Bug 109935

Summary: REGRESSION (r138858?!): Crash in WebCore::FrameLoader::~FrameLoader() when opening page in a background tab
Product: WebKit Reporter: Dieter Komendera <dieter>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: beidson, simon.fraser, thorton, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: OS X 10.8   
URL: http://www.featherrazorblades.com/
Attachments:
Description Flags
full crash report
none
patch
none
more descriptive
beidson: review+
fix a test
none
fix a test less beidson: review+

Dieter Komendera
Reported 2013-02-15 06:34:39 PST
Created attachment 188551 [details] full crash report Tested with Safari 6.0.2 with WebKit nightly r142980 on Mac OS X 10.8.2 To reproduce: * open http://www.featherrazorblades.com/ in a background tab (cmd+click) Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000001020a21b1 WebCore::FrameLoader::~FrameLoader() + 673 1 com.apple.WebCore 0x000000010209e8a1 WebCore::Frame::~Frame() + 465 2 com.apple.WebCore 0x00000001020be8f7 WebCore::FrameView::clearFrame() + 55 3 com.apple.WebCore 0x0000000101da4972 WebCore::CachedFrame::destroy() + 210 4 com.apple.WebCore 0x0000000101da4920 WebCore::CachedFrame::destroy() + 128 5 com.apple.WebCore 0x0000000101da7372 WebCore::CachedPage::destroy() + 34 6 com.apple.WebCore 0x0000000102681238 WebCore::PageCache::releaseAutoreleasedPagesNow() + 168 7 com.apple.WebCore 0x0000000102a1e54f WebCore::ThreadTimers::sharedTimerFiredInternal() + 175 8 com.apple.WebCore 0x00000001028ab2e3 WebCore::timerFired(__CFRunLoopTimer*, void*) + 51 9 com.apple.CoreFoundation 0x00007fff92e96da4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
Attachments
full crash report (59.01 KB, text/plain)
2013-02-15 06:34 PST, Dieter Komendera 		no flags
Details
patch (1.84 KB, patch)
2013-04-05 14:44 PDT, Tim Horton 		no flags
DetailsFormatted DiffDiff
more descriptive (2.27 KB, patch)
2013-04-05 15:09 PDT, Tim Horton 		beidson: review+
DetailsFormatted DiffDiff
fix a test (4.96 KB, patch)
2013-04-08 14:24 PDT, Tim Horton 		no flags
DetailsFormatted DiffDiff
fix a test less (4.56 KB, patch)
2013-04-08 14:26 PDT, Tim Horton 		beidson: review+
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2013-02-15 11:55:25 PST
I find it hard to believe, but bisecting blames <http://trac.webkit.org/changeset/138858> with no uncertainty.
Alexey Proskuryakov
Comment 2 2013-02-15 11:55:52 PST
<rdar://problem/13225963>
Simon Fraser (smfr)
Comment 3 2013-02-15 12:00:52 PST
In a debug build the UI process first asserts: ASSERTION FAILED: m_loadState == LoadStateFinished
Simon Fraser (smfr)
Comment 4 2013-02-15 12:12:47 PST
WebProcess hits: ASSERTION FAILED: !m_inProgress || m_frame->page() /Volumes/SSData/Development/OSX/webkit/OpenSource/Source/WebCore/loader/FrameLoader.cpp(178) : WebCore::FrameLoader::FrameProgressTracker::~FrameProgressTracker() 1 0x103d32cea WebCore::FrameLoader::FrameProgressTracker::~FrameProgressTracker() 2 0x103d32c85 WebCore::FrameLoader::FrameProgressTracker::~FrameProgressTracker() 3 0x103d32c4a void WTF::deleteOwnedPtr<WebCore::FrameLoader::FrameProgressTracker>(WebCore::FrameLoader::FrameProgressTracker*) 4 0x103d36588 WTF::OwnPtr<WebCore::FrameLoader::FrameProgressTracker>::~OwnPtr() 5 0x103d2de55 WTF::OwnPtr<WebCore::FrameLoader::FrameProgressTracker>::~OwnPtr() 6 0x103d1e1d5 WebCore::FrameLoader::~FrameLoader() 7 0x103d1e015 WebCore::FrameLoader::~FrameLoader() 8 0x103d11979 WebCore::Frame::~Frame() 9 0x103d11795 WebCore::Frame::~Frame() 10 0x1035d8859 WTF::RefCounted<WebCore::Frame>::deref() 11 0x1035d8805 void WTF::derefIfNotNull<WebCore::Frame>(WebCore::Frame*) 12 0x103bb0aec WTF::RefPtr<WebCore::Frame>::operator=(WebCore::Frame*) 13 0x103d497f6 WebCore::FrameView::clearFrame() 14 0x1036e1be0 WebCore::CachedFrame::destroy() 15 0x1036e1acb WebCore::CachedFrame::destroy() 16 0x1036edb6b WebCore::CachedPage::destroy() 17 0x1048e218f WebCore::PageCache::releaseAutoreleasedPagesNow() 18 0x1048e08d7 WebCore::PageCache::releaseAutoreleasedPagesNowDueToTimer(WebCore::Timer<WebCore::PageCache>*) 19 0x1048e5e13 WebCore::Timer<WebCore::PageCache>::fired() 20 0x105071ceb WebCore::ThreadTimers::sharedTimerFiredInternal() 21 0x105071a79 WebCore::ThreadTimers::sharedTimerFired() 22 0x104d95a73 WebCore::timerFired(__CFRunLoopTimer*, void*)
Brady Eidson
Comment 5 2013-02-15 12:45:33 PST
How does "opening a page in a background tab" cause a page cache cleanup to get triggered?
Simon Fraser (smfr)
Comment 6 2013-02-15 14:52:08 PST
http://www.featherrazorblades.com/ is using JS to load http://featherrazorblades.storenvy.com in _top I think
Tim Horton
Comment 7 2013-04-05 14:44:41 PDT
Created attachment 196684 [details] patch
Tim Horton
Comment 8 2013-04-05 15:09:13 PDT
Created attachment 196688 [details] more descriptive
Tim Horton
Comment 9 2013-04-08 14:24:44 PDT
Created attachment 196955 [details] fix a test
Tim Horton
Comment 10 2013-04-08 14:26:20 PDT
Created attachment 196956 [details] fix a test less
Tim Horton
Comment 11 2013-04-08 14:45:42 PDT
http://trac.webkit.org/changeset/147955
Note You need to log in before you can comment on or make changes to this bug.