[Webkit-unassigned] [Bug 149309] Null dereference loading Blink layout test http/tests/misc/detach-during-notifyDone.html

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 13 14:58:15 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=149309

--- Comment #5 from Jiewen Tan <jiewen_tan at apple.com> ---
Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000bd8
Exception Note:        EXC_CORPSE_NOTIFY

Application Specific Information:
This process is running with libgmalloc.dylib (GuardMalloc) which may have forced the crash due to a memory access error.

CRASHING TEST: /misc/detach-during-notifyDone.html

Global Trace Buffer (reverse chronological seconds):
18446743968.919937 CFNetwork                     0x00007fff929903eb Explicitly setting CF cookie storage singleton
18446743968.920921 CFNetwork                     0x00007fff929c6c85 Explicitly setting cookie storage singleton

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebKit                  0x000000011c79b28c WebKit::WebDocumentLoader::navigationID() const + 12 (WebDocumentLoader.h:40)
1   com.apple.WebKit                  0x000000011c79590d WebKit::WebFrameLoaderClient::dispatchDidFinishLoad() + 173 (WebFrameLoaderClient.cpp:553)
2   com.apple.WebCore                 0x00000001222a489d WebCore::FrameLoader::checkLoadCompleteForThisFrame() + 1853 (FrameLoader.cpp:2283)
3   com.apple.WebCore                 0x000000012229c8e0 WebCore::FrameLoader::checkLoadComplete() + 320 (FrameLoader.cpp:2461)
4   com.apple.WebCore                 0x0000000121f6c51f WebCore::DocumentLoader::finishedLoading(double) + 495 (DocumentLoader.cpp:446)
5   com.apple.WebCore                 0x0000000121f6c29e WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) + 270 (DocumentLoader.cpp:385)
6   com.apple.WebCore                 0x0000000121b20622 WebCore::CachedResource::checkNotify() + 130 (CachedResource.cpp:296)
7   com.apple.WebCore                 0x0000000121b20731 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) + 49 (CachedResource.cpp:314)
8   com.apple.WebCore                 0x0000000121b1c16a WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) + 218 (CachedRawResource.cpp:104)
9   com.apple.WebCore                 0x0000000123861295 WebCore::SubresourceLoader::didFinishLoading(double) + 517 (SubresourceLoader.cpp:374)
10  com.apple.WebKit                  0x000000011caad877 WebKit::WebResourceLoader::didFinishResourceLoad(double) + 151 (WebResourceLoader.cpp:156)
11  com.apple.WebKit                  0x000000011cab2d43 void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::index_sequence<0ul>) + 163 (HandleMessage.h:17)
12  com.apple.WebKit                  0x000000011cab2c98 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::make_index_sequence<1ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) + 88 (HandleMessage.h:23)
13  com.apple.WebKit                  0x000000011cab1dcd void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) + 221 (HandleMessage.h:93)
14  com.apple.WebKit                  0x000000011cab157c WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) + 636 (WebResourceLoaderMessageReceiver.cpp:68)
15  com.apple.WebKit                  0x000000011c3b8410 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 160 (NetworkProcessConnection.cpp:62)
16  com.apple.WebKit                  0x000000011c16f023 IPC::Connection::dispatchMessage(IPC::MessageDecoder&) + 51 (Connection.cpp:901)
17  com.apple.WebKit                  0x000000011c165f51 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 785 (Connection.cpp:933)
18  com.apple.WebKit                  0x000000011c16f61f IPC::Connection::dispatchOneMessage() + 1519 (Connection.cpp:962)
19  com.apple.WebKit                  0x000000011c18097d IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const + 29 (Connection.cpp:895)
20  com.apple.WebKit                  0x000000011c18094d void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&>(IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&&&) + 45 (__functional_base:441)
21  com.apple.WebKit                  0x000000011c18079c std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10>, void ()>::operator()() + 44 (functional:1407)
22  com.apple.JavaScriptCore          0x000000011f95368a std::__1::function<void ()>::operator()() const + 26 (functional:1793)
23  com.apple.JavaScriptCore          0x000000011fef6fed WTF::RunLoop::performWork() + 621 (RunLoop.cpp:122)
24  com.apple.JavaScriptCore          0x000000011fef75f4 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38)
25  com.apple.CoreFoundation          0x00007fff88dea621 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
26  com.apple.CoreFoundation          0x00007fff88dc9e1c __CFRunLoopDoSources0 + 556
27  com.apple.CoreFoundation          0x00007fff88dc933f __CFRunLoopRun + 927
28  com.apple.CoreFoundation          0x00007fff88dc8d38 CFRunLoopRunSpecific + 296
29  com.apple.HIToolbox               0x00007fff83b01d55 RunCurrentEventLoopInMode + 235
30  com.apple.HIToolbox               0x00007fff83b01b8f ReceiveNextEventCommon + 432
31  com.apple.HIToolbox               0x00007fff83b019cf _BlockUntilNextEventMatchingListInModeWithFilter + 71
32  com.apple.AppKit                  0x00007fff8a645f3a _DPSNextEvent + 1067
33  com.apple.AppKit                  0x00007fff8a645369 -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454
34  com.apple.AppKit                  0x00007fff8a639ecc -[NSApplication run] + 682
35  com.apple.AppKit                  0x00007fff8a603162 NSApplicationMain + 1176
36  libxpc.dylib                      0x00007fff970904f2 _xpc_objc_main + 793
37  libxpc.dylib                      0x00007fff9708ef1e xpc_main + 494
38  com.apple.WebKit.WebContent.Development    0x000000010fca2be1 main + 785 (XPCServiceMain.Development.mm:187)
39  libdyld.dylib                     0x00007fff84d425ad start + 1

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151013/e52fa11d/attachment-0001.html>

More information about the webkit-unassigned mailing list