[Webkit-unassigned] [Bug 175721] New: REGRESSION (r220601): Crash when closing google doc after switching the order of tabs in safari

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Aug 18 09:20:15 PDT 2017


https://bugs.webkit.org/show_bug.cgi?id=175721

            Bug ID: 175721
           Summary: REGRESSION (r220601): Crash when closing google doc
                    after switching the order of tabs in safari
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sam at webkit.org

https://trac.webkit.org/changeset/220601 caused the following crash on iOS.

Thread 0 Crashed:
0   WebKit                              0x00000001005ece90 WTF::Function<void ()>::CallableWrapper<WebKit::WebProcess::markAllLayersVolatile(WTF::Function<void ()>&&)::$_7>::call() + 28
1   WebKit                              0x00000001005576f0 WebKit::WebPage::callVolatilityCompletionHandlers() + 72
2   WebKit                              0x00000001005578f8 WebKit::WebPage::markLayersVolatile(WTF::Function<void ()>&&) + 488
3   WebKit                              0x00000001005e8f78 WebKit::WebProcess::markAllLayersVolatile(WTF::Function<void ()>&&) + 292
4   WebKit                              0x00000001005e8d78 WebKit::WebProcess::actualPrepareToSuspend(WebKit::WebProcess::ShouldAcknowledgeWhenReadyToSuspend) + 112
5   WebKit                              0x00000001005e91a4 WebKit::WebProcess::prepareToSuspend() + 160
6   WebKit                              0x00000001003da8b0 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 164
7   WebKit                              0x00000001003dd2a4 IPC::Connection::dispatchOneMessage() + 232
8   JavaScriptCore                      0x0000000101e16bb0 WTF::RunLoop::performWork() + 196
9   JavaScriptCore                      0x0000000101e16dcc WTF::RunLoop::performWork(void*) + 36
10  CoreFoundation                      0x00000001858a4358 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/CF/CF-1443/RunLoop.subproj/CFRunLoop.c:1982)
11  CoreFoundation                      0x00000001858a42d8 __CFRunLoopDoSource0 + 88 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/CF/CF-1443/RunLoop.subproj/CFRunLoop.c:2017)
12  CoreFoundation                      0x00000001858a3b60 __CFRunLoopDoSources0 + 204 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/CF/CF-1443/RunLoop.subproj/CFRunLoop.c:2053)
13  CoreFoundation                      0x00000001858a1738 __CFRunLoopRun + 1048 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/CF/CF-1443/RunLoop.subproj/CFRunLoop.c:2920)
14  CoreFoundation                      0x00000001857c22d8 CFRunLoopRunSpecific + 436 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/CF/CF-1443/RunLoop.subproj/CFRunLoop.c:3245)
15  Foundation                          0x00000001861ea6e4 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 304 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/Foundation/Foundation-1444.12/Soil.subproj/NSRunLoop.m:367)
16  Foundation                          0x000000018623c62c -[NSRunLoop(NSRunLoop) run] + 88 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/Foundation/Foundation-1444.12/Soil.subproj/NSRunLoop.m:389)
17  libxpc.dylib                        0x00000001855702b0 _xpc_objc_main + 516 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/libxpc/libxpc-1205.20.17/src/main.m:167)
18  libxpc.dylib                        0x000000018557233c xpc_main + 180 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/libxpc/libxpc-1205.20.17/src/init.c:1470)
19  com.apple.WebKit.WebContent         0x0000000100187594 0x100184000 + 13716
20  libdyld.dylib                       0x00000001852e656c start + 4

It is being tracked in radar with <rdar://problem/33928369>.

The likely culprit is WebProcess::markAllLayersVolatile() which is moving a WTF::Function multiple times (for each page, see lines 1392-1393) leading nulled out functions being called. It looks like this was previously broken, but silent due to to the old nature of WTF::Function silently ignoring calls to null functions.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170818/8119f947/attachment-0001.html>


More information about the webkit-unassigned mailing list