iOS uiwebview crash in WebThread

17

I'm looking for some advice or help diagnosing this crash that I am seeing. For the moment, I think it is probably a webkit bug, but anything is possible, so please provide any insight you may have:

Incident Identifier: AEB8EE37-E5D4-4975-97F4-2B2038AC225A
CrashReporter Key:   92349a05395ea832c40c49c9e48997c1d65a2371
Hardware Model:      iPad3,3
Process:             Touch [242]
Path:                /var/mobile/Applications/4D2CAEEE-D0F8-4BB4-989A-F8623C877C78/Touch.app/Touch
Identifier:          StayinFrontTouch
Version:             3.2.40 (3.2.40)
Code Type:           ARM (Native)
Parent Process:      launchd [1]

Date/Time:           2014-04-30 15:26:46.137 +1200
OS Version:          iOS 7.1.1 (11D201)
Report Version:      104

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x00000258
Triggered by Thread:  2

Thread 0:
0   libsystem_kernel.dylib          0x3a2ffa58 mach_msg_trap + 20
1   libsystem_kernel.dylib          0x3a2ff854 mach_msg + 44
2   CoreFoundation                  0x2f06e896 __CFRunLoopServiceMachPort + 150
3   CoreFoundation                  0x2f06d002 __CFRunLoopRun + 850
4   CoreFoundation                  0x2efd7f0a CFRunLoopRunSpecific + 518
5   CoreFoundation                  0x2efd7cee CFRunLoopRunInMode + 102
6   GraphicsServices                0x33f0a65e GSEventRunModal + 134
7   UIKit                           0x31923168 UIApplicationMain + 1132
8   Touch                           0x000c064a 0xbd000 + 13898
9   Touch                           0x000bf854 0xbd000 + 10324

Thread 1:
0   libsystem_kernel.dylib          0x3a2ff808 kevent64 + 24
1   libdispatch.dylib               0x3a241078 _dispatch_mgr_invoke + 228
2   libdispatch.dylib               0x3a240dfe _dispatch_mgr_thread$VARIANT$mp + 34

Thread 2 name:  WebThread
Thread 2 Crashed:
0   WebCore                         0x37584302 WebCore::SubresourceLoader::didReceiveResponse(WebCore::ResourceResponse const&) + 26
1   WebCore                         0x377f751c WebCore::DocumentLoader::substituteResourceDeliveryTimerFired(WebCore::Timer*) + 212
2   WebCore                         0x374ad3f4 WebCore::ThreadTimers::sharedTimerFiredInternal() + 132
3   WebCore                         0x374ad346 WebCore::timerFired(__CFRunLoopTimer*, void*) + 22
4   CoreFoundation                  0x2f06f1b4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 12
5   CoreFoundation                  0x2f06edca __CFRunLoopDoTimer + 778
6   CoreFoundation                  0x2f06d166 __CFRunLoopRun + 1206
7   CoreFoundation                  0x2efd7f0a CFRunLoopRunSpecific + 518
8   CoreFoundation                  0x2efd7cee CFRunLoopRunInMode + 102
9   WebCore                         0x3753a116 RunWebThread(void*) + 414
10  libsystem_pthread.dylib         0x3a37b916 _pthread_body + 138
11  libsystem_pthread.dylib         0x3a37b886 _pthread_start + 98
12  libsystem_pthread.dylib         0x3a379aa0 thread_start + 4

Thread 3 name:  com.apple.NSURLConnectionLoader
Thread 3:
0   libsystem_kernel.dylib          0x3a2ffa58 mach_msg_trap + 20
1   libsystem_kernel.dylib          0x3a2ff854 mach_msg + 44
2   CoreFoundation                  0x2f06e896 __CFRunLoopServiceMachPort + 150
3   CoreFoundation                  0x2f06cfbc __CFRunLoopRun + 780
4   CoreFoundation                  0x2efd7f0a CFRunLoopRunSpecific + 518
5   CoreFoundation                  0x2efd7cee CFRunLoopRunInMode + 102
6   Foundation                      0x2fa17082 +[NSURLConnection(Loader) _resourceLoadLoop:] + 314
7   Foundation                      0x2fa8ca5a __NSThread__main__ + 1058
8   libsystem_pthread.dylib         0x3a37b916 _pthread_body + 138
9   libsystem_pthread.dylib         0x3a37b886 _pthread_start + 98
10  libsystem_pthread.dylib         0x3a379aa0 thread_start + 4

Thread 4:
0   libsystem_kernel.dylib          0x3a2ffa58 mach_msg_trap + 20
1   libsystem_kernel.dylib          0x3a2ff854 mach_msg + 44
2   CoreFoundation                  0x2f06e896 __CFRunLoopServiceMachPort + 150
3   CoreFoundation                  0x2f06cfbc __CFRunLoopRun + 780
4   CoreFoundation                  0x2efd7f0a CFRunLoopRunSpecific + 518
5   CoreFoundation                  0x2efd7cee CFRunLoopRunInMode + 102
6   libAVFAudio.dylib               0x2e04f44c GenericRunLoopThread::Entry(void*) + 124
7   libAVFAudio.dylib               0x2e0437bc CAPThread::Entry(CAPThread*) + 176
8   libsystem_pthread.dylib         0x3a37b916 _pthread_body + 138
9   libsystem_pthread.dylib         0x3a37b886 _pthread_start + 98
10  libsystem_pthread.dylib         0x3a379aa0 thread_start + 4

Thread 5 name:  JavaScriptCore::BlockFree
Thread 5:
0   libsystem_kernel.dylib          0x3a311f2c __psynch_cvwait + 24
1   libsystem_pthread.dylib         0x3a37af22 _pthread_cond_wait + 518
2   libsystem_pthread.dylib         0x3a37bd60 pthread_cond_wait + 36
3   JavaScriptCore                  0x30004ee4 JSC::BlockAllocator::blockFreeingThreadMain() + 204
4   JavaScriptCore                  0x30002538 WTF::wtfThreadEntryPoint(void*) + 12
5   libsystem_pthread.dylib         0x3a37b916 _pthread_body + 138
6   libsystem_pthread.dylib         0x3a37b886 _pthread_start + 98
7   libsystem_pthread.dylib         0x3a379aa0 thread_start + 4

Thread 6 name:  JavaScriptCore::Marking
Thread 6:
0   libsystem_kernel.dylib          0x3a311f2c __psynch_cvwait + 24
1   libsystem_pthread.dylib         0x3a37af22 _pthread_cond_wait + 518
2   libsystem_pthread.dylib         0x3a37bd60 pthread_cond_wait + 36
3   JavaScriptCore                  0x301a0406 JSC::GCThread::waitForNextPhase() + 74
4   JavaScriptCore                  0x301a0460 JSC::GCThread::gcThreadMain() + 48
5   JavaScriptCore                  0x30002538 WTF::wtfThreadEntryPoint(void*) + 12
6   libsystem_pthread.dylib         0x3a37b916 _pthread_body + 138
7   libsystem_pthread.dylib         0x3a37b886 _pthread_start + 98
8   libsystem_pthread.dylib         0x3a379aa0 thread_start + 4

Thread 7 name:  WebCore: CFNetwork Loader
Thread 7:
0   libsystem_kernel.dylib          0x3a2ffa58 mach_msg_trap + 20
1   libsystem_kernel.dylib          0x3a2ff854 mach_msg + 44
2   CoreFoundation                  0x2f06e896 __CFRunLoopServiceMachPort + 150
3   CoreFoundation                  0x2f06cfbc __CFRunLoopRun + 780
4   CoreFoundation                  0x2efd7f0a CFRunLoopRunSpecific + 518
5   CoreFoundation                  0x2efd7cee CFRunLoopRunInMode + 102
6   WebCore                         0x37582b12 WebCore::runLoaderThread(void*) + 250
7   JavaScriptCore                  0x30002538 WTF::wtfThreadEntryPoint(void*) + 12
8   libsystem_pthread.dylib         0x3a37b916 _pthread_body + 138
9   libsystem_pthread.dylib         0x3a37b886 _pthread_start + 98
10  libsystem_pthread.dylib         0x3a379aa0 thread_start + 4

Thread 8 name:  com.apple.CFSocket.private
Thread 8:
0   libsystem_kernel.dylib          0x3a312434 __select + 20
1   CoreFoundation                  0x2f072758 __CFSocketManager + 480
2   libsystem_pthread.dylib         0x3a37b916 _pthread_body + 138
3   libsystem_pthread.dylib         0x3a37b886 _pthread_start + 98
4   libsystem_pthread.dylib         0x3a379aa0 thread_start + 4

Thread 9 name:  WebCore: LocalStorage
Thread 9:
0   libsystem_kernel.dylib          0x3a311f2c __psynch_cvwait + 24
1   libsystem_pthread.dylib         0x3a37af22 _pthread_cond_wait + 518
2   libsystem_pthread.dylib         0x3a37bd60 pthread_cond_wait + 36
3   JavaScriptCore                  0x30005012 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 58
4   WebCore                         0x3766cf2c WTF::PassOwnPtr > WTF::MessageQueue >::waitForMessageFilteredWithTimeout*)>(WTF::MessageQueueWaitResult&, bool (&)(WTF::Function*), double) + 104
5   WebCore                         0x3766ceb2 WebCore::StorageThread::threadEntryPoint() + 162
6   JavaScriptCore                  0x30002538 WTF::wtfThreadEntryPoint(void*) + 12
7   libsystem_pthread.dylib         0x3a37b916 _pthread_body + 138
8   libsystem_pthread.dylib         0x3a37b886 _pthread_start + 98
9   libsystem_pthread.dylib         0x3a379aa0 thread_start + 4

Thread 10:
0   libsystem_kernel.dylib          0x3a312c70 __workq_kernreturn + 8
1   libsystem_pthread.dylib         0x3a379bda _pthread_wqthread + 306
2   libsystem_pthread.dylib         0x3a379a94 start_wqthread + 4

Thread 11:
0   libsystem_kernel.dylib          0x3a312c70 __workq_kernreturn + 8
1   libsystem_pthread.dylib         0x3a379bda _pthread_wqthread + 306
2   libsystem_pthread.dylib         0x3a379a94 start_wqthread + 4

Thread 12:
0   libsystem_kernel.dylib          0x3a312c70 __workq_kernreturn + 8
1   libsystem_pthread.dylib         0x3a379bda _pthread_wqthread + 306
2   libsystem_pthread.dylib         0x3a379a94 start_wqthread + 4

Thread 13:
0   libsystem_kernel.dylib          0x3a312c70 __workq_kernreturn + 8
1   libsystem_pthread.dylib         0x3a379bda _pthread_wqthread + 306
2   libsystem_pthread.dylib         0x3a379a94 start_wqthread + 4

Thread 14:
0   libsystem_kernel.dylib          0x3a312c70 __workq_kernreturn + 8
1   libsystem_pthread.dylib         0x3a379bda _pthread_wqthread + 306
2   libsystem_pthread.dylib         0x3a379a94 start_wqthread + 4

Thread 15:
0   libsystem_kernel.dylib          0x3a312c70 __workq_kernreturn + 8
1   libsystem_pthread.dylib         0x3a379bda _pthread_wqthread + 306
2   libsystem_pthread.dylib         0x3a379a94 start_wqthread + 4

Thread 2 crashed with ARM Thread State (32-bit):
    r0: 0x00000000    r1: 0x04ee0238      r2: 0x375842e9      r3: 0x019cb6b8
    r4: 0x0a916c00    r5: 0x04ee0238      r6: 0x0a916c00      r7: 0x01bbf028
    r8: 0x0549ea00    r9: 0x00000002     r10: 0x0549e9c8     r11: 0x03bc3000
    ip: 0x3a6c7838    sp: 0x01bbf014      lr: 0x377f751f      pc: 0x37584302
  cpsr: 0x20000030

Binary Images:
...

I did some further investigation into the stack trace and found the code for Subresourceloader here (https://webkit.googlesource.com/WebKit/+/master/Source/WebCore/loader/SubresourceLoader.cpp).

My guess is that m_resource is NULL at this point marked with (****) causing the crash:

void SubresourceLoader::didReceiveResponse(const ResourceResponse& response)
{
    ASSERT(!response.isNull());
    ASSERT(m_state == Initialized);
    // Reference the object in this method since the additional processing can do
    // anything including removing the last reference to this object; one example of this is 3266216.
    Ref<SubresourceLoader> protect(*this);
    if (m_resource->resourceToRevalidate()) {  ****
        if (response.httpStatusCode() == 304) {
            // 304 Not modified / Use local copy
            // Existing resource is ok, just use it updating the expiration time.
            m_resource->setResponse(response);
            memoryCache()->revalidationSucceeded(m_resource, response);
            if (!reachedTerminalState())
                ResourceLoader::didReceiveResponse(response);
            return;
        }
        // Did not get 304 response, continue as a regular resource load.
        memoryCache()->revalidationFailed(m_resource);
    }
...
ios
uiwebview

1 Answer

5

If it worked after a reinstall then you could try doing the URL request without caching, since I would assume that will give the same outcome:

NSURLRequest *request = [NSURLRequest requestWithURL:url cachePolicy:NSURLRequestReloadIgnoringLocalAndRemoteCacheData timeoutInterval:30];
[webView loadRequest:request];

I'm guessing something is going wrong with the caching of a resource.

answered on Stack Overflow Jul 28, 2015 by malhal

User contributions licensed under CC BY-SA 3.0