Bug 12645

Summary: ASSERTION: Navigating 'back' in frameset: !_private->previousItem
Product: WebKit Reporter: Maciej Stachowiak <mjs>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal Keywords: InRadar
Priority: P1    
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   

Description Maciej Stachowiak 2007-02-06 23:18:37 PST 
2006-12-22 23:01:48 Geoff Garen:
* STEPS TO REPRODUCE
1. Load attached testcase.
2. Click google, then yahoo, then slashdot
3. Hit 'back'
--> assertion failure

2006-12-22 23:03:14 Geoff Garen:
ASSERTION FAILED: !_private->previousItem
(/Users/ggaren/Labyrinth/OpenSource/WebKit/WebView/WebFrame.mm:594 -[WebFrame(WebInternal) _recursiveGoToItem:fromItem:withLoadType:])
Program received signal:  "EXC_BAD_ACCESS".
(gdb) bt
#0  0x00436262 in -[WebFrame(WebInternal) _recursiveGoToItem:fromItem:withLoadType:] (self=0x170a0590, _cmd=0x90a836d8, item=0x17794080, fromItem=0x179b9f30, type=WebCore::FrameLoadTypeBack) at /Users/ggaren/Labyrinth/OpenSource/WebKit/WebView/WebFrame.mm:594
#1  0x004364e1 in -[WebFrame(WebInternal) _recursiveGoToItem:fromItem:withLoadType:] (self=0x2979080, _cmd=0x90a836d8, item=0x177b1450, fromItem=0x19170150, type=WebCore::FrameLoadTypeBack) at /Users/ggaren/Labyrinth/OpenSource/WebKit/WebView/WebFrame.mm:615
#2  0x00433d6e in -[WebFrame(WebInternal) _goToItem:withLoadType:] (self=0x2979080, _cmd=0x90a75f78, item=0x177b1450, type=WebCore::FrameLoadTypeBack) at /Users/ggaren/Labyrinth/OpenSource/WebKit/WebView/WebFrame.mm:639
#3  0x004643d4 in -[WebView(WebPrivate) _goToItem:withLoadType:] (self=0x2984120, _cmd=0x90a75f78, item=0x177b1450, type=WebFrameLoadTypeBack) at /Users/ggaren/Labyrinth/OpenSource/WebKit/WebView/WebView.mm:823
#4  0x0046a6c4 in -[WebView goBack] (self=0x2984120, _cmd=0x90aa7630) at /Users/ggaren/Labyrinth/OpenSource/WebKit/WebView/WebView.mm:2184
#5  0x0046cbd7 in -[WebView(WebIBActions) goBack:] (self=0x2984120, _cmd=0x90aa7638, sender=0x29322b0) at /Users/ggaren/Labyrinth/OpenSource/WebKit/WebView/WebView.mm:2776
#6  0x9335cd88 in -[NSApplication sendAction:to:from:] ()
#7  0x00024d52 in -[BrowserApplication sendAction:to:from:] (self=0x2922910, _cmd=0x90abf2ac, theAction=0x90aa7638, theTarget=0x0, sender=0x29322b0) at /Users/ggaren/Labyrinth/Internal/WebBrowser/BrowserApplication.m:85
#8  0x9340ace7 in -[NSMenu performActionForItemAtIndex:] ()
#9  0x9340aa29 in -[NSCarbonMenuImpl performActionWithHighlightingForItemAtIndex:] ()
#10 0x9340a680 in -[NSMenu performKeyEquivalent:] ()
#11 0x9340a121 in -[NSApplication _handleKeyEquivalent:] ()
#12 0x9333dd87 in -[NSApplication sendEvent:] ()
#13 0x000250e1 in -[BrowserApplication sendEvent:] (self=0x2922910, _cmd=0x90abf484, event=0x19e5c830) at /Users/ggaren/Labyrinth/Internal/WebBrowser/BrowserApplication.m:137
#14 0x93268dfe in -[NSApplication run] ()
#15 0x9325cd2f in NSApplicationMain ()
#16 0x000bce0f in main (argc=1, argv=0xbffffb44) at /Users/ggaren/Labyrinth/Internal/WebBrowser/main.m:26
#17 0x000022e6 in _start ()
#18 0x0000220d in start ()
(gdb)

2007-01-02 14:39:45 Stephanie Lewis:
Safari BRB Reviewed

2007-01-02 19:50:26 Brady Eidson:
Same ASSERT reproduces in my BF rewrite, carried over from WebKit.  I am exploring now!

2007-01-02 19:52:50 Brady Eidson:
New Backtrace - 
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef
0x01397f80 in WebCore::FrameLoader::recursiveGoToItem (this=0x290a800, item=0x16460fe0, fromItem=0x162aead0, type=WebCore::FrameLoadTypeBack) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/FrameLoader.cpp:2928
2928            ASSERT(!m_previousHistoryItem);
(gdb) ba
#0  0x01397f80 in WebCore::FrameLoader::recursiveGoToItem (this=0x290a800, item=0x16460fe0, fromItem=0x162aead0, type=WebCore::FrameLoadTypeBack) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/FrameLoader.cpp:2928
#1  0x01398171 in WebCore::FrameLoader::recursiveGoToItem (this=0x285a600, item=0x16460a50, fromItem=0x162994d0, type=WebCore::FrameLoadTypeBack) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/FrameLoader.cpp:2948
#2  0x01398297 in WebCore::FrameLoader::goToItem (this=0x285a600, targetItem=0x16460a50, type=WebCore::FrameLoadTypeBack) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/FrameLoader.cpp:2899
#3  0x0119dc1c in WebCore::Page::goToItem (this=0x217b480, item=0x16460a50, type=WebCore::FrameLoadTypeBack) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/page/Page.cpp:132
#4  0x0119dcb7 in WebCore::Page::goBack (this=0x217b480) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/page/Page.cpp:108
#5  0x00465f71 in -[WebView goBack] (self=0x2177f90, _cmd=0x90aa8670) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebKit/WebView/WebView.mm:2158
#6  0x004683c7 in -[WebView(WebIBActions) goBack:] (self=0x2177f90, _cmd=0x90aa8678, sender=0x21b6090) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebKit/WebView/WebView.mm:2741
#7  0x000428ad in -[BrowserWindowController goBack:] (self=0x21996d0, _cmd=0x90aa8678, sender=0x21b6090) at /Volumes/Data/Users/bradeeoh/local_svn/Internal/WebBrowser/BrowserWindowController.m:470
#8  0x9336ad88 in -[NSApplication sendAction:to:from:] ()
#9  0x000250d4 in -[BrowserApplication sendAction:to:from:] (self=0x21203b0, _cmd=0x90ac02ec, theAction=0x90aa8678, theTarget=0x21996d0, sender=0x21b6090) at /Volumes/Data/Users/bradeeoh/local_svn/Internal/WebBrowser/BrowserApplication.m:85
#10 0x9336ace1 in -[NSControl sendAction:to:] ()
#11 0x9336ce91 in -[NSCell _sendActionFrom:] ()
#12 0x9337f671 in -[NSCell trackMouse:inRect:ofView:untilMouseUp:] ()
#13 0x9339d25d in -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:] ()
#14 0x9339cb0d in -[NSControl mouseDown:] ()
#15 0x00058831 in -[ButtonWithMenu mouseDown:] (self=0x21b6090, _cmd=0x90ab4a3c, event=0x1685e590) at /Volumes/Data/Users/bradeeoh/local_svn/Internal/WebBrowser/ButtonWithMenu.m:78
#16 0x9335a3af in -[NSWindow sendEvent:] ()
#17 0x000c2cd2 in -[Window sendEvent:] (self=0x21ae870, _cmd=0x90ac04c4, event=0x1685e590) at /Volumes/Data/Users/bradeeoh/local_svn/Internal/WebBrowser/Window.m:83
#18 0x9334c350 in -[NSApplication sendEvent:] ()
#19 0x00025463 in -[BrowserApplication sendEvent:] (self=0x21203b0, _cmd=0x90ac04c4, event=0x1685e590) at /Volumes/Data/Users/bradeeoh/local_svn/Internal/WebBrowser/BrowserApplication.m:137
#20 0x93276dfe in -[NSApplication run] ()
#21 0x9326ad2f in NSApplicationMain ()
#22 0x000bd36b in main (argc=2, argv=0xbffffc78) at /Volumes/Data/Users/bradeeoh/local_svn/Internal/WebBrowser/main.m:26

2007-01-02 19:59:44 Brady Eidson:
Note, can repro with only google->yahoo->back - the 3rd isn't necc.

2007-02-02 13:11:29 Brady Eidson:
After landing my BFL rewrite (a month ago now, just after my last comment) this still reproduces on the new code.
I'm exploring now.

2007-02-02 13:38:19 Brady Eidson:
On a whim, I reconstructed the attach frameset.html as an iframe test case, and it works just fine.  A few webkit cohorts on the couches here tell me that framesets and iframes are on in the frame tree the same way but there are other differences... I just hafta learn what those differences are - why is the iframe-case getting its BF history saved correctly but framesets aren't?

<rdar://problem/4900071>
Comment 1 mitz 2007-02-06 23:34:00 PST 

*** This bug has been marked as a duplicate of 6454 ***