[Webkit-unassigned] [Bug 175721] New: REGRESSION (r220601): Crash when closing google doc after switching the order of tabs in safari
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Aug 18 09:20:15 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=175721
Bug ID: 175721
Summary: REGRESSION (r220601): Crash when closing google doc
after switching the order of tabs in safari
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit2
Assignee: webkit-unassigned at lists.webkit.org
Reporter: sam at webkit.org
https://trac.webkit.org/changeset/220601 caused the following crash on iOS.
Thread 0 Crashed:
0 WebKit 0x00000001005ece90 WTF::Function<void ()>::CallableWrapper<WebKit::WebProcess::markAllLayersVolatile(WTF::Function<void ()>&&)::$_7>::call() + 28
1 WebKit 0x00000001005576f0 WebKit::WebPage::callVolatilityCompletionHandlers() + 72
2 WebKit 0x00000001005578f8 WebKit::WebPage::markLayersVolatile(WTF::Function<void ()>&&) + 488
3 WebKit 0x00000001005e8f78 WebKit::WebProcess::markAllLayersVolatile(WTF::Function<void ()>&&) + 292
4 WebKit 0x00000001005e8d78 WebKit::WebProcess::actualPrepareToSuspend(WebKit::WebProcess::ShouldAcknowledgeWhenReadyToSuspend) + 112
5 WebKit 0x00000001005e91a4 WebKit::WebProcess::prepareToSuspend() + 160
6 WebKit 0x00000001003da8b0 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 164
7 WebKit 0x00000001003dd2a4 IPC::Connection::dispatchOneMessage() + 232
8 JavaScriptCore 0x0000000101e16bb0 WTF::RunLoop::performWork() + 196
9 JavaScriptCore 0x0000000101e16dcc WTF::RunLoop::performWork(void*) + 36
10 CoreFoundation 0x00000001858a4358 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/CF/CF-1443/RunLoop.subproj/CFRunLoop.c:1982)
11 CoreFoundation 0x00000001858a42d8 __CFRunLoopDoSource0 + 88 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/CF/CF-1443/RunLoop.subproj/CFRunLoop.c:2017)
12 CoreFoundation 0x00000001858a3b60 __CFRunLoopDoSources0 + 204 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/CF/CF-1443/RunLoop.subproj/CFRunLoop.c:2053)
13 CoreFoundation 0x00000001858a1738 __CFRunLoopRun + 1048 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/CF/CF-1443/RunLoop.subproj/CFRunLoop.c:2920)
14 CoreFoundation 0x00000001857c22d8 CFRunLoopRunSpecific + 436 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/CF/CF-1443/RunLoop.subproj/CFRunLoop.c:3245)
15 Foundation 0x00000001861ea6e4 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 304 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/Foundation/Foundation-1444.12/Soil.subproj/NSRunLoop.m:367)
16 Foundation 0x000000018623c62c -[NSRunLoop(NSRunLoop) run] + 88 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/Foundation/Foundation-1444.12/Soil.subproj/NSRunLoop.m:389)
17 libxpc.dylib 0x00000001855702b0 _xpc_objc_main + 516 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/libxpc/libxpc-1205.20.17/src/main.m:167)
18 libxpc.dylib 0x000000018557233c xpc_main + 180 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/libxpc/libxpc-1205.20.17/src/init.c:1470)
19 com.apple.WebKit.WebContent 0x0000000100187594 0x100184000 + 13716
20 libdyld.dylib 0x00000001852e656c start + 4
It is being tracked in radar with <rdar://problem/33928369>.
The likely culprit is WebProcess::markAllLayersVolatile() which is moving a WTF::Function multiple times (for each page, see lines 1392-1393) leading nulled out functions being called. It looks like this was previously broken, but silent due to to the old nature of WTF::Function silently ignoring calls to null functions.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170818/8119f947/attachment-0001.html>
More information about the webkit-unassigned
mailing list