Bug 114413
| Summary: | REGRESSION (r147880-r147965): Youtube crash in WebCore::WidgetHierarchyUpdatesSuspensionScope::moveWidgets | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Kevin M. Dean <kevin> |
| Component: | Plug-ins | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Critical | CC: | abucur, ap, rniwa |
| Priority: | P1 | Keywords: | InRadar, Regression |
| Version: | 528+ (Nightly build) | ||
| Hardware: | Mac (Intel) | ||
| OS: | OS X 10.8 | ||
| URL: | http://www.youtube.com/watch?feature=player_detailpage&v=xRTjHJ93UYg#t=224s | ||
Kevin M. Dean
The crash is on the old youtube channel pages rather than their new one channel layout that some use. It also only occurs when the default video embed on that page starts with an Ad rather than playing the actual content video.
I find going to the link above for another video first and clicking the embedded link at the end with the 2 girls Lizzie Bennet Diaries seems to cause an Ad to appear more reliably. It takes you to the channel page "http://www.youtube.com/user/lizziebennet" and proceeds to crash once the Ad starts playing. If the page should load without a video Ad first, then it doesn't crash. Note that if the Ad plays but doesn't crash, don't let the Ad finish playing if you want a better chance of the Ad playing each time for testing. This also occurs with other old style channel pages that start with an Ad as well.
Process: WebProcess [469]
Path: /Applications/WebKit.app/Contents/Frameworks/10.8/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess
Identifier: com.apple.WebProcess
Version: 537+ (537.37+)
Code Type: X86-64 (Native)
Parent Process: ??? [1]
User ID: 501
Date/Time: 2013-04-11 01:35:09.360 -0400
OS Version: Mac OS X 10.8.3 (12D78)
Report Version: 10
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: EXC_I386_GPFLT
Application Specific Information:
Bundle controller class:
BrowserBundleController
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x0000000108b5635c WebCore::WidgetHierarchyUpdatesSuspensionScope::moveWidgets() + 508
1 com.apple.WebCore 0x00000001081328a5 WebCore::ContainerNode::removeChildren() + 981
2 com.apple.WebCore 0x000000010893a03f WebCore::replaceChildrenWithFragment(WebCore::ContainerNode*, WTF::PassRefPtr<WebCore::DocumentFragment>, int&) + 63
3 com.apple.WebCore 0x0000000108434789 WebCore::HTMLElement::setInnerHTML(WTF::String const&, int&) + 73
4 com.apple.WebCore 0x00000001086da2b8 WebCore::setJSHTMLElementInnerHTML(JSC::ExecState*, JSC::JSObject*, JSC::JSValue) + 88
5 com.apple.WebCore 0x00000001086db80e bool JSC::lookupPut<WebCore::JSHTMLElement>(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLElement*, bool) + 318
6 com.apple.WebCore 0x00000001086d8e4e WebCore::JSHTMLElement::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 62
7 com.apple.JavaScriptCore 0x0000000107dd4286 llint_slow_path_put_by_id + 502
8 com.apple.JavaScriptCore 0x0000000107ddc21d llint_op_put_by_id + 133
9 com.apple.JavaScriptCore 0x0000000107cfe2fe JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 4318
10 com.apple.JavaScriptCore 0x0000000107c180ab JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 619
11 com.apple.WebCore 0x0000000108b890c4 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) + 388
12 com.apple.WebCore 0x0000000108b89239 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) + 41
13 com.apple.WebCore 0x0000000108b927cd WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 525
14 com.apple.WebCore 0x0000000108b913ba WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 1034
15 com.apple.WebCore 0x000000010847dd5b WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) + 363
16 com.apple.WebCore 0x000000010847dba0 WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) + 48
17 com.apple.WebCore 0x00000001084296f4 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 84
18 com.apple.WebCore 0x0000000108429778 WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) + 88
19 com.apple.WebCore 0x000000010842946e WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 366
20 com.apple.WebCore 0x0000000108429cde WebCore::HTMLDocumentParser::append(WTF::PassRefPtr<WTF::StringImpl>) + 494
21 com.apple.WebCore 0x000000010821e485 WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter*, char const*, unsigned long) + 117
22 com.apple.WebCore 0x00000001082528e8 WebCore::DocumentLoader::commitData(char const*, unsigned long) + 536
23 com.apple.WebKit2 0x00000001078569aa WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 60
24 com.apple.WebCore 0x0000000108253e00 WebCore::DocumentLoader::commitLoad(char const*, int) + 144
25 com.apple.WebCore 0x00000001082548fc WebCore::DocumentLoader::dataReceived(WebCore::CachedResource*, char const*, int) + 764
26 com.apple.WebCore 0x00000001080ec095 WebCore::CachedRawResource::data(WTF::PassRefPtr<WebCore::ResourceBuffer>, bool) + 309
27 com.apple.WebCore 0x0000000108c60575 WebCore::SubresourceLoader::sendDataToResource(char const*, int) + 117
28 com.apple.WebCore 0x0000000108c60759 WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::PassRefPtr<WebCore::SharedBuffer>, long long, WebCore::DataPayloadType) + 249
29 com.apple.WebCore 0x0000000108c607ec WebCore::SubresourceLoader::didReceiveBuffer(WTF::PassRefPtr<WebCore::SharedBuffer>, long long, WebCore::DataPayloadType) + 44
30 com.apple.WebCore 0x0000000108b696b0 WebCore::ResourceLoader::didReceiveBuffer(WebCore::ResourceHandle*, WTF::PassRefPtr<WebCore::SharedBuffer>, int) + 144
31 com.apple.WebCore 0x0000000108e15253 -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] + 115
32 com.apple.Foundation 0x00007fff90068528 __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke_0 + 28
33 com.apple.Foundation 0x00007fff9006846c -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 227
34 com.apple.Foundation 0x00007fff90068368 -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] + 63
35 com.apple.Foundation 0x00007fff9006aefb _NSURLConnectionDidReceiveData_LengthReceived + 86
36 com.apple.CFNetwork 0x00007fff92abad84 ___delegate_didReceiveDataArray_block_invoke_0 + 132
37 com.apple.CFNetwork 0x00007fff92aada7a ___withDelegateAsync_block_invoke_0 + 90
38 com.apple.CFNetwork 0x00007fff92b3e2ea __block_global_1 + 28
39 com.apple.CoreFoundation 0x00007fff94f2f154 CFArrayApplyFunction + 68
40 com.apple.CFNetwork 0x00007fff92a9e7e4 RunloopBlockContext::perform() + 124
41 com.apple.CFNetwork 0x00007fff92a9e6bb MultiplexerSource::perform() + 221
42 com.apple.CoreFoundation 0x00007fff94f10b31 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
43 com.apple.CoreFoundation 0x00007fff94f10455 __CFRunLoopDoSources0 + 245
44 com.apple.CoreFoundation 0x00007fff94f337f5 __CFRunLoopRun + 789
45 com.apple.CoreFoundation 0x00007fff94f330e2 CFRunLoopRunSpecific + 290
46 com.apple.HIToolbox 0x00007fff91b01eb4 RunCurrentEventLoopInMode + 209
47 com.apple.HIToolbox 0x00007fff91b01c52 ReceiveNextEventCommon + 356
48 com.apple.HIToolbox 0x00007fff91b01ae3 BlockUntilNextEventMatchingListInMode + 62
49 com.apple.AppKit 0x00007fff964e4563 _DPSNextEvent + 685
50 com.apple.AppKit 0x00007fff964e3e22 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
51 com.apple.AppKit 0x00007fff964db1d3 -[NSApplication run] + 517
52 com.apple.WebCore 0x0000000108b7fa0d WebCore::RunLoop::run() + 77
53 com.apple.WebKit2 0x0000000107834dc9 int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebContentProcessMainDelegate>(int, char**) + 631
54 com.apple.WebProcess 0x0000000107753e43 main + 307
55 libdyld.dylib 0x00007fff903b77e1 start + 1
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Kevin M. Dean
Now today, I find it's no longer crashing. I wonder if the problem was being contributed to by the specific Ad video that was playing and now it's different? Who knows.
Alexey Proskuryakov
<rdar://problem/13632610>
Alexey Proskuryakov
I'm wondering if this is the same as 114488.
Andrei Bucur
(In reply to comment #3)
> I'm wondering if this is the same as 114488.
I've rolled back some changes that tried to optimize ContainerNode::removeChildren ( https://bugs.webkit.org/show_bug.cgi?id=114521 ). Things are a lot messier than they initially seemed so we're going to start from square one again (a bit more knowledgeable on the way :) ).
Andrei Bucur
(In reply to comment #3)
> I'm wondering if this is the same as 114488.
Oh, if it's really not reproducing any more, I guess you can close it as a duplicate of https://bugs.webkit.org/show_bug.cgi?id=114521 . It's your call.
Kevin M. Dean
Yeah, this specific test is no longer reproducing, although I did just have another page crash with the same basic log, but I wasn't able to reproduce that immediately either.
Andrei Bucur
(In reply to comment #6)
> Yeah, this specific test is no longer reproducing, although I did just have another page crash with the same basic log, but I wasn't able to reproduce that immediately either.
Still on YouTube? The log would be useful even without a repro.
Kevin M. Dean
Actually it's happened twice today. Once on bluray.com, possibly going to Amazon.com via a Buy Now link.
Second, on either amazon.com or camelcamelcamel.com since I may have been moving between the 2 via a javascript command at the time.
Both crashes look the same.
Process: WebProcess [9420]
Path: /Applications/WebKit.app/Contents/Frameworks/10.8/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess
Identifier: com.apple.WebProcess
Version: 537+ (537.38+)
Code Type: X86-64 (Native)
Parent Process: SafariForWebKitDevelopment [9418]
User ID: 501
Date/Time: 2013-04-12 18:08:27.284 -0400
OS Version: Mac OS X 10.8.3 (12D78)
Report Version: 10
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: EXC_I386_GPFLT
Application Specific Information:
Bundle controller class:
BrowserBundleController
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x000000010e66ac4c WebCore::WidgetHierarchyUpdatesSuspensionScope::moveWidgets() + 508
1 com.apple.WebCore 0x000000010dc46585 WebCore::ContainerNode::removeChildren() + 981
2 com.apple.WebCore 0x000000010e44e70f WebCore::replaceChildrenWithFragment(WebCore::ContainerNode*, WTF::PassRefPtr<WebCore::DocumentFragment>, int&) + 63
3 com.apple.WebCore 0x000000010df48f89 WebCore::HTMLElement::setInnerHTML(WTF::String const&, int&) + 73
4 com.apple.WebCore 0x000000010e1ee5b8 WebCore::setJSHTMLElementInnerHTML(JSC::ExecState*, JSC::JSObject*, JSC::JSValue) + 88
5 com.apple.WebCore 0x000000010e1efb0e bool JSC::lookupPut<WebCore::JSHTMLElement>(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLElement*, bool) + 318
6 com.apple.WebCore 0x000000010e1ed14e WebCore::JSHTMLElement::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 62
7 com.apple.JavaScriptCore 0x000000010d8e83a6 llint_slow_path_put_by_id + 502
8 com.apple.JavaScriptCore 0x000000010d8f033d llint_op_put_by_id + 133
9 com.apple.JavaScriptCore 0x000000010d812853 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 611
10 com.apple.JavaScriptCore 0x000000010d70adf5 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
11 com.apple.WebCore 0x000000010e0f0d4e WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 190
12 com.apple.WebCore 0x000000010e698435 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext*) + 453
13 com.apple.WebCore 0x000000010e6980ec WebCore::ScheduledAction::execute(WebCore::Document*) + 156
14 com.apple.WebCore 0x000000010ddef1cd WebCore::DOMTimer::fired() + 301
15 com.apple.WebCore 0x000000010e85c60f WebCore::ThreadTimers::sharedTimerFiredInternal() + 175
16 com.apple.WebCore 0x000000010e6e9213 WebCore::timerFired(__CFRunLoopTimer*, void*) + 51
17 com.apple.CoreFoundation 0x00007fff94f4e804 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
18 com.apple.CoreFoundation 0x00007fff94f4e31d __CFRunLoopDoTimer + 557
19 com.apple.CoreFoundation 0x00007fff94f33ad9 __CFRunLoopRun + 1529
20 com.apple.CoreFoundation 0x00007fff94f330e2 CFRunLoopRunSpecific + 290
21 com.apple.HIToolbox 0x00007fff91b01eb4 RunCurrentEventLoopInMode + 209
22 com.apple.HIToolbox 0x00007fff91b01c52 ReceiveNextEventCommon + 356
23 com.apple.HIToolbox 0x00007fff91b01ae3 BlockUntilNextEventMatchingListInMode + 62
24 com.apple.AppKit 0x00007fff964e4563 _DPSNextEvent + 685
25 com.apple.AppKit 0x00007fff964e3e22 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
26 com.apple.AppKit 0x00007fff964db1d3 -[NSApplication run] + 517
27 com.apple.WebCore 0x000000010e69413d WebCore::RunLoop::run() + 77
28 com.apple.WebKit2 0x000000010d347545 int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebContentProcessMainDelegate>(int, char**) + 631
29 com.apple.WebProcess 0x000000010d264e43 main + 307
30 libdyld.dylib 0x00007fff903b77e1 start + 1
Ryosuke Niwa
*** This bug has been marked as a duplicate of bug 114488 ***