JDK-8139114 : WebView crashes on Yahoo login page
  • Type: Bug
  • Component: javafx
  • Sub-Component: web
  • Affected Version: 8u60,9
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • OS: windows_7,windows_8
  • CPU: x86
  • Submitted: 2015-10-06
  • Updated: 2016-06-14
  • Resolved: 2016-02-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8u102Fixed 9Fixed
Related Reports
Duplicate :  
Duplicate :  
Relates :  
Description
FULL PRODUCT VERSION :
java version "1.8.0_60"
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Win 8.1 Pro x64: Microsoft Windows [Version 6.3.9600]
Win Server 2008 SP2o x64: Microsoft Windows [Version 6.0.6002]


A DESCRIPTION OF THE PROBLEM :
When using JavaFX WebView (on a non-visible Stage) to run javascript on yahoo's login page , java crashes in jfxwebkit.dll most of the time.

REGRESSION.  Last worked in version 8u40

ADDITIONAL REGRESSION INFORMATION: 
java version "1.8.0_40"
Java(TM) SE Runtime Environment (build 1.8.0_40-b26)
Java HotSpot(TM) 64-Bit Server VM (build 25.40-b25, mixed mode)

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run the test case; crashes 7 out of 10 times.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Expect Java to not crash and output "OK, didn't crash".
ACTUAL -
Java crashes when as the script is executed.

ERROR MESSAGES/STACK TRACES THAT OCCUR :
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x000000006ea0e078, pid=5732, tid=2732
#
# JRE version: Java(TM) SE Runtime Environment (8.0_60-b27) (build 1.8.0_60-b27)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (25.60-b23 mixed mode windows-amd64 compressed oops)
# Problematic frame:
# C  [jfxwebkit.dll+0x7ae078]
#
# Failed to write core dump. Minidumps are not enabled by default on client versions of Windows
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.java.com/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

---------------  T H R E A D  ---------------

Current thread (0x0000000018a31000):  JavaThread "JavaFX Application Thread" [_thread_in_native, id=2732, stack(0x0000000019b40000,0x0000000019c40000)]

siginfo: ExceptionCode=0xc0000005, reading address 0x0000000000000068

Registers:
RAX=0x0000000000000000, RBX=0x000000002363b8f0, RCX=0x000000006ea0e069, RDX=0x0000000019c3d7a0
RSP=0x0000000019c3d5e0, RBP=0x0000000000000001, RSI=0x0000000000000000, RDI=0x0000000019c3d7a0
R8 =0x0000000000000000, R9 =0x00000000237bd8a8, R10=0x0000000000000000, R11=0x000000006f3e6b92
R12=0x0000000019c3d8d0, R13=0x000000001c1bf498, R14=0x00000000237bd8a8, R15=0x000000006e260000
RIP=0x000000006ea0e078, EFLAGS=0x0000000000010246

Top of Stack: (sp=0x0000000019c3d5e0)
0x0000000019c3d5e0:   0000000019c3d7a0 0000000019c3d820
0x0000000019c3d5f0:   0000000019c3d8d0 000000006eb1b168
0x0000000019c3d600:   fffffffffffffffe 000000006f3e6b80
0x0000000019c3d610:   00000000237a2e40 00000000237bd570
0x0000000019c3d620:   000000002363b8f0 000000006ea3ed2b
0x0000000019c3d630:   000000001c1bf498 00000000237bd570
0x0000000019c3d640:   0000000019c3d7a0 0000000000000001
0x0000000019c3d650:   0000000024d27600 000000006edd545c
0x0000000019c3d660:   fffffffffffffffe 00000000237a2e40
0x0000000019c3d670:   00000005237bd573 0000000800000008
0x0000000019c3d680:   0000002000000008 0000002100000020
0x0000000019c3d690:   0000011100000022 0000000000000111
0x0000000019c3d6a0:   0000000018a31000 0000000019c3d8c8
0x0000000019c3d6b0:   0000000000000000 0000000019c3d8d0
0x0000000019c3d6c0:   0000000019c3d7a0 000000006ea3a0f1
0x0000000019c3d6d0:   00000000237bd570 00000000237bd570 

Instructions: (pc=0x000000006ea0e078)
0x000000006ea0e058:   8b d7 48 8b 48 68 e8 8d cd 04 00 84 c0 75 40 eb
0x000000006ea0e068:   50 40 84 f6 75 39 48 8b 43 38 45 33 c0 48 8b d7
0x000000006ea0e078:   48 8b 48 68 e8 6f bf 04 00 84 c0 75 22 eb 32 40
0x000000006ea0e088:   84 f6 75 1b 48 8b 43 38 45 33 c0 48 8b d7 48 8b 


Register to memory mapping:

RAX=0x0000000000000000 is an unknown value
RBX=0x000000002363b8f0 is an unknown value
RCX=0x000000006ea0e069 is an unknown value
RDX=0x0000000019c3d7a0 is pointing into the stack for thread: 0x0000000018a31000
RSP=0x0000000019c3d5e0 is pointing into the stack for thread: 0x0000000018a31000
RBP=0x0000000000000001 is an unknown value
RSI=0x0000000000000000 is an unknown value
RDI=0x0000000019c3d7a0 is pointing into the stack for thread: 0x0000000018a31000
R8 =0x0000000000000000 is an unknown value
R9 =0x00000000237bd8a8 is an unknown value
R10=0x0000000000000000 is an unknown value
R11=0x000000006f3e6b92 is an unknown value
R12=0x0000000019c3d8d0 is pointing into the stack for thread: 0x0000000018a31000
R13={method} {0x000000001c1bf4a0} 'twkWillSendRequest' '(Ljava/lang/String;Ljava/lang/String;ILjava/lang/String;Ljava/lang/String;JLjava/lang/String;Ljava/lang/String;J)Z' in 'com/sun/webkit/network/URLLoader'
R14=0x00000000237bd8a8 is an unknown value
R15=0x000000006e260000 is an unknown value


Stack: [0x0000000019b40000,0x0000000019c40000],  sp=0x0000000019c3d5e0,  free space=1013k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C  [jfxwebkit.dll+0x7ae078]
C  [jfxwebkit.dll+0x7ded2b]
C  [jfxwebkit.dll+0x7da0f1]
C  [jfxwebkit.dll+0x8c04d7]
C  [jfxwebkit.dll+0x8c0a1b]
C  0x00000000021a5e34

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j  com.sun.webkit.network.URLLoader.twkWillSendRequest(Ljava/lang/String;Ljava/lang/String;ILjava/lang/String;Ljava/lang/String;JLjava/lang/String;Ljava/lang/String;J)Z+0
j  com.sun.webkit.network.URLLoader.notifyWillSendRequest(Ljava/lang/String;Ljava/lang/String;ILjava/lang/String;Ljava/lang/String;JLjava/lang/String;Ljava/lang/String;)Z+107
j  com.sun.webkit.network.URLLoader.lambda$willSendRequest$93(Ljava/lang/String;Ljava/lang/String;ILjava/lang/String;Ljava/lang/String;JLjava/lang/String;Ljava/lang/String;Ljava/util/concurrent/CountDownLatch;)V+21
j  com.sun.webkit.network.URLLoader$$Lambda$135.run()V+40
j  com.sun.javafx.application.PlatformImpl.lambda$null$174(Ljava/lang/Runnable;)Ljava/lang/Void;+1
j  com.sun.javafx.application.PlatformImpl$$Lambda$50.run()Ljava/lang/Object;+4
v  ~StubRoutines::call_stub
J 1501  java.security.AccessController.doPrivileged(Ljava/security/PrivilegedAction;Ljava/security/AccessControlContext;)Ljava/lang/Object; (0 bytes) @ 0x00000000026981a6 [0x0000000002698140+0x66]
j  com.sun.javafx.application.PlatformImpl.lambda$runLater$175(Ljava/lang/Runnable;Ljava/security/AccessControlContext;)V+7
j  com.sun.javafx.application.PlatformImpl$$Lambda$49.run()V+8
j  com.sun.glass.ui.InvokeLaterDispatcher$Future.run()V+4
v  ~StubRoutines::call_stub
j  com.sun.glass.ui.win.WinApplication._runLoop(Ljava/lang/Runnable;)V+0
j  com.sun.glass.ui.win.WinApplication.lambda$null$149(ILjava/lang/Runnable;)V+8
j  com.sun.glass.ui.win.WinApplication$$Lambda$38.run()V+12
j  java.lang.Thread.run()V+11
v  ~StubRoutines::call_stub

---------------  P R O C E S S  ---------------

Java Threads: ( => current thread )
  0x0000000019282800 JavaThread "Thread-8" daemon [_thread_blocked, id=6404, stack(0x0000000026730000,0x0000000026830000)]
  0x0000000019285800 JavaThread "Thread-7" daemon [_thread_in_native, id=5300, stack(0x00000000260c0000,0x00000000261c0000)]
  0x0000000019282000 JavaThread "URL-Loader-20" daemon [_thread_blocked, id=6552, stack(0x0000000025fc0000,0x00000000260c0000)]
  0x0000000019285000 JavaThread "URL-Loader-19" daemon [_thread_blocked, id=7096, stack(0x0000000025ec0000,0x0000000025fc0000)]
  0x0000000019281000 JavaThread "URL-Loader-18" daemon [_thread_blocked, id=5264, stack(0x0000000025dc0000,0x0000000025ec0000)]
  0x0000000019284000 JavaThread "URL-Loader-17" daemon [_thread_blocked, id=5308, stack(0x0000000025cc0000,0x0000000025dc0000)]
  0x0000000019283800 JavaThread "URL-Loader-16" daemon [_thread_blocked, id=5644, stack(0x0000000024bf0000,0x0000000024cf0000)]
  0x000000001927d800 JavaThread "URL-Loader-15" daemon [_thread_blocked, id=5520, stack(0x0000000024af0000,0x0000000024bf0000)]
  0x000000001927f800 JavaThread "URL-Loader-14" daemon [_thread_in_native, id=1872, stack(0x00000000249f0000,0x0000000024af0000)]
  0x0000000019280800 JavaThread "URL-Loader-13" daemon [_thread_blocked, id=6600, stack(0x00000000248f0000,0x00000000249f0000)]
  0x000000001927f000 JavaThread "URL-Loader-12" daemon [_thread_blocked, id=6532, stack(0x00000000247f0000,0x00000000248f0000)]
  0x000000001927e000 JavaThread "URL-Loader-11" daemon [_thread_in_native, id=4124, stack(0x00000000245f0000,0x00000000246f0000)]
  0x00000000192f3000 JavaThread "URL-Loader-10" daemon [_thread_blocked, id=7004, stack(0x0000000023ed0000,0x0000000023fd0000)]
  0x00000000192f2000 JavaThread "URL-Loader-9" daemon [_thread_blocked, id=6800, stack(0x0000000023dd0000,0x0000000023ed0000)]
  0x00000000192f1800 JavaThread "URL-Loader-8" daemon [_thread_in_native, id=6924, stack(0x0000000023cd0000,0x0000000023dd0000)]
  0x00000000192ed800 JavaThread "Thread-6" daemon [_thread_blocked, id=756, stack(0x0000000022f10000,0x0000000023010000)]
  0x00000000192ee000 JavaThread "Thread-5" daemon [_thread_blocked, id=3372, stack(0x0000000022e10000,0x0000000022f10000)]
  0x00000000192f0800 JavaThread "URL-Loader-7" daemon [_thread_blocked, id=6752, stack(0x0000000022d10000,0x0000000022e10000)]
  0x00000000192ec800 JavaThread "Prism Font Disposer" daemon [_thread_blocked, id=3936, stack(0x0000000022410000,0x0000000022510000)]
  0x00000000192ef800 JavaThread "URL-Loader-6" daemon [_thread_blocked, id=4028, stack(0x000000001e840000,0x000000001e940000)]
  0x00000000192ec000 JavaThread "Watchdog-Timer-1" daemon [_thread_blocked, id=1644, stack(0x000000001e720000,0x000000001e820000)]
  0x00000000192ef000 JavaThread "Keep-Alive-Timer" daemon [_thread_blocked, id=5468, stack(0x000000001e080000,0x000000001e180000)]
  0x00000000192c8000 JavaThread "URL-Loader-5" daemon [_thread_blocked, id=2656, stack(0x000000001df80000,0x000000001e080000)]
  0x0000000019015000 JavaThread "URL-Loader-4" daemon [_thread_blocked, id=6712, stack(0x000000001de80000,0x000000001df80000)]
  0x0000000019014800 JavaThread "URL-Loader-3" daemon [_thread_blocked, id=5408, stack(0x000000001dc80000,0x000000001dd80000)]
  0x0000000018e5b800 JavaThread "URL-Loader-2" daemon [_thread_in_native, id=6764, stack(0x000000001db80000,0x000000001dc80000)]
  0x0000000018e44800 JavaThread "URL-Loader-1" daemon [_thread_blocked, id=6176, stack(0x000000001c2b0000,0x000000001c3b0000)]
  0x0000000018d7b800 JavaThread "Disposer" daemon [_thread_blocked, id=2792, stack(0x000000001bfb0000,0x000000001c0b0000)]
  0x0000000018d24800 JavaThread "Thread-3" daemon [_thread_in_native, id=5648, stack(0x000000001b5d0000,0x000000001b6d0000)]
  0x0000000018a3c800 JavaThread "JavaFX-Launcher" [_thread_blocked, id=6224, stack(0x000000001b6d0000,0x000000001b7d0000)]
=>0x0000000018a31000 JavaThread "JavaFX Application Thread" [_thread_in_native, id=2732, stack(0x0000000019b40000,0x0000000019c40000)]
  0x0000000018a30800 JavaThread "Thread-1" daemon [_thread_blocked, id=5600, stack(0x0000000019a40000,0x0000000019b40000)]
  0x0000000018a1c800 JavaThread "QuantumRenderer-0" daemon [_thread_blocked, id=1356, stack(0x0000000019440000,0x0000000019540000)]
  0x0000000016d5e000 JavaThread "Service Thread" daemon [_thread_blocked, id=4844, stack(0x0000000018a40000,0x0000000018b40000)]
  0x0000000016d07000 JavaThread "C1 CompilerThread2" daemon [_thread_blocked, id=6988, stack(0x0000000018540000,0x0000000018640000)]
  0x0000000016d00800 JavaThread "C2 CompilerThread1" daemon [_thread_blocked, id=4992, stack(0x0000000018440000,0x0000000018540000)]
  0x0000000016cfe000 JavaThread "C2 CompilerThread0" daemon [_thread_blocked, id=5564, stack(0x0000000018340000,0x0000000018440000)]
  0x0000000016cfd000 JavaThread "Attach Listener" daemon [_thread_blocked, id=4120, stack(0x0000000018240000,0x0000000018340000)]
  0x0000000016cfb800 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=6948, stack(0x0000000018140000,0x0000000018240000)]
  0x0000000002188000 JavaThread "Finalizer" daemon [_thread_blocked, id=5748, stack(0x0000000017f60000,0x0000000018060000)]
  0x000000000217f800 JavaThread "Reference Handler" daemon [_thread_blocked, id=5784, stack(0x0000000017e60000,0x0000000017f60000)]
  0x0000000002090800 JavaThread "main" [_thread_blocked, id=5164, stack(0x0000000001ec0000,0x0000000001fc0000)]

Other Threads:
  0x0000000016cc6800 VMThread [stack: 0x0000000017d60000,0x0000000017e60000] [id=2384]
  0x000000001867b800 WatcherThread [stack: 0x0000000018b40000,0x0000000018c40000] [id=5768]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap:
 PSYoungGen      total 139264K, used 93437K [0x00000000d5c00000, 0x00000000dea00000, 0x0000000100000000)
  eden space 133120K, 66% used [0x00000000d5c00000,0x00000000db22b268,0x00000000dde00000)
  from space 6144K, 84% used [0x00000000de400000,0x00000000de9144c0,0x00000000dea00000)
  to   space 6144K, 0% used [0x00000000dde00000,0x00000000dde00000,0x00000000de400000)
 ParOldGen       total 87552K, used 1077K [0x0000000081400000, 0x0000000086980000, 0x00000000d5c00000)
  object space 87552K, 1% used [0x0000000081400000,0x000000008150d7c0,0x0000000086980000)
 Metaspace       used 17068K, capacity 17644K, committed 17792K, reserved 1064960K
  class space    used 2153K, capacity 2307K, committed 2432K, reserved 1048576K

Card table byte_map: [0x0000000011550000,0x0000000011950000] byte_map_base: 0x0000000011146000

Marking Bits: (ParMarkBitMap*) 0x0000000070ffa5b0
 Begin Bits: [0x0000000012000000, 0x0000000013fb0000)
 End Bits:   [0x0000000013fb0000, 0x0000000015f60000)

Polling page: 0x0000000000670000

CodeCache: size=245760Kb used=6518Kb max_used=6518Kb free=239241Kb
 bounds [0x0000000002190000, 0x0000000002800000, 0x0000000011190000]
 total_blobs=2558 nmethods=1947 adapters=523
 compilation: enabled

Compilation events (10 events):
Event: 2.314 Thread 0x0000000016d07000 1937   !   3       java.net.AbstractPlainSocketImpl::isConnectionReset (31 bytes)
Event: 2.314 Thread 0x0000000016d07000 nmethod 1937 0x00000000027eb290 code [0x00000000027eb400, 0x00000000027eb750]
Event: 2.314 Thread 0x0000000016d07000 1939   !   3       sun.security.provider.DigestBase::engineDigest (39 bytes)
Event: 2.315 Thread 0x0000000016d07000 nmethod 1939 0x00000000027ea610 code [0x00000000027ea7c0, 0x00000000027ead08]
Event: 2.315 Thread 0x0000000016cfe000 1940       4       java.lang.StringBuilder::<init> (7 bytes)
Event: 2.315 Thread 0x0000000016d07000 1941       3       sun.nio.cs.StreamEncoder::writeBytes (132 bytes)
Event: 2.315 Thread 0x0000000016cfe000 nmethod 1940 0x00000000027e8d90 code [0x00000000027e8ee0, 0x00000000027e8fd8]
Event: 2.316 Thread 0x0000000016d07000 nmethod 1941 0x00000000027e9310 code [0x00000000027e9520, 0x00000000027ea178]
Event: 2.318 Thread 0x0000000016d00800 nmethod 1913 0x00000000027f0610 code [0x00000000027f0780, 0x00000000027f1198]
Event: 2.319 Thread 0x0000000016cfe000 1942       4       java.lang.Integer::<init> (10 bytes)

GC Heap History (10 events):
Event: 1.532 GC heap before
{Heap before GC invocations=2 (full 0):
 PSYoungGen      total 38400K, used 38389K [0x00000000d5c00000, 0x00000000d8680000, 0x0000000100000000)
  eden space 33280K, 99% used [0x00000000d5c00000,0x00000000d7c7e3a0,0x00000000d7c80000)
  from space 5120K, 99% used [0x00000000d7c80000,0x00000000d817f190,0x00000000d8180000)
  to   space 5120K, 0% used [0x00000000d8180000,0x00000000d8180000,0x00000000d8680000)
 ParOldGen       total 87552K, used 730K [0x0000000081400000, 0x0000000086980000, 0x00000000d5c00000)
  object space 87552K, 0% used [0x0000000081400000,0x00000000814b6848,0x0000000086980000)
 Metaspace       used 15500K, capacity 16006K, committed 16256K, reserved 1062912K
  class space    used 1960K, capacity 2104K, committed 2176K, reserved 1048576K
Event: 1.537 GC heap after
Heap after GC invocations=2 (full 0):
 PSYoungGen      total 38400K, used 5098K [0x00000000d5c00000, 0x00000000d8680000, 0x0000000100000000)
  eden space 33280K, 0% used [0x00000000d5c00000,0x00000000d5c00000,0x00000000d7c80000)
  from space 5120K, 99% used [0x00000000d8180000,0x00000000d867a938,0x00000000d8680000)
  to   space 5120K, 0% used [0x00000000d7c80000,0x00000000d7c80000,0x00000000d8180000)
 ParOldGen       total 87552K, used 879K [0x0000000081400000, 0x0000000086980000, 0x00000000d5c00000)
  object space 87552K, 1% used [0x0000000081400000,0x00000000814dbff8,0x0000000086980000)
 Metaspace       used 15500K, capacity 16006K, committed 16256K, reserved 1062912K
  class space    used 1960K, capacity 2104K, committed 2176K, reserved 1048576K
}
Event: 1.546 GC heap before
{Heap before GC invocations=3 (full 0):
 PSYoungGen      total 38400K, used 38328K [0x00000000d5c00000, 0x00000000d8680000, 0x0000000100000000)
  eden space 33280K, 99% used [0x00000000d5c00000,0x00000000d7c73a28,0x00000000d7c80000)
  from space 5120K, 99% used [0x00000000d8180000,0x00000000d867a938,0x00000000d8680000)
  to   space 5120K, 0% used [0x00000000d7c80000,0x00000000d7c80000,0x00000000d8180000)
 ParOldGen       total 87552K, used 879K [0x0000000081400000, 0x0000000086980000, 0x00000000d5c00000)
  object space 87552K, 1% used [0x0000000081400000,0x00000000814dbff8,0x0000000086980000)
 Metaspace       used 15501K, capacity 16006K, committed 16256K, reserved 1062912K
  class space    used 1960K, capacity 2104K, committed 2176K, reserved 1048576K
Event: 1.550 GC heap after
Heap after GC invocations=3 (full 0):
 PSYoungGen      total 38400K, used 5110K [0x00000000d5c00000, 0x00000000da700000, 0x0000000100000000)
  eden space 33280K, 0% used [0x00000000d5c00000,0x00000000d5c00000,0x00000000d7c80000)
  from space 5120K, 99% used [0x00000000d7c80000,0x00000000d817d8e0,0x00000000d8180000)
  to   space 5120K, 0% used [0x00000000da200000,0x00000000da200000,0x00000000da700000)
 ParOldGen       total 87552K, used 986K [0x0000000081400000, 0x0000000086980000, 0x00000000d5c00000)
  object space 87552K, 1% used [0x0000000081400000,0x00000000814f6a00,0x0000000086980000)
 Metaspace       used 15501K, capacity 16006K, committed 16256K, reserved 1062912K
  class space    used 1960K, capacity 2104K, committed 2176K, reserved 1048576K
}
Event: 1.558 GC heap before
{Heap before GC invocations=4 (full 0):
 PSYoungGen      total 38400K, used 38304K [0x00000000d5c00000, 0x00000000da700000, 0x0000000100000000)
  eden space 33280K, 99% used [0x00000000d5c00000,0x00000000d7c6a7f8,0x00000000d7c80000)
  from space 5120K, 99% used [0x00000000d7c80000,0x00000000d817d8e0,0x00000000d8180000)
  to   space 5120K, 0% used [0x00000000da200000,0x00000000da200000,0x00000000da700000)
 ParOldGen       total 87552K, used 986K [0x0000000081400000, 0x0000000086980000, 0x00000000d5c00000)
  object space 87552K, 1% used [0x0000000081400000,0x00000000814f6a00,0x0000000086980000)
 Metaspace       used 15501K, capacity 16006K, committed 16256K, reserved 1062912K
  class space    used 1960K, capacity 2104K, committed 2176K, reserved 1048576K
Event: 1.562 GC heap after
Heap after GC invocations=4 (full 0):
 PSYoungGen      total 71680K, used 5090K [0x00000000d5c00000, 0x00000000da700000, 0x0000000100000000)
  eden space 66560K, 0% used [0x00000000d5c00000,0x00000000d5c00000,0x00000000d9d00000)
  from space 5120K, 99% used [0x00000000da200000,0x00000000da6f8af0,0x00000000da700000)
  to   space 5120K, 0% used [0x00000000d9d00000,0x00000000d9d00000,0x00000000da200000)
 ParOldGen       total 87552K, used 1077K [0x0000000081400000, 0x0000000086980000, 0x00000000d5c00000)
  object space 87552K, 1% used [0x0000000081400000,0x000000008150d7c0,0x0000000086980000)
 Metaspace       used 15501K, capacity 16006K, committed 16256K, reserved 1062912K
  class space    used 1960K, capacity 2104K, committed 2176K, reserved 1048576K
}
Event: 1.580 GC heap before
{Heap before GC invocations=5 (full 0):
 PSYoungGen      total 71680K, used 71623K [0x00000000d5c00000, 0x00000000da700000, 0x0000000100000000)
  eden space 66560K, 99% used [0x00000000d5c00000,0x00000000d9cf9360,0x00000000d9d00000)
  from space 5120K, 99% used [0x00000000da200000,0x00000000da6f8af0,0x00000000da700000)
  to   space 5120K, 0% used [0x00000000d9d00000,0x00000000d9d00000,0x00000000da200000)
 ParOldGen       total 87552K, used 1077K [0x0000000081400000, 0x0000000086980000, 0x00000000d5c00000)
  object space 87552K, 1% used [0x0000000081400000,0x000000008150d7c0,0x0000000086980000)
 Metaspace       used 15501K, capacity 16006K, committed 16256K, reserved 1062912K
  class space    used 1960K, capacity 2104K, committed 2176K, reserved 1048576K
Event: 1.584 GC heap after
Heap after GC invocations=5 (full 0):
 PSYoungGen      total 71680K, used 5092K [0x00000000d5c00000, 0x00000000dea00000, 0x0000000100000000)
  eden space 66560K, 0% used [0x00000000d5c00000,0x00000000d5c00000,0x00000000d9d00000)
  from space 5120K, 99% used [0x00000000d9d00000,0x00000000da1f90d8,0x00000000da200000)
  to   space 6144K, 0% used [0x00000000de400000,0x00000000de400000,0x00000000dea00000)
 ParOldGen       total 87552K, used 1077K [0x0000000081400000, 0x0000000086980000, 0x00000000d5c00000)
  object space 87552K, 1% used [0x0000000081400000,0x000000008150d7c0,0x0000000086980000)
 Metaspace       used 15501K, capacity 16006K, committed 16256K, reserved 1062912K
  class space    used 1960K, capacity 2104K, committed 2176K, reserved 1048576K
}
Event: 1.597 GC heap before
{Heap before GC invocations=6 (full 0):
 PSYoungGen      total 71680K, used 71526K [0x00000000d5c00000, 0x00000000dea00000, 0x0000000100000000)
  eden space 66560K, 99% used [0x00000000d5c00000,0x00000000d9ce09f8,0x00000000d9d00000)
  from space 5120K, 99% used [0x00000000d9d00000,0x00000000da1f90d8,0x00000000da200000)
  to   space 6144K, 0% used [0x00000000de400000,0x00000000de400000,0x00000000dea00000)
 ParOldGen       total 87552K, used 1077K [0x0000000081400000, 0x0000000086980000, 0x00000000d5c00000)
  object space 87552K, 1% used [0x0000000081400000,0x000000008150d7c0,0x0000000086980000)
 Metaspace       used 15501K, capacity 16006K, committed 16256K, reserved 1062912K
  class space    used 1960K, capacity 2104K, committed 2176K, reserved 1048576K
Event: 1.601 GC heap after
Heap after GC invocations=6 (full 0):
 PSYoungGen      total 139264K, used 5201K [0x00000000d5c00000, 0x00000000dea00000, 0x0000000100000000)
  eden space 133120K, 0% used [0x00000000d5c00000,0x00000000d5c00000,0x00000000dde00000)
  from space 6144K, 84% used [0x00000000de400000,0x00000000de9144c0,0x00000000dea00000)
  to   space 6144K, 0% used [0x00000000dde00000,0x00000000dde00000,0x00000000de400000)
 ParOldGen       total 87552K, used 1077K [0x0000000081400000, 0x0000000086980000, 0x00000000d5c00000)
  object space 87552K, 1% used [0x0000000081400000,0x000000008150d7c0,0x0000000086980000)
 Metaspace       used 15501K, capacity 16006K, committed 16256K, reserved 1062912K
  class space    used 1960K, capacity 2104K, committed 2176K, reserved 1048576K
}

Deoptimization events (10 events):
Event: 1.894 Thread 0x0000000018a31000 Uncommon trap: reason=unstable_if action=reinterpret pc=0x00000000026cce98 method=java.util.Arrays.equals([B[B)Z @ 2
Event: 2.053 Thread 0x000000001927e000 Uncommon trap: reason=unstable_if action=reinterpret pc=0x0000000002749344 method=sun.net.www.ParseUtil.match(CJJ)Z @ 13
Event: 2.103 Thread 0x0000000018a31000 Uncommon trap: reason=class_check action=maybe_recompile pc=0x0000000002639718 method=java.util.regex.Pattern$Curly.match(Ljava/util/regex/Matcher;ILjava/lang/CharSequence;)Z @ 19
Event: 2.103 Thread 0x0000000018a31000 Uncommon trap: reason=class_check action=maybe_recompile pc=0x0000000002639718 method=java.util.regex.Pattern$Curly.match(Ljava/util/regex/Matcher;ILjava/lang/CharSequence;)Z @ 19
Event: 2.103 Thread 0x0000000018a31000 Uncommon trap: reason=class_check action=maybe_recompile pc=0x0000000002639718 method=java.util.regex.Pattern$Curly.match(Ljava/util/regex/Matcher;ILjava/lang/CharSequence;)Z @ 19
Event: 2.103 Thread 0x0000000018a31000 Uncommon trap: reason=class_check action=maybe_recompile pc=0x0000000002639718 method=java.util.regex.Pattern$Curly.match(Ljava/util/regex/Matcher;ILjava/lang/CharSequence;)Z @ 19
Event: 2.123 Thread 0x00000000192c8000 Uncommon trap: reason=class_check action=maybe_recompile pc=0x0000000002601830 method=java.io.FilterInputStream.read()I @ 4
Event: 2.123 Thread 0x00000000192c8000 Uncommon trap: reason=class_check action=maybe_recompile pc=0x0000000002601830 method=java.io.FilterInputStream.read()I @ 4
Event: 2.123 Thread 0x00000000192c8000 Uncommon trap: reason=class_check action=maybe_recompile pc=0x0000000002601830 method=java.io.FilterInputStream.read()I @ 4
Event: 2.123 Thread 0x00000000192c8000 Uncommon trap: reason=class_check action=maybe_recompile pc=0x0000000002601830 method=java.io.FilterInputStream.read()I @ 4

Internal exceptions (10 events):
Event: 0.296 Thread 0x0000000018a31000 Exception <a 'java/lang/NullPointerException'> (0x00000000d67605a8) thrown at [C:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u60\4407\hotspot\src\share\vm\interpreter\linkResolver.cpp, line 1178]
Event: 0.296 Thread 0x0000000018a31000 Exception <a 'java/lang/NullPointerException'> (0x00000000d67605a8) thrown at [C:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u60\4407\hotspot\src\share\vm\prims\jvm.cpp, line 1390]
Event: 0.492 Thread 0x0000000018a31000 Implicit null exception at 0x0000000002407335 to 0x000000000240750d
Event: 0.527 Thread 0x0000000018a31000 Exception <a 'sun/nio/fs/WindowsException'> (0x00000000d6fee4f8) thrown at [C:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u60\4407\hotspot\src\share\vm\prims\jni.cpp, line 709]
Event: 0.529 Thread 0x0000000018a31000 Exception <a 'sun/nio/fs/WindowsException'> (0x00000000d6ff0270) thrown at [C:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u60\4407\hotspot\src\share\vm\prims\jni.cpp, line 709]
Event: 0.535 Thread 0x0000000018a31000 Implicit null exception at 0x0000000002442d96 to 0x00000000024430c1
Event: 1.702 Thread 0x0000000018a31000 Implicit null exception at 0x00000000023a3056 to 0x00000000023a3371
Event: 1.867 Thread 0x00000000192f0800 Exception <a 'java/lang/ClassNotFoundException': sun/net/www/protocol/data/Handler> (0x00000000d8fc4070) thrown at [C:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u60\4407\hotspot\src\share\vm\classfile\systemDictionary.cpp, line 210]
Event: 1.871 Thread 0x00000000192f0800 Exception <a 'java/lang/ClassNotFoundException': sun/net/www/protocol/data/Handler> (0x00000000d8fce2a0) thrown at [C:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u60\4407\hotspot\src\share\vm\classfile\systemDictionary.cpp, line 210]
Event: 2.092 Thread 0x0000000019285800 Exception <a 'sun/nio/fs/WindowsException'> (0x00000000da875518) thrown at [C:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u60\4407\hotspot\src\share\vm\prims\jni.cpp, line 709]

Events (10 events):
Event: 2.309 loading class sun/net/www/protocol/http/EmptyInputStream
Event: 2.309 loading class sun/net/www/protocol/http/EmptyInputStream done
Event: 2.309 loading class com/sun/webkit/network/URLLoader$Redirect
Event: 2.309 loading class com/sun/webkit/network/URLLoader$Redirect done
Event: 2.312 loading class com/sun/webkit/network/URLLoader
Event: 2.312 loading class com/sun/webkit/network/URLLoader done
Event: 2.314 Thread 0x0000000019288800 Thread added: 0x0000000019288800
Event: 2.315 Thread 0x0000000019287000 Thread added: 0x0000000019287000
Event: 2.316 Thread 0x0000000019288800 Thread exited: 0x0000000019288800
Event: 2.316 Thread 0x0000000019287000 Thread exited: 0x0000000019287000


Dynamic libraries:
0x00007ff782e00000 - 0x00007ff782e37000 	F:\Programs\Java\jdk1.8.0_60\bin\java.exe
0x00007ffebd260000 - 0x00007ffebd40c000 	C:\Windows\SYSTEM32\ntdll.dll
0x00007ffebbe30000 - 0x00007ffebbf6e000 	C:\Windows\system32\KERNEL32.DLL
0x00007ffeba720000 - 0x00007ffeba835000 	C:\Windows\system32\KERNELBASE.dll
0x00007ffeb8ad0000 - 0x00007ffeb8b5e000 	C:\Windows\system32\apphelp.dll
0x00007ffe9ba70000 - 0x00007ffe9bac3000 	C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
0x00007ffebc990000 - 0x00007ffebca3a000 	C:\Windows\system32\msvcrt.dll
0x00007ffeba190000 - 0x00007ffeba1be000 	C:\Windows\SYSTEM32\SspiCli.dll
0x00007ffebcec0000 - 0x00007ffebcf14000 	C:\Windows\system32\SHLWAPI.dll
0x00007ffebc6b0000 - 0x00007ffebc827000 	C:\Windows\system32\USER32.dll
0x00007ffebc1d0000 - 0x00007ffebc364000 	C:\Windows\system32\ole32.dll
0x00007ffeba900000 - 0x00007ffebbe19000 	C:\Windows\system32\SHELL32.dll
0x00007ffeb9920000 - 0x00007ffeb9941000 	C:\Windows\SYSTEM32\USERENV.dll
0x00007ffebc3e0000 - 0x00007ffebc48a000 	C:\Windows\system32\ADVAPI32.dll
0x00007ffeb3a60000 - 0x00007ffeb3a7e000 	C:\Windows\SYSTEM32\MPR.dll
0x00007ffebc830000 - 0x00007ffebc971000 	C:\Windows\system32\RPCRT4.dll
0x00007ffebd130000 - 0x00007ffebd189000 	C:\Windows\SYSTEM32\sechost.dll
0x00007ffebc490000 - 0x00007ffebc6a1000 	C:\Windows\SYSTEM32\combase.dll
0x00007ffebcfe0000 - 0x00007ffebd12f000 	C:\Windows\system32\GDI32.dll
0x00007ffeba3c0000 - 0x00007ffeba3d5000 	C:\Windows\SYSTEM32\profapi.dll
0x00007ffeb89a0000 - 0x00007ffeb8a52000 	C:\Windows\SYSTEM32\SHCORE.dll
0x00007ffebcba0000 - 0x00007ffebcbd6000 	C:\Windows\system32\IMM32.DLL
0x00007ffebca40000 - 0x00007ffebcb92000 	C:\Windows\system32\MSCTF.dll
0x00007ffeb8080000 - 0x00007ffeb82fa000 	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll
0x0000000072450000 - 0x0000000072522000 	F:\Programs\Java\jdk1.8.0_60\jre\bin\msvcr100.dll
0x00000000707f0000 - 0x0000000071079000 	F:\Programs\Java\jdk1.8.0_60\jre\bin\server\jvm.dll
0x00007ffeaab20000 - 0x00007ffeaab29000 	C:\Windows\SYSTEM32\WSOCK32.dll
0x00007ffeac240000 - 0x00007ffeac262000 	C:\Windows\SYSTEM32\WINMM.dll
0x00007ffeb3a40000 - 0x00007ffeb3a4a000 	C:\Windows\SYSTEM32\VERSION.dll
0x00007ffeba8f0000 - 0x00007ffeba8f7000 	C:\Windows\system32\PSAPI.DLL
0x00007ffebcbe0000 - 0x00007ffebcc3a000 	C:\Windows\system32\WS2_32.dll
0x00007ffeac180000 - 0x00007ffeac1aa000 	C:\Windows\SYSTEM32\WINMMBASE.dll
0x00007ffebbe20000 - 0x00007ffebbe29000 	C:\Windows\system32\NSI.dll
0x00007ffeba490000 - 0x00007ffeba4df000 	C:\Windows\SYSTEM32\cfgmgr32.dll
0x00007ffeb91d0000 - 0x00007ffeb91f8000 	C:\Windows\SYSTEM32\DEVOBJ.dll
0x0000000072400000 - 0x000000007240f000 	F:\Programs\Java\jdk1.8.0_60\jre\bin\verify.dll
0x0000000071c60000 - 0x0000000071c89000 	F:\Programs\Java\jdk1.8.0_60\jre\bin\java.dll
0x00000000723e0000 - 0x00000000723f6000 	F:\Programs\Java\jdk1.8.0_60\jre\bin\zip.dll
0x00007ffe9b360000 - 0x00007ffe9b44f000 	F:\Programs\Java\jdk1.8.0_60\jre\bin\msvcr120.dll
0x00007ffe9ab60000 - 0x00007ffe9ac06000 	F:\Programs\Java\jdk1.8.0_60\jre\bin\msvcp120.dll
0x0000000071940000 - 0x0000000071963000 	F:\Programs\Java\jdk1.8.0_60\jre\bin\prism_d3d.dll
0x00007ffe9d300000 - 0x00007ffe9d521000 	C:\Windows\system32\d3d9.dll
0x00007ffeb87a0000 - 0x00007ffeb87c1000 	C:\Windows\SYSTEM32\dwmapi.dll
0x00007ffeb9030000 - 0x00007ffeb9159000 	C:\Windows\system32\uxtheme.dll
0x00007ffe92e70000 - 0x00007ffe93a90000 	C:\Windows\SYSTEM32\igdumd64.dll
0x0000000071460000 - 0x00000000714a3000 	F:\Programs\Java\jdk1.8.0_60\jre\bin\glass.dll
0x00007ffebd1a0000 - 0x00007ffebd256000 	C:\Windows\system32\COMDLG32.dll
0x00007ffebcc40000 - 0x00007ffebcd01000 	C:\Windows\system32\OLEAUT32.dll
0x00007ffeb9200000 - 0x00007ffeb920b000 	C:\Windows\SYSTEM32\kernel.appcore.dll
0x00007ffeba230000 - 0x00007ffeba23b000 	C:\Windows\SYSTEM32\CRYPTBASE.dll
0x00007ffeba1c0000 - 0x00007ffeba223000 	C:\Windows\SYSTEM32\bcryptPrimitives.dll
0x000000006e260000 - 0x00000000707ed000 	F:\Programs\Java\jdk1.8.0_60\jre\bin\jfxwebkit.dll
0x00007ffeb9bf0000 - 0x00007ffeb9c10000 	C:\Windows\SYSTEM32\CRYPTSP.dll
0x00007ffeb9810000 - 0x00007ffeb9846000 	C:\Windows\system32\rsaenh.dll
0x00007ffeb9e80000 - 0x00007ffeb9ea6000 	C:\Windows\SYSTEM32\bcrypt.dll
0x0000000071920000 - 0x0000000071934000 	F:\Programs\Java\jdk1.8.0_60\jre\bin\javafx_font.dll
0x00007ffeb7430000 - 0x00007ffeb761c000 	C:\Windows\SYSTEM32\dwrite.dll
0x0000000071c40000 - 0x0000000071c5a000 	F:\Programs\Java\jdk1.8.0_60\jre\bin\net.dll
0x00007ffeb9b90000 - 0x00007ffeb9be9000 	C:\Windows\system32\mswsock.dll
0x0000000071c20000 - 0x0000000071c31000 	F:\Programs\Java\jdk1.8.0_60\jre\bin\nio.dll
0x00000000719a0000 - 0x00000000719c4000 	F:\Programs\Java\jdk1.8.0_60\jre\bin\sunec.dll
0x00007ffeb5630000 - 0x00007ffeb565a000 	C:\Windows\SYSTEM32\IPHLPAPI.DLL
0x00007ffeb5620000 - 0x00007ffeb562a000 	C:\Windows\SYSTEM32\WINNSI.DLL
0x00007ffeb53a0000 - 0x00007ffeb53b6000 	C:\Windows\SYSTEM32\dhcpcsvc6.DLL
0x00007ffeb5380000 - 0x00007ffeb539a000 	C:\Windows\SYSTEM32\dhcpcsvc.DLL
0x00007ffeb4c50000 - 0x00007ffeb4c65000 	C:\Windows\system32\napinsp.dll
0x00007ffeb4c70000 - 0x00007ffeb4c8a000 	C:\Windows\system32\pnrpnsp.dll
0x00007ffeb8060000 - 0x00007ffeb807b000 	C:\Windows\system32\NLAapi.dll
0x00007ffeb9990000 - 0x00007ffeb9a34000 	C:\Windows\SYSTEM32\DNSAPI.dll
0x00007ffeb4c90000 - 0x00007ffeb4c9d000 	C:\Windows\System32\winrnr.dll
0x00007ffeb56a0000 - 0x00007ffeb56aa000 	C:\Windows\System32\rasadhlp.dll
0x00007ffeb52c0000 - 0x00007ffeb532b000 	C:\Windows\System32\fwpuclnt.dll
0x00007ffeb6c20000 - 0x00007ffeb6da9000 	C:\Windows\SYSTEM32\dbghelp.dll

VM Arguments:
jvm_args: -Dfile.encoding=UTF-8 
java_command: webrobot.Bug
java_class_path (initial): C:\java\WebRobot\lib\javax.mail.jar;C:\java\WebRobot\lib\mysql-connector-java-5.1.36-bin.jar;C:\java\WebRobot\build\classes
Launcher Type: SUN_STANDARD

Environment Variables:
PATH=C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\;C:\Program Files\Microsoft Windows Performance Toolkit\;F:\Programs\Git\cmd;C:\Program Files\TortoiseGit\bin;C:\www\op-recovery\Sikuli\libs
USERNAME=ivan
OS=Windows_NT
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel



---------------  S Y S T E M  ---------------

OS: Windows 8.1 , 64 bit Build 9600 (6.3.9600.17415)

CPU:total 4 (4 cores per cpu, 1 threads per core) family 6 model 42 stepping 7, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3, sse4.1, sse4.2, popcnt, avx, aes, clmul, tsc, tscinvbit

Memory: 4k page, physical 8303732k(2038140k free), swap 10797280k(2397968k free)

vm_info: Java HotSpot(TM) 64-Bit Server VM (25.60-b23) for windows-amd64 JRE (1.8.0_60-b27), built on Aug  4 2015 11:06:27 by "java_re" with MS VC++ 10.0 (VS2010)

time: Tue Oct 06 10:55:08 2015
elapsed time: 2 seconds (0d 0h 0m 2s)

REPRODUCIBILITY :
This bug can be reproduced often.

---------- BEGIN SOURCE ----------
package webrobot;

import javafx.application.Application;
import javafx.scene.Scene;
import javafx.scene.web.WebEngine;
import javafx.scene.web.WebView;
import javafx.stage.Stage;

public class Bug extends Application {

   private final WebView web = new WebView();
   private final WebEngine engine = web.getEngine();

   public static void main ( String[] args ) {
      launch( args );
   }

   @Override public void start ( Stage primaryStage ) {
      primaryStage.setScene( new Scene( web ) );
      engine.documentProperty().addListener( ( val, old, now ) -> {
         System.out.println( "Document changed to " + now );
         if ( now == null ) return;
         engine.executeScript( "document.getElementById('login-username').form.submit();" ); // Crash here
         System.out.println( "OK, didn't crash" );
      });
      engine.load( "https://login.yahoo.com/config/login_verify2?.intl=hk&.done=https:%2F%2Fgemini.yahoo.com%2Fadvertiser%2Faccounts" );
   }
}
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Displaying the Stage before loading the site will stop the error from happening.

Alternatively, fall back to an older JRE version, such as 1.8u40.


Comments
Changeset: 3ccf14ef836f Author: ghb Date: 2016-02-24 17:32 +0530 URL: http://hg.openjdk.java.net/openjfx/9-dev/rt/rev/3ccf14ef836f 8139114: WebView crashes on Yahoo login page Reviewed-by: kcr
24-02-2016

version .03 looks good. +1
24-02-2016

Updated webrev http://cr.openjdk.java.net/~ghb/8139114/webrev.03/
24-02-2016

+ if ((m_documentLoader->frame() && m_documentLoader->frame()->loader().state() == FrameStateProvisional) && + (m_resource->type() != CachedResource::Type::MainResource)) surround the body of this "if" statement (the if-then-else) with curly braces? Otherwise, it looks good to me. Let me know if you want me to test it.
23-02-2016

@Kevin, [~aprasad] Thanks for the review, comments incorporated and its Updated webrev http://cr.openjdk.java.net/~ghb/8139114/webrev.02/ Tested on Windows with moxietest.zip (Test application 10 times) and also with attached test application for 10 min. Didn't observed the crash. Note: this crash occurs only on Windows and not on Linux and OS X (tested on all 3 platform).
22-02-2016

I think the closing paren in the following: if ((m_documentLoader->frame() && m_documentLoader->frame()->loader().state()) == FrameStateProvisional should be after the == test -- otherwise you are testing a boolean 0 or 1 against FrameStateProvisional
22-02-2016

updated webrev : http://cr.openjdk.java.net/~ghb/8139114/webrev.01/ Attaching reduced test app which loads sites with a given list. While testing the sequence of webpage (as in the test app) caused a crash with image resource. Updated the m_document checking for NULL to Image resource as well to avoid the crash.
21-02-2016

Crash occurs in test application on loading from S1 to S2 with status of Succeded status and crash is not always. To test on Other port i have to create a similar application assuming their WebView (or similar API) gives call back to Succeded status and load this S2. Will try to create a GTK test app and test against the r164362 if time permits. as mentioned earlier below is the call stack were S1's script load request is triggerd, just after WebEngine.load(S2) is returned WebCore::CachedResourceLoader::canRequest(WebCore::CachedResource::Type type, const WebCore::URL & url, const WebCore::ResourceLoaderOptions & options, bool forPreload) Line 304 C++ WebCore::CachedResourceLoader::requestResource(WebCore::CachedResource::Type type, WebCore::CachedResourceRequest & request) Line 436 C++ WebCore::CachedResourceLoader::requestScript(WebCore::CachedResourceRequest & request) Line 223 C++ WebCore::ScriptElement::requestScript(const WTF::String & sourceUrl) Line 267 C++ WebCore::ScriptElement::prepareScript(const WTF::TextPosition & scriptStartPosition, WebCore::ScriptElement::LegacyTypeSupport supportLegacyTypes) Line 217 C++ WebCore::ScriptElement::insertedInto(WebCore::ContainerNode & insertionPoint) Line 87 C++ WebCore::HTMLScriptElement::insertedInto(WebCore::ContainerNode & insertionPoint) Line 77 C++ WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoDocument(WebCore::Node & node) Line 200 C++ WebCore::ChildNodeInsertionNotifier::notify(WebCore::Node & node) Line 228 C++ WebCore::ContainerNode::updateTreeAfterInsertion(WebCore::Node & child) Line 1061 C++ WebCore::ContainerNode::appendChild(WTF::PassRefPtr<WebCore::Node> newChild, int & ec) Line 724 C++ WebCore::Node::appendChild(WTF::PassRefPtr<WebCore::Node> newChild, int & ec) Line 452 C++ WebCore::JSNode::appendChild(JSC::ExecState * exec) Line 164 C++ WebCore::jsNodePrototypeFunctionAppendChild(JSC::ExecState * exec) Line 637 C++ JSC::LLInt::CLoop::execute(JSC::OpcodeID entryOpcodeID, void * executableAddress, JSC::VM * vm, JSC::ProtoCallFrame * protoCallFrame, bool isInitializationPass) Line 7025 C++ callToJavaScript(void * executableAddress, JSC::VM * vm, JSC::ProtoCallFrame * protoCallFrame) Line 101 C++ JSC::JITCode::execute(JSC::VM * vm, JSC::ProtoCallFrame * protoCallFrame) Line 47 C++ JSC::Interpreter::execute(JSC::ProgramExecutable * program, JSC::ExecState * callFrame, JSC::JSObject * thisObj) Line 903 C++ JSC::evaluate(JSC::ExecState * exec, const JSC::SourceCode & source, JSC::JSValue thisValue, JSC::JSValue * returnedException) Line 84 C++ WebCore::JSMainThreadExecState::evaluate(JSC::ExecState * exec, const JSC::SourceCode & source, JSC::JSValue thisValue, JSC::JSValue * exception) Line 62 C++ WebCore::ScriptController::evaluateInWorld(const WebCore::ScriptSourceCode & sourceCode, WebCore::DOMWrapperWorld & world) Line 149 C++ WebCore::ScriptController::evaluate(const WebCore::ScriptSourceCode & sourceCode) Line 163 C++ WebCore::ScriptElement::executeScript(const WebCore::ScriptSourceCode & sourceCode) Line 307 C++ WebCore::ScriptElement::execute(WebCore::CachedScript * cachedScript) Line 327 C++ WebCore::ScriptRunner::timerFired(WebCore::Timer<WebCore::ScriptRunner> & timer) Line 120 C++
21-02-2016

@Guru, Is there any reason for not getting the crash on other WebKit ports.?
21-02-2016

Fix : http://cr.openjdk.java.net/~ghb/8139114/webrev.00/ SubresourceLoader::willSendRequest() is called before fetching network data. As explained earlier. current frame is in Provisonal state i.e Main page (Main resource) is yet to be loaded (committed state). If current webpage (which is about to be replaced) requests any sub-resource due to scheduled javascript execution triggers a new sub-resource request. Response to sub-resource should be validated against its corresponding CachedResourceLoader. Relation of objects and its life cycle Page - Frame - FrameLoader - DocumentLoader - CachedResourceLoader (MainResourcerequest and Subresource request) Page is consistent across WebView lifecycle (Single instance) Page has Atleast one Frame i.e MainFrame for any given webpage Every frame has FrameLoader which loads the frame with DocumentLoader (as for webpage HTML begins with atleast one single Document) Document loader uses CachedResourceLoader Every Documentloader is associated with a CachedResourceLoader Root cause of this defect (Assume S1 : http://www.gomoxie.com/products and S2 : http://www.gomoxie.com) 1. WebEngine.load(S1) Page(1)-Frame(1)-FrameLoader(1)-DocumentLoader(1)-CachedResourceLoader(1) 2. S1 has loaded Successfully 3. WebEngine.load(S2) page(1)-Frame(2)-FrameLoader(2) : ProvisionalState - DocumentLoader(NULL) : as main resource(data of S2) is yet to be received from network -Frame(2)-FrameLoader(1) : S1 commited state - DocumentLoader(1) FrameLoader will have 3 Document loader FrameLoader - Active (which is serving S2) Frameloader - Provisional (which is same as Active) FrameLoader - Commited (which is created on S1) and will be replaced once the Main resource loading is completed 4. WebCore::ScriptRunner>::fired() with the context of S1, N/W request created and ScriptElement::requestScript() and will request CachedResourceLoader with ref to "m_element->document().cachedResourceLoader()->requestScript(request);" 5. Before network context is established , URLLoader will ask SubresourceLoader::willSendRequest(...) and this request is revalidated with active FrameLoader(2)-DocumentLoader(NULL) Crash when trys to deref the DocumentLoader Solution : Check if FrameLoader is in ProvisionalState and the current network revalidation is not a MainResource. In this case, Pass the sub-resource request to commited documentLoader instead of active Documentloader Its highly impossible for a Frame which is not yet committed is going to load sub-resource. There are two place pointer are used , and these doesn't request NULL Check m_documentLoader->frame()->loader().state SubResourceLoader::m_documentLoader pointer is assigned in its constructor and Every frame has FrameLoader created in Frame Constructor m_documentLoader->frame()->loader().documentLoader()->cachedResourceLoader() Now that we have frame (s1 and S2) and loader.documentLoader() will ref to S1 instance Tested on Windows, Linux and OS X Note : Crash re-producible only on Windows As this is sensitive area, I have executed DRT on All 3 platform and didn't find any failures (new) with and without this fix.
21-02-2016

Webkit internally loads Main resource in three phase Provisional, Policy and committed (respective Frame state : FrameStateProvisional, FrameStateCommittedPage, FrameStateComplete) During page load of http://www.gomoxie.com , (i.e WebEngine.load(http://www.gomoxie.com)) . Current Main Frame in WebKit make the frame to Provisional state, Current Main resource is www.gomoxie.com and active and also its in Provisional state. a New request from existing (Completely loaded webpage www.gomoxie.com/products) JavaScript load request is triggered from a ScriptRunner timers. Network context (URLLoader) will always respond the request and response to active DocumentLoader, now script response will check ,'Can i load "https://s.adroll.com/pixel/..." to "www.gomoxie.com" instead of "www.gomoxie.com/products" DocumentLoader. Currently i have a fix which avoids crash in windows. Will have to test on other platform (Linux and OS X) and test with DRT (on all 3 platform).
20-02-2016

Root cause : 1. webview loads http://www.gomoxie.com/products 2. worker updates the status with SUCCEDDED 3. webview loads http://www.gomoxie.com/ 4. during initial network request of http://www.gomoxie.com/ , one the script which is used from www.gomoxie.com/products used for analytic is loaded. Script which is causing the delayed load or which loads during the state 4 is "https://s.adroll.com/pixel/" Work around : by adding delay during the 3rd step will reduce the chance of crash.
19-02-2016

I could re-produce the crash with the attached "MoxieTest".
28-01-2016

Tested with the test code provided in the description on 8u60 and also with latest version of JavaFX (with JDK 8u60, 8u66). Couldn't reproduce the defect locally on Windows , Linux and Mac (all 64 bit version). Tried entering the form(user id and password) on the yahoo page, received listener call backs without any crash. Will re-open this defect with valid use case.
24-11-2015