RESOLVED FIXED119781
[WK2] Assertion failure in WebCore::Page::checkSubframeCountConsistency when going back 
https://bugs.webkit.org/show_bug.cgi?id=119781
Summary [WK2] Assertion failure in WebCore::Page::checkSubframeCountConsistency when ...
ChangSeok Oh
Reported 2013-08-13 19:40:33 PDT
I faced this assertion failure when going back to a page which has multiple frames. The backtrace is ... Program received signal SIGSEGV, Segmentation fault. 0x00007ff42b9e9ee5 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:342 342 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ff42b9e9ee5 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:342 #1 0x00007ff42d7757f2 in WebCore::Page::checkSubframeCountConsistency ( this=0x1afc210) at ../../Source/WebCore/page/Page.cpp:1255 #2 0x00007ff42d3c9d02 in WebCore::Page::subframeCount (this=0x1afc210) at ../../Source/WebCore/page/Page.h:185 #3 0x00007ff42d74e152 in WebCore::Frame::isURLAllowed (this=0x3445710, url=...) at ../../Source/WebCore/page/Frame.cpp:1022 #4 0x00007ff42d489639 in WebCore::HTMLPlugInImageElement::allowedToLoadFrameURL ( this=0x374a410, url=...) at ../../Source/WebCore/html/HTMLPlugInImageElement.cpp:177 #5 0x00007ff42d44e09e in WebCore::HTMLEmbedElement::updateWidget (this=0x374a410, pluginCreationOption=WebCore::CreateOnlyNonNetscapePlugins) at ../../Source/WebCore/html/HTMLEmbedElement.cpp:137 #6 0x00007ff42d489d03 in WebCore::HTMLPlugInImageElement::updateWidgetIfNecessary ( this=0x374a410) at ../../Source/WebCore/html/HTMLPlugInImageElement.cpp:274 #7 0x00007ff42d489fc5 in WebCore::HTMLPlugInImageElement::updateWidgetCallback (n= 0x374a410) at ../../Source/WebCore/html/HTMLPlugInImageElement.cpp:331 #8 0x00007ff42d207b2a in WebCore::ContainerNode::dispatchPostAttachCallbacks () at ../../Source/WebCore/dom/ContainerNode.cpp:772 #9 0x00007ff42d207981 in WebCore::ContainerNode::resumePostAttachCallbacks ( this=0x3748570) at ../../Source/WebCore/dom/ContainerNode.cpp:739 #10 0x00007ff42d229d79 in WebCore::PostAttachCallbackDisabler::~PostAttachCallbackDisabler (this=0x7fffaa656620, __in_chrg=<optimized out>) at ../../Source/WebCore/dom/ContainerNode.h:345 #11 0x00007ff42d489bac in WebCore::HTMLPlugInImageElement::attach (this=0x3748570, context=...) at ../../Source/WebCore/html/HTMLPlugInImageElement.cpp:250 #12 0x00007ff42d2ff799 in WebCore::Node::reattach (this=0x3748570, context=...) at ../../Source/WebCore/dom/Node.h:811 #13 0x00007ff42da295d7 in WebCore::Style::resolveLocal (current=0x3748570, inheritedChange=WebCore::Style::Force) at ../../Source/WebCore/style/StyleResolveTree.cpp:152 #14 0x00007ff42da29b4b in WebCore::Style::resolveTree (current=0x3748570, change=WebCore::Style::Force) at ../../Source/WebCore/style/StyleResolveTree.cpp:236 #15 0x00007ff42d489f09 in WebCore::HTMLPlugInImageElement::documentDidResumeFromPageCache (this=0x3748570) at ../../Source/WebCore/html/HTMLPlugInImageElement.cpp:316 #16 0x00007ff42d2222b0 in WebCore::Document::documentDidResumeFromPageCache ( this=0x2be2f90) at ../../Source/WebCore/dom/Document.cpp:4023 #17 0x00007ff42d3c7d18 in WebCore::CachedFrameBase::restore (this=0x32ea688) at ../../Source/WebCore/history/CachedFrame.cpp:149 #18 0x00007ff42d6888b3 in WebCore::FrameLoader::open (this=0x3445790, cachedFrame=...) at ../../Source/WebCore/loader/FrameLoader.cpp:2023 ---Type <return> to continue, or q <return> to quit--- #19 0x00007ff42d3c82b8 in WebCore::CachedFrame::open (this=0x32ea680) at ../../Source/WebCore/history/CachedFrame.cpp:220 #20 0x00007ff42d3c7c1c in WebCore::CachedFrameBase::restore (this=0x21da638) at ../../Source/WebCore/history/CachedFrame.cpp:134 #21 0x00007ff42d6888b3 in WebCore::FrameLoader::open (this=0x1a39d20, cachedFrame=...) at ../../Source/WebCore/loader/FrameLoader.cpp:2023 #22 0x00007ff42d3c82b8 in WebCore::CachedFrame::open (this=0x21da630) at ../../Source/WebCore/history/CachedFrame.cpp:220 #23 0x00007ff42d3c9a75 in WebCore::CachedPage::restore (this=0x2ea4d40, page=0x1afc210) at ../../Source/WebCore/history/CachedPage.cpp:83 #24 0x00007ff42d687623 in WebCore::FrameLoader::commitProvisionalLoad (this=0x1a39d20) at ../../Source/WebCore/loader/FrameLoader.cpp:1742 #25 0x00007ff42d68d0ba in WebCore::FrameLoader::loadProvisionalItemFromCachedPage ( this=0x1a39d20) at ../../Source/WebCore/loader/FrameLoader.cpp:3040 #26 0x00007ff42d68bfdf in WebCore::FrameLoader::continueLoadAfterNavigationPolicy ( this=0x1a39d20, formState=..., shouldContinue=true) at ../../Source/WebCore/loader/FrameLoader.cpp:2882 #27 0x00007ff42d68b575 in WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy (argument=0x1a39d20, request=..., formState=..., shouldContinue=true) at ../../Source/WebCore/loader/FrameLoader.cpp:2718 #28 0x00007ff42d6b8029 in WebCore::PolicyCallback::call (this=0x7fffaa657010, shouldContinue=true) at ../../Source/WebCore/loader/PolicyCallback.cpp:103 #29 0x00007ff42d6b8f98 in WebCore::PolicyChecker::continueAfterNavigationPolicy ( this=0x1a39fa0, policy=WebCore::PolicyUse) at ../../Source/WebCore/loader/PolicyChecker.cpp:180 #30 0x00007ff42cecbc6a in WebKit::WebFrame::didReceivePolicyDecision (this=0x19f7230, listenerID=48, action=WebCore::PolicyUse, downloadID=0) at ../../Source/WebKit2/WebProcess/WebPage/WebFrame.cpp:234 #31 0x00007ff42cea321d in WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction (this=0x19f7268, function= (void (WebCore::PolicyChecker::*)(WebCore::PolicyChecker * const, WebCore::PolicyAction)) 0x7ff42d6b8d2e <WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction)>, navigationAction=..., request=..., formState=...) at ../../Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:708 #32 0x00007ff42d6b8951 in WebCore::PolicyChecker::checkNavigationPolicy ( this=0x1a39fa0, request=..., loader=0x3111780, formState=..., function=0x7ff42d68b526 <WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>, argument=0x1a39d20) at ../../Source/WebCore/loader/PolicyChecker.cpp:99 #33 0x00007ff42d685d40 in WebCore::FrameLoader::loadWithDocumentLoader ( this=0x1a39d20, loader=0x3111780, type=WebCore::FrameLoadTypeBack, prpFormState=...) at ../../Source/WebCore/loader/FrameLoader.cpp:1422 ---Type <return> to continue, or q <return> to quit--- #34 0x00007ff42d68d699 in WebCore::FrameLoader::loadDifferentDocumentItem ( this=0x1a39d20, item=0x1c58a50, loadType=WebCore::FrameLoadTypeBack, cacheLoadPolicy=WebCore::FrameLoader::MayAttemptCacheOnlyLoadForFormSubmissionItem) at ../../Source/WebCore/loader/FrameLoader.cpp:3135 #35 0x00007ff42d68dd17 in WebCore::FrameLoader::loadItem (this=0x1a39d20, item=0x1c58a50, loadType=WebCore::FrameLoadTypeBack) at ../../Source/WebCore/loader/FrameLoader.cpp:3223 #36 0x00007ff42d696f10 in WebCore::HistoryController::recursiveGoToItem ( this=0x1a3a240, item=0x1c58a50, fromItem=0x36dc950, type=WebCore::FrameLoadTypeBack) at ../../Source/WebCore/loader/HistoryController.cpp:765 #37 0x00007ff42d694fb2 in WebCore::HistoryController::goToItem (this=0x1a3a240, targetItem=0x1c58a50, type=WebCore::FrameLoadTypeBack) at ../../Source/WebCore/loader/HistoryController.cpp:306 #38 0x00007ff42d77245a in WebCore::Page::goToItem (this=0x1afc210, item=0x1c58a50, type=WebCore::FrameLoadTypeBack) at ../../Source/WebCore/page/Page.cpp:432 #39 0x00007ff42ced5db9 in WebKit::WebPage::goBack (this=0x1afbb60, backForwardItemID=3) at ../../Source/WebKit2/WebProcess/WebPage/WebPage.cpp:1036 #40 0x00007ff42cf3b903 in CoreIPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long), unsigned long> (args=..., object=0x1afbb60, function= (void (WebKit::WebPage::*)(WebKit::WebPage * const, unsigned long)) 0x7ff42ced5d28 <WebKit::WebPage::goBack(unsigned long)>) at ../../Source/WebKit2/Platform/CoreIPC/HandleMessage.h:21 #41 0x00007ff42cf38905 in CoreIPC::handleMessage<Messages::WebPage::GoBack, WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long)> (decoder=..., object=0x1afbb60, function= (void (WebKit::WebPage::*)(WebKit::WebPage * const, unsigned long)) 0x7ff42ced5d28 <WebKit::WebPage::goBack(unsigned long)>) at ../../Source/WebKit2/Platform/CoreIPC/HandleMessage.h:376 #42 0x00007ff42cf335be in WebKit::WebPage::didReceiveWebPageMessage (this=0x1afbb60, decoder=...) at DerivedSources/WebKit2/WebPageMessageReceiver.cpp:172 #43 0x00007ff42cedcaca in WebKit::WebPage::didReceiveMessage (this=0x1afbb60, connection=0x19934c0, decoder=...) at ../../Source/WebKit2/WebProcess/WebPage/WebPage.cpp:3179 #44 0x00007ff42e43450e in CoreIPC::MessageReceiverMap::dispatchMessage ( this=0x19c3df0, connection=0x19934c0, decoder=...) at ../../Source/WebKit2/Platform/CoreIPC/MessageReceiverMap.cpp:86 #45 0x00007ff42cef376d in WebKit::WebProcess::didReceiveMessage (this=0x19c3d90, connection=0x19934c0, decoder=...) at ../../Source/WebKit2/WebProcess/WebProcess.cpp:638 #46 0x00007ff42e423ea4 in CoreIPC::Connection::dispatchMessage (this=0x19934c0, decoder=...) at ../../Source/WebKit2/Platform/CoreIPC/Connection.cpp:793 ---Type <return> to continue, or q <return> to quit--- #47 0x00007ff42e423f84 in CoreIPC::Connection::dispatchMessage (this=0x19934c0, incomingMessage=...) at ../../Source/WebKit2/Platform/CoreIPC/Connection.cpp:816 #48 0x00007ff42e424195 in CoreIPC::Connection::dispatchOneMessage (this=0x19934c0) at ../../Source/WebKit2/Platform/CoreIPC/Connection.cpp:842 #49 0x00007ff42e43391f in WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>::operator() (this=0x7ff3d0001f90, c=0x19934c0) at ../../Source/WTF/wtf/Functional.h:218 #50 0x00007ff42e4334a4 in WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void (CoreIPC::Connection*)>::operator()() (this=0x7ff3d0001f80) at ../../Source/WTF/wtf/Functional.h:496 #51 0x00007ff42ceb4aed in WTF::Function<void ()>::operator()() const ( this=0x7fffaa658830) at ../../Source/WTF/wtf/Functional.h:704 #52 0x00007ff42e2f924f in WebCore::RunLoop::performWork (this=0x19c3c10) at ../../Source/WebCore/platform/RunLoop.cpp:104 #53 0x00007ff42e3198cc in WebCore::RunLoop::queueWork (runLoop=0x19c3c10) at ../../Source/WebCore/platform/gtk/RunLoopGtk.cpp:104 #54 0x00007ff426483fd5 in g_main_dispatch (context=0x19538c0) at gmain.c:3058 #55 g_main_context_dispatch (context=context@entry=0x19538c0) at gmain.c:3634 #56 0x00007ff426484318 in g_main_context_iterate (context=0x19538c0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3705 #57 0x00007ff42648478a in g_main_loop_run (loop=0x19c3c90) at gmain.c:3899 #58 0x00007ff42e319692 in WebCore::RunLoop::run () at ../../Source/WebCore/platform/gtk/RunLoopGtk.cpp:61 #59 0x00007ff42ce11d64 in WebKit::WebProcessMainGtk (argc=2, argv=0x7fffaa658b58) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:78 #60 0x000000000040080c in main (argc=2, argv=0x7fffaa658b58) at ../../Source/WebKit2/gtk/MainGtk.cpp:31
Attachments
Patch (5.44 KB, patch)
2013-08-14 10:50 PDT, ChangSeok Oh 		no flags
DetailsFormatted DiffDiff
Patch (5.50 KB, patch)
2013-08-14 11:01 PDT, ChangSeok Oh 		no flags
DetailsFormatted DiffDiff
Crash on mac (224.47 KB, image/png)
2013-08-15 07:36 PDT, ChangSeok Oh 		no flags
Details
Archive of layout-test-results from webkit-ews-02 for mac-mountainlion (976.14 KB, application/zip)
2013-08-15 10:26 PDT, Build Bot 		no flags
Details
Patch (5.94 KB, patch)
2013-08-16 00:53 PDT, ChangSeok Oh 		no flags
DetailsFormatted DiffDiff
Patch (5.55 KB, patch)
2013-08-16 01:08 PDT, ChangSeok Oh 		no flags
DetailsFormatted DiffDiff
Patch (5.60 KB, patch)
2013-08-18 04:43 PDT, ChangSeok Oh 		no flags
DetailsFormatted DiffDiff
Patch (5.40 KB, patch)
2013-09-06 20:51 PDT, ChangSeok Oh 		no flags
DetailsFormatted DiffDiff
Patch (5.44 KB, patch)
2013-09-06 21:18 PDT, ChangSeok Oh 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from webkit-ews-16 for mac-mountainlion-wk2 (1.09 MB, application/zip)
2013-09-07 00:05 PDT, Build Bot 		no flags
Details
Patch (5.98 KB, patch)
2013-09-08 20:59 PDT, ChangSeok Oh 		no flags
DetailsFormatted DiffDiff
Show Obsolete (7) View All Add attachment proposed patch, testcase, etc.
ChangSeok Oh
Comment 1 2013-08-14 10:50:35 PDT
Created attachment 208745 [details] Patch
ChangSeok Oh
Comment 2 2013-08-14 11:01:49 PDT
Created attachment 208746 [details] Patch
Brady Eidson
Comment 3 2013-08-14 11:18:35 PDT
Does your layout test reproduce in the main Mac port? We haven't seen this there.
Brady Eidson
Comment 4 2013-08-14 11:20:08 PDT
Comment on attachment 208746 [details] Patch This is a fundamental change for the page cache and I'm definitely not convinced this is the right fix without knowing more about the problem or how you arrived at this fix.
ChangSeok Oh
Comment 5 2013-08-14 22:22:16 PDT
(In reply to comment #4) > (From update of attachment 208746 [details]) > This is a fundamental change for the page cache and I'm definitely not convinced this is the right fix without knowing more about the problem or how you arrived at this fix. I've seen this in Gtk port now. Let me check other ports including mac port.
ChangSeok Oh
Comment 6 2013-08-15 07:36:17 PDT
Created attachment 208807 [details] Crash on mac (In reply to comment #3) > Does your layout test reproduce in the main Mac port? We haven't seen this there. Yes. it does. I confirmed mac port has the crash. Run go-back-to-iframe-with-plugin.html with debug build. EFL port seems not supporting flash plugin properly so I could not test it. I don't see the qt port yet. But very sure the crash is still there.
Build Bot
Comment 7 2013-08-15 10:26:38 PDT
Comment on attachment 208746 [details] Patch Attachment 208746 [details] did not pass mac-ews (mac): Output: http://webkit-queues.appspot.com/results/1469248 New failing tests: fast/events/pageshow-pagehide-on-back-cached-with-frames.html
Build Bot
Comment 8 2013-08-15 10:26:40 PDT
Created attachment 208819 [details] Archive of layout-test-results from webkit-ews-02 for mac-mountainlion The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: webkit-ews-02 Port: mac-mountainlion Platform: Mac OS X 10.8.4
ChangSeok Oh
Comment 9 2013-08-16 00:53:38 PDT
Created attachment 208888 [details] Patch
ChangSeok Oh
Comment 10 2013-08-16 01:08:24 PDT
Created attachment 208890 [details] Patch
ChangSeok Oh
Comment 11 2013-08-18 04:43:11 PDT
Created attachment 209026 [details] Patch
ChangSeok Oh
Comment 12 2013-08-19 20:59:37 PDT
Review please?
ChangSeok Oh
Comment 13 2013-09-06 20:51:58 PDT
Created attachment 210834 [details] Patch
ChangSeok Oh
Comment 14 2013-09-06 21:18:31 PDT
Created attachment 210835 [details] Patch
Build Bot
Comment 15 2013-09-07 00:05:02 PDT
Comment on attachment 210835 [details] Patch Attachment 210835 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.appspot.com/results/1706668 New failing tests: fast/history/go-back-to-iframe-with-plugin.html inspector/storage-panel-dom-storage-update.html compositing/iframes/page-cache-layer-tree.html fast/events/pagehide-xhr-open.html platform/mac-wk2/tiled-drawing/null-parent-back-crash.html fast/events/suspend-timers.html
Build Bot
Comment 16 2013-09-07 00:05:05 PDT
Created attachment 210899 [details] Archive of layout-test-results from webkit-ews-16 for mac-mountainlion-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: webkit-ews-16 Port: mac-mountainlion-wk2 Platform: Mac OS X 10.8.4
ChangSeok Oh
Comment 17 2013-09-08 20:59:28 PDT
Created attachment 211005 [details] Patch
WebKit Commit Bot
Comment 18 2013-09-09 10:40:17 PDT
Comment on attachment 211005 [details] Patch Clearing flags on attachment: 211005 Committed r155361: <http://trac.webkit.org/changeset/155361>
WebKit Commit Bot
Comment 19 2013-09-09 10:40:20 PDT
All reviewed patches have been landed. Closing bug.
Beth Dakin
Comment 20 2013-09-09 13:24:49 PDT
This test appears to be crashing on the debug bots.
Beth Dakin
Comment 21 2013-09-09 14:58:52 PDT
(In reply to comment #20) > This test appears to be crashing on the debug bots. I confirmed that the test will crash even if the patch is rolled out, so at least this change did not introduce the crash. I will skip the test for now.
Beth Dakin
Comment 22 2013-09-09 15:15:19 PDT
I skipped the test with http://trac.webkit.org/changeset/155389 and filed https://bugs.webkit.org/show_bug.cgi?id=121053 to track fixing the test or the assertion.
Note You need to log in before you can comment on or make changes to this bug.