Bug 81453

Summary: Actual crash (not assertion failure) underneath WebFrameProxy::removeChild on Lion Intel Debug WebKit2 testers
Product: WebKit Reporter: Jessie Berlin <jberlin>
Component: WebKit2Assignee: Alexey Proskuryakov <ap>
Status: RESOLVED WORKSFORME    
Severity: Normal CC: abarth, andersca, ap, beidson, cgarcia, gustavo, jberlin, menard, sam, webkit-bug-importer, webkit.review.bot, zoltan
Priority: P2 Keywords: InRadar, LayoutTestFailure, MakingBotsRed, Regression
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
URL: http://build.webkit.org/results/Lion%20Intel%20Debug%20(WebKit2%20Tests)/r111114%20(5002)/fast/frames/iframe-reparenting-crash-log.txt
Bug Depends on: 81590    
Bug Blocks:    
Attachments:
Description Flags
proposed fix beidson: review+

Jessie Berlin
Reported 2012-03-17 12:04:47 PDT
http://build.webkit.org/results/Lion%20Intel%20Debug%20(WebKit2%20Tests)/r111114%20(5002)/fast/frames/iframe-reparenting-crash-log.txt http://build.webkit.org/results/Lion%20Intel%20Debug%20(WebKit2%20Tests)/r111114%20(5002)/fast/events/before-unload-adopt-within-subframes-crash-log.txt Unfortunately, due to the state of our tests, I am not sure when this started. I do suspect fast/frames/iframe-reparenting.html and fast/events/before-unload-adopt-withing-subframes.html, but I have yet to verify that locally (don't have updated source but wanted to document this). Process: WebKitTestRunner [71009] Path: /Volumes/VOLUME/*/WebKitTestRunner Identifier: WebKitTestRunner Version: ??? (???) Code Type: X86-64 (Native) Parent Process: Python [70835] Date/Time: 2012-03-17 00:16:47.550 -0700 OS Version: Mac OS X 10.7.3 (11D50) Report Version: 9 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000040 VM Regions Near 0x40: --> __TEXT 000000010503f000-0000000105056000 [ 92K] r-x/rwx SM=COW /Volumes/VOLUME/* Application Specific Information: objc[71009]: garbage collection is OFF Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebKit2 0x0000000105268737 WebKit::WebFrameProxy::removeChild(WebKit::WebFrameProxy*) + 231 (type_traits:3028) 1 com.apple.WebKit2 0x00000001052688b2 WebKit::WebFrameProxy::didRemoveFromHierarchy() + 50 (WebFrameProxy.cpp:264) 2 com.apple.WebKit2 0x00000001052f0abc WebKit::WebPageProxy::didRemoveFrameFromHierarchy(unsigned long long, CoreIPC::ArgumentDecoder*) + 316 (WebPageProxy.cpp:1967) 3 com.apple.WebKit2 0x0000000105347a22 void CoreIPC::callMemberFunction<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long long, CoreIPC::ArgumentDecoder*), unsigned long long>(CoreIPC::Arguments1<unsigned long long> const&, CoreIPC::ArgumentDecoder*, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(unsigned long long, CoreIPC::ArgumentDecoder*)) + 146 (HandleMessage.h:230) 4 com.apple.WebKit2 0x00000001053396f7 void CoreIPC::handleMessageVariadic<Messages::WebPageProxy::DidRemoveFrameFromHierarchy, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long long, CoreIPC::ArgumentDecoder*)>(CoreIPC::ArgumentDecoder*, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(unsigned long long, CoreIPC::ArgumentDecoder*)) + 119 (HandleMessage.h:327) 5 com.apple.WebKit2 0x0000000105335b08 WebKit::WebPageProxy::didReceiveWebPageProxyMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) + 3016 (WebPageProxyMessageReceiver.cpp:258) 6 com.apple.WebKit2 0x00000001052ee23f WebKit::WebPageProxy::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) + 271 (WebPageProxy.cpp:1615) 7 com.apple.WebKit2 0x0000000105389be6 WebKit::WebProcessProxy::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) + 438 (WebProcessProxy.cpp:332) 8 com.apple.WebKit2 0x0000000105203735 WebKit::WebConnectionToWebProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) + 405 (WebConnectionToWebProcess.cpp:93) 9 com.apple.WebKit2 0x000000010520377d non-virtual thunk to WebKit::WebConnectionToWebProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) + 61 10 com.apple.WebKit2 0x000000010509ed2c CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 428 (Connection.cpp:692) 11 com.apple.WebKit2 0x00000001050a1883 CoreIPC::Connection::dispatchMessages() + 211 (Connection.cpp:720) 12 com.apple.WebKit2 0x00000001050a8990 WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>::operator()(CoreIPC::Connection*) + 112 (Functional.h:173) 13 com.apple.WebKit2 0x00000001050a8915 WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void ()(CoreIPC::Connection*)>::operator()() + 53 (Functional.h:373) 14 com.apple.WebCore 0x00000001087139cd WTF::Function<void ()()>::operator()() const + 141 (Functional.h:581) 15 com.apple.WebCore 0x0000000108713753 WebCore::RunLoop::performWork() + 147 (RunLoop.cpp:66) 16 com.apple.WebCore 0x0000000108714b70 WebCore::RunLoop::performWork(void*) + 96 (RunLoopMac.mm:65) 17 com.apple.CoreFoundation 0x00007fff8b9856e1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 18 com.apple.CoreFoundation 0x00007fff8b984f4d __CFRunLoopDoSources0 + 253 19 com.apple.CoreFoundation 0x00007fff8b9abd39 __CFRunLoopRun + 905 20 com.apple.CoreFoundation 0x00007fff8b9ab676 CFRunLoopRunSpecific + 230 21 com.apple.Foundation 0x00007fff8a8cdf9f -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 267 22 WebKitTestRunner 0x0000000105049ccc WTR::TestController::platformRunUntil(bool&, double) + 204 (TestControllerMac.mm:60) 23 WebKitTestRunner 0x00000001050455e5 WTR::TestController::runUntil(bool&, WTR::TestController::TimeoutDuration) + 149 (TestController.cpp:564) 24 WebKitTestRunner 0x000000010504547c WTR::TestController::resetStateToConsistentValues() + 1564 (TestController.cpp:487) 25 WebKitTestRunner 0x0000000105045626 WTR::TestController::runTest(char const*) + 54 (TestController.cpp:492) 26 WebKitTestRunner 0x0000000105045d72 WTR::TestController::runTestingServerLoop() + 178 (TestController.cpp:530) 27 WebKitTestRunner 0x00000001050443e0 WTR::TestController::run() + 48 (TestController.cpp:538) 28 WebKitTestRunner 0x00000001050430a6 WTR::TestController::TestController(int, char const**) + 614 (TestController.cpp:88) 29 WebKitTestRunner 0x0000000105042e33 WTR::TestController::TestController(int, char const**) + 35 (TestController.cpp:89) 30 WebKitTestRunner 0x0000000105040d8f main + 143 (main.mm:36) 31 WebKitTestRunner 0x0000000105040cf4 start + 52
Attachments
proposed fix (18.63 KB, patch)
2012-03-19 16:56 PDT, Alexey Proskuryakov 		beidson: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2012-03-17 12:05:06 PDT
<rdar://problem/11069393>
Alexey Proskuryakov
Comment 2 2012-03-19 16:56:47 PDT
Created attachment 132723 [details] proposed fix
Alexey Proskuryakov
Comment 3 2012-03-19 17:00:29 PDT
*** Bug 81525 has been marked as a duplicate of this bug. ***
WebKit Review Bot
Comment 4 2012-03-19 17:01:52 PDT
Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See http://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API
Brady Eidson
Comment 5 2012-03-19 17:11:27 PDT
Comment on attachment 132723 [details] proposed fix Yikes.
Alexey Proskuryakov
Comment 6 2012-03-19 20:20:10 PDT
And now it looks like the whole concept of magic frame is being removed today. Nice timing...
Adam Barth
Comment 7 2012-03-19 20:39:03 PDT
Do you want to land this, or should we wait to see if we remove magic iframe in the next couple of days?
Jessie Berlin
Comment 8 2012-03-19 20:51:44 PDT
(In reply to comment #7) > Do you want to land this, or should we wait to see if we remove magic iframe in the next couple of days? This patch an update the WK API struct, so Alexey has to make that change before he lands it. Is there still a question about whether or not we are going to remove "magic frames"? What is the timeline for removing it? We are trying to get the bots green as soon as possible ...
Alexey Proskuryakov
Comment 9 2012-03-19 20:54:38 PDT
I don't think that we should land this. We could skip the frame reparenting tests in WK2 for now. Do you expect to remove any tests? The current patch in bug 81590 doesn't touch any.
Adam Barth
Comment 10 2012-03-19 21:15:56 PDT
> Is there still a question about whether or not we are going to remove "magic frames"? What is the timeline for removing it? We are trying to get the bots green as soon as possible ... There seemed to be consensus on webkit-dev, so I think the timeline we're going to remove it relatively soon (as in, someone should feel free to R+ my patch and I can land it whenever). > We could skip the frame reparenting tests in WK2 for now. Do you expect to remove any tests? The current patch in bug 81590 doesn't touch any. I've updated the patch to remove the reparenting tests. I don't think there's much (any?) value in keeping them without the feature.
Adam Barth
Comment 11 2012-03-19 23:05:40 PDT
Support for "magic" iframe has been removed.
Alexey Proskuryakov
Comment 12 2012-03-19 23:10:03 PDT
All is well that ends well.
Note You need to log in before you can comment on or make changes to this bug.