[Webkit-unassigned] [Bug 163554] New: JavascriptCore/bmalloc causing 0xdeadlocc with Springboard on iOS 10

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Oct 17 11:22:47 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=163554

            Bug ID: 163554
           Summary: JavascriptCore/bmalloc causing 0xdeadlocc with
                    Springboard on iOS 10
    Classification: Unclassified
           Product: WebKit
           Version: Safari 10
          Hardware: iPhone / iPad
                OS: iOS 10
            Status: NEW
          Severity: Critical
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sleroux at mozilla.com

We've seen a large increase in our crash on Firefox for iOS from 0xdeadlocc crashes that are bringing down Springboard on iOS 10. Specifically we're seeing:

Exception Type:  EXC_CRASH (SIGKILL)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note:  EXC_CORPSE_NOTIFY
Termination Reason: Namespace SPRINGBOARD, Code 0xdead10cc
Triggered by Thread:  0

....

Thread 3:
0   libsystem_kernel.dylib            0x0000000185616314 __semwait_signal + 8
1   libsystem_c.dylib                 0x000000018553427c nanosleep + 212 (nanosleep.c:104)
2   libc++.1.dylib                    0x0000000185045994 std::__1::this_thread::sleep_for(std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000000000l> > const&) + 80 (thread.cpp:128)
3   JavaScriptCore                    0x000000018adc3384 void std::__1::this_thread::sleep_for<long long, std::__1::ratio<1l, 1000l> >(std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000l> > const&) + 76 (thread:441)
4   JavaScriptCore                    0x000000018adc2484 bmalloc::waitUntilFalse(std::__1::unique_lock<bmalloc::StaticMutex>&, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000l> >, bool&) + 128 (StaticMutex.h:64)
5   JavaScriptCore                    0x000000018adc22c0 bmalloc::Heap::scavenge(std::__1::unique_lock<bmalloc::StaticMutex>&, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000l> >) + 60 (Heap.cpp:112)
6   JavaScriptCore                    0x000000018adc2160 bmalloc::Heap::concurrentScavenge() + 80 (Heap.cpp:107)
7   JavaScriptCore                    0x000000018adc3470 bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>::threadRunLoop() + 92 (AsyncTask.h:121)
8   JavaScriptCore                    0x000000018adc339c bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>::threadEntryPoint(bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>*) + 12 (AsyncTask.h:106)
9   JavaScriptCore                    0x000000018adc364c void* std::__1::__thread_proxy<std::__1::tuple<void (*)(bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>*), bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>*> >(void*) + 92 (__functional_base:416)
10  libsystem_pthread.dylib           0x00000001856db860 _pthread_body + 240 (pthread.c:697)
11  libsystem_pthread.dylib           0x00000001856db770 _pthread_start + 284 (pthread.c:744)
12  libsystem_pthread.dylib           0x00000001856d8dbc thread_start + 4
....

Looking at this crash, my best guess is that Springboard and JavascriptCore are blocked on each other and being terminated because of the deadlock. 

I wasn't sure if this was a bmalloc issue or JavascriptCore one so feel free to move it around if it's in the wrong category.

Firefox for iOS bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1307822

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161017/f773a3e5/attachment.html>

More information about the webkit-unassigned mailing list