17
votes

I'm looking for some advice or help diagnosing this crash that I am seeing. For the moment, I think it is probably a webkit bug, but anything is possible, so please provide any insight you may have:

Incident Identifier: AEB8EE37-E5D4-4975-97F4-2B2038AC225A
CrashReporter Key:   92349a05395ea832c40c49c9e48997c1d65a2371
Hardware Model:      iPad3,3
Process:             Touch [242]
Path:                /var/mobile/Applications/4D2CAEEE-D0F8-4BB4-989A-F8623C877C78/Touch.app/Touch
Identifier:          StayinFrontTouch
Version:             3.2.40 (3.2.40)
Code Type:           ARM (Native)
Parent Process:      launchd [1]

Date/Time:           2014-04-30 15:26:46.137 +1200
OS Version:          iOS 7.1.1 (11D201)
Report Version:      104

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x00000258
Triggered by Thread:  2

Thread 0:
0   libsystem_kernel.dylib          0x3a2ffa58 mach_msg_trap + 20
1   libsystem_kernel.dylib          0x3a2ff854 mach_msg + 44
2   CoreFoundation                  0x2f06e896 __CFRunLoopServiceMachPort + 150
3   CoreFoundation                  0x2f06d002 __CFRunLoopRun + 850
4   CoreFoundation                  0x2efd7f0a CFRunLoopRunSpecific + 518
5   CoreFoundation                  0x2efd7cee CFRunLoopRunInMode + 102
6   GraphicsServices                0x33f0a65e GSEventRunModal + 134
7   UIKit                           0x31923168 UIApplicationMain + 1132
8   Touch                           0x000c064a 0xbd000 + 13898
9   Touch                           0x000bf854 0xbd000 + 10324

Thread 1:
0   libsystem_kernel.dylib          0x3a2ff808 kevent64 + 24
1   libdispatch.dylib               0x3a241078 _dispatch_mgr_invoke + 228
2   libdispatch.dylib               0x3a240dfe _dispatch_mgr_thread$VARIANT$mp + 34

Thread 2 name:  WebThread
Thread 2 Crashed:
0   WebCore                         0x37584302 WebCore::SubresourceLoader::didReceiveResponse(WebCore::ResourceResponse const&) + 26
1   WebCore                         0x377f751c WebCore::DocumentLoader::substituteResourceDeliveryTimerFired(WebCore::Timer*) + 212
2   WebCore                         0x374ad3f4 WebCore::ThreadTimers::sharedTimerFiredInternal() + 132
3   WebCore                         0x374ad346 WebCore::timerFired(__CFRunLoopTimer*, void*) + 22
4   CoreFoundation                  0x2f06f1b4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 12
5   CoreFoundation                  0x2f06edca __CFRunLoopDoTimer + 778
6   CoreFoundation                  0x2f06d166 __CFRunLoopRun + 1206
7   CoreFoundation                  0x2efd7f0a CFRunLoopRunSpecific + 518
8   CoreFoundation                  0x2efd7cee CFRunLoopRunInMode + 102
9   WebCore                         0x3753a116 RunWebThread(void*) + 414
10  libsystem_pthread.dylib         0x3a37b916 _pthread_body + 138
11  libsystem_pthread.dylib         0x3a37b886 _pthread_start + 98
12  libsystem_pthread.dylib         0x3a379aa0 thread_start + 4

Thread 3 name:  com.apple.NSURLConnectionLoader
Thread 3:
0   libsystem_kernel.dylib          0x3a2ffa58 mach_msg_trap + 20
1   libsystem_kernel.dylib          0x3a2ff854 mach_msg + 44
2   CoreFoundation                  0x2f06e896 __CFRunLoopServiceMachPort + 150
3   CoreFoundation                  0x2f06cfbc __CFRunLoopRun + 780
4   CoreFoundation                  0x2efd7f0a CFRunLoopRunSpecific + 518
5   CoreFoundation                  0x2efd7cee CFRunLoopRunInMode + 102
6   Foundation                      0x2fa17082 +[NSURLConnection(Loader) _resourceLoadLoop:] + 314
7   Foundation                      0x2fa8ca5a __NSThread__main__ + 1058
8   libsystem_pthread.dylib         0x3a37b916 _pthread_body + 138
9   libsystem_pthread.dylib         0x3a37b886 _pthread_start + 98
10  libsystem_pthread.dylib         0x3a379aa0 thread_start + 4

Thread 4:
0   libsystem_kernel.dylib          0x3a2ffa58 mach_msg_trap + 20
1   libsystem_kernel.dylib          0x3a2ff854 mach_msg + 44
2   CoreFoundation                  0x2f06e896 __CFRunLoopServiceMachPort + 150
3   CoreFoundation                  0x2f06cfbc __CFRunLoopRun + 780
4   CoreFoundation                  0x2efd7f0a CFRunLoopRunSpecific + 518
5   CoreFoundation                  0x2efd7cee CFRunLoopRunInMode + 102
6   libAVFAudio.dylib               0x2e04f44c GenericRunLoopThread::Entry(void*) + 124
7   libAVFAudio.dylib               0x2e0437bc CAPThread::Entry(CAPThread*) + 176
8   libsystem_pthread.dylib         0x3a37b916 _pthread_body + 138
9   libsystem_pthread.dylib         0x3a37b886 _pthread_start + 98
10  libsystem_pthread.dylib         0x3a379aa0 thread_start + 4

Thread 5 name:  JavaScriptCore::BlockFree
Thread 5:
0   libsystem_kernel.dylib          0x3a311f2c __psynch_cvwait + 24
1   libsystem_pthread.dylib         0x3a37af22 _pthread_cond_wait + 518
2   libsystem_pthread.dylib         0x3a37bd60 pthread_cond_wait + 36
3   JavaScriptCore                  0x30004ee4 JSC::BlockAllocator::blockFreeingThreadMain() + 204
4   JavaScriptCore                  0x30002538 WTF::wtfThreadEntryPoint(void*) + 12
5   libsystem_pthread.dylib         0x3a37b916 _pthread_body + 138
6   libsystem_pthread.dylib         0x3a37b886 _pthread_start + 98
7   libsystem_pthread.dylib         0x3a379aa0 thread_start + 4

Thread 6 name:  JavaScriptCore::Marking
Thread 6:
0   libsystem_kernel.dylib          0x3a311f2c __psynch_cvwait + 24
1   libsystem_pthread.dylib         0x3a37af22 _pthread_cond_wait + 518
2   libsystem_pthread.dylib         0x3a37bd60 pthread_cond_wait + 36
3   JavaScriptCore                  0x301a0406 JSC::GCThread::waitForNextPhase() + 74
4   JavaScriptCore                  0x301a0460 JSC::GCThread::gcThreadMain() + 48
5   JavaScriptCore                  0x30002538 WTF::wtfThreadEntryPoint(void*) + 12
6   libsystem_pthread.dylib         0x3a37b916 _pthread_body + 138
7   libsystem_pthread.dylib         0x3a37b886 _pthread_start + 98
8   libsystem_pthread.dylib         0x3a379aa0 thread_start + 4

Thread 7 name:  WebCore: CFNetwork Loader
Thread 7:
0   libsystem_kernel.dylib          0x3a2ffa58 mach_msg_trap + 20
1   libsystem_kernel.dylib          0x3a2ff854 mach_msg + 44
2   CoreFoundation                  0x2f06e896 __CFRunLoopServiceMachPort + 150
3   CoreFoundation                  0x2f06cfbc __CFRunLoopRun + 780
4   CoreFoundation                  0x2efd7f0a CFRunLoopRunSpecific + 518
5   CoreFoundation                  0x2efd7cee CFRunLoopRunInMode + 102
6   WebCore                         0x37582b12 WebCore::runLoaderThread(void*) + 250
7   JavaScriptCore                  0x30002538 WTF::wtfThreadEntryPoint(void*) + 12
8   libsystem_pthread.dylib         0x3a37b916 _pthread_body + 138
9   libsystem_pthread.dylib         0x3a37b886 _pthread_start + 98
10  libsystem_pthread.dylib         0x3a379aa0 thread_start + 4

Thread 8 name:  com.apple.CFSocket.private
Thread 8:
0   libsystem_kernel.dylib          0x3a312434 __select + 20
1   CoreFoundation                  0x2f072758 __CFSocketManager + 480
2   libsystem_pthread.dylib         0x3a37b916 _pthread_body + 138
3   libsystem_pthread.dylib         0x3a37b886 _pthread_start + 98
4   libsystem_pthread.dylib         0x3a379aa0 thread_start + 4

Thread 9 name:  WebCore: LocalStorage
Thread 9:
0   libsystem_kernel.dylib          0x3a311f2c __psynch_cvwait + 24
1   libsystem_pthread.dylib         0x3a37af22 _pthread_cond_wait + 518
2   libsystem_pthread.dylib         0x3a37bd60 pthread_cond_wait + 36
3   JavaScriptCore                  0x30005012 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 58
4   WebCore                         0x3766cf2c WTF::PassOwnPtr > WTF::MessageQueue >::waitForMessageFilteredWithTimeout*)>(WTF::MessageQueueWaitResult&, bool (&)(WTF::Function*), double) + 104
5   WebCore                         0x3766ceb2 WebCore::StorageThread::threadEntryPoint() + 162
6   JavaScriptCore                  0x30002538 WTF::wtfThreadEntryPoint(void*) + 12
7   libsystem_pthread.dylib         0x3a37b916 _pthread_body + 138
8   libsystem_pthread.dylib         0x3a37b886 _pthread_start + 98
9   libsystem_pthread.dylib         0x3a379aa0 thread_start + 4

Thread 10:
0   libsystem_kernel.dylib          0x3a312c70 __workq_kernreturn + 8
1   libsystem_pthread.dylib         0x3a379bda _pthread_wqthread + 306
2   libsystem_pthread.dylib         0x3a379a94 start_wqthread + 4

Thread 11:
0   libsystem_kernel.dylib          0x3a312c70 __workq_kernreturn + 8
1   libsystem_pthread.dylib         0x3a379bda _pthread_wqthread + 306
2   libsystem_pthread.dylib         0x3a379a94 start_wqthread + 4

Thread 12:
0   libsystem_kernel.dylib          0x3a312c70 __workq_kernreturn + 8
1   libsystem_pthread.dylib         0x3a379bda _pthread_wqthread + 306
2   libsystem_pthread.dylib         0x3a379a94 start_wqthread + 4

Thread 13:
0   libsystem_kernel.dylib          0x3a312c70 __workq_kernreturn + 8
1   libsystem_pthread.dylib         0x3a379bda _pthread_wqthread + 306
2   libsystem_pthread.dylib         0x3a379a94 start_wqthread + 4

Thread 14:
0   libsystem_kernel.dylib          0x3a312c70 __workq_kernreturn + 8
1   libsystem_pthread.dylib         0x3a379bda _pthread_wqthread + 306
2   libsystem_pthread.dylib         0x3a379a94 start_wqthread + 4

Thread 15:
0   libsystem_kernel.dylib          0x3a312c70 __workq_kernreturn + 8
1   libsystem_pthread.dylib         0x3a379bda _pthread_wqthread + 306
2   libsystem_pthread.dylib         0x3a379a94 start_wqthread + 4

Thread 2 crashed with ARM Thread State (32-bit):
    r0: 0x00000000    r1: 0x04ee0238      r2: 0x375842e9      r3: 0x019cb6b8
    r4: 0x0a916c00    r5: 0x04ee0238      r6: 0x0a916c00      r7: 0x01bbf028
    r8: 0x0549ea00    r9: 0x00000002     r10: 0x0549e9c8     r11: 0x03bc3000
    ip: 0x3a6c7838    sp: 0x01bbf014      lr: 0x377f751f      pc: 0x37584302
  cpsr: 0x20000030

Binary Images:
...

I did some further investigation into the stack trace and found the code for Subresourceloader here (https://webkit.googlesource.com/WebKit/+/master/Source/WebCore/loader/SubresourceLoader.cpp).

My guess is that m_resource is NULL at this point marked with (****) causing the crash:

void SubresourceLoader::didReceiveResponse(const ResourceResponse& response)
{
    ASSERT(!response.isNull());
    ASSERT(m_state == Initialized);
    // Reference the object in this method since the additional processing can do
    // anything including removing the last reference to this object; one example of this is 3266216.
    Ref<SubresourceLoader> protect(*this);
    if (m_resource->resourceToRevalidate()) {  ****
        if (response.httpStatusCode() == 304) {
            // 304 Not modified / Use local copy
            // Existing resource is ok, just use it updating the expiration time.
            m_resource->setResponse(response);
            memoryCache()->revalidationSucceeded(m_resource, response);
            if (!reachedTerminalState())
                ResourceLoader::didReceiveResponse(response);
            return;
        }
        // Did not get 304 response, continue as a regular resource load.
        memoryCache()->revalidationFailed(m_resource);
    }
...
1
Do you know what actions lead to this? For example what URL you try to open in UIWebView or maybe it is loaded page and you try tap on link and this page? Also I guess UIWebView use same code as Safari and it is located here trac.webkit.org/browser.John Tracid
It is happening when starting up my app. I can't share the URL because it is on a private IP range. I think it has something to do with HTML5 application cache as my site is using that1800 INFORMATION
So you just open your private URL in UIWebView and getting this crash, right? And this happens often (so it is reproducible) with same place of crash?John Tracid
Yes. Most recently I saw it when investigating an issue that arose when killing our app over and over. After a while it got into a state where I would get this crash every time I tried to start the app requiring the user to reinstall.1800 INFORMATION
Enable your Zombie then we can get the root cause of this issue easily . Or after that revised your question on that base . So it would be easy to find out root cause .Alok

1 Answers

5
votes

If it worked after a reinstall then you could try doing the URL request without caching, since I would assume that will give the same outcome:

NSURLRequest *request = [NSURLRequest requestWithURL:url cachePolicy:NSURLRequestReloadIgnoringLocalAndRemoteCacheData timeoutInterval:30];
[webView loadRequest:request];

I'm guessing something is going wrong with the caching of a resource.