RESOLVED FIXED 241538
JavascriptCore Crash on iOS16.0 
https://bugs.webkit.org/show_bug.cgi?id=241538
Summary JavascriptCore Crash on iOS16.0
894110476
Reported 2022-06-12 02:42:53 PDT
we found a crash on our crash report system. we didn't reproduce it. from our system, we found serveral features below: first, it may happened much times on one device; second, it may happened on low-memory device. finally, it may happened related to webview and react-native. Thread 0(crashed) 1 JavaScriptCore WTF::StringImpl::hashSlowCase() const (in JavaScriptCore) + 132 2 JavaScriptCore WTF::HashTable<WTF::Packed<WTF::StringImpl*>, WTF::Packed<WTF::StringImpl*>, WTF::IdentityExtractor, WTF::DefaultHash<WTF::Packed<WTF::StringImpl*> >, WTF::HashTraits<WTF::Packed<WTF::StringImpl*> >, WTF::HashTraits<WTF::Packed<WTF::StringImpl*> > >::rehash(unsigned int, WTF::Packed<WTF::StringImpl*>*) (in JavaScriptCore) + 308 3 JavaScriptCore WTF::AtomStringImpl::remove(WTF::AtomStringImpl*) (in JavaScriptCore) + 448 4 JavaScriptCore WTF::StringImpl::~StringImpl() (in JavaScriptCore) + 76 5 JavaScriptCore JSC::Structure::destroy(JSC::JSCell*) (in JavaScriptCore) + 104 6 JavaScriptCore JSC::HeapCellType::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) const (in JavaScriptCore) + 5540 7 JavaScriptCore JSC::MarkedBlock::Handle::sweep(JSC::FreeList*) (in JavaScriptCore) + 1164 8 JavaScriptCore JSC::MarkedSpace::lastChanceToFinalize() (in JavaScriptCore) + 136 9 JavaScriptCore JSC::Heap::lastChanceToFinalize() (in JavaScriptCore) + 372 10 JavaScriptCore JSC::VM::~VM() (in JavaScriptCore) + 656 11 JavaScriptCore JSC::JSLockHolder::~JSLockHolder() (in JavaScriptCore) + 316 12 JavaScriptCore -[JSVirtualMachine dealloc] (in JavaScriptCore) + 84 13 libobjc.A.dylib object_cxxDestructFromClass(objc_object*, objc_class*) (in libobjc.A.dylib) + 116 14 libobjc.A.dylib objc_destructInstance (in libobjc.A.dylib) + 80 15 libobjc.A.dylib _objc_rootDealloc (in libobjc.A.dylib) + 80 16 JavaScriptCore -[JSContext dealloc] (in JavaScriptCore) + 76 17 JavaScriptCore -[JSValue dealloc] (in JavaScriptCore) + 148 18 libobjc.A.dylib AutoreleasePoolPage::releaseUntil(objc_object**) (in libobjc.A.dylib) + 196 19 libobjc.A.dylib objc_autoreleasePoolPop (in libobjc.A.dylib) + 256 20 CoreFoundation _CFAutoreleasePoolPop (in CoreFoundation) + 32 21 CoreFoundation __CFRunLoopPerCalloutARPEnd (in CoreFoundation) + 48 22 CoreFoundation __CFRunLoopRun (in CoreFoundation) + 2076 23 CoreFoundation CFRunLoopRunSpecific (in CoreFoundation) + 612 24 GraphicsServices GSEventRunModal (in GraphicsServices) + 164 25 UIKitCore -[UIApplication _run] (in UIKitCore) + 888 26 UIKitCore UIApplicationMain (in UIKitCore) + 340 27 OurAppication main (in JD4iPhone) (main.m:15)
Attachments
crash report (21.36 KB, text/plain)
2022-06-14 04:30 PDT, 894110476 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2022-06-13 22:46:57 PDT
Can you attach the full crash log?
894110476
Comment 2 2022-06-14 04:30:25 PDT
Created attachment 460230 [details] crash report crash report
894110476
Comment 3 2022-06-14 04:31:49 PDT
(In reply to Mark Lam from comment #1) > Can you attach the full crash log? I have added an attachment which is produced by our custom crash system. hope it is hopeful.
Mark Lam
Comment 4 2022-06-14 08:46:53 PDT
(In reply to 894110476 from comment #3) > (In reply to Mark Lam from comment #1) > > Can you attach the full crash log? > > I have added an attachment which is produced by our custom crash system. > hope it is hopeful. Sorry but your custom crash log did not capture the relevant info. Is it possible to get a crash and file a radar with a sysdiagnose? That's the best way to make this more actionable.
Mark Lam
Comment 5 2022-06-14 09:30:57 PDT
Nevermind, I managed to find some internal crash logs for this crash. This appears to be a null pointer deref. Investigating.
Radar WebKit Bug Importer
Comment 6 2022-06-14 09:31:35 PDT
<rdar://problem/95120120>
894110476
Comment 7 2022-06-15 07:17:56 PDT
(In reply to Mark Lam from comment #5) > Nevermind, I managed to find some internal crash logs for this crash. This > appears to be a null pointer deref. Investigating. Good news, hope fixed next beta-version
MrShang110
Comment 8 2022-08-18 04:46:10 PDT
Did you find out what caused the crash ? We still have a lot of crashes in our applications.
894110476
Comment 9 2022-10-25 05:41:07 PDT
(In reply to Mark Lam from comment #5) > Nevermind, I managed to find some internal crash logs for this crash. This > appears to be a null pointer deref. Investigating. it is fixed on iOS 16.1.
Note You need to log in before you can comment on or make changes to this bug.