[Webkit-unassigned] [Bug 169855] New: Crash when breakpoint hit in unload handler
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Mar 18 16:00:05 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=169855
Bug ID: 169855
Summary: Crash when breakpoint hit in unload handler
Classification: Unclassified
Product: WebKit
Version: WebKit Local Build
Hardware: Macintosh
OS: macOS 10.12
Status: NEW
Severity: Normal
Priority: P2
Component: Web Inspector
Assignee: webkit-unassigned at lists.webkit.org
Reporter: dbates at webkit.org
CC: ap at webkit.org, beidson at apple.com,
inspector-bugzilla-changes at group.apple.com
Created attachment 304883
--> https://bugs.webkit.org/attachment.cgi?id=304883&action=review
Test case
Using Mac nightly r213868 with Safari Version 10.1 (12603.1.30.0.31), hitting a breakpoint in the unload handler of a child frame causes a WebProcess crash. To see this, perform the the following:
1. Download and extract the attached test case archive and open file unload-with-inspector-at-breakpoint-crash.html in Safari.
2. Following the instructions in the test case to reproduce the crash.
The following is the backtrace I see:
[[
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000002, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Signal: Trace/BPT trap: 5
Termination Reason: Namespace SIGNAL, Code 0x5
Terminating Process: exc handler [0]
[...]
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x0000000107cb0272 WebCore::DocumentWriter::addData(char const*, unsigned long) + 50
1 com.apple.WebCore 0x0000000107c98bf5 WebCore::DocumentLoader::commitData(char const*, unsigned long) + 1317
2 com.apple.WebKit 0x00000001050ad336 WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 50
3 com.apple.WebCore 0x0000000107c9ad81 WebCore::DocumentLoader::commitLoad(char const*, int) + 145
4 com.apple.WebCore 0x0000000107a8107c WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) + 172
5 com.apple.WebCore 0x0000000107a80f41 WebCore::CachedRawResource::addDataBuffer(WebCore::SharedBuffer&) + 145
6 com.apple.WebCore 0x00000001089f0132 WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer>&&, long long, WebCore::DataPayloadType) + 210
7 com.apple.WebCore 0x00000001089f0052 WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) + 34
8 com.apple.WebKit 0x000000010519632f WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long long) + 249
9 com.apple.WebKit 0x0000000105196dd5 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) + 289
10 com.apple.WebKit 0x0000000104f3779b IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 119
11 com.apple.WebKit 0x0000000104f3a425 IPC::Connection::dispatchOneMessage() + 175
12 com.apple.JavaScriptCore 0x000000010668a3a9 WTF::RunLoop::performWork() + 169
13 com.apple.JavaScriptCore 0x000000010668b4c2 WTF::RunLoop::performWork(void*) + 34
14 com.apple.CoreFoundation 0x00007fff982843b1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
15 com.apple.CoreFoundation 0x00007fff9826563c __CFRunLoopDoSources0 + 556
16 com.apple.CoreFoundation 0x00007fff98264b26 __CFRunLoopRun + 934
17 com.apple.CoreFoundation 0x00007fff98264524 CFRunLoopRunSpecific + 420
18 com.apple.HIToolbox 0x00007fff977c4ebc RunCurrentEventLoopInMode + 240
19 com.apple.HIToolbox 0x00007fff977c4cf1 ReceiveNextEventCommon + 432
20 com.apple.HIToolbox 0x00007fff977c4b26 _BlockUntilNextEventMatchingListInModeWithFilter + 71
21 com.apple.AppKit 0x00007fff95d5fe24 _DPSNextEvent + 1120
22 com.apple.AppKit 0x00007fff964db85e -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 2796
23 com.apple.AppKit 0x00007fff95d547ab -[NSApplication run] + 926
24 com.apple.AppKit 0x00007fff95d1f1de NSApplicationMain + 1237
25 libxpc.dylib 0x00007fffae1ed8c7 _xpc_objc_main + 775
26 libxpc.dylib 0x00007fffae1ec2e4 xpc_main + 494
27 com.apple.WebKit.WebContent 0x0000000104ef96bb main + 468
28 libdyld.dylib 0x00007fffadf94235 start + 1
Thread 1:: com.apple.NSEventThread
0 libsystem_kernel.dylib 0x00007fffae0bb34a mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fffae0ba797 mach_msg + 55
2 com.apple.CoreFoundation 0x00007fff98265854 __CFRunLoopServiceMachPort + 212
3 com.apple.CoreFoundation 0x00007fff98264cd1 __CFRunLoopRun + 1361
4 com.apple.CoreFoundation 0x00007fff98264524 CFRunLoopRunSpecific + 420
5 com.apple.AppKit 0x00007fff95ead2d2 _NSEventThread + 205
6 libsystem_pthread.dylib 0x00007fffae1adaab _pthread_body + 180
7 libsystem_pthread.dylib 0x00007fffae1ad9f7 _pthread_start + 286
8 libsystem_pthread.dylib 0x00007fffae1ad1fd thread_start + 13
Thread 2:
0 libsystem_kernel.dylib 0x00007fffae0c2f46 __semwait_signal + 10
1 libsystem_c.dylib 0x00007fffae049b72 nanosleep + 199
2 libc++.1.dylib 0x00007fffacb7265b std::__1::this_thread::sleep_for(std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000000000l> > const&) + 80
3 com.apple.JavaScriptCore 0x00000001066afc93 bmalloc::Heap::scavenge(std::__1::unique_lock<bmalloc::StaticMutex>&, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000l> >) + 275
4 com.apple.JavaScriptCore 0x00000001066afa46 bmalloc::Heap::concurrentScavenge() + 102
5 com.apple.JavaScriptCore 0x00000001066b10d1 bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>::threadRunLoop() + 97
6 com.apple.JavaScriptCore 0x00000001066b0fdd bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>::threadEntryPoint(bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>*) + 29
7 com.apple.JavaScriptCore 0x00000001066b128d void* std::__1::__thread_proxy<std::__1::tuple<void (*)(bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>*), bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>*> >(void*) + 93
8 libsystem_pthread.dylib 0x00007fffae1adaab _pthread_body + 180
9 libsystem_pthread.dylib 0x00007fffae1ad9f7 _pthread_start + 286
10 libsystem_pthread.dylib 0x00007fffae1ad1fd thread_start + 13
Thread 3:: com.apple.NSURLConnectionLoader
0 libsystem_kernel.dylib 0x00007fffae0bb34a mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fffae0ba797 mach_msg + 55
2 com.apple.CoreFoundation 0x00007fff98265854 __CFRunLoopServiceMachPort + 212
3 com.apple.CoreFoundation 0x00007fff98264cd1 __CFRunLoopRun + 1361
4 com.apple.CoreFoundation 0x00007fff98264524 CFRunLoopRunSpecific + 420
5 com.apple.CFNetwork 0x00007fff973a1604 +[NSURLConnection(Loader) _resourceLoadLoop:] + 313
6 com.apple.Foundation 0x00007fff99ca4a1d __NSThread__start__ + 1243
7 libsystem_pthread.dylib 0x00007fffae1adaab _pthread_body + 180
8 libsystem_pthread.dylib 0x00007fffae1ad9f7 _pthread_start + 286
9 libsystem_pthread.dylib 0x00007fffae1ad1fd thread_start + 13
Thread 4:: WebCore: Scrolling
0 libsystem_kernel.dylib 0x00007fffae0bb34a mach_msg_trap + 10
1 libsystem_kernel.dylib 0x00007fffae0ba797 mach_msg + 55
2 com.apple.CoreFoundation 0x00007fff98265854 __CFRunLoopServiceMachPort + 212
3 com.apple.CoreFoundation 0x00007fff98264cd1 __CFRunLoopRun + 1361
4 com.apple.CoreFoundation 0x00007fff98264524 CFRunLoopRunSpecific + 420
5 com.apple.CoreFoundation 0x00007fff982a3d01 CFRunLoopRun + 97
6 com.apple.WebCore 0x00000001088b2ddd WebCore::ScrollingThread::initializeRunLoop() + 253
7 com.apple.JavaScriptCore 0x00000001066a03b2 WTF::threadEntryPoint(void*) + 178
8 com.apple.JavaScriptCore 0x00000001066a080f WTF::wtfThreadEntryPoint(void*) + 15
9 libsystem_pthread.dylib 0x00007fffae1adaab _pthread_body + 180
10 libsystem_pthread.dylib 0x00007fffae1ad9f7 _pthread_start + 286
11 libsystem_pthread.dylib 0x00007fffae1ad1fd thread_start + 13
Thread 5:
0 libsystem_kernel.dylib 0x00007fffae0c344e __workq_kernreturn + 10
1 libsystem_pthread.dylib 0x00007fffae1ad791 _pthread_wqthread + 1426
2 libsystem_pthread.dylib 0x00007fffae1ad1ed start_wqthread + 13
Thread 6:
0 libsystem_kernel.dylib 0x00007fffae0c344e __workq_kernreturn + 10
1 libsystem_pthread.dylib 0x00007fffae1ad791 _pthread_wqthread + 1426
2 libsystem_pthread.dylib 0x00007fffae1ad1ed start_wqthread + 13
Thread 7:
0 libsystem_kernel.dylib 0x00007fffae0c344e __workq_kernreturn + 10
1 libsystem_pthread.dylib 0x00007fffae1ad791 _pthread_wqthread + 1426
2 libsystem_pthread.dylib 0x00007fffae1ad1ed start_wqthread + 13
Thread 8:
0 libsystem_kernel.dylib 0x00007fffae0c344e __workq_kernreturn + 10
1 libsystem_pthread.dylib 0x00007fffae1ad5fe _pthread_wqthread + 1023
2 libsystem_pthread.dylib 0x00007fffae1ad1ed start_wqthread + 13
Thread 9:: WTF::AutomaticThread
0 libsystem_kernel.dylib 0x00007fffae0c2bf2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fffae1ae96a _pthread_cond_wait + 712
2 com.apple.JavaScriptCore 0x00000001066a17b7 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 119
3 com.apple.JavaScriptCore 0x0000000106687bd2 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 2706
4 com.apple.JavaScriptCore 0x0000000105fc6f06 bool WTF::ConditionBase::waitUntil<WTF::Lock>(WTF::Lock&, WTF::TimeWithDynamicClockType const&) + 150
5 com.apple.JavaScriptCore 0x0000000106669817 std::__1::__function::__func<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0, std::__1::allocator<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>, void ()>::operator()() + 199
6 com.apple.JavaScriptCore 0x00000001066a03b2 WTF::threadEntryPoint(void*) + 178
7 com.apple.JavaScriptCore 0x00000001066a080f WTF::wtfThreadEntryPoint(void*) + 15
8 libsystem_pthread.dylib 0x00007fffae1adaab _pthread_body + 180
9 libsystem_pthread.dylib 0x00007fffae1ad9f7 _pthread_start + 286
10 libsystem_pthread.dylib 0x00007fffae1ad1fd thread_start + 13
Thread 10:: WTF::AutomaticThread
0 libsystem_kernel.dylib 0x00007fffae0c2bf2 __psynch_cvwait + 10
1 libsystem_pthread.dylib 0x00007fffae1ae96a _pthread_cond_wait + 712
2 com.apple.JavaScriptCore 0x00000001066a17b7 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 119
3 com.apple.JavaScriptCore 0x0000000106687bd2 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 2706
4 com.apple.JavaScriptCore 0x0000000105fc6f06 bool WTF::ConditionBase::waitUntil<WTF::Lock>(WTF::Lock&, WTF::TimeWithDynamicClockType const&) + 150
5 com.apple.JavaScriptCore 0x0000000106669817 std::__1::__function::__func<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0, std::__1::allocator<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>, void ()>::operator()() + 199
6 com.apple.JavaScriptCore 0x00000001066a03b2 WTF::threadEntryPoint(void*) + 178
7 com.apple.JavaScriptCore 0x00000001066a080f WTF::wtfThreadEntryPoint(void*) + 15
8 libsystem_pthread.dylib 0x00007fffae1adaab _pthread_body + 180
9 libsystem_pthread.dylib 0x00007fffae1ad9f7 _pthread_start + 286
10 libsystem_pthread.dylib 0x00007fffae1ad1fd thread_start + 13
Thread 0 crashed with X86 Thread State (64-bit):
rax: 0x0000000000000000 rbx: 0x00000001103ab770 rcx: 0x0000000111eb22a0 rdx: 0x00000001103ab770
rdi: 0x00000001103ab770 rsi: 0x0000000000000002 rbp: 0x00007fff5ad05d80 rsp: 0x00007fff5ad05d80
r8: 0x00000000000000a2 r9: 0x0000000000000006 r10: 0x0000000000000001 r11: 0x0000000108d5e830
r12: 0x0000000000000000 r13: 0x00000001103ab700 r14: 0x00000001103ac350 r15: 0x00000001103ac338
rip: 0x0000000107cb0272 rfl: 0x0000000000000246 cr2: 0x0000000146de4000
Logical CPU: 18
Error Code: 0x00000000
Trap Number: 3
]]
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170318/60fc9a55/attachment-0001.html>
More information about the webkit-unassigned
mailing list