222683 2021-03-03 13:30:31 -0800 Crash under SubresourceLoader::notifyDone() 2021-03-03 14:37:48 -0800 1 1 1 Unclassified WebKit Page Loading WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 cdumez cdumez achristensen beidson ews-watchlist ggaren japhet webkit-bug-importer youennf oldest_to_newest 1735485 0 cdumez 2021-03-03 13:30:31 -0800 Crash under SubresourceLoader::notifyDone(): Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000038) [ 0] 0x00000001b09e068c WebCore`WebCore::SubresourceLoader::didCancel(WebCore::ResourceError const&) [inlined] WTF::RawPtrTraits<WebCore::CachedResourceLoader>::unwrap(WebCore::CachedResourceLoader* const&) at RawPtrTraits.h:43:69 0x00000001b09e067c: ldr w8, [x19, #0x628] 0x00000001b09e0680: cmp w8, #0x3 ; =0x3 0x00000001b09e0684: cset w2, ne 0x00000001b09e0688: ldr x8, [x19, #0x28] -> 0x00000001b09e068c: ldr x0, [x8, #0x38] 0x00000001b09e0690: mov w1, #0x1 0x00000001b09e0694: bl 0x17698ec ; WebCore::CachedResourceLoader::loadDone at CachedResourceLoader.cpp:1377 0x00000001b09e0698: ldrb w8, [x19, #0x3b8] 0x00000001b09e069c: cbz w8, 0x172c6ac ; <+204> [inlined] WTF::RawPtrTraits<WebCore::DocumentLoader>::unwrap(WebCore::DocumentLoader* const&) at RefPtr.h:83 [ 0] 0x00000001b09e068c WebCore`WebCore::SubresourceLoader::didCancel(WebCore::ResourceError const&) [inlined] WTF::Ref<WebCore::CachedResourceLoader, WTF::RawPtrTraits<WebCore::CachedResourceLoader> >::operator WebCore::CachedResourceLoader&() const at Ref.h:118 [ 0] 0x00000001b09e068c WebCore`WebCore::SubresourceLoader::didCancel(WebCore::ResourceError const&) [inlined] WebCore::DocumentLoader::cachedResourceLoader() at DocumentLoader.h:181 177 178 const ResourceRequest& request() const; 179 ResourceRequest& request(); 180 -> 181 CachedResourceLoader& cachedResourceLoader() { return m_cachedResourceLoader; } 182 183 const SubstituteData& substituteData() const { return m_substituteData; } 184 185 const URL& url() const; [ 0] 0x00000001b09e068c WebCore`WebCore::SubresourceLoader::didCancel(WebCore::ResourceError const&) [inlined] WebCore::SubresourceLoader::notifyDone(WebCore::LoadCompletionType) + 84 at SubresourceLoader.cpp:845 841 #if PLATFORM(IOS_FAMILY) 842 if (m_state == CancelledWhileInitializing) 843 shouldPerformPostLoadActions = false; 844 #endif -> 845 m_documentLoader->cachedResourceLoader().loadDone(type, shouldPerformPostLoadActions); 846 if (reachedTerminalState()) 847 return; 848 m_documentLoader->removeSubresourceLoader(type, this); 849 } [ 0] 0x00000001b09e0638 WebCore`WebCore::SubresourceLoader::didCancel(WebCore::ResourceError const&) + 88 at SubresourceLoader.cpp:831 827 if (m_resource->type() != CachedResource::Type::MainResource) 828 tracePoint(SubresourceLoadDidEnd); 829 830 m_resource->cancelLoad(); -> 831 notifyDone(LoadCompletionType::Cancel); 832 } 833 834 void SubresourceLoader::notifyDone(LoadCompletionType type) 835 { [ 1] 0x00000001b09e0637 WebCore`WebCore::SubresourceLoader::didCancel(WebCore::ResourceError const&) + 87 at SubresourceLoader.cpp:830:17 826 827 if (m_resource->type() != CachedResource::Type::MainResource) 828 tracePoint(SubresourceLoadDidEnd); 829 -> 830 m_resource->cancelLoad(); 831 notifyDone(LoadCompletionType::Cancel); 832 } 833 834 void SubresourceLoader::notifyDone(LoadCompletionType type) [ 2] 0x00000001b09d3707 WebCore`WebCore::ResourceLoader::cancel(WebCore::ResourceError const&) + 579 at ResourceLoader.cpp:654:5 650 // we don't want to redo didCancel() or releasesResources(). 651 if (m_reachedTerminalState) 652 return; 653 -> 654 didCancel(nonNullError); 655 656 if (m_cancellationStatus == FinishedCancel) 657 return; 658 m_cancellationStatus = FinishedCancel; [ 3] 0x00000001b09d0d9b WebCore`WebCore::ResourceLoader::cancel() + 71 at ResourceLoader.cpp:609:5 [ 4] 0x00000001b09d0a43 WebCore`WebCore::ResourceLoader::init(WebCore::ResourceRequest&&, WTF::CompletionHandler<void (bool)>&&) + 147 at ResourceLoader.cpp:127:9 [ 5] 0x00000001b09db71b WebCore`WebCore::SubresourceLoader::create(WebCore::Frame&, WebCore::CachedResource&, WebCore::ResourceRequest&&, WebCore::ResourceLoaderOptions const&, WTF::CompletionHandler<void (WTF::RefPtr<WebCore::SubresourceLoader, WTF::RawPtrTraits<WebCore::SubresourceLoader>, WTF::DefaultRefDerefTraits<WebCore::SubresourceLoader> >&&)>&&) [inlined] WebCore::SubresourceLoader::init(WebCore::ResourceRequest&&, WTF::CompletionHandler<void (bool)>&&) + 63 at SubresourceLoader.cpp:165:21 1735487 1 cdumez 2021-03-03 13:30:42 -0800 <rdar://70342402> 1735488 2 422144 cdumez 2021-03-03 13:32:38 -0800 Created attachment 422144 Patch 1735491 3 422144 ggaren 2021-03-03 13:38:25 -0800 Comment on attachment 422144 Patch r=me 1735528 4 ews-feeder 2021-03-03 14:37:46 -0800 Committed r273842: <https://commits.webkit.org/r273842> All reviewed patches have been landed. Closing bug and clearing flags on attachment 422144. 422144 2021-03-03 13:32:38 -0800 2021-03-03 14:37:47 -0800 Patch bug-222683-20210303133237.patch text/plain 1941 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMjczODM0CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNWY1NjQ2ZjBhNmNiOGU3 MjIzY2QwNDY0MmUxYzEyY2ZlMDEzNjNkNS4uMzFlM2NlMjc0ZDRiNGJhZGI1MjNhYzNmMTEyNTY3 YjhhOWE2YWE0MyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIwIEBACisyMDIxLTAzLTAzICBDaHJp cyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CisKKyAgICAgICAgQ3Jhc2ggdW5kZXIgU3VicmVz b3VyY2VMb2FkZXI6Om5vdGlmeURvbmUoKQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9y Zy9zaG93X2J1Zy5jZ2k/aWQ9MjIyNjgzCisgICAgICAgIDxyZGFyOi8vNzAzNDI0MDI+CisKKyAg ICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgV2Ugd2VyZSBjcmFz aGluZyBkb2luZyBhIG51bGwtZGVyZWZlcmVuY2Ugb2YgbV9kb2N1bWVudExvYWRlciB1bmRlcgor ICAgICAgICBTdWJyZXNvdXJjZUxvYWRlcjo6bm90aWZ5RG9uZSgpLiBUaGlzIGFkZHMgbnVsbCBj aGVja3MgZm9yIG1fZG9jdW1lbnRMb2FkZXIKKyAgICAgICAgc2ltaWxhcmx5IHRvIHdoYXQgaXMg YWxyZWFkeSBkb25lIGVsc2V3aGVyZSBpbiBSZXNvdXJjZUxvYWRlci4KKworICAgICAgICBObyBu ZXcgdGVzdHMsIEkgZG8gbm90IGtub3cgaG93IHRvIHJlcHJvZHVjZSB0aGlzLgorCisgICAgICAg ICogbG9hZGVyL1N1YnJlc291cmNlTG9hZGVyLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OlN1YnJl c291cmNlTG9hZGVyOjpub3RpZnlEb25lKToKKwogMjAyMS0wMy0wMyAgQWxleCBDaHJpc3RlbnNl biAgPGFjaHJpc3RlbnNlbkB3ZWJraXQub3JnPgogCiAgICAgICAgIExpbWl0IEhhc2hUYWJsZSBl bnRyeSBzaXplIHRvIDUwMCBieXRlcwpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvbG9hZGVy L1N1YnJlc291cmNlTG9hZGVyLmNwcCBiL1NvdXJjZS9XZWJDb3JlL2xvYWRlci9TdWJyZXNvdXJj ZUxvYWRlci5jcHAKaW5kZXggMzQ5MWFjNzBjNzE3OTVhNWQ0MGEyNmJkM2U4YjI1YWIyNzEyYWZh NS4uYTIxYWE3Njk0OWQ4ZDZkNGE1MWM3NjJjMDFjZGQwZGM3OTU3ZTY0NyAxMDA2NDQKLS0tIGEv U291cmNlL1dlYkNvcmUvbG9hZGVyL1N1YnJlc291cmNlTG9hZGVyLmNwcAorKysgYi9Tb3VyY2Uv V2ViQ29yZS9sb2FkZXIvU3VicmVzb3VyY2VMb2FkZXIuY3BwCkBAIC04NDUsMTAgKzg0NSwxMiBA QCB2b2lkIFN1YnJlc291cmNlTG9hZGVyOjpub3RpZnlEb25lKExvYWRDb21wbGV0aW9uVHlwZSB0 eXBlKQogICAgIGlmIChtX3N0YXRlID09IENhbmNlbGxlZFdoaWxlSW5pdGlhbGl6aW5nKQogICAg ICAgICBzaG91bGRQZXJmb3JtUG9zdExvYWRBY3Rpb25zID0gZmFsc2U7CiAjZW5kaWYKLSAgICBt X2RvY3VtZW50TG9hZGVyLT5jYWNoZWRSZXNvdXJjZUxvYWRlcigpLmxvYWREb25lKHR5cGUsIHNo b3VsZFBlcmZvcm1Qb3N0TG9hZEFjdGlvbnMpOworICAgIGlmIChtX2RvY3VtZW50TG9hZGVyKQor ICAgICAgICBtX2RvY3VtZW50TG9hZGVyLT5jYWNoZWRSZXNvdXJjZUxvYWRlcigpLmxvYWREb25l KHR5cGUsIHNob3VsZFBlcmZvcm1Qb3N0TG9hZEFjdGlvbnMpOwogICAgIGlmIChyZWFjaGVkVGVy bWluYWxTdGF0ZSgpKQogICAgICAgICByZXR1cm47Ci0gICAgbV9kb2N1bWVudExvYWRlci0+cmVt b3ZlU3VicmVzb3VyY2VMb2FkZXIodHlwZSwgdGhpcyk7CisgICAgaWYgKG1fZG9jdW1lbnRMb2Fk ZXIpCisgICAgICAgIG1fZG9jdW1lbnRMb2FkZXItPnJlbW92ZVN1YnJlc291cmNlTG9hZGVyKHR5 cGUsIHRoaXMpOwogfQogCiB2b2lkIFN1YnJlc291cmNlTG9hZGVyOjpyZWxlYXNlUmVzb3VyY2Vz KCkK