RESOLVED INVALID163554
JavascriptCore/bmalloc causing 0xdeadlocc with Springboard on iOS 10 
https://bugs.webkit.org/show_bug.cgi?id=163554
Summary JavascriptCore/bmalloc causing 0xdeadlocc with Springboard on iOS 10
Stephan Leroux
Reported 2016-10-17 11:22:47 PDT
We've seen a large increase in our crash on Firefox for iOS from 0xdeadlocc crashes that are bringing down Springboard on iOS 10. Specifically we're seeing: Exception Type: EXC_CRASH (SIGKILL) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: Namespace SPRINGBOARD, Code 0xdead10cc Triggered by Thread: 0 .... Thread 3: 0 libsystem_kernel.dylib 0x0000000185616314 __semwait_signal + 8 1 libsystem_c.dylib 0x000000018553427c nanosleep + 212 (nanosleep.c:104) 2 libc++.1.dylib 0x0000000185045994 std::__1::this_thread::sleep_for(std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000000000l> > const&) + 80 (thread.cpp:128) 3 JavaScriptCore 0x000000018adc3384 void std::__1::this_thread::sleep_for<long long, std::__1::ratio<1l, 1000l> >(std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000l> > const&) + 76 (thread:441) 4 JavaScriptCore 0x000000018adc2484 bmalloc::waitUntilFalse(std::__1::unique_lock<bmalloc::StaticMutex>&, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000l> >, bool&) + 128 (StaticMutex.h:64) 5 JavaScriptCore 0x000000018adc22c0 bmalloc::Heap::scavenge(std::__1::unique_lock<bmalloc::StaticMutex>&, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000l> >) + 60 (Heap.cpp:112) 6 JavaScriptCore 0x000000018adc2160 bmalloc::Heap::concurrentScavenge() + 80 (Heap.cpp:107) 7 JavaScriptCore 0x000000018adc3470 bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>::threadRunLoop() + 92 (AsyncTask.h:121) 8 JavaScriptCore 0x000000018adc339c bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>::threadEntryPoint(bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>*) + 12 (AsyncTask.h:106) 9 JavaScriptCore 0x000000018adc364c void* std::__1::__thread_proxy<std::__1::tuple<void (*)(bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>*), bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>*> >(void*) + 92 (__functional_base:416) 10 libsystem_pthread.dylib 0x00000001856db860 _pthread_body + 240 (pthread.c:697) 11 libsystem_pthread.dylib 0x00000001856db770 _pthread_start + 284 (pthread.c:744) 12 libsystem_pthread.dylib 0x00000001856d8dbc thread_start + 4 .... Looking at this crash, my best guess is that Springboard and JavascriptCore are blocked on each other and being terminated because of the deadlock. I wasn't sure if this was a bmalloc issue or JavascriptCore one so feel free to move it around if it's in the wrong category. Firefox for iOS bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1307822
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2016-10-17 15:38:24 PDT
Stephan, could you please attach a complete crash log? The partial stack trace looks normal to me.
Alexey Proskuryakov
Comment 2 2016-10-17 15:40:41 PDT
Better yet, please file a bug at https://bugreport.apple.com with a sysdiagnose attached (see <https://developer.apple.com/bug-reporting/profiles-and-logs/>).
Alexey Proskuryakov
Comment 3 2016-10-17 15:44:58 PDT
This is unlikely to be a WebKit bug. Check system console for "was task-suspended with locked system files" error messages to see why Firefox is getting killed.
Stephan Leroux
Comment 4 2016-10-28 07:53:06 PDT
Thanks for the tip Alexey! This was indeed not the issue. Looks like iOS 10 is more strict now about accessing files on disk after backgrounding outside a background task handler which was causing us problems. Feel free to mark this as INVALID.
Note You need to log in before you can comment on or make changes to this bug.