RESOLVED DUPLICATE of bug 114488 114413
REGRESSION (r147880-r147965): Youtube crash in WebCore::WidgetHierarchyUpdatesSuspensionScope::moveWidgets 
https://bugs.webkit.org/show_bug.cgi?id=114413
Summary REGRESSION (r147880-r147965): Youtube crash in WebCore::WidgetHierarchyUpdate...
Kevin M. Dean
Reported 2013-04-10 23:13:01 PDT
The crash is on the old youtube channel pages rather than their new one channel layout that some use. It also only occurs when the default video embed on that page starts with an Ad rather than playing the actual content video. I find going to the link above for another video first and clicking the embedded link at the end with the 2 girls Lizzie Bennet Diaries seems to cause an Ad to appear more reliably. It takes you to the channel page "http://www.youtube.com/user/lizziebennet" and proceeds to crash once the Ad starts playing. If the page should load without a video Ad first, then it doesn't crash. Note that if the Ad plays but doesn't crash, don't let the Ad finish playing if you want a better chance of the Ad playing each time for testing. This also occurs with other old style channel pages that start with an Ad as well. Process: WebProcess [469] Path: /Applications/WebKit.app/Contents/Frameworks/10.8/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Identifier: com.apple.WebProcess Version: 537+ (537.37+) Code Type: X86-64 (Native) Parent Process: ??? [1] User ID: 501 Date/Time: 2013-04-11 01:35:09.360 -0400 OS Version: Mac OS X 10.8.3 (12D78) Report Version: 10 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: EXC_I386_GPFLT Application Specific Information: Bundle controller class: BrowserBundleController Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x0000000108b5635c WebCore::WidgetHierarchyUpdatesSuspensionScope::moveWidgets() + 508 1 com.apple.WebCore 0x00000001081328a5 WebCore::ContainerNode::removeChildren() + 981 2 com.apple.WebCore 0x000000010893a03f WebCore::replaceChildrenWithFragment(WebCore::ContainerNode*, WTF::PassRefPtr<WebCore::DocumentFragment>, int&) + 63 3 com.apple.WebCore 0x0000000108434789 WebCore::HTMLElement::setInnerHTML(WTF::String const&, int&) + 73 4 com.apple.WebCore 0x00000001086da2b8 WebCore::setJSHTMLElementInnerHTML(JSC::ExecState*, JSC::JSObject*, JSC::JSValue) + 88 5 com.apple.WebCore 0x00000001086db80e bool JSC::lookupPut<WebCore::JSHTMLElement>(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLElement*, bool) + 318 6 com.apple.WebCore 0x00000001086d8e4e WebCore::JSHTMLElement::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 62 7 com.apple.JavaScriptCore 0x0000000107dd4286 llint_slow_path_put_by_id + 502 8 com.apple.JavaScriptCore 0x0000000107ddc21d llint_op_put_by_id + 133 9 com.apple.JavaScriptCore 0x0000000107cfe2fe JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 4318 10 com.apple.JavaScriptCore 0x0000000107c180ab JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 619 11 com.apple.WebCore 0x0000000108b890c4 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) + 388 12 com.apple.WebCore 0x0000000108b89239 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) + 41 13 com.apple.WebCore 0x0000000108b927cd WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 525 14 com.apple.WebCore 0x0000000108b913ba WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 1034 15 com.apple.WebCore 0x000000010847dd5b WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) + 363 16 com.apple.WebCore 0x000000010847dba0 WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) + 48 17 com.apple.WebCore 0x00000001084296f4 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 84 18 com.apple.WebCore 0x0000000108429778 WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) + 88 19 com.apple.WebCore 0x000000010842946e WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 366 20 com.apple.WebCore 0x0000000108429cde WebCore::HTMLDocumentParser::append(WTF::PassRefPtr<WTF::StringImpl>) + 494 21 com.apple.WebCore 0x000000010821e485 WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter*, char const*, unsigned long) + 117 22 com.apple.WebCore 0x00000001082528e8 WebCore::DocumentLoader::commitData(char const*, unsigned long) + 536 23 com.apple.WebKit2 0x00000001078569aa WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 60 24 com.apple.WebCore 0x0000000108253e00 WebCore::DocumentLoader::commitLoad(char const*, int) + 144 25 com.apple.WebCore 0x00000001082548fc WebCore::DocumentLoader::dataReceived(WebCore::CachedResource*, char const*, int) + 764 26 com.apple.WebCore 0x00000001080ec095 WebCore::CachedRawResource::data(WTF::PassRefPtr<WebCore::ResourceBuffer>, bool) + 309 27 com.apple.WebCore 0x0000000108c60575 WebCore::SubresourceLoader::sendDataToResource(char const*, int) + 117 28 com.apple.WebCore 0x0000000108c60759 WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::PassRefPtr<WebCore::SharedBuffer>, long long, WebCore::DataPayloadType) + 249 29 com.apple.WebCore 0x0000000108c607ec WebCore::SubresourceLoader::didReceiveBuffer(WTF::PassRefPtr<WebCore::SharedBuffer>, long long, WebCore::DataPayloadType) + 44 30 com.apple.WebCore 0x0000000108b696b0 WebCore::ResourceLoader::didReceiveBuffer(WebCore::ResourceHandle*, WTF::PassRefPtr<WebCore::SharedBuffer>, int) + 144 31 com.apple.WebCore 0x0000000108e15253 -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] + 115 32 com.apple.Foundation 0x00007fff90068528 __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke_0 + 28 33 com.apple.Foundation 0x00007fff9006846c -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 227 34 com.apple.Foundation 0x00007fff90068368 -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] + 63 35 com.apple.Foundation 0x00007fff9006aefb _NSURLConnectionDidReceiveData_LengthReceived + 86 36 com.apple.CFNetwork 0x00007fff92abad84 ___delegate_didReceiveDataArray_block_invoke_0 + 132 37 com.apple.CFNetwork 0x00007fff92aada7a ___withDelegateAsync_block_invoke_0 + 90 38 com.apple.CFNetwork 0x00007fff92b3e2ea __block_global_1 + 28 39 com.apple.CoreFoundation 0x00007fff94f2f154 CFArrayApplyFunction + 68 40 com.apple.CFNetwork 0x00007fff92a9e7e4 RunloopBlockContext::perform() + 124 41 com.apple.CFNetwork 0x00007fff92a9e6bb MultiplexerSource::perform() + 221 42 com.apple.CoreFoundation 0x00007fff94f10b31 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 43 com.apple.CoreFoundation 0x00007fff94f10455 __CFRunLoopDoSources0 + 245 44 com.apple.CoreFoundation 0x00007fff94f337f5 __CFRunLoopRun + 789 45 com.apple.CoreFoundation 0x00007fff94f330e2 CFRunLoopRunSpecific + 290 46 com.apple.HIToolbox 0x00007fff91b01eb4 RunCurrentEventLoopInMode + 209 47 com.apple.HIToolbox 0x00007fff91b01c52 ReceiveNextEventCommon + 356 48 com.apple.HIToolbox 0x00007fff91b01ae3 BlockUntilNextEventMatchingListInMode + 62 49 com.apple.AppKit 0x00007fff964e4563 _DPSNextEvent + 685 50 com.apple.AppKit 0x00007fff964e3e22 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 51 com.apple.AppKit 0x00007fff964db1d3 -[NSApplication run] + 517 52 com.apple.WebCore 0x0000000108b7fa0d WebCore::RunLoop::run() + 77 53 com.apple.WebKit2 0x0000000107834dc9 int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebContentProcessMainDelegate>(int, char**) + 631 54 com.apple.WebProcess 0x0000000107753e43 main + 307 55 libdyld.dylib 0x00007fff903b77e1 start + 1
Attachments
Add attachment proposed patch, testcase, etc.
Kevin M. Dean
Comment 1 2013-04-11 16:34:24 PDT
Now today, I find it's no longer crashing. I wonder if the problem was being contributed to by the specific Ad video that was playing and now it's different? Who knows.
Alexey Proskuryakov
Comment 2 2013-04-11 22:42:40 PDT
<rdar://problem/13632610>
Alexey Proskuryakov
Comment 3 2013-04-11 22:45:03 PDT
I'm wondering if this is the same as 114488.
Andrei Bucur
Comment 4 2013-04-12 14:54:37 PDT
(In reply to comment #3) > I'm wondering if this is the same as 114488. I've rolled back some changes that tried to optimize ContainerNode::removeChildren ( https://bugs.webkit.org/show_bug.cgi?id=114521 ). Things are a lot messier than they initially seemed so we're going to start from square one again (a bit more knowledgeable on the way :) ).
Andrei Bucur
Comment 5 2013-04-12 14:55:43 PDT
(In reply to comment #3) > I'm wondering if this is the same as 114488. Oh, if it's really not reproducing any more, I guess you can close it as a duplicate of https://bugs.webkit.org/show_bug.cgi?id=114521 . It's your call.
Kevin M. Dean
Comment 6 2013-04-12 14:59:02 PDT
Yeah, this specific test is no longer reproducing, although I did just have another page crash with the same basic log, but I wasn't able to reproduce that immediately either.
Andrei Bucur
Comment 7 2013-04-12 15:10:45 PDT
(In reply to comment #6) > Yeah, this specific test is no longer reproducing, although I did just have another page crash with the same basic log, but I wasn't able to reproduce that immediately either. Still on YouTube? The log would be useful even without a repro.
Kevin M. Dean
Comment 8 2013-04-12 15:40:03 PDT
Actually it's happened twice today. Once on bluray.com, possibly going to Amazon.com via a Buy Now link. Second, on either amazon.com or camelcamelcamel.com since I may have been moving between the 2 via a javascript command at the time. Both crashes look the same. Process: WebProcess [9420] Path: /Applications/WebKit.app/Contents/Frameworks/10.8/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Identifier: com.apple.WebProcess Version: 537+ (537.38+) Code Type: X86-64 (Native) Parent Process: SafariForWebKitDevelopment [9418] User ID: 501 Date/Time: 2013-04-12 18:08:27.284 -0400 OS Version: Mac OS X 10.8.3 (12D78) Report Version: 10 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: EXC_I386_GPFLT Application Specific Information: Bundle controller class: BrowserBundleController Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010e66ac4c WebCore::WidgetHierarchyUpdatesSuspensionScope::moveWidgets() + 508 1 com.apple.WebCore 0x000000010dc46585 WebCore::ContainerNode::removeChildren() + 981 2 com.apple.WebCore 0x000000010e44e70f WebCore::replaceChildrenWithFragment(WebCore::ContainerNode*, WTF::PassRefPtr<WebCore::DocumentFragment>, int&) + 63 3 com.apple.WebCore 0x000000010df48f89 WebCore::HTMLElement::setInnerHTML(WTF::String const&, int&) + 73 4 com.apple.WebCore 0x000000010e1ee5b8 WebCore::setJSHTMLElementInnerHTML(JSC::ExecState*, JSC::JSObject*, JSC::JSValue) + 88 5 com.apple.WebCore 0x000000010e1efb0e bool JSC::lookupPut<WebCore::JSHTMLElement>(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLElement*, bool) + 318 6 com.apple.WebCore 0x000000010e1ed14e WebCore::JSHTMLElement::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 62 7 com.apple.JavaScriptCore 0x000000010d8e83a6 llint_slow_path_put_by_id + 502 8 com.apple.JavaScriptCore 0x000000010d8f033d llint_op_put_by_id + 133 9 com.apple.JavaScriptCore 0x000000010d812853 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 611 10 com.apple.JavaScriptCore 0x000000010d70adf5 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 11 com.apple.WebCore 0x000000010e0f0d4e WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 190 12 com.apple.WebCore 0x000000010e698435 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext*) + 453 13 com.apple.WebCore 0x000000010e6980ec WebCore::ScheduledAction::execute(WebCore::Document*) + 156 14 com.apple.WebCore 0x000000010ddef1cd WebCore::DOMTimer::fired() + 301 15 com.apple.WebCore 0x000000010e85c60f WebCore::ThreadTimers::sharedTimerFiredInternal() + 175 16 com.apple.WebCore 0x000000010e6e9213 WebCore::timerFired(__CFRunLoopTimer*, void*) + 51 17 com.apple.CoreFoundation 0x00007fff94f4e804 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 18 com.apple.CoreFoundation 0x00007fff94f4e31d __CFRunLoopDoTimer + 557 19 com.apple.CoreFoundation 0x00007fff94f33ad9 __CFRunLoopRun + 1529 20 com.apple.CoreFoundation 0x00007fff94f330e2 CFRunLoopRunSpecific + 290 21 com.apple.HIToolbox 0x00007fff91b01eb4 RunCurrentEventLoopInMode + 209 22 com.apple.HIToolbox 0x00007fff91b01c52 ReceiveNextEventCommon + 356 23 com.apple.HIToolbox 0x00007fff91b01ae3 BlockUntilNextEventMatchingListInMode + 62 24 com.apple.AppKit 0x00007fff964e4563 _DPSNextEvent + 685 25 com.apple.AppKit 0x00007fff964e3e22 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 26 com.apple.AppKit 0x00007fff964db1d3 -[NSApplication run] + 517 27 com.apple.WebCore 0x000000010e69413d WebCore::RunLoop::run() + 77 28 com.apple.WebKit2 0x000000010d347545 int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebContentProcessMainDelegate>(int, char**) + 631 29 com.apple.WebProcess 0x000000010d264e43 main + 307 30 libdyld.dylib 0x00007fff903b77e1 start + 1
Ryosuke Niwa
Comment 9 2013-04-12 15:41:05 PDT
*** This bug has been marked as a duplicate of bug 114488 ***
Note You need to log in before you can comment on or make changes to this bug.