[Webkit-unassigned] [Bug 150220] New: REGRESSION (r190289): Repro crash clicking back button on netflix.com
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 15 20:42:25 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=150220
Bug ID: 150220
Summary: REGRESSION (r190289): Repro crash clicking back button
on netflix.com
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: All
OS: All
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: msaboff at apple.com
1. login to netflix.com
2. start playing a video
3. click back button
--- CRASH ---
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: EXC_I386_GPFLT
Exception Note: EXC_CORPSE_NOTIFY
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.JavaScriptCore 0x00000001070c281e JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 158
1 com.apple.JavaScriptCore 0x0000000106c38cdf JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 447
2 com.apple.JavaScriptCore 0x0000000106c38b0e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 62
3 com.apple.JavaScriptCore 0x0000000106d5503a JSC::boundFunctionCall(JSC::ExecState*) + 586
4 ??? 0x00005fb9baa01028 0 + 105251304640552
5 ??? 0x00005fb9bab0d066 0 + 105251305738342
6 ??? 0x00005fb9bad5aef7 0 + 105251308154615
7 ??? 0x00005fb9bad6aa00 0 + 105251308218880
8 ??? 0x00005fb9bab4b425 0 + 105251305993253
9 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
10 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
11 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
12 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
13 ??? 0x00005fb9baa9b626 0 + 105251305272870
14 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
15 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
16 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
17 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
18 ??? 0x00005fb9baa9b646 0 + 105251305272902
19 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
20 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
21 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
22 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
23 ??? 0x00005fb9baa9b646 0 + 105251305272902
24 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
25 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
26 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
27 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
28 ??? 0x00005fb9baa9b646 0 + 105251305272902
29 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
30 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
31 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
32 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
33 ??? 0x00005fb9baa9b646 0 + 105251305272902
34 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
35 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
36 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
37 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
38 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
39 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
40 ??? 0x00005fb9baa9b626 0 + 105251305272870
41 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
42 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
43 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
44 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
45 ??? 0x00005fb9baa9b646 0 + 105251305272902
46 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
47 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
48 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
49 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
50 ??? 0x00005fb9baa9b646 0 + 105251305272902
51 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
52 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
53 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
54 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
55 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
56 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
57 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
58 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
59 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
60 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
61 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
62 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
63 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
64 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
65 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
66 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
67 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
68 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
69 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
70 com.apple.JavaScriptCore 0x000000010719ab94 vmEntryToJavaScript + 299
71 com.apple.JavaScriptCore 0x00000001070c281e JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 158
72 com.apple.JavaScriptCore 0x0000000106c38cdf JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 447
73 com.apple.JavaScriptCore 0x0000000106c38b0e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 62
74 com.apple.JavaScriptCore 0x0000000106d5503a JSC::boundFunctionCall(JSC::ExecState*) + 586
75 ??? 0x00005fb9baa01028 0 + 105251304640552
76 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
77 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
78 com.apple.JavaScriptCore 0x00000001071a0767 llint_entry + 23024
79 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
80 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
81 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
82 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
83 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
84 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
85 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
86 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
87 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
88 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
89 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
90 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
91 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
92 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
93 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
94 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
95 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
96 com.apple.JavaScriptCore 0x000000010719ab94 vmEntryToJavaScript + 299
97 com.apple.JavaScriptCore 0x00000001070c281e JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 158
98 com.apple.JavaScriptCore 0x0000000106c38cdf JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 447
99 com.apple.JavaScriptCore 0x0000000106c38b0e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 62
100 com.apple.JavaScriptCore 0x0000000106d5503a JSC::boundFunctionCall(JSC::ExecState*) + 586
101 ??? 0x00005fb9baa01028 0 + 105251304640552
102 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
103 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
104 ??? 0x00005fb9bae03119 0 + 105251308843289
105 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
106 com.apple.JavaScriptCore 0x00000001071a07d9 llint_entry + 23138
107 com.apple.JavaScriptCore 0x000000010719ab94 vmEntryToJavaScript + 299
108 com.apple.JavaScriptCore 0x00000001070c281e JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 158
109 com.apple.JavaScriptCore 0x0000000106c38cdf JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 447
110 com.apple.JavaScriptCore 0x0000000106de71b7 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 71
111 com.apple.WebCore 0x0000000107627934 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 996
112 com.apple.WebCore 0x0000000107a73a5b WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow, 16ul>&) + 635
113 com.apple.WebCore 0x0000000107538e20 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 224
114 com.apple.WebCore 0x000000010758f164 WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 260
115 com.apple.WebCore 0x00000001075a0f26 WebCore::Document::enqueuePopstateEvent(WTF::PassRefPtr<WebCore::SerializedScriptValue>) + 134
116 com.apple.WebCore 0x0000000107702fd0 WebCore::Document::statePopped(WTF::PassRefPtr<WebCore::SerializedScriptValue>) + 48
117 com.apple.WebCore 0x0000000107ae78eb WebCore::FrameLoader::loadInSameDocument(WebCore::URL const&, WTF::PassRefPtr<WebCore::SerializedScriptValue>, bool) + 619
118 com.apple.WebCore 0x0000000107aed05a WebCore::FrameLoader::loadSameDocumentItem(WebCore::HistoryItem&) + 122
119 com.apple.WebCore 0x0000000107b409b6 WebCore::HistoryController::goToItem(WebCore::HistoryItem&, WebCore::FrameLoadType) + 198
120 com.apple.WebCore 0x00000001080ecd71 WebCore::Page::goToItem(WebCore::HistoryItem&, WebCore::FrameLoadType) + 81
121 com.apple.WebCore 0x00000001080ce5f1 WebCore::ScheduledHistoryNavigation::fire(WebCore::Frame&) + 65
122 com.apple.WebCore 0x00000001080cbdc6 WebCore::NavigationScheduler::timerFired() + 102
123 com.apple.WebCore 0x000000010751a2af WebCore::ThreadTimers::sharedTimerFiredInternal() + 175
124 com.apple.WebCore 0x000000010751a1c8 WebCore::timerFired(__CFRunLoopTimer*, void*) + 24
125 com.apple.CoreFoundation 0x00007fff93849514 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
126 com.apple.CoreFoundation 0x00007fff938491a3 __CFRunLoopDoTimer + 1075
127 com.apple.CoreFoundation 0x00007fff93848cfa __CFRunLoopDoTimers + 298
128 com.apple.CoreFoundation 0x00007fff93840281 __CFRunLoopRun + 1841
129 com.apple.CoreFoundation 0x00007fff9383f8e8 CFRunLoopRunSpecific + 296
130 com.apple.HIToolbox 0x00007fff9589cff1 RunCurrentEventLoopInMode + 235
131 com.apple.HIToolbox 0x00007fff9589ce2b ReceiveNextEventCommon + 432
132 com.apple.HIToolbox 0x00007fff9589cc6b _BlockUntilNextEventMatchingListInModeWithFilter + 71
133 com.apple.AppKit 0x00007fff9227f870 _DPSNextEvent + 1067
134 com.apple.AppKit 0x00007fff9227ec9d -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454
135 com.apple.AppKit 0x00007fff9227375a -[NSApplication run] + 682
136 com.apple.AppKit 0x00007fff9223cbae NSApplicationMain + 1176
137 libxpc.dylib 0x00007fff911693a6 _xpc_objc_main + 793
138 libxpc.dylib 0x00007fff91167dd3 xpc_main + 494
139 com.apple.WebKit.WebContent.Development 0x000000010200241c 0x102001000 + 5148
140 libdyld.dylib 0x00007fff9be894ed start + 1
This bug also seems to be responsible for other web sites failing, including navigating around Facebook.
rdar://problem/22951399
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151016/9d084cc8/attachment-0001.html>
More information about the webkit-unassigned
mailing list