[Webkit-unassigned] [Bug 156463] New: crash in WebCore::CachedResource::clearLoader

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 11 04:41:46 PDT 2016


https://bugs.webkit.org/show_bug.cgi?id=156463

            Bug ID: 156463
           Summary: crash in WebCore::CachedResource::clearLoader
    Classification: Unclassified
           Product: WebKit
           Version: Safari 9
          Hardware: iOS
                OS: iOS 9.3
            Status: NEW
          Severity: Critical
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: danielo at opera.com

WebCore::CachedResource::clearLoader crashes at random with EXC_BAD_ACCESS KERN_INVALID_ADDRESS 0x0000000000000368

This same crash existed before iOS 9.3, but it increased 500%-600% with appearence of 9.3.
The release of 9.3.1 doesn't fix it, we're still getting plenty of those on 9.3.1.

This might be related to Bug #141568 :
https://bugs.webkit.org/show_bug.cgi?id=141568

Exazmple URLs:
http://hdrezka.me/
http://www.kvartira-lux.ru/objects_sale/live/evropa_sity/
http://m.zhihu.com/question/19802351
http://happyflora.ru/view_post3.php?latter=340
http://www.xnxx.com/ - happens a lot here (maybe because it's a very interesting site and a popular visit place)
...

Example stack:
Thread : Crashed: WebThread
0  WebCore                        0x185242e70 WebCore::CachedResource::clearLoader() + 20
1  WebCore                        0x185242e48 WebCore::SubresourceLoader::releaseResources() + 40
2  WebCore                        0x185242e48 WebCore::SubresourceLoader::releaseResources() + 40
3  WebCore                        0x1852453a8 WebCore::ResourceLoader::cancel(WebCore::ResourceError const&) + 528
4  WebCore                        0x18524518c WebCore::ResourceLoader::cancel() + 48
5  WebCore                        0x1851a4194 WebCore::SubresourceLoader::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 464
6  WebCore                        0x18530bdec WebCore::ResourceHandle::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 616
7  WebCore                        0x185f14558 WebCore::SynchronousResourceHandleCFURLConnectionDelegate::willSendRequest(_CFURLRequest const*, _CFURLResponse*) + 160
8  CFNetwork                      0x181a08050 URLConnectionClient_Classic::_connectionClientInterface_precanonicalizeForSynchronousStart() + 256
9  CFNetwork                      0x1818f8378 ClassicURLConnection::start() + 172
10 CFNetwork                      0x1818f829c CFURLConnectionStart + 60
11 WebCore                        0x1851a6094 WebCore::ResourceHandle::start() + 312
12 WebCore                        0x1851a59d4 WebCore::ResourceHandle::create(WebCore::NetworkingContext*, WebCore::ResourceRequest const&, WebCore::ResourceHandleClient*, bool, bool) + 444
13 WebCore                        0x1851a54c4 WebCore::ResourceLoader::start() + 336
14 WebCore                        0x1851a3b6c WebCore::SubresourceLoader::startLoading() + 412
15 WebCore                        0x1851a3954 WebCore::ResourceLoadScheduler::servePendingRequests(WebCore::ResourceLoadScheduler::HostInformation*, WebCore::ResourceLoadPriority) + 516
16 WebCore                        0x185d79d94 WebCore::ResourceLoadScheduler::scheduleSubresourceLoad(WebCore::Frame*, WebCore::CachedResource*, WebCore::ResourceRequest const&, WebCore::ResourceLoaderOptions const&) + 76
17 WebCore                        0x1853fb5f8 WebCore::CachedResource::load(WebCore::CachedResourceLoader&, WebCore::ResourceLoaderOptions const&) + 1196
18 WebCore                        0x1851a0d48 WebCore::CachedResourceLoader::requestResource(WebCore::CachedResource::Type, WebCore::CachedResourceRequest&) + 2260
19 WebCore                        0x1851a0450 WebCore::CachedResourceLoader::requestScript(WebCore::CachedResourceRequest&) + 40
20 WebCore                        0x18519f608 WebCore::ScriptElement::requestScript(WTF::String const&) + 1220
21 WebCore                        0x18519e770 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 616
22 WebCore                        0x185d9021c WebCore::ScriptElement::finishedInsertingSubtree() + 28
23 WebCore                        0x18543e120 WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) + 316
24 WebCore                        0x18543dc58 WebCore::ContainerNode::updateTreeAfterInsertion(WebCore::Node&) + 36
25 WebCore                        0x18543d76c WebCore::ContainerNode::insertBefore(WTF::PassRefPtr<WebCore::Node>, WebCore::Node*, int&) + 1148
26 WebCore                        0x185bf1378 WebCore::Node::insertBefore(WTF::PassRefPtr<WebCore::Node>, WebCore::Node*, int&) + 60
27 WebCore                        0x18519dc40 WebCore::JSNode::insertBefore(JSC::ExecState*) + 120
28 JavaScriptCore                 0x184e2e2c0 llint_entry + 25040
29 JavaScriptCore                 0x184e2dd44 llint_entry + 23636
30 JavaScriptCore                 0x184e2dd44 llint_entry + 23636
31 JavaScriptCore                 0x184e27ed8 vmEntryToJavaScript + 312
32 JavaScriptCore                 0x184d539fc JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 180
33 JavaScriptCore                 0x1849d9bc4 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 8204
34 JavaScriptCore                 0x184b32418 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 440
35 WebCore                        0x185d8d29c WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) + 292
36 WebCore                        0x1851bd804 WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 340
37 WebCore                        0x18519e96c WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 1124
38 WebCore                        0x18523d244 WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) + 280
39 WebCore                        0x18523d0d0 WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) + 64
40 WebCore                        0x18523cff4 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 76
41 WebCore                        0x1851ecae8 WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) + 108
42 WebCore                        0x1851ebc5c WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 456
43 WebCore                        0x1852464ac WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() + 304
44 WebCore                        0x1856cbbd8 non-virtual thunk to WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) + 100
45 WebCore                        0x1852421f0 WebCore::CachedResource::checkNotify() + 284
46 WebCore                        0x185241fbc WebCore::SubresourceLoader::didFinishLoading(double) + 1020
47 CFNetwork                      0x18190f500 ___ZN27URLConnectionClient_Classic26_delegate_didFinishLoadingEU13block_pointerFvvE_block_invoke + 100
48 CFNetwork                      0x181a032a8 ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 + 108
49 libdispatch.dylib              0x180d7947c _dispatch_client_callout + 16
50 libdispatch.dylib              0x180d827b8 _dispatch_block_invoke + 540
51 CFNetwork                      0x1818fbc6c RunloopBlockContext::_invoke_block(void const*, void*) + 36
52 CoreFoundation                 0x18120c73c CFArrayApplyFunction + 68
53 CFNetwork                      0x1818fbb50 RunloopBlockContext::perform() + 136
54 CFNetwork                      0x1818fba10 MultiplexerSource::perform() + 312
55 CFNetwork                      0x1818fb83c MultiplexerSource::_perform(void*) + 68
56 CoreFoundation                 0x1812e5124 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24
57 CoreFoundation                 0x1812e4b38 __CFRunLoopDoSources0 + 412
58 CoreFoundation                 0x1812e28b8 __CFRunLoopRun + 724
59 CoreFoundation                 0x18120cd10 CFRunLoopRunSpecific + 384
60 WebCore                        0x1851f6558 RunWebThread(void*) + 456
61 libsystem_pthread.dylib        0x180f93b28 _pthread_body + 156
62 libsystem_pthread.dylib        0x180f93a8c _pthread_body + 154
63 libsystem_pthread.dylib        0x180f91028 thread_start + 4

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160411/213c6bce/attachment-0001.html>


More information about the webkit-unassigned mailing list