167665 2017-01-31 13:57:30 -0800 com.apple.WebKit.WebContent.Development crashed in com.apple.WebCore: WebCore::FrameView::didDestroyRenderTree 2017-02-13 11:15:55 -0800 1 1 1 Unclassified WebKit WebCore Misc. WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=168237 InRadar P2 Normal --- 1 cdumez cdumez commit-queue dbates esprehn+autocc kangil.han kling rniwa webkit-bug-importer oldest_to_newest 1271876 0 cdumez 2017-01-31 13:57:30 -0800 com.apple.WebKit.WebContent.Development crashed in com.apple.WebCore: WebCore::FrameView::didDestroyRenderTree: ASSERTION FAILED: m_widgetsInRenderTree.isEmpty() OpenSource/Source/WebCore/page/FrameView.cpp(648) : void WebCore::FrameView::didDestroyRenderTree() 1 0x11182fa5d WTFCrash 2 0x114b0e7f4 WebCore::FrameView::didDestroyRenderTree() 3 0x1147328d7 WebCore::Document::destroyRenderTree() 4 0x114732fed WebCore::Document::prepareForDestruction() 5 0x11429fce9 WebCore::CachedFrame::destroy() 6 0x1142b0da9 WebCore::CachedPage::~CachedPage() 7 0x1142b0e95 WebCore::CachedPage::~CachedPage() 8 0x115dac5dc WebCore::PageCache::prune(WebCore::PruningReason) 9 0x115dac463 WebCore::PageCache::pruneToSizeNow(unsigned int, WebCore::PruningReason) 10 0x1164082d8 WebCore::Settings::setUsesPageCache(bool) 11 0x10c097f50 WebKit::WebPage::updatePreferences(WebKit::WebPreferencesStore const&) 12 0x10c0ab24a WebKit::WebPage::preferencesDidChange(WebKit::WebPreferencesStore const&) 13 0x10c11f746 void IPC::callMemberFunctionImpl<WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebPreferencesStore const&), std::__1::tuple<WebKit::WebPreferencesStore>, 0ul>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebPreferencesStore const&), std::__1::tuple<WebKit::WebPreferencesStore>&&, std::__1::integer_sequence<unsigned long, 0ul>) 14 0x10c11f5b8 void IPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebPreferencesStore const&), std::__1::tuple<WebKit::WebPreferencesStore>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebKit::WebPreferencesStore>&&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebPreferencesStore const&)) 15 0x10c112052 void IPC::handleMessage<Messages::WebPage::PreferencesDidChange, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebPreferencesStore const&)>(IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebPreferencesStore const&)) 16 0x10c10a604 WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) 17 0x10c0b092e WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 18 0x10c0b0974 non-virtual thunk to WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 19 0x10bacc4e8 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) 20 0x10c2ac4ed WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 21 0x10b9a9fd3 IPC::Connection::dispatchMessage(IPC::Decoder&) 22 0x10b99f6b8 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) 23 0x10b9aa5d0 IPC::Connection::dispatchOneMessage() 24 0x10b9c31ed IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() 25 0x10b9c3149 WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() 26 0x11185c1ae WTF::Function<void ()>::operator()() const 27 0x111877b2d WTF::RunLoop::performWork() 28 0x111878214 WTF::RunLoop::performWork(void*) 29 0x7fff9c4483b1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 30 0x7fff9c42963c __CFRunLoopDoSources0 31 0x7fff9c428b26 __CFRunLoopRun 1271877 1 cdumez 2017-01-31 13:57:53 -0800 <rdar://problem/30241193> 1271921 2 300267 cdumez 2017-01-31 15:11:52 -0800 Created attachment 300267 Patch 1271940 3 300267 kling 2017-01-31 15:31:41 -0800 Comment on attachment 300267 Patch Oh, nice approach Chris! Another thing that could also work is having callers pass the relevant FrameView* to destroyRenderTree(). I think the way you've done it here is great though. r=me 1271960 4 300267 commit-queue 2017-01-31 15:50:34 -0800 Comment on attachment 300267 Patch Clearing flags on attachment: 300267 Committed r211455: <http://trac.webkit.org/changeset/211455> 1271961 5 commit-queue 2017-01-31 15:50:39 -0800 All reviewed patches have been landed. Closing bug. 300267 2017-01-31 15:11:52 -0800 2017-01-31 15:50:34 -0800 Patch bug-167665-20170131150941.patch text/plain 3180 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMjExNDQ1CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggY2U1NmFiMTI0YmI2NDQ1 YmVhMTc5MDY3NzAzN2EwNTVlMzFlMjcwNy4uZTlhNjQ0YzM0ODQ1MGJhNmY5MTQ2ZmQ5N2ViOTQ2 ZjNiMzIyZTdmMyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDMwIEBACisyMDE3LTAxLTMxICBDaHJp cyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CisKKyAgICAgICAgY29tLmFwcGxlLldlYktpdC5X ZWJDb250ZW50LkRldmVsb3BtZW50IGNyYXNoZWQgaW4gY29tLmFwcGxlLldlYkNvcmU6IFdlYkNv cmU6OkZyYW1lVmlldzo6ZGlkRGVzdHJveVJlbmRlclRyZWUKKyAgICAgICAgaHR0cHM6Ly9idWdz LndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE2NzY2NQorICAgICAgICA8cmRhcjovL3Byb2Js ZW0vMzAyNDExOTM+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAg ICAgICAgV2hlbiBkZXN0cm95aW5nIGEgUGFnZUNhY2hlIGVudHJ5LCB3ZSB3b3VsZCBjYWxsIERv Y3VtZW50OjpwcmVwYXJlRnJvbURlc3RydWN0aW9uKCkKKyAgICAgICAgd2hpY2ggd291bGQgZGVz dHJveSB0aGUgcmVuZGVyIHRyZWUgYW5kIHRoZW4gY2FsbCBGcmFtZVZpZXc6OmRpZERlc3Ryb3lS ZW5kZXJUcmVlKCkuCisgICAgICAgIFdlIHdvdWxkIHNvbWV0aW1lcyBoaXQgdGhlIEFTU0VSVCht X3dpZGdldHNJblJlbmRlclRyZWUuaXNFbXB0eSgpKSBhc3NlcnRpb24gaW4KKyAgICAgICAgZGlk RGVzdHJveVJlbmRlclRyZWUoKS4gVGhpcyBpbmRpY2F0ZXMgdGhhdCB0aGVyZSBhcmUgc3RpbGwg UmVuZGVyV2lkZ2V0cyBhc3NvY2lhdGVkCisgICAgICAgIHdpdGggdGhlIEZyYW1lVmlldyBldmVu IHRob3VnaCB3ZSBjbGFpbSB3ZSBhbHJlYWR5IGRlc3Ryb3llZCB0aGUgcmVuZGVyIHRyZWUuCisK KyAgICAgICAgVGhlIHJlYXNvbiBmb3IgdGhpcyBpcyB0aGF0LCBpbiB0aGUgUGFnZUNhY2hlIGNv bnRleHQsIHRoZSB0b3AgZG9jdW1lbnQncyBmcmFtZSBpcworICAgICAgICByZXVzZWQgb24gbmF2 aWdhdGlvbiBhbmQgbWF5IG5vdCBiZSBhc3NvY2lhdGVkIHdpdGggYSBuZXcgZG9jdW1lbnQgdGhh dCBpcyBjdXJyZW50bHkKKyAgICAgICAgZGlzcGxheWVkLCBoYXMgYSByZW5kZXIgdHJlZSAoYW5k IHBvc3NpYmxlIFJlbmRlcldpZGdldHMpLiBUaGUgc29sdXRpb24gcHJvcG9zZWQgaXMKKyAgICAg ICAgdG8gc3RvcCBjYWxsaW5nIEZyYW1lVmlldzo6ZGlkRGVzdHJveVJlbmRlclRyZWUoKSBpbiBE b2N1bWVudDo6cHJlcGFyZUZyb21EZXN0cnVjdGlvbigpCisgICAgICAgIGlmIHRoZSBmcmFtZSdz IGRvY3VtZW50IGlzIG5vdCB8dGhpc3wuIFRoaXMgaGFwcGVucyB3aGVuIHRoZSBkb2N1bWVudCBp cyBkZXN0cm95ZWQKKyAgICAgICAgd2hpbGUgaW4gUGFnZUNhY2hlLiBXZSBkbyBub3Qgd2FudCB0 byBtZXNzIHdpdGggdGhlIGZyYW1lIC8gZnJhbWV2aWV3IGluIHRoaXMgY2FzZQorICAgICAgICBz aW5jZSB0aGV5IGFyZSBubyBsb25nZXIgYXNzb2NpYXRlZCB0byB0aGUgcHJlc2VudCBkb2N1bWVu dCBhbnltb3JlLgorCisgICAgICAgIE5vIG5ldyB0ZXN0cywgYWxyZWFkeSBjb3ZlcmVkIGJ5IGV4 aXN0aW5nIHRlc3RzIHdoaWNoIGN1cnJlbnRseSBjcmFzaCBmbGFraWx5LgorCisgICAgICAgICog ZG9tL0RvY3VtZW50LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OkRvY3VtZW50OjpkZXN0cm95UmVu ZGVyVHJlZSk6CisKIDIwMTctMDEtMzEgIFlvdWVubiBGYWJsZXQgIDx5b3Vlbm5AYXBwbGUuY29t PgogCiAgICAgICAgIFtXZWJSVENdIEFkZCBhIGxpYndlYnJ0YyBBdWRpb01vZHVsZSBzcGVjaWZp YyB0byBXZWJLaXQKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL2RvbS9Eb2N1bWVudC5jcHAg Yi9Tb3VyY2UvV2ViQ29yZS9kb20vRG9jdW1lbnQuY3BwCmluZGV4IGFmODZjNjRkZjJhODVjOTkz MWM3YzBlNDBiNWY4YmI5NGJiNTc1M2EuLmE2OTk1OGMyMzI4NDJkZTgwZGJhZDNlZDJiN2Q2YTBi OTViMTgxODUgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL2RvbS9Eb2N1bWVudC5jcHAKKysr IGIvU291cmNlL1dlYkNvcmUvZG9tL0RvY3VtZW50LmNwcApAQCAtMjIxMyw3ICsyMjEzLDggQEAg dm9pZCBEb2N1bWVudDo6ZGVzdHJveVJlbmRlclRyZWUoKQogICAgIEFTU0VSVChmcmFtZSgpLT52 aWV3KCkpOwogICAgIEFTU0VSVChwYWdlKCkpOwogCi0gICAgRnJhbWVWaWV3JiBmcmFtZVZpZXcg PSAqZnJhbWUoKS0+dmlldygpOworICAgIEZyYW1lVmlldyogZnJhbWVWaWV3ID0gZnJhbWUoKS0+ ZG9jdW1lbnQoKSA9PSB0aGlzID8gZnJhbWUoKS0+dmlldygpIDogbnVsbHB0cjsKKyAgICBBU1NF UlQoZnJhbWVWaWV3IHx8IHBhZ2VDYWNoZVN0YXRlKCkgPT0gSW5QYWdlQ2FjaGUpOwogCiAgICAg Ly8gUHJldmVudCBXaWRnZXQgdHJlZSBjaGFuZ2VzIGZyb20gY29tbWl0dGluZyB1bnRpbCB0aGUg UmVuZGVyVmlldyBpcyBkZWFkIGFuZCBnb25lLgogICAgIFdpZGdldEhpZXJhcmNoeVVwZGF0ZXNT dXNwZW5zaW9uU2NvcGUgc3VzcGVuZFdpZGdldEhpZXJhcmNoeVVwZGF0ZXM7CkBAIC0yMjI1LDcg KzIyMjYsOCBAQCB2b2lkIERvY3VtZW50OjpkZXN0cm95UmVuZGVyVHJlZSgpCiAKICAgICBkb2N1 bWVudFdpbGxCZWNvbWVJbmFjdGl2ZSgpOwogCi0gICAgZnJhbWVWaWV3LndpbGxEZXN0cm95UmVu ZGVyVHJlZSgpOworICAgIGlmIChmcmFtZVZpZXcpCisgICAgICAgIGZyYW1lVmlldy0+d2lsbERl c3Ryb3lSZW5kZXJUcmVlKCk7CiAKICNpZiBFTkFCTEUoRlVMTFNDUkVFTl9BUEkpCiAgICAgaWYg KG1fZnVsbFNjcmVlblJlbmRlcmVyKQpAQCAtMjI1Miw3ICsyMjU0LDggQEAgdm9pZCBEb2N1bWVu dDo6ZGVzdHJveVJlbmRlclRyZWUoKQogICAgIG1fdGV4dEF1dG9TaXplZE5vZGVzLmNsZWFyKCk7 CiAjZW5kaWYKIAotICAgIGZyYW1lVmlldy5kaWREZXN0cm95UmVuZGVyVHJlZSgpOworICAgIGlm IChmcmFtZVZpZXcpCisgICAgICAgIGZyYW1lVmlldy0+ZGlkRGVzdHJveVJlbmRlclRyZWUoKTsK IH0KIAogdm9pZCBEb2N1bWVudDo6cHJlcGFyZUZvckRlc3RydWN0aW9uKCkK