NEW 156463
crash in WebCore::CachedResource::clearLoader 
https://bugs.webkit.org/show_bug.cgi?id=156463
Summary crash in WebCore::CachedResource::clearLoader
Daniel
Reported 2016-04-11 04:41:46 PDT
WebCore::CachedResource::clearLoader crashes at random with EXC_BAD_ACCESS KERN_INVALID_ADDRESS 0x0000000000000368 This same crash existed before iOS 9.3, but it increased 500%-600% with appearence of 9.3. The release of 9.3.1 doesn't fix it, we're still getting plenty of those on 9.3.1. This might be related to Bug #141568 : https://bugs.webkit.org/show_bug.cgi?id=141568 Exazmple URLs: http://hdrezka.me/ http://www.kvartira-lux.ru/objects_sale/live/evropa_sity/ http://m.zhihu.com/question/19802351 http://happyflora.ru/view_post3.php?latter=340 http://www.xnxx.com/ - happens a lot here (maybe because it's a very interesting site and a popular visit place) ... Example stack: Thread : Crashed: WebThread 0 WebCore 0x185242e70 WebCore::CachedResource::clearLoader() + 20 1 WebCore 0x185242e48 WebCore::SubresourceLoader::releaseResources() + 40 2 WebCore 0x185242e48 WebCore::SubresourceLoader::releaseResources() + 40 3 WebCore 0x1852453a8 WebCore::ResourceLoader::cancel(WebCore::ResourceError const&) + 528 4 WebCore 0x18524518c WebCore::ResourceLoader::cancel() + 48 5 WebCore 0x1851a4194 WebCore::SubresourceLoader::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 464 6 WebCore 0x18530bdec WebCore::ResourceHandle::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 616 7 WebCore 0x185f14558 WebCore::SynchronousResourceHandleCFURLConnectionDelegate::willSendRequest(_CFURLRequest const*, _CFURLResponse*) + 160 8 CFNetwork 0x181a08050 URLConnectionClient_Classic::_connectionClientInterface_precanonicalizeForSynchronousStart() + 256 9 CFNetwork 0x1818f8378 ClassicURLConnection::start() + 172 10 CFNetwork 0x1818f829c CFURLConnectionStart + 60 11 WebCore 0x1851a6094 WebCore::ResourceHandle::start() + 312 12 WebCore 0x1851a59d4 WebCore::ResourceHandle::create(WebCore::NetworkingContext*, WebCore::ResourceRequest const&, WebCore::ResourceHandleClient*, bool, bool) + 444 13 WebCore 0x1851a54c4 WebCore::ResourceLoader::start() + 336 14 WebCore 0x1851a3b6c WebCore::SubresourceLoader::startLoading() + 412 15 WebCore 0x1851a3954 WebCore::ResourceLoadScheduler::servePendingRequests(WebCore::ResourceLoadScheduler::HostInformation*, WebCore::ResourceLoadPriority) + 516 16 WebCore 0x185d79d94 WebCore::ResourceLoadScheduler::scheduleSubresourceLoad(WebCore::Frame*, WebCore::CachedResource*, WebCore::ResourceRequest const&, WebCore::ResourceLoaderOptions const&) + 76 17 WebCore 0x1853fb5f8 WebCore::CachedResource::load(WebCore::CachedResourceLoader&, WebCore::ResourceLoaderOptions const&) + 1196 18 WebCore 0x1851a0d48 WebCore::CachedResourceLoader::requestResource(WebCore::CachedResource::Type, WebCore::CachedResourceRequest&) + 2260 19 WebCore 0x1851a0450 WebCore::CachedResourceLoader::requestScript(WebCore::CachedResourceRequest&) + 40 20 WebCore 0x18519f608 WebCore::ScriptElement::requestScript(WTF::String const&) + 1220 21 WebCore 0x18519e770 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 616 22 WebCore 0x185d9021c WebCore::ScriptElement::finishedInsertingSubtree() + 28 23 WebCore 0x18543e120 WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) + 316 24 WebCore 0x18543dc58 WebCore::ContainerNode::updateTreeAfterInsertion(WebCore::Node&) + 36 25 WebCore 0x18543d76c WebCore::ContainerNode::insertBefore(WTF::PassRefPtr<WebCore::Node>, WebCore::Node*, int&) + 1148 26 WebCore 0x185bf1378 WebCore::Node::insertBefore(WTF::PassRefPtr<WebCore::Node>, WebCore::Node*, int&) + 60 27 WebCore 0x18519dc40 WebCore::JSNode::insertBefore(JSC::ExecState*) + 120 28 JavaScriptCore 0x184e2e2c0 llint_entry + 25040 29 JavaScriptCore 0x184e2dd44 llint_entry + 23636 30 JavaScriptCore 0x184e2dd44 llint_entry + 23636 31 JavaScriptCore 0x184e27ed8 vmEntryToJavaScript + 312 32 JavaScriptCore 0x184d539fc JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 180 33 JavaScriptCore 0x1849d9bc4 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 8204 34 JavaScriptCore 0x184b32418 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 440 35 WebCore 0x185d8d29c WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) + 292 36 WebCore 0x1851bd804 WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 340 37 WebCore 0x18519e96c WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 1124 38 WebCore 0x18523d244 WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) + 280 39 WebCore 0x18523d0d0 WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) + 64 40 WebCore 0x18523cff4 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 76 41 WebCore 0x1851ecae8 WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) + 108 42 WebCore 0x1851ebc5c WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 456 43 WebCore 0x1852464ac WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() + 304 44 WebCore 0x1856cbbd8 non-virtual thunk to WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) + 100 45 WebCore 0x1852421f0 WebCore::CachedResource::checkNotify() + 284 46 WebCore 0x185241fbc WebCore::SubresourceLoader::didFinishLoading(double) + 1020 47 CFNetwork 0x18190f500 ___ZN27URLConnectionClient_Classic26_delegate_didFinishLoadingEU13block_pointerFvvE_block_invoke + 100 48 CFNetwork 0x181a032a8 ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 + 108 49 libdispatch.dylib 0x180d7947c _dispatch_client_callout + 16 50 libdispatch.dylib 0x180d827b8 _dispatch_block_invoke + 540 51 CFNetwork 0x1818fbc6c RunloopBlockContext::_invoke_block(void const*, void*) + 36 52 CoreFoundation 0x18120c73c CFArrayApplyFunction + 68 53 CFNetwork 0x1818fbb50 RunloopBlockContext::perform() + 136 54 CFNetwork 0x1818fba10 MultiplexerSource::perform() + 312 55 CFNetwork 0x1818fb83c MultiplexerSource::_perform(void*) + 68 56 CoreFoundation 0x1812e5124 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 57 CoreFoundation 0x1812e4b38 __CFRunLoopDoSources0 + 412 58 CoreFoundation 0x1812e28b8 __CFRunLoopRun + 724 59 CoreFoundation 0x18120cd10 CFRunLoopRunSpecific + 384 60 WebCore 0x1851f6558 RunWebThread(void*) + 456 61 libsystem_pthread.dylib 0x180f93b28 _pthread_body + 156 62 libsystem_pthread.dylib 0x180f93a8c _pthread_body + 154 63 libsystem_pthread.dylib 0x180f91028 thread_start + 4
Attachments
Add attachment proposed patch, testcase, etc.
Daniel
Comment 1 2016-04-13 01:04:05 PDT
We are trying to reproduce witout success so far, despite that this crash happens thousands of times in the wild.
Note You need to log in before you can comment on or make changes to this bug.