Bug 15178

Summary: REGRESSION: Unreproducible ASSERT removing icon from Icon Database
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: Page LoadingAssignee: Brady Eidson <beidson>
Status: RESOLVED FIXED    
Severity: Normal CC: beidson, mrowe
Priority: P1 Keywords: InRadar, Regression
Version: 523.x (Safari 3)   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
Two crash logs
none
Third crash log none

David Kilzer (:ddkilzer)
Reported 2007-09-11 09:30:27 PDT
* SUMMARY I've gotten an assertion failure twice so far in a debug build of WebKit r25488 with Safari 3 Public Beta v. 3.0.3 (522.12.1) on Mac OS X 10.4.10 (8R218). Haven't figured out how to reproduce it yet. Happens when I click on a link (apparently at the wrong time). * CONSOLE ASSERTION FAILED: iconID (/path/to/WebKit/WebCore/loader/icon/IconDatabase.cpp:1898 void WebCore::IconDatabase::removeIconFromSQLDatabase(const WebCore::String&)) Segmentation fault * CRASH LOG Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0xbbadbeef Thread 0: 0 libSystem.B.dylib 0x9000b348 mach_msg_trap + 8 1 libSystem.B.dylib 0x9000b29c mach_msg + 60 2 com.apple.CoreFoundation 0x907ddba8 __CFRunLoopRun + 832 3 com.apple.CoreFoundation 0x907dd4ac CFRunLoopRunSpecific + 268 4 com.apple.HIToolbox 0x9329bb20 RunCurrentEventLoopInMode + 264 5 com.apple.HIToolbox 0x9329b1b4 ReceiveNextEventCommon + 380 6 com.apple.HIToolbox 0x9329b020 BlockUntilNextEventMatchingListInMode + 96 7 com.apple.AppKit 0x937a1ae4 _DPSNextEvent + 384 8 com.apple.AppKit 0x937a17a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 9 com.apple.Safari 0x00006770 0x1000 + 22384 10 com.apple.AppKit 0x9379dcec -[NSApplication run] + 472 11 com.apple.AppKit 0x9388e87c NSApplicationMain + 452 12 com.apple.Safari 0x0000244c 0x1000 + 5196 13 com.apple.Safari 0x0004f1b0 0x1000 + 319920 Thread 1 Crashed: 0 com.apple.WebCore 0x01383438 WebCore::IconDatabase::removeIconFromSQLDatabase(WebCore::String const&) + 248 (IconDatabase.cpp:1898) 1 com.apple.WebCore 0x01383a0c WebCore::IconDatabase::writeIconSnapshotToSQLDatabase(WebCore::IconSnapshot const&) + 360 (IconDatabase.cpp:1938) 2 com.apple.WebCore 0x01386bf0 WebCore::IconDatabase::writeToDatabase() + 740 (IconDatabase.cpp:1478) 3 com.apple.WebCore 0x01388a00 WebCore::IconDatabase::syncThreadMainLoop() + 296 (IconDatabase.cpp:1285) 4 com.apple.WebCore 0x0138a708 WebCore::IconDatabase::iconDatabaseSyncThread() + 1596 (IconDatabase.cpp:975) 5 com.apple.WebCore 0x0138a760 WebCore::IconDatabase::iconDatabaseSyncThreadStart(void*) + 40 (IconDatabase.cpp:881) 6 libSystem.B.dylib 0x9002bd08 _pthread_body + 96
Attachments
Two crash logs (59.18 KB, text/plain)
2007-09-11 09:33 PDT, David Kilzer (:ddkilzer) 		no flags
Details
Third crash log (21.10 KB, text/plain)
2007-09-12 06:26 PDT, David Kilzer (:ddkilzer) 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2007-09-11 09:33:05 PDT
Created attachment 16256 [details] Two crash logs
David Kilzer (:ddkilzer)
Comment 2 2007-09-11 09:46:21 PDT
<rdar://problem/5474001>
Mark Rowe (bdash)
Comment 3 2007-09-11 09:58:19 PDT
I think we may need some more uppercase letters in the title.
David Kilzer (:ddkilzer)
Comment 4 2007-09-11 10:05:14 PDT
(In reply to comment #3) > I think we may need some more uppercase letters in the title. SORRY. :)
Brady Eidson
Comment 5 2007-09-11 10:05:31 PDT
Yes, the title drove me nutso enough to change it. Dave, were you running old Safari side-by-side with ToT WebKit? That case is known to have problems because the old WebKit overwrites the DB schema causing ToT to fail in it's DB operations. If that is not the case, we need something more reproducible, I fear... =/
David Kilzer (:ddkilzer)
Comment 6 2007-09-11 10:09:01 PDT
(In reply to comment #5) > Dave, were you running old Safari side-by-side with ToT WebKit? That case is > known to have problems because the old WebKit overwrites the DB schema causing > ToT to fail in it's DB operations. Define "old Safari". Do you mean a 2.0.x-vintage Safari or a 3.0.x-beta-vintage Safari? Was there not enough config info in Comment #0? > I've gotten an assertion failure twice so far in a debug build of WebKit r25488 > with Safari 3 Public Beta v. 3.0.3 (522.12.1) on Mac OS X 10.4.10 (8R218).
David Kilzer (:ddkilzer)
Comment 7 2007-09-11 10:09:30 PDT
(In reply to comment #5) > If that is not the case, we need something more reproducible, I fear... =/ Is Bug 15179 related?
Brady Eidson
Comment 8 2007-09-11 10:24:23 PDT
What I meant was were you running Safari with ToT WebKit at the SAME TIME as a "stock" Safari - in this case Safari 3.0.3 Beta? Two Safari's at once. Is what I meant. :)
David Kilzer (:ddkilzer)
Comment 9 2007-09-11 10:58:25 PDT
(In reply to comment #8) > What I meant was were you running Safari with ToT WebKit at the SAME TIME as a > "stock" Safari - in this case Safari 3.0.3 Beta? > > Two Safari's at once. Is what I meant. :) Oh, yes, I may have started up Safari 2.0.4 to test something at the same time. Will close for now and reopen if I see this again without launching/quitting Safari 2.0.4 at the same time.
David Kilzer (:ddkilzer)
Comment 10 2007-09-12 06:25:47 PDT
I had another instance of this crash happen again. Still don't know what the trigger point is. Will bad things happen in a release build when iconID is null?
David Kilzer (:ddkilzer)
Comment 11 2007-09-12 06:26:15 PDT
Created attachment 16263 [details] Third crash log
David Kilzer (:ddkilzer)
Comment 12 2007-09-12 06:33:11 PDT
(In reply to comment #10) > I had another instance of this crash happen again. Still don't know what the > trigger point is. Will bad things happen in a release build when iconID is > null? No, the current code will LOG() and return early. It would be nice if I could enable some kind of icon database consistency checking in a debug build to catch the problem earlier.
David Kilzer (:ddkilzer)
Comment 13 2007-09-17 13:49:09 PDT
I believe this happens if scrolling occurs (mouse wheel only?) at the "wrong" time after a page load. I haven't figured out how to reproduce it reliably, though.
David Kilzer (:ddkilzer)
Comment 14 2007-09-19 07:56:14 PDT
Fixed by Brady in r25604.
Note You need to log in before you can comment on or make changes to this bug.