalObject*, JSC::PropertyName const&, unsigned int, long long (*)(JSC::ExecState*), JSC::Intrinsic, unsigned int) + 247 (JSObject.cpp:2622) 13 JavaScriptCore 0x0000000111a57256 JSC::StringPrototype::finishCreation(JSC::VM&, JSC::JSGlobalObject*, JSC::JSString*) + 662 (StringPrototype.cpp:132) 14 JavaScriptCore 0x0000000111a5c833 JSC::StringPrototype::create(JSC::VM&, JSC::JSGlobalObject*, JSC::Structure*) + 115 (StringPrototype.cpp:187) 15 JavaScriptCore 0x000000011170280f JSC::JSGlobalObject::init(JSC::VM&) + 16735 (JSGlobalObject.cpp:400) 16 com.apple.WebCore 0x00000001148cce5c JSC::JSGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*) + 124 (JSGlobalObject.h:394) 17 com.apple.WebCore 0x00000001148ccd7a WebCore::JSDOMGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*) + 58 (JSDOMGlobalObject.cpp:114) 18 com.apple.WebCore 0x000000011496ab68 WebCore::JSDOMWindowBase::finishCreation(JSC::VM&, WebCore::JSDOMWindowShell*) + 72 (JSDOMWindowBase.cpp:80) 19 com.apple.WebCore 0x0000000114901ed6 WebCore::JSDOMWindow::finishCreation(JSC::VM&, WebCore::JSDOMWindowShell*) + 70 (JSDOMWindow.cpp:5816) 20 com.apple.WebCore 0x0000000114988a09 WebCore::JSDOMWindow::create(JSC::VM&, JSC::Structure*, WTF::Ref<WebCore::DOMWindow>&&, WebCore::JSDOMWindowShell*) + 137 (JSDOMWindow.h:38) 21 com.apple.WebCore 0x0000000114988545 WebCore::JSDOMWindowShell::setWindow(WTF::PassRefPtr<WebCore::DOMWindow>) + 341 (JSDOMWindowShell.cpp:86) 22 com.apple.WebCore 0x00000001149883af WebCore::JSDOMWindowShell::finishCreation(JSC::VM&, WTF::PassRefPtr<WebCore::DOMWindow>) + 143 (JSDOMWindowShell.cpp:56) 23 com.apple.WebCore 0x00000001156262dc WebCore::JSDOMWindowShell::create(JSC::VM&, WTF::PassRefPtr<WebCore::DOMWindow>, JSC::Structure*, WebCore::DOMWrapperWorld&) + 140 (JSDOMWindowShell.h:56) 24 com.apple.WebCore 0x0000000115626135 WebCore::ScriptController::createWindowShell(WebCore::DOMWrapperWorld&) + 229 (ScriptController.cpp:133) 25 com.apple.WebCore 0x0000000115626e3d WebCore::ScriptController::initScript(WebCore::DOMWrapperWorld&) + 125 (ScriptController.cpp:252) 26 com.apple.WebKit 0x00000001094318d1 WebCore::ScriptController::windowShell(WebCore::DOMWrapperWorld&) + 145 (ScriptController.h:90) 27 com.apple.WebKit 0x00000001094310cd WebCore::ScriptController::globalObject(WebCore::DOMWrapperWorld&) + 29 (ScriptController.h:99) 28 com.apple.WebKit 0x0000000109605626 WebKit::WebFrame::jsContextForWorld(WebKit::InjectedBundleScriptWorld*) + 54 (WebFrame.cpp:482) 29 com.apple.WebKit 0x0000000109abdd18 -[WKWebProcessPlugInFrame jsContextForWorld:] + 88 (WKWebProcessPlugInFrame.mm:66) 30 com.apple.mobilesafari.Safari 0x0000000120d7901b 0x120d74000 + 20507 31 com.apple.WebKit 0x0000000109aba9d9 globalObjectIsAvailableForFrame(OpaqueWKBundlePage const*, OpaqueWKBundleFrame const*, OpaqueWKBundleScriptWorld const*, void const*) + 265 (WKWebProcessPlugInBrowserContextController.mm:114) 32 com.apple.WebKit 0x000000010921d36c WebKit::InjectedBundlePageLoaderClient::globalObjectIsAvailableForFrame(WebKit::WebPage*, WebKit::WebFrame*, WebCore::DOMWrapperWorld&) + 172 (InjectedBundlePageLoaderClient.cpp:303) 33 com.apple.WebKit 0x0000000109613586 WebKit::WebFrameLoaderClient::dispatchGlobalObjectAvailable(WebCore::DOMWrapperWorld&) + 86 (WebFrameLoaderClient.cpp:1599) 34 com.apple.WebCore 0x00000001142aa991 WebCore::FrameLoader::dispatchGlobalObjectAvailableInAllWorlds() + 145 (FrameLoader.cpp:3451) 35 com.apple.WebCore 0x00000001142aa457 WebCore::FrameLoader::receivedFirstData() + 55 (FrameLoader.cpp:642) 36 com.apple.WebCore 0x0000000113f61181 WebCore::DocumentLoader::commitData(char const*, unsigned long) + 337 (DocumentLoader.cpp:879) 37 com.apple.WebKit 0x000000010960ff3f WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 79 (WebFrameLoaderClient.cpp:950) 38 com.apple.WebCore 0x0000000113f6415d WebCore::DocumentLoader::commitLoad(char const*, int) + 205 (DocumentLoader.cpp:832) 39 com.apple.WebCore 0x0000000113f649f9 WebCore::DocumentLoader::dataReceived(WebCore::CachedResource*, char const*, int) + 585 (DocumentLoader.cpp:943) 40 com.apple.WebCore 0x0000000113ad07e8 WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) + 152 (CachedRawResource.cpp:118) 41 com.apple.WebCore 0x0000000113ad0672 WebCore::CachedRawResource::addDataBuffer(WebCore::SharedBuffer&) + 194 (CachedRawResource.cpp:70) 42 com.apple.WebCore 0x000000011589d0f5 WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::PassRefPtr<WebCore::SharedBuffer>, long long, WebCore::DataPayloadType) + 485 (SubresourceLoader.cpp:322) 43 com.apple.WebCore 0x000000011589d212 WebCore::SubresourceLoader::didReceiveBuffer(WTF::PassRefPtr<WebCore::SharedBuffer>, long long, WebCore::DataPayloadType) + 66 (SubresourceLoader.cpp:303) 44 com.apple.WebKit 0x00000001098d05ad WebKit::WebResourceLoader::didReceiveResource(WebKit::ShareableResource::Handle const&, double) + 765 (WebResourceLoader.cpp:206) 45 com.apple.WebKit 0x00000001098d582d void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&, double), std::__1::tuple<WebKit::ShareableResource::Handle, double>, 0ul, 1ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&, double), std::__1::tuple<WebKit::ShareableResource::Handle, double>&&, std::index_sequence<0ul, 1ul>) + 189 (HandleMessage.h:17) 46 com.apple.WebKit 0x00000001098d5608 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&, double), std::__1::tuple<WebKit::ShareableResource::Handle, double>, std::make_index_sequence<2ul> >(std::__1::tuple<WebKit::ShareableResource::Handle, double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&, double)) + 88 (HandleMessage.h:23) 47 com.apple.WebKit 0x00000001098d4823 void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveResource, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&, double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&, double)) + 291 (HandleMessage.h:93) 48 com.apple.WebKit 0x00000001098d3d1e WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) + 1038 (WebResourceLoaderMessageReceiver.cpp:81) 49 com.apple.WebKit 0x000000010936b28d WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 157 (NetworkProcessConnection.cpp:60) 50 com.apple.WebKit 0x000000010913fa93 IPC::Connection::dispatchMessage(IPC::MessageDecoder&) + 51 (Connection.cpp:896) 51 com.apple.WebKit 0x0000000109135422 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 770 (Connection.cpp:928) 52 com.apple.WebKit 0x0000000109140080 IPC::Connection::dispatchOneMessage() + 1504 (Connection.cpp:957) 53 com.apple.WebKit 0x00000001091623bd IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const + 29 (Connection.cpp:890) 54 com.apple.WebKit 0x000000010916238d void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&>(IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&&&) + 45 (__functional_base:469) 55 com.apple.WebKit 0x00000001091621f9 std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10>, void ()>::operator()() + 41 (functional:1437) 56 JavaScriptCore 0x000000011156b5ea std::__1::function<void ()>::operator()() const + 26 (functional:1817) 57 JavaScriptCore 0x0000000111b79e67 WTF::RunLoop::performWork() + 631 (RunLoop.cpp:123) 58 JavaScriptCore 0x0000000111b7a4d4 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38) 59 com.apple.CoreFoundation 0x000000010c0017e1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 60 com.apple.CoreFoundation 0x000000010bfe6637 __CFRunLoopDoSources0 + 423 61 com.apple.CoreFoundation 0x000000010bfe5ba6 __CFRunLoopRun + 918 62 com.apple.CoreFoundation 0x000000010bfe55ad CFRunLoopRunSpecific + 285 63 com.apple.Foundation 0x0000000108b4b600 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 274 64 com.apple.Foundation 0x0000000108b4b4db -[NSRunLoop(NSRunLoop) run] + 76 65 libxpc.dylib 0x000000010d801759 _xpc_objc_main + 400 66 libxpc.dylib 0x000000010d803a84 xpc_main + 189 67 com.apple.WebKit.WebContent.Development 0x0000000108ab1dcc main + 892 (XPCServiceMain.mm:114) 68 libdyld.dylib 0x000000010d508679 st
Attachments
Patch
(1.51 KB, patch)
2016-04-21 03:50 PDT
,
Andy Estes
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2016-04-21 03:07:19 PDT
<
rdar://problem/25850543
>
Andy Estes
Comment 2
2016-04-21 03:50:42 PDT
Created
attachment 276906
[details]
Patch
Daniel Bates
Comment 3
2016-04-21 08:56:49 PDT
Comment on
attachment 276906
[details]
Patch r=me
Oliver Hunt
Comment 4
2016-04-21 09:23:28 PDT
Ugh, sorry!
WebKit Commit Bot
Comment 5
2016-04-21 09:44:31 PDT
Comment on
attachment 276906
[details]
Patch Clearing flags on attachment: 276906 Committed
r199820
: <
http://trac.webkit.org/changeset/199820
>
WebKit Commit Bot
Comment 6
2016-04-21 09:44:35 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug