73183 2011-11-27 19:27:03 -0800 REGRESSION (r101201): Crash inside WebKit::WebInspector::didClose() when closing any tab 2011-12-02 12:32:24 -0800 1 1 1 Unclassified WebKit Web Inspector (Deprecated) 528+ (Nightly build) Mac (Intel) OS X 10.7 RESOLVED FIXED InRadar, Regression P1 Critical --- 1 kevin pfeldman artmeakin juanfc mitz mmcneil mrowe ossy pfeldman phiw2 svetloslav yurys oldest_to_newest 509540 0 kevin 2011-11-27 19:27:03 -0800 If I have more than one tab open and close one of the tabs. The WebProcess crashes and reloads the remaining tabs. Note that the Web Inspector isn't even open at the time when the crash occurs. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebKit2 0x0000000103c542a0 WebKit::WebInspector::didClose() + 18 1 com.apple.WebKit2 0x0000000103bdf814 WebKit::WebInspectorClient::inspectorDestroyed() + 18 2 com.apple.WebCore 0x0000000104587fc5 WebCore::InspectorController::inspectedPageDestroyed() + 85 3 com.apple.WebCore 0x000000010490eeed WebCore::Page::~Page() + 397 4 com.apple.WebKit2 0x0000000103be8db8 WTF::OwnPtr<WebCore::Page>::clear() + 36 5 com.apple.WebKit2 0x0000000103be2189 WebKit::WebPage::close() + 315 6 com.apple.WebKit2 0x0000000103baafd7 CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 175 7 com.apple.WebKit2 0x0000000103bac409 CoreIPC::Connection::dispatchMessages() + 147 8 com.apple.WebKit2 0x0000000103bc601b RunLoop::performWork() + 111 9 com.apple.WebKit2 0x0000000103bc6357 RunLoop::performWork(void*) + 75 10 com.apple.CoreFoundation 0x00007fff97b77b51 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 11 com.apple.CoreFoundation 0x00007fff97b773bd __CFRunLoopDoSources0 + 253 12 com.apple.CoreFoundation 0x00007fff97b9e1a9 __CFRunLoopRun + 905 13 com.apple.CoreFoundation 0x00007fff97b9dae6 CFRunLoopRunSpecific + 230 14 com.apple.HIToolbox 0x00007fff910003d3 RunCurrentEventLoopInMode + 277 15 com.apple.HIToolbox 0x00007fff9100763d ReceiveNextEventCommon + 355 16 com.apple.HIToolbox 0x00007fff910074ca BlockUntilNextEventMatchingListInMode + 62 17 com.apple.AppKit 0x00007fff8f2e03f1 _DPSNextEvent + 659 18 com.apple.AppKit 0x00007fff8f2dfcf5 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135 19 com.apple.AppKit 0x00007fff8f2dc62d -[NSApplication run] + 470 20 com.apple.WebKit2 0x0000000103bc6517 RunLoop::run() + 67 21 com.apple.WebKit2 0x0000000103c0c5d4 WebKit::WebProcessMain(WebKit::CommandLine const&) + 678 22 com.apple.WebKit2 0x0000000103bdfb19 WebKitMain + 285 23 com.apple.WebProcess 0x0000000103b6ee5f main + 219 24 com.apple.WebProcess 0x0000000103b6ed7c start + 52 509648 1 mrowe 2011-11-28 01:33:33 -0800 The immediate reason for this crash is: void WebInspectorClient::closeInspectorFrontend() { m_page->inspector()->didClose(); } m_page->inspector() is returning 0. 509652 2 mrowe 2011-11-28 01:38:15 -0800 And that happens because WebPage marks itself as closed in WebPage::close before the WebCore::Page is torn down. Does WebInspectorClient::inspectorDestroyed just need to grow a null check? 509670 3 116715 pfeldman 2011-11-28 02:05:43 -0800 Created attachment 116715 Patch 509675 4 116715 mrowe 2011-11-28 02:09:06 -0800 Comment on attachment 116715 Patch Given that ::inspector() is more than a trivial getter I think it’d be preferable to do: if (WebInspector* inspector = m_page->inspector()) inspector->didClose(); 509676 5 pfeldman 2011-11-28 02:09:59 -0800 Committed r101239: <http://trac.webkit.org/changeset/101239> 509707 6 pfeldman 2011-11-28 03:36:31 -0800 *** Bug 73188 has been marked as a duplicate of this bug. *** 509876 7 mrowe 2011-11-28 09:12:48 -0800 *** Bug 73223 has been marked as a duplicate of this bug. *** 509891 8 mitz 2011-11-28 09:44:10 -0800 <rdar://problem/10489008> 509898 9 mrowe 2011-11-28 09:49:04 -0800 *** Bug 73222 has been marked as a duplicate of this bug. *** 510811 10 ap 2011-11-29 08:54:22 -0800 *** Bug 73207 has been marked as a duplicate of this bug. *** 514010 11 ap 2011-12-02 12:32:24 -0800 *** Bug 73657 has been marked as a duplicate of this bug. *** 116715 2011-11-28 02:05:43 -0800 2011-11-28 02:09:06 -0800 Patch bug-73183-20111128140541.patch text/plain 1417 pfeldman U3VidmVyc2lvbiBSZXZpc2lvbjogMTAxMjMyCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKaW5kZXggNWU1N2FmYzA2MGQxYjNm NDZlYzgyM2NkOGJkOTVlODI0MmE4OWZmNC4uYjJmN2M3NGNiNGFhNGJhYmY5ZjQwZThmODZkOWQ0 MGY3N2RiMzEzZSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSwzICsxLDEzIEBACisyMDExLTExLTI4ICBQYXZl bCBGZWxkbWFuICA8cGZlbGRtYW5AY2hyb21pdW0ub3JnPgorCisgICAgICAgIFJFR1JFU1NJT04g KHIxMDEyMDEpOiBDcmFzaCBpbnNpZGUgV2ViS2l0OjpXZWJJbnNwZWN0b3I6OmRpZENsb3NlKCkg d2hlbiBjbG9zaW5nIGFueSB0YWIKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hv d19idWcuY2dpP2lkPTczMTgzCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISku CisKKyAgICAgICAgKiBXZWJQcm9jZXNzL1dlYkNvcmVTdXBwb3J0L1dlYkluc3BlY3RvckNsaWVu dC5jcHA6CisgICAgICAgIChXZWJLaXQ6OldlYkluc3BlY3RvckNsaWVudDo6Y2xvc2VJbnNwZWN0 b3JGcm9udGVuZCk6CisKIDIwMTEtMTEtMjggIEJhbGF6cyBLZWxlbWVuICA8a2JhbGF6c0B3ZWJr aXQub3JnPgogCiAgICAgICAgIFJldmlld2VkIGJ5IFNpbW9uIEhhdXNtYW5uLgpkaWZmIC0tZ2l0 IGEvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9XZWJDb3JlU3VwcG9ydC9XZWJJbnNwZWN0b3JD bGllbnQuY3BwIGIvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9XZWJDb3JlU3VwcG9ydC9XZWJJ bnNwZWN0b3JDbGllbnQuY3BwCmluZGV4IDU0YjQ3N2UwZjZhYTUxNWViMDc2OGZjYzQ2ZWQ2OWIx YTRmYjJhZDkuLmVhMTVjN2Y5MzIyOWFhN2NmY2U2ZGI2YWMzY2I5MWRiNTUyZDRlNjIgMTAwNjQ0 Ci0tLSBhL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvV2ViQ29yZVN1cHBvcnQvV2ViSW5zcGVj dG9yQ2xpZW50LmNwcAorKysgYi9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL1dlYkNvcmVTdXBw b3J0L1dlYkluc3BlY3RvckNsaWVudC5jcHAKQEAgLTUxLDcgKzUxLDggQEAgdm9pZCBXZWJJbnNw ZWN0b3JDbGllbnQ6Om9wZW5JbnNwZWN0b3JGcm9udGVuZChJbnNwZWN0b3JDb250cm9sbGVyKikK IAogdm9pZCBXZWJJbnNwZWN0b3JDbGllbnQ6OmNsb3NlSW5zcGVjdG9yRnJvbnRlbmQoKQogewot ICAgIG1fcGFnZS0+aW5zcGVjdG9yKCktPmRpZENsb3NlKCk7CisgICAgaWYgKG1fcGFnZS0+aW5z cGVjdG9yKCkpCisgICAgICAgIG1fcGFnZS0+aW5zcGVjdG9yKCktPmRpZENsb3NlKCk7CiB9CiAK IHZvaWQgV2ViSW5zcGVjdG9yQ2xpZW50OjpicmluZ0Zyb250ZW5kVG9Gcm9udCgpCg==