repeated app crashes involving WTF::HashTable
Originator: | mmorton | ||
Number: | rdar://23164788 | Date Originated: | 19-Oct-2014 |
Status: | Open | Resolved: | |
Product: | iOS SDK | Product Version: | --- |
Classification: | Crash | Reproducible: | Rarely |
Summary: We've gotten dozens of crash reports with crashes in WTF::HashTable… Here’s a recent one. Others vary, but all have the same frame 0 and many have the same frames 0-2 as the stack below. We have never found a way to repro this crash, and know of it only from customer crashes. Our app loads webviews with various kinds of content, including complex machine-produced drawings, on-line Help, and so on. We execute our own Javascript in some of these webviews, though I don’t believe we’ve ever seen a crash whose stack included us executing JS. We see almost no common elements between crashes. It happens on multiple OS’s (8.1 through 9.0.2 at a glance), many versions of our app, and many hardware models. The crash is in WebKit’s thread. The main thread is usually idle, but not always. Many of the crashes have very little free RAM, but we’ve seen it with as much as 23% free RAM. Most crashes did not record any memory warnings. We’d like to know: • Is this a known problem in Apple’s code? • If so, what can you tell us about how to avoid it? • If not, what can you suggest to help us diagnose it and figure out if it’s our error (e.g., trashing memory) or Apple’s? Thanks. ================ (This stack comes from Crashlytics. We never see crash reports in your web portal.) Thread : Crashed: WebThread 0 WebCore 0x00000001922c2a54 WTF::HashTable<WTF::String, WTF::String, WTF::IdentityExtractor, WTF::StringHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::String> >::add(WTF::String const&) + 40 1 WebCore 0x0000000192058244 WebCore::ResourceLoadNotifier::dispatchWillSendRequest(WebCore::DocumentLoader*, unsigned long, WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 172 2 WebCore 0x0000000192058244 WebCore::ResourceLoadNotifier::dispatchWillSendRequest(WebCore::DocumentLoader*, unsigned long, WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 172 3 WebCore 0x0000000192057644 WebCore::ResourceLoader::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 256 4 WebCore 0x00000001920574c8 WebCore::SubresourceLoader::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 340 5 WebCore 0x00000001920571d4 WebCore::ResourceLoader::init(WebCore::ResourceRequest const&) + 312 6 WebCore 0x0000000192056ed0 WebCore::SubresourceLoader::startLoading() + 56 7 WebCore 0x0000000192056e1c WebCore::ResourceLoadScheduler::servePendingRequests(WebCore::ResourceLoadScheduler::HostInformation*, WebCore::ResourceLoadPriority) + 524 8 WebCore 0x0000000192056264 WebCore::ResourceLoadScheduler::scheduleSubresourceLoad(WebCore::Frame*, WebCore::CachedResource*, WebCore::ResourceRequest const&, WebCore::ResourceLoadPriority, WebCore::ResourceLoaderOptions const&) + 84 9 WebCore 0x0000000192054d94 WebCore::CachedResource::load(WebCore::CachedResourceLoader*, WebCore::ResourceLoaderOptions const&) + 1180 10 WebCore 0x0000000192052868 WebCore::CachedResourceLoader::requestResource(WebCore::CachedResource::Type, WebCore::CachedResourceRequest&) + 1240 11 WebCore 0x0000000192133bb8 WebCore::CachedResourceLoader::requestImage(WebCore::CachedResourceRequest&) + 248 12 WebCore 0x00000001921332ac WebCore::ImageLoader::updateFromElement() + 1536 13 WebCore 0x0000000192132a0c WebCore::HTMLImageElement::parseAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) + 960 14 WebCore 0x000000019249151c WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&, WebCore::Element::AttributeModificationReason) + 60 15 WebCore 0x0000000192493b10 WebCore::Element::didAddAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) + 56 16 WebCore 0x00000001920478b4 WebCore::Element::setAttributeInternal(unsigned int, WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) + 128 17 WebCore 0x00000001927eecf8 WebCore::setJSHTMLImageElementSrc(JSC::ExecState*, JSC::JSObject*, long long, long long) + 396 18 JavaScriptCore 0x000000018585bb34 JSC::JSObject::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 1228 19 JavaScriptCore 0x0000000185854148 llint_slow_path_put_by_id + 564 20 JavaScriptCore 0x0000000185b8a9f8 llint_entry + 10744 21 JavaScriptCore 0x0000000185b8e04c llint_entry + 24652 22 JavaScriptCore 0x0000000185b8dfe8 llint_entry + 24552 23 JavaScriptCore 0x0000000185b8dfe8 llint_entry + 24552 24 JavaScriptCore 0x0000000185b8dfe8 llint_entry + 24552 25 JavaScriptCore 0x0000000185b8dfe8 llint_entry + 24552 26 JavaScriptCore 0x0000000185b87de4 callToJavaScript + 308 27 JavaScriptCore 0x0000000185af6448 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 48 28 JavaScriptCore 0x0000000185861548 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 420 29 JavaScriptCore 0x000000018598d498 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*) + 92 30 WebCore 0x00000001921f0a84 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 820 31 WebCore 0x00000001921b3a4c WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) + 776 32 WebCore 0x00000001920dc1c4 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 228 33 WebCore 0x000000019249a8d8 WebCore::EventContext::handleLocalEvents(WebCore::Event&) const + 108 34 WebCore 0x000000019249b57c WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) + 980 35 WebCore 0x00000001920dbf94 WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 36 36 WebCore 0x00000001921f06ec WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&) + 156 37 WebCore 0x0000000192219f10 WebCore::jsNodePrototypeFunctionDispatchEvent(JSC::ExecState*) + 220 38 JavaScriptCore 0x0000000185b8e620 llint_entry + 26144 39 JavaScriptCore 0x0000000185b8e04c llint_entry + 24652 40 JavaScriptCore 0x0000000185b8e04c llint_entry + 24652 41 JavaScriptCore 0x0000000185b87de4 callToJavaScript + 308 42 JavaScriptCore 0x0000000185af6448 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 48 43 JavaScriptCore 0x0000000185903320 JSC::Interpreter::execute(JSC::EvalExecutable*, JSC::ExecState*, JSC::JSValue, JSC::JSScope*) + 1208 44 JavaScriptCore 0x0000000185b2e0c8 JSC::globalFuncEval(JSC::ExecState*) + 1160 45 JavaScriptCore 0x0000000185b8e620 llint_entry + 26144 46 JavaScriptCore 0x0000000185b8dfe8 llint_entry + 24552 47 JavaScriptCore 0x0000000185b8dfe8 llint_entry + 24552 48 JavaScriptCore 0x0000000185b87de4 callToJavaScript + 308 49 JavaScriptCore 0x0000000185af6448 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 48 50 JavaScriptCore 0x0000000185861548 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 420 51 JavaScriptCore 0x000000018598d498 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*) + 92 52 WebCore 0x00000001921f0a84 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 820 53 WebCore 0x00000001921b3a4c WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) + 776 54 WebCore 0x00000001920dc1c4 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 228 55 WebCore 0x000000019225253c WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 112 56 WebCore 0x0000000192dc4e88 WebCore::WebSocket::didReceiveMessage(WTF::String const&) + 104 57 WebCore 0x0000000192dc87fc WebCore::WebSocketChannel::processFrame() + 3156 58 WebCore 0x0000000192dc7414 WebCore::WebSocketChannel::processBuffer() + 124 59 WebCore 0x0000000192dc7388 WebCore::WebSocketChannel::didReceiveSocketStreamData(WebCore::SocketStreamHandle*, char const*, int) + 288 60 WebCore 0x0000000192c31cd8 WebCore::SocketStreamHandle::readStreamCallback(unsigned long) + 364 61 CoreFoundation 0x00000001842faebc _signalEventSync + 192 62 CoreFoundation 0x00000001842fadd8 _cfstream_shared_signalEventSync + 444 63 CoreFoundation 0x000000018435a9ec __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 64 CoreFoundation 0x0000000184359d48 __CFRunLoopDoSources0 + 448 65 CoreFoundation 0x0000000184357d40 __CFRunLoopRun + 712 66 CoreFoundation 0x00000001842850a4 CFRunLoopRunSpecific + 396 67 WebCore 0x00000001920cc858 RunWebThread(void*) + 468 68 libsystem_pthread.dylib 0x000000019573fe80 _pthread_body + 164 69 libsystem_pthread.dylib 0x000000019573fddc _pthread_body Steps to Reproduce: We don’t know a way to reproduce this crash. Expected Results: No crash. Actual Results: Sporadic crash. Version: Happens on multiple OS versions. Notes: Configuration: Happens on multiple devices.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Any updates on this ? I assume this is not going to be fixed by Apple, but is there a workaround (that does not involve replacing every UIWebView with a WKWebView) ?
Apple says this is a dup of 15063210. I assume this means it’s an Apple bug.
Our apps have the same crashes since the last few years. Were you able to find a solution to mitigate the problem. I have filed a bug report with apple as well.
15063210 doesn't seem to be open anymore. I'm seeing almost the same crash as your's. Is there any update regarding this ?