I'm looking for some advice or help diagnosing this crash that I am seeing. For the moment, I think it is probably a webkit bug, but anything is possible, so please provide any insight you may have:
Incident Identifier: AEB8EE37-E5D4-4975-97F4-2B2038AC225A CrashReporter Key: 92349a05395ea832c40c49c9e48997c1d65a2371 Hardware Model: iPad3,3 Process: Touch [242] Path: /var/mobile/Applications/4D2CAEEE-D0F8-4BB4-989A-F8623C877C78/Touch.app/Touch Identifier: StayinFrontTouch Version: 3.2.40 (3.2.40) Code Type: ARM (Native) Parent Process: launchd [1] Date/Time: 2014-04-30 15:26:46.137 +1200 OS Version: iOS 7.1.1 (11D201) Report Version: 104 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x00000258 Triggered by Thread: 2 Thread 0: 0 libsystem_kernel.dylib 0x3a2ffa58 mach_msg_trap + 20 1 libsystem_kernel.dylib 0x3a2ff854 mach_msg + 44 2 CoreFoundation 0x2f06e896 __CFRunLoopServiceMachPort + 150 3 CoreFoundation 0x2f06d002 __CFRunLoopRun + 850 4 CoreFoundation 0x2efd7f0a CFRunLoopRunSpecific + 518 5 CoreFoundation 0x2efd7cee CFRunLoopRunInMode + 102 6 GraphicsServices 0x33f0a65e GSEventRunModal + 134 7 UIKit 0x31923168 UIApplicationMain + 1132 8 Touch 0x000c064a 0xbd000 + 13898 9 Touch 0x000bf854 0xbd000 + 10324 Thread 1: 0 libsystem_kernel.dylib 0x3a2ff808 kevent64 + 24 1 libdispatch.dylib 0x3a241078 _dispatch_mgr_invoke + 228 2 libdispatch.dylib 0x3a240dfe _dispatch_mgr_thread$VARIANT$mp + 34 Thread 2 name: WebThread Thread 2 Crashed: 0 WebCore 0x37584302 WebCore::SubresourceLoader::didReceiveResponse(WebCore::ResourceResponse const&) + 26 1 WebCore 0x377f751c WebCore::DocumentLoader::substituteResourceDeliveryTimerFired(WebCore::Timer*) + 212 2 WebCore 0x374ad3f4 WebCore::ThreadTimers::sharedTimerFiredInternal() + 132 3 WebCore 0x374ad346 WebCore::timerFired(__CFRunLoopTimer*, void*) + 22 4 CoreFoundation 0x2f06f1b4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 12 5 CoreFoundation 0x2f06edca __CFRunLoopDoTimer + 778 6 CoreFoundation 0x2f06d166 __CFRunLoopRun + 1206 7 CoreFoundation 0x2efd7f0a CFRunLoopRunSpecific + 518 8 CoreFoundation 0x2efd7cee CFRunLoopRunInMode + 102 9 WebCore 0x3753a116 RunWebThread(void*) + 414 10 libsystem_pthread.dylib 0x3a37b916 _pthread_body + 138 11 libsystem_pthread.dylib 0x3a37b886 _pthread_start + 98 12 libsystem_pthread.dylib 0x3a379aa0 thread_start + 4 Thread 3 name: com.apple.NSURLConnectionLoader Thread 3: 0 libsystem_kernel.dylib 0x3a2ffa58 mach_msg_trap + 20 1 libsystem_kernel.dylib 0x3a2ff854 mach_msg + 44 2 CoreFoundation 0x2f06e896 __CFRunLoopServiceMachPort + 150 3 CoreFoundation 0x2f06cfbc __CFRunLoopRun + 780 4 CoreFoundation 0x2efd7f0a CFRunLoopRunSpecific + 518 5 CoreFoundation 0x2efd7cee CFRunLoopRunInMode + 102 6 Foundation 0x2fa17082 +[NSURLConnection(Loader) _resourceLoadLoop:] + 314 7 Foundation 0x2fa8ca5a __NSThread__main__ + 1058 8 libsystem_pthread.dylib 0x3a37b916 _pthread_body + 138 9 libsystem_pthread.dylib 0x3a37b886 _pthread_start + 98 10 libsystem_pthread.dylib 0x3a379aa0 thread_start + 4 Thread 4: 0 libsystem_kernel.dylib 0x3a2ffa58 mach_msg_trap + 20 1 libsystem_kernel.dylib 0x3a2ff854 mach_msg + 44 2 CoreFoundation 0x2f06e896 __CFRunLoopServiceMachPort + 150 3 CoreFoundation 0x2f06cfbc __CFRunLoopRun + 780 4 CoreFoundation 0x2efd7f0a CFRunLoopRunSpecific + 518 5 CoreFoundation 0x2efd7cee CFRunLoopRunInMode + 102 6 libAVFAudio.dylib 0x2e04f44c GenericRunLoopThread::Entry(void*) + 124 7 libAVFAudio.dylib 0x2e0437bc CAPThread::Entry(CAPThread*) + 176 8 libsystem_pthread.dylib 0x3a37b916 _pthread_body + 138 9 libsystem_pthread.dylib 0x3a37b886 _pthread_start + 98 10 libsystem_pthread.dylib 0x3a379aa0 thread_start + 4 Thread 5 name: JavaScriptCore::BlockFree Thread 5: 0 libsystem_kernel.dylib 0x3a311f2c __psynch_cvwait + 24 1 libsystem_pthread.dylib 0x3a37af22 _pthread_cond_wait + 518 2 libsystem_pthread.dylib 0x3a37bd60 pthread_cond_wait + 36 3 JavaScriptCore 0x30004ee4 JSC::BlockAllocator::blockFreeingThreadMain() + 204 4 JavaScriptCore 0x30002538 WTF::wtfThreadEntryPoint(void*) + 12 5 libsystem_pthread.dylib 0x3a37b916 _pthread_body + 138 6 libsystem_pthread.dylib 0x3a37b886 _pthread_start + 98 7 libsystem_pthread.dylib 0x3a379aa0 thread_start + 4 Thread 6 name: JavaScriptCore::Marking Thread 6: 0 libsystem_kernel.dylib 0x3a311f2c __psynch_cvwait + 24 1 libsystem_pthread.dylib 0x3a37af22 _pthread_cond_wait + 518 2 libsystem_pthread.dylib 0x3a37bd60 pthread_cond_wait + 36 3 JavaScriptCore 0x301a0406 JSC::GCThread::waitForNextPhase() + 74 4 JavaScriptCore 0x301a0460 JSC::GCThread::gcThreadMain() + 48 5 JavaScriptCore 0x30002538 WTF::wtfThreadEntryPoint(void*) + 12 6 libsystem_pthread.dylib 0x3a37b916 _pthread_body + 138 7 libsystem_pthread.dylib 0x3a37b886 _pthread_start + 98 8 libsystem_pthread.dylib 0x3a379aa0 thread_start + 4 Thread 7 name: WebCore: CFNetwork Loader Thread 7: 0 libsystem_kernel.dylib 0x3a2ffa58 mach_msg_trap + 20 1 libsystem_kernel.dylib 0x3a2ff854 mach_msg + 44 2 CoreFoundation 0x2f06e896 __CFRunLoopServiceMachPort + 150 3 CoreFoundation 0x2f06cfbc __CFRunLoopRun + 780 4 CoreFoundation 0x2efd7f0a CFRunLoopRunSpecific + 518 5 CoreFoundation 0x2efd7cee CFRunLoopRunInMode + 102 6 WebCore 0x37582b12 WebCore::runLoaderThread(void*) + 250 7 JavaScriptCore 0x30002538 WTF::wtfThreadEntryPoint(void*) + 12 8 libsystem_pthread.dylib 0x3a37b916 _pthread_body + 138 9 libsystem_pthread.dylib 0x3a37b886 _pthread_start + 98 10 libsystem_pthread.dylib 0x3a379aa0 thread_start + 4 Thread 8 name: com.apple.CFSocket.private Thread 8: 0 libsystem_kernel.dylib 0x3a312434 __select + 20 1 CoreFoundation 0x2f072758 __CFSocketManager + 480 2 libsystem_pthread.dylib 0x3a37b916 _pthread_body + 138 3 libsystem_pthread.dylib 0x3a37b886 _pthread_start + 98 4 libsystem_pthread.dylib 0x3a379aa0 thread_start + 4 Thread 9 name: WebCore: LocalStorage Thread 9: 0 libsystem_kernel.dylib 0x3a311f2c __psynch_cvwait + 24 1 libsystem_pthread.dylib 0x3a37af22 _pthread_cond_wait + 518 2 libsystem_pthread.dylib 0x3a37bd60 pthread_cond_wait + 36 3 JavaScriptCore 0x30005012 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 58 4 WebCore 0x3766cf2c WTF::PassOwnPtr > WTF::MessageQueue >::waitForMessageFilteredWithTimeout*)>(WTF::MessageQueueWaitResult&, bool (&)(WTF::Function*), double) + 104 5 WebCore 0x3766ceb2 WebCore::StorageThread::threadEntryPoint() + 162 6 JavaScriptCore 0x30002538 WTF::wtfThreadEntryPoint(void*) + 12 7 libsystem_pthread.dylib 0x3a37b916 _pthread_body + 138 8 libsystem_pthread.dylib 0x3a37b886 _pthread_start + 98 9 libsystem_pthread.dylib 0x3a379aa0 thread_start + 4 Thread 10: 0 libsystem_kernel.dylib 0x3a312c70 __workq_kernreturn + 8 1 libsystem_pthread.dylib 0x3a379bda _pthread_wqthread + 306 2 libsystem_pthread.dylib 0x3a379a94 start_wqthread + 4 Thread 11: 0 libsystem_kernel.dylib 0x3a312c70 __workq_kernreturn + 8 1 libsystem_pthread.dylib 0x3a379bda _pthread_wqthread + 306 2 libsystem_pthread.dylib 0x3a379a94 start_wqthread + 4 Thread 12: 0 libsystem_kernel.dylib 0x3a312c70 __workq_kernreturn + 8 1 libsystem_pthread.dylib 0x3a379bda _pthread_wqthread + 306 2 libsystem_pthread.dylib 0x3a379a94 start_wqthread + 4 Thread 13: 0 libsystem_kernel.dylib 0x3a312c70 __workq_kernreturn + 8 1 libsystem_pthread.dylib 0x3a379bda _pthread_wqthread + 306 2 libsystem_pthread.dylib 0x3a379a94 start_wqthread + 4 Thread 14: 0 libsystem_kernel.dylib 0x3a312c70 __workq_kernreturn + 8 1 libsystem_pthread.dylib 0x3a379bda _pthread_wqthread + 306 2 libsystem_pthread.dylib 0x3a379a94 start_wqthread + 4 Thread 15: 0 libsystem_kernel.dylib 0x3a312c70 __workq_kernreturn + 8 1 libsystem_pthread.dylib 0x3a379bda _pthread_wqthread + 306 2 libsystem_pthread.dylib 0x3a379a94 start_wqthread + 4 Thread 2 crashed with ARM Thread State (32-bit): r0: 0x00000000 r1: 0x04ee0238 r2: 0x375842e9 r3: 0x019cb6b8 r4: 0x0a916c00 r5: 0x04ee0238 r6: 0x0a916c00 r7: 0x01bbf028 r8: 0x0549ea00 r9: 0x00000002 r10: 0x0549e9c8 r11: 0x03bc3000 ip: 0x3a6c7838 sp: 0x01bbf014 lr: 0x377f751f pc: 0x37584302 cpsr: 0x20000030 Binary Images: ...
I did some further investigation into the stack trace and found the code for Subresourceloader here (https://webkit.googlesource.com/WebKit/+/master/Source/WebCore/loader/SubresourceLoader.cpp).
My guess is that m_resource is NULL at this point marked with (****) causing the crash:
void SubresourceLoader::didReceiveResponse(const ResourceResponse& response)
{
ASSERT(!response.isNull());
ASSERT(m_state == Initialized);
// Reference the object in this method since the additional processing can do
// anything including removing the last reference to this object; one example of this is 3266216.
Ref<SubresourceLoader> protect(*this);
if (m_resource->resourceToRevalidate()) { ****
if (response.httpStatusCode() == 304) {
// 304 Not modified / Use local copy
// Existing resource is ok, just use it updating the expiration time.
m_resource->setResponse(response);
memoryCache()->revalidationSucceeded(m_resource, response);
if (!reachedTerminalState())
ResourceLoader::didReceiveResponse(response);
return;
}
// Did not get 304 response, continue as a regular resource load.
memoryCache()->revalidationFailed(m_resource);
}
...