<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - JavascriptCore/bmalloc causing 0xdeadlocc with Springboard on iOS 10"
href="https://bugs.webkit.org/show_bug.cgi?id=163554">163554</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>JavascriptCore/bmalloc causing 0xdeadlocc with Springboard on iOS 10
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>Safari 10
</td>
</tr>
<tr>
<th>Hardware</th>
<td>iPhone / iPad
</td>
</tr>
<tr>
<th>OS</th>
<td>iOS 10
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Critical
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>JavaScriptCore
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>sleroux@mozilla.com
</td>
</tr></table>
<p>
<div>
<pre>We've seen a large increase in our crash on Firefox for iOS from 0xdeadlocc crashes that are bringing down Springboard on iOS 10. Specifically we're seeing:
Exception Type: EXC_CRASH (SIGKILL)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace SPRINGBOARD, Code 0xdead10cc
Triggered by Thread: 0
....
Thread 3:
0 libsystem_kernel.dylib 0x0000000185616314 __semwait_signal + 8
1 libsystem_c.dylib 0x000000018553427c nanosleep + 212 (nanosleep.c:104)
2 libc++.1.dylib 0x0000000185045994 std::__1::this_thread::sleep_for(std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000000000l> > const&) + 80 (thread.cpp:128)
3 JavaScriptCore 0x000000018adc3384 void std::__1::this_thread::sleep_for<long long, std::__1::ratio<1l, 1000l> >(std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000l> > const&) + 76 (thread:441)
4 JavaScriptCore 0x000000018adc2484 bmalloc::waitUntilFalse(std::__1::unique_lock<bmalloc::StaticMutex>&, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000l> >, bool&) + 128 (StaticMutex.h:64)
5 JavaScriptCore 0x000000018adc22c0 bmalloc::Heap::scavenge(std::__1::unique_lock<bmalloc::StaticMutex>&, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000l> >) + 60 (Heap.cpp:112)
6 JavaScriptCore 0x000000018adc2160 bmalloc::Heap::concurrentScavenge() + 80 (Heap.cpp:107)
7 JavaScriptCore 0x000000018adc3470 bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>::threadRunLoop() + 92 (AsyncTask.h:121)
8 JavaScriptCore 0x000000018adc339c bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>::threadEntryPoint(bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>*) + 12 (AsyncTask.h:106)
9 JavaScriptCore 0x000000018adc364c void* std::__1::__thread_proxy<std::__1::tuple<void (*)(bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>*), bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>*> >(void*) + 92 (__functional_base:416)
10 libsystem_pthread.dylib 0x00000001856db860 _pthread_body + 240 (pthread.c:697)
11 libsystem_pthread.dylib 0x00000001856db770 _pthread_start + 284 (pthread.c:744)
12 libsystem_pthread.dylib 0x00000001856d8dbc thread_start + 4
....
Looking at this crash, my best guess is that Springboard and JavascriptCore are blocked on each other and being terminated because of the deadlock.
I wasn't sure if this was a bmalloc issue or JavascriptCore one so feel free to move it around if it's in the wrong category.
Firefox for iOS bug: <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1307822">https://bugzilla.mozilla.org/show_bug.cgi?id=1307822</a></pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>