[Webkit-unassigned] [Bug 156463] New: crash in WebCore::CachedResource::clearLoader
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 11 04:41:46 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=156463
Bug ID: 156463
Summary: crash in WebCore::CachedResource::clearLoader
Classification: Unclassified
Product: WebKit
Version: Safari 9
Hardware: iOS
OS: iOS 9.3
Status: NEW
Severity: Critical
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: danielo at opera.com
WebCore::CachedResource::clearLoader crashes at random with EXC_BAD_ACCESS KERN_INVALID_ADDRESS 0x0000000000000368
This same crash existed before iOS 9.3, but it increased 500%-600% with appearence of 9.3.
The release of 9.3.1 doesn't fix it, we're still getting plenty of those on 9.3.1.
This might be related to Bug #141568 :
https://bugs.webkit.org/show_bug.cgi?id=141568
Exazmple URLs:
http://hdrezka.me/
http://www.kvartira-lux.ru/objects_sale/live/evropa_sity/
http://m.zhihu.com/question/19802351
http://happyflora.ru/view_post3.php?latter=340
http://www.xnxx.com/ - happens a lot here (maybe because it's a very interesting site and a popular visit place)
...
Example stack:
Thread : Crashed: WebThread
0 WebCore 0x185242e70 WebCore::CachedResource::clearLoader() + 20
1 WebCore 0x185242e48 WebCore::SubresourceLoader::releaseResources() + 40
2 WebCore 0x185242e48 WebCore::SubresourceLoader::releaseResources() + 40
3 WebCore 0x1852453a8 WebCore::ResourceLoader::cancel(WebCore::ResourceError const&) + 528
4 WebCore 0x18524518c WebCore::ResourceLoader::cancel() + 48
5 WebCore 0x1851a4194 WebCore::SubresourceLoader::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 464
6 WebCore 0x18530bdec WebCore::ResourceHandle::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 616
7 WebCore 0x185f14558 WebCore::SynchronousResourceHandleCFURLConnectionDelegate::willSendRequest(_CFURLRequest const*, _CFURLResponse*) + 160
8 CFNetwork 0x181a08050 URLConnectionClient_Classic::_connectionClientInterface_precanonicalizeForSynchronousStart() + 256
9 CFNetwork 0x1818f8378 ClassicURLConnection::start() + 172
10 CFNetwork 0x1818f829c CFURLConnectionStart + 60
11 WebCore 0x1851a6094 WebCore::ResourceHandle::start() + 312
12 WebCore 0x1851a59d4 WebCore::ResourceHandle::create(WebCore::NetworkingContext*, WebCore::ResourceRequest const&, WebCore::ResourceHandleClient*, bool, bool) + 444
13 WebCore 0x1851a54c4 WebCore::ResourceLoader::start() + 336
14 WebCore 0x1851a3b6c WebCore::SubresourceLoader::startLoading() + 412
15 WebCore 0x1851a3954 WebCore::ResourceLoadScheduler::servePendingRequests(WebCore::ResourceLoadScheduler::HostInformation*, WebCore::ResourceLoadPriority) + 516
16 WebCore 0x185d79d94 WebCore::ResourceLoadScheduler::scheduleSubresourceLoad(WebCore::Frame*, WebCore::CachedResource*, WebCore::ResourceRequest const&, WebCore::ResourceLoaderOptions const&) + 76
17 WebCore 0x1853fb5f8 WebCore::CachedResource::load(WebCore::CachedResourceLoader&, WebCore::ResourceLoaderOptions const&) + 1196
18 WebCore 0x1851a0d48 WebCore::CachedResourceLoader::requestResource(WebCore::CachedResource::Type, WebCore::CachedResourceRequest&) + 2260
19 WebCore 0x1851a0450 WebCore::CachedResourceLoader::requestScript(WebCore::CachedResourceRequest&) + 40
20 WebCore 0x18519f608 WebCore::ScriptElement::requestScript(WTF::String const&) + 1220
21 WebCore 0x18519e770 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 616
22 WebCore 0x185d9021c WebCore::ScriptElement::finishedInsertingSubtree() + 28
23 WebCore 0x18543e120 WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) + 316
24 WebCore 0x18543dc58 WebCore::ContainerNode::updateTreeAfterInsertion(WebCore::Node&) + 36
25 WebCore 0x18543d76c WebCore::ContainerNode::insertBefore(WTF::PassRefPtr<WebCore::Node>, WebCore::Node*, int&) + 1148
26 WebCore 0x185bf1378 WebCore::Node::insertBefore(WTF::PassRefPtr<WebCore::Node>, WebCore::Node*, int&) + 60
27 WebCore 0x18519dc40 WebCore::JSNode::insertBefore(JSC::ExecState*) + 120
28 JavaScriptCore 0x184e2e2c0 llint_entry + 25040
29 JavaScriptCore 0x184e2dd44 llint_entry + 23636
30 JavaScriptCore 0x184e2dd44 llint_entry + 23636
31 JavaScriptCore 0x184e27ed8 vmEntryToJavaScript + 312
32 JavaScriptCore 0x184d539fc JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 180
33 JavaScriptCore 0x1849d9bc4 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 8204
34 JavaScriptCore 0x184b32418 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 440
35 WebCore 0x185d8d29c WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) + 292
36 WebCore 0x1851bd804 WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 340
37 WebCore 0x18519e96c WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 1124
38 WebCore 0x18523d244 WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) + 280
39 WebCore 0x18523d0d0 WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) + 64
40 WebCore 0x18523cff4 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 76
41 WebCore 0x1851ecae8 WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) + 108
42 WebCore 0x1851ebc5c WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 456
43 WebCore 0x1852464ac WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() + 304
44 WebCore 0x1856cbbd8 non-virtual thunk to WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) + 100
45 WebCore 0x1852421f0 WebCore::CachedResource::checkNotify() + 284
46 WebCore 0x185241fbc WebCore::SubresourceLoader::didFinishLoading(double) + 1020
47 CFNetwork 0x18190f500 ___ZN27URLConnectionClient_Classic26_delegate_didFinishLoadingEU13block_pointerFvvE_block_invoke + 100
48 CFNetwork 0x181a032a8 ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 + 108
49 libdispatch.dylib 0x180d7947c _dispatch_client_callout + 16
50 libdispatch.dylib 0x180d827b8 _dispatch_block_invoke + 540
51 CFNetwork 0x1818fbc6c RunloopBlockContext::_invoke_block(void const*, void*) + 36
52 CoreFoundation 0x18120c73c CFArrayApplyFunction + 68
53 CFNetwork 0x1818fbb50 RunloopBlockContext::perform() + 136
54 CFNetwork 0x1818fba10 MultiplexerSource::perform() + 312
55 CFNetwork 0x1818fb83c MultiplexerSource::_perform(void*) + 68
56 CoreFoundation 0x1812e5124 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24
57 CoreFoundation 0x1812e4b38 __CFRunLoopDoSources0 + 412
58 CoreFoundation 0x1812e28b8 __CFRunLoopRun + 724
59 CoreFoundation 0x18120cd10 CFRunLoopRunSpecific + 384
60 WebCore 0x1851f6558 RunWebThread(void*) + 456
61 libsystem_pthread.dylib 0x180f93b28 _pthread_body + 156
62 libsystem_pthread.dylib 0x180f93a8c _pthread_body + 154
63 libsystem_pthread.dylib 0x180f91028 thread_start + 4
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160411/213c6bce/attachment-0001.html>
More information about the webkit-unassigned
mailing list