RESOLVED DUPLICATE of bug 53045 54486
Crashes under CachedResourceLoader::revalidateResource 
https://bugs.webkit.org/show_bug.cgi?id=54486
Summary Crashes under CachedResourceLoader::revalidateResource
Antti Koivisto
Reported 2011-02-15 12:08:39 PST
There been some crashes with this signature: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000018 0 com.apple.WebCore 0x00007fff8ad653f3 std::pair<WTF::HashTableIterator<WTF::String, WTF::String, WTF::IdentityExtractor<WTF::String>, WTF::StringHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >, bool> WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor<WTF::String>, WTF::StringHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::add<WTF::String, WTF::String, WTF::IdentityHashTranslator<WTF::String, WTF::String, WTF::StringHash> >(WTF::String const&, WTF::String const&) + 99 1 com.apple.WebCore 0x00007fff8a7be2f3 WebCore::CachedResourceLoader::revalidateResource(WebCore::CachedResource*, WebCore::ResourceLoadPriority) + 261 2 com.apple.WebCore 0x00007fff8a7be681 WebCore::CachedResourceLoader::requestResource(WebCore::CachedResource::Type, WTF::String const&, WTF::String const&, WebCore::ResourceLoadPriority, bool) + 501 3 com.apple.WebCore 0x00007fff8a578672 WebCore::CSSImportRule::insertedIntoParent() + 320 4 com.apple.WebCore 0x00007fff8a42955a cssyyparse(void*) + 1834 5 com.apple.WebCore 0x00007fff8a7ed445 WebCore::CSSParser::parseSheet(WebCore::CSSStyleSheet*, WTF::String const&, int, WTF::HashMap<WebCore::CSSStyleRule*, WTF::RefPtr<WebCore::CSSRuleSourceData>, WTF::PtrHash<WebCore::CSSStyleRule*>, WTF::HashTraits<WebCore::CSSStyleRule*>, WTF::HashTraits<WTF::RefPtr<WebCore::CSSRuleSourceData> > >*) + 405 6 com.apple.WebCore 0x00007fff8a8021cb WebCore::CSSStyleSheet::parseStringAtLine(WTF::String const&, bool, int) + 87 7 com.apple.WebCore 0x00007fff8acc8c9b WebCore::StyleElement::createSheet(WebCore::Element*, int, WTF::String const&) + 675 8 com.apple.WebCore 0x00007fff8a4897b3 WebCore::StyleElement::process(WebCore::Element*) + 361 9 com.apple.WebCore 0x00007fff8acc8dec WebCore::StyleElement::finishParsingChildren(WebCore::Element*) + 20 10 com.apple.WebCore 0x00007fff8a489632 WebCore::HTMLStyleElement::finishParsingChildren() + 24 11 com.apple.WebCore 0x00007fff8a955fb1 WebCore::HTMLElementStack::popCommon() + 25 12 com.apple.WebCore 0x00007fff8a985d3f WebCore::HTMLTreeBuilder::processEndTag(WebCore::AtomicHTMLToken&) + 1575 13 com.apple.WebCore 0x00007fff8a983f85 WebCore::HTMLTreeBuilder::processToken(WebCore::AtomicHTMLToken&) + 149 14 com.apple.WebCore 0x00007fff8a989a75 WebCore::HTMLTreeBuilder::constructTreeFromToken(WebCore::HTMLToken&) + 37 15 com.apple.WebCore 0x00007fff8a94f142 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 288 16 com.apple.WebCore 0x00007fff8a94f660 WebCore::HTMLDocumentParser::insert(WebCore::SegmentedString const&) + 140 17 com.apple.WebCore 0x00007fff8a950050 WebCore::HTMLDocumentParser::parseDocumentFragment(WTF::String const&, WebCore::DocumentFragment*, WebCore::Element*, WebCore::FragmentScriptingPermission) + 230 18 com.apple.WebCore 0x00007fff8a9542e5 _ZN7WebCoreL24createFragmentFromSourceERKN3WTF6StringEPNS_7ElementERi + 85 19 com.apple.WebCore 0x00007fff8a95441a WebCore::HTMLElement::setInnerHTML(WTF::String const&, int&) + 32 20 com.apple.WebCore 0x00007fff8a4e2649 WebCore::setJSHTMLElementInnerHTML(JSC::ExecState*, JSC::JSObject*, JSC::JSValue) + 57 21 com.apple.WebCore 0x00007fff8aab0b95 bool JSC::lookupPut<WebCore::JSHTMLElement>(JSC::ExecState*, JSC::Identifier const&, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLElement*) + 261 22 com.apple.WebCore 0x00007fff8a4e25d6 WebCore::JSHTMLElement::put(JSC::ExecState*, JSC::Identifier const&, JSC::JSValue, JSC::PutPropertySlot&) + 56 23 com.apple.JavaScriptCore 0x00007fff89f498f6 cti_op_put_by_id + 118 24 ??? 0x00002f9ddd0baed1 0 + 52355064901329 25 com.apple.JavaScriptCore 0x00007fff89fe99ba JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1252 26 com.apple.JavaScriptCore 0x00007fff89f77f7d JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 45 27 com.apple.WebCore 0x00007fff8a50db86 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 924 28 com.apple.WebCore 0x00007fff8a8c81d4 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 488 29 com.apple.WebCore 0x00007fff8a572e61 WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 149 30 com.apple.WebCore 0x00007fff8a572d92 WebCore::XMLHttpRequestProgressEventThrottle::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WebCore::ProgressEventAction) + 64 31 com.apple.WebCore 0x00007fff8a572bc5 WebCore::XMLHttpRequest::callReadyStateChangeListener() + 291 32 com.apple.WebCore 0x00007fff8a573f3b WebCore::XMLHttpRequest::didFinishLoading(unsigned long) + 397 33 com.apple.WebCore 0x00007fff8accaf6b WebCore::SubresourceLoader::didFinishLoading(double) + 59
Attachments
try to catch more informative stack (6.02 KB, patch)
2011-02-15 12:19 PST, Antti Koivisto 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Antti Koivisto
Comment 1 2011-02-15 12:09:22 PST
<rdar://problem/8959491>
Antti Koivisto
Comment 2 2011-02-15 12:10:58 PST
One possible reason is that CachedResourceLoader is somehow getting deleted from under revalidateResource().
Antti Koivisto
Comment 3 2011-02-15 12:19:06 PST
Created attachment 82501 [details] try to catch more informative stack This could possibly catch this crash at more informative point. The patch should be reverted when it has served its purpose.
Darin Adler
Comment 4 2011-02-15 12:20:01 PST
Comment on attachment 82501 [details] try to catch more informative stack OK.
Antti Koivisto
Comment 5 2011-02-15 12:29:47 PST
Landed the debugging code in http://trac.webkit.org/changeset/78602
Antti Koivisto
Comment 6 2011-03-09 15:57:49 PST
This is indeed the same issue as 53045. *** This bug has been marked as a duplicate of bug 53045 ***
Antti Koivisto
Comment 7 2011-03-09 23:32:36 PST
Removed the debugging code in http://trac.webkit.org/changeset/80695
Note You need to log in before you can comment on or make changes to this bug.