<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - REGRESSION (r199734): WebKit crashes loading numerous websites in iOS Simulator"
href="https://bugs.webkit.org/show_bug.cgi?id=156842">156842</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>REGRESSION (r199734): WebKit crashes loading numerous websites in iOS Simulator
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Nightly Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>iOS
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Blocker
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>JavaScriptCore
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>aestes@apple.com
</td>
</tr></table>
<p>
<div>
<pre>Due to <a href="http://trac.webkit.org/changeset/199734">http://trac.webkit.org/changeset/199734</a>, Safari in iOS Simulator crashes loading most sites, including apple.com and webkit.org.
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x000005f45b2511ff
Exception Note: EXC_CORPSE_NOTIFY
VM Regions Near 0x5f45b2511ff:
JS JIT generated code 000005f45b250000-000005f45b251000 [ 4K] rwx/rwx SM=SHM
--> JS JIT generated code 000005f45b251000-000005f49b250000 [ 1.0G] r-x/rwx SM=SHM
JS JIT generated code 000005f49b250000-000005f49b251000 [ 4K] ---/rwx SM=NUL
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 JavaScriptCore 0x0000000110fd38c2 JSC::X86Assembler::setInt32(void*, int) + 18 (X86Assembler.h:2975)
1 JavaScriptCore 0x0000000110fd387f JSC::X86Assembler::setRel32(void*, void*) + 111 (X86Assembler.h:2989)
2 JavaScriptCore 0x0000000111316645 JSC::X86Assembler::linkJump(void*, JSC::AssemblerLabel, void*) + 101 (X86Assembler.h:2720)
3 JavaScriptCore 0x00000001113168ac JSC::AbstractMacroAssembler<JSC::X86Assembler, JSC::MacroAssemblerX86Common>::linkJump(void*, JSC::AbstractMacroAssembler<JSC::X86Assembler, JSC::MacroAssemblerX86Common>::Jump, JSC::CodeLocationLabel) + 60 (AbstractMacroAssembler.h:968)
4 JavaScriptCore 0x000000011130fe7b JSC::LinkBuffer::link(JSC::AbstractMacroAssembler<JSC::X86Assembler, JSC::MacroAssemblerX86Common>::Jump, JSC::CodeLocationLabel) + 91 (LinkBuffer.h:145)
5 JavaScriptCore 0x000000011168387d JSC::LinkBuffer::link(JSC::AbstractMacroAssembler<JSC::X86Assembler, JSC::MacroAssemblerX86Common>::JumpList const&, JSC::CodeLocationLabel) + 125 (LinkBuffer.h:149)
6 JavaScriptCore 0x0000000111a97239 JSC::SpecializedThunkJIT::finalize(JSC::MacroAssemblerCodePtr, char const*) + 153 (SpecializedThunkJIT.h:174)
7 JavaScriptCore 0x0000000111a97450 JSC::charAtThunkGenerator(JSC::VM*) + 208 (ThunkGenerators.cpp:586)
8 JavaScriptCore 0x00000001116a6697 JSC::JITThunks::hostFunctionStub(JSC::VM*, long long (*)(JSC::ExecState*), JSC::MacroAssemblerCodeRef (*)(JSC::VM*), JSC::Intrinsic, WTF::String const&) + 983 (JITThunks.cpp:112)
9 JavaScriptCore 0x0000000111ac8562 JSC::VM::getHostFunction(long long (*)(JSC::ExecState*), JSC::Intrinsic, WTF::String const&) + 210 (VM.cpp:510)
10 JavaScriptCore 0x00000001116f7a4e JSC::JSFunction::lookUpOrCreateNativeExecutable(JSC::VM&, long long (*)(JSC::ExecState*), JSC::Intrinsic, long long (*)(JSC::ExecState*), WTF::String const&) + 142 (JSFunction.cpp:92)
11 JavaScriptCore 0x00000001116f7abf JSC::JSFunction::create(JSC::VM&, JSC::JSGlobalObject*, int, WTF::String const&, long long (*)(JSC::ExecState*), JSC::Intrinsic, long long (*)(JSC::ExecState*)) + 63 (JSFunction.cpp:100)
12 JavaScriptCore 0x0000000111784087 JSC::JSObject::putDirectNativeFunctionWithoutTransition(JSC::VM&, JSC::JSGlobalObject*, JSC::PropertyName const&, unsigned int, long long (*)(JSC::ExecState*), JSC::Intrinsic, unsigned int) + 247 (JSObject.cpp:2622)
13 JavaScriptCore 0x0000000111a57256 JSC::StringPrototype::finishCreation(JSC::VM&, JSC::JSGlobalObject*, JSC::JSString*) + 662 (StringPrototype.cpp:132)
14 JavaScriptCore 0x0000000111a5c833 JSC::StringPrototype::create(JSC::VM&, JSC::JSGlobalObject*, JSC::Structure*) + 115 (StringPrototype.cpp:187)
15 JavaScriptCore 0x000000011170280f JSC::JSGlobalObject::init(JSC::VM&) + 16735 (JSGlobalObject.cpp:400)
16 com.apple.WebCore 0x00000001148cce5c JSC::JSGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*) + 124 (JSGlobalObject.h:394)
17 com.apple.WebCore 0x00000001148ccd7a WebCore::JSDOMGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*) + 58 (JSDOMGlobalObject.cpp:114)
18 com.apple.WebCore 0x000000011496ab68 WebCore::JSDOMWindowBase::finishCreation(JSC::VM&, WebCore::JSDOMWindowShell*) + 72 (JSDOMWindowBase.cpp:80)
19 com.apple.WebCore 0x0000000114901ed6 WebCore::JSDOMWindow::finishCreation(JSC::VM&, WebCore::JSDOMWindowShell*) + 70 (JSDOMWindow.cpp:5816)
20 com.apple.WebCore 0x0000000114988a09 WebCore::JSDOMWindow::create(JSC::VM&, JSC::Structure*, WTF::Ref<WebCore::DOMWindow>&&, WebCore::JSDOMWindowShell*) + 137 (JSDOMWindow.h:38)
21 com.apple.WebCore 0x0000000114988545 WebCore::JSDOMWindowShell::setWindow(WTF::PassRefPtr<WebCore::DOMWindow>) + 341 (JSDOMWindowShell.cpp:86)
22 com.apple.WebCore 0x00000001149883af WebCore::JSDOMWindowShell::finishCreation(JSC::VM&, WTF::PassRefPtr<WebCore::DOMWindow>) + 143 (JSDOMWindowShell.cpp:56)
23 com.apple.WebCore 0x00000001156262dc WebCore::JSDOMWindowShell::create(JSC::VM&, WTF::PassRefPtr<WebCore::DOMWindow>, JSC::Structure*, WebCore::DOMWrapperWorld&) + 140 (JSDOMWindowShell.h:56)
24 com.apple.WebCore 0x0000000115626135 WebCore::ScriptController::createWindowShell(WebCore::DOMWrapperWorld&) + 229 (ScriptController.cpp:133)
25 com.apple.WebCore 0x0000000115626e3d WebCore::ScriptController::initScript(WebCore::DOMWrapperWorld&) + 125 (ScriptController.cpp:252)
26 com.apple.WebKit 0x00000001094318d1 WebCore::ScriptController::windowShell(WebCore::DOMWrapperWorld&) + 145 (ScriptController.h:90)
27 com.apple.WebKit 0x00000001094310cd WebCore::ScriptController::globalObject(WebCore::DOMWrapperWorld&) + 29 (ScriptController.h:99)
28 com.apple.WebKit 0x0000000109605626 WebKit::WebFrame::jsContextForWorld(WebKit::InjectedBundleScriptWorld*) + 54 (WebFrame.cpp:482)
29 com.apple.WebKit 0x0000000109abdd18 -[WKWebProcessPlugInFrame jsContextForWorld:] + 88 (WKWebProcessPlugInFrame.mm:66)
30 com.apple.mobilesafari.Safari 0x0000000120d7901b 0x120d74000 + 20507
31 com.apple.WebKit 0x0000000109aba9d9 globalObjectIsAvailableForFrame(OpaqueWKBundlePage const*, OpaqueWKBundleFrame const*, OpaqueWKBundleScriptWorld const*, void const*) + 265 (WKWebProcessPlugInBrowserContextController.mm:114)
32 com.apple.WebKit 0x000000010921d36c WebKit::InjectedBundlePageLoaderClient::globalObjectIsAvailableForFrame(WebKit::WebPage*, WebKit::WebFrame*, WebCore::DOMWrapperWorld&) + 172 (InjectedBundlePageLoaderClient.cpp:303)
33 com.apple.WebKit 0x0000000109613586 WebKit::WebFrameLoaderClient::dispatchGlobalObjectAvailable(WebCore::DOMWrapperWorld&) + 86 (WebFrameLoaderClient.cpp:1599)
34 com.apple.WebCore 0x00000001142aa991 WebCore::FrameLoader::dispatchGlobalObjectAvailableInAllWorlds() + 145 (FrameLoader.cpp:3451)
35 com.apple.WebCore 0x00000001142aa457 WebCore::FrameLoader::receivedFirstData() + 55 (FrameLoader.cpp:642)
36 com.apple.WebCore 0x0000000113f61181 WebCore::DocumentLoader::commitData(char const*, unsigned long) + 337 (DocumentLoader.cpp:879)
37 com.apple.WebKit 0x000000010960ff3f WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 79 (WebFrameLoaderClient.cpp:950)
38 com.apple.WebCore 0x0000000113f6415d WebCore::DocumentLoader::commitLoad(char const*, int) + 205 (DocumentLoader.cpp:832)
39 com.apple.WebCore 0x0000000113f649f9 WebCore::DocumentLoader::dataReceived(WebCore::CachedResource*, char const*, int) + 585 (DocumentLoader.cpp:943)
40 com.apple.WebCore 0x0000000113ad07e8 WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) + 152 (CachedRawResource.cpp:118)
41 com.apple.WebCore 0x0000000113ad0672 WebCore::CachedRawResource::addDataBuffer(WebCore::SharedBuffer&) + 194 (CachedRawResource.cpp:70)
42 com.apple.WebCore 0x000000011589d0f5 WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::PassRefPtr<WebCore::SharedBuffer>, long long, WebCore::DataPayloadType) + 485 (SubresourceLoader.cpp:322)
43 com.apple.WebCore 0x000000011589d212 WebCore::SubresourceLoader::didReceiveBuffer(WTF::PassRefPtr<WebCore::SharedBuffer>, long long, WebCore::DataPayloadType) + 66 (SubresourceLoader.cpp:303)
44 com.apple.WebKit 0x00000001098d05ad WebKit::WebResourceLoader::didReceiveResource(WebKit::ShareableResource::Handle const&, double) + 765 (WebResourceLoader.cpp:206)
45 com.apple.WebKit 0x00000001098d582d void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&, double), std::__1::tuple<WebKit::ShareableResource::Handle, double>, 0ul, 1ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&, double), std::__1::tuple<WebKit::ShareableResource::Handle, double>&&, std::index_sequence<0ul, 1ul>) + 189 (HandleMessage.h:17)
46 com.apple.WebKit 0x00000001098d5608 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&, double), std::__1::tuple<WebKit::ShareableResource::Handle, double>, std::make_index_sequence<2ul> >(std::__1::tuple<WebKit::ShareableResource::Handle, double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&, double)) + 88 (HandleMessage.h:23)
47 com.apple.WebKit 0x00000001098d4823 void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveResource, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&, double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&, double)) + 291 (HandleMessage.h:93)
48 com.apple.WebKit 0x00000001098d3d1e WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) + 1038 (WebResourceLoaderMessageReceiver.cpp:81)
49 com.apple.WebKit 0x000000010936b28d WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 157 (NetworkProcessConnection.cpp:60)
50 com.apple.WebKit 0x000000010913fa93 IPC::Connection::dispatchMessage(IPC::MessageDecoder&) + 51 (Connection.cpp:896)
51 com.apple.WebKit 0x0000000109135422 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 770 (Connection.cpp:928)
52 com.apple.WebKit 0x0000000109140080 IPC::Connection::dispatchOneMessage() + 1504 (Connection.cpp:957)
53 com.apple.WebKit 0x00000001091623bd IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const + 29 (Connection.cpp:890)
54 com.apple.WebKit 0x000000010916238d void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&>(IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&&&) + 45 (__functional_base:469)
55 com.apple.WebKit 0x00000001091621f9 std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10>, void ()>::operator()() + 41 (functional:1437)
56 JavaScriptCore 0x000000011156b5ea std::__1::function<void ()>::operator()() const + 26 (functional:1817)
57 JavaScriptCore 0x0000000111b79e67 WTF::RunLoop::performWork() + 631 (RunLoop.cpp:123)
58 JavaScriptCore 0x0000000111b7a4d4 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38)
59 com.apple.CoreFoundation 0x000000010c0017e1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
60 com.apple.CoreFoundation 0x000000010bfe6637 __CFRunLoopDoSources0 + 423
61 com.apple.CoreFoundation 0x000000010bfe5ba6 __CFRunLoopRun + 918
62 com.apple.CoreFoundation 0x000000010bfe55ad CFRunLoopRunSpecific + 285
63 com.apple.Foundation 0x0000000108b4b600 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 274
64 com.apple.Foundation 0x0000000108b4b4db -[NSRunLoop(NSRunLoop) run] + 76
65 libxpc.dylib 0x000000010d801759 _xpc_objc_main + 400
66 libxpc.dylib 0x000000010d803a84 xpc_main + 189
67 com.apple.WebKit.WebContent.Development 0x0000000108ab1dcc main + 892 (XPCServiceMain.mm:114)
68 libdyld.dylib 0x000000010d508679 st</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>