150624 – Assertion failure in WebCore::FrameLoader::stopLoading() running fast/events tests after r191652

Bug 150624 - Assertion failure in WebCore::FrameLoader::stopLoading() running fast/events tests after r191652

Summary: Assertion failure in WebCore::FrameLoader::stopLoading() running fast/events ...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Page Loading (show other bugs)
Version:	Other
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar, Regression

Depends on:
Blocks:

Reported:	2015-10-28 07:24 PDT by David Kilzer (:ddkilzer)
Modified:	2015-10-28 13:05 PDT (History)
CC List:	7 users (show)

See Also:	150565

Attachments
Patch (7.22 KB, patch) 2015-10-28 10:44 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description David Kilzer (:ddkilzer) 2015-10-28 07:24:02 PDT

Assertion failure in WebCore::FrameLoader::stopLoading() running fast/events tests.

The crash log blames fast/events/form-iframe-target-before-load-crash.html, but run-webkit-tests results blames fast/events/form-onchange.html.

We likely need to run both tests sequentially to reproduce the assertion failure.

Test run:  <https://build.webkit.org/builders/Apple%20Yosemite%20Debug%20WK2%20%28Tests%29/builds/7913>
Results: <https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK2%20(Tests)/r191652%20(7913)/results.html>
Crash log: <https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK2%20(Tests)/r191652%20(7913)/fast/events/form-onchange-crash-log.txt>

Stack trace for assertion failure:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x0000000113556867 WTFCrash + 39
1   com.apple.WebCore             	0x00000001159e438d WebCore::FrameLoader::stopLoading(WebCore::UnloadEventPolicy) + 829 (FrameLoader.cpp:445)
2   com.apple.WebCore             	0x00000001159e4a86 WebCore::FrameLoader::closeURL() + 214 (FrameLoader.cpp:536)
3   com.apple.WebCore             	0x00000001159ef4a5 WebCore::FrameLoader::detachFromParent() + 53 (FrameLoader.cpp:2503)
4   com.apple.WebKit              	0x000000010ff63412 WebKit::WebPage::close() + 3378 (WebPage.cpp:996)
5   com.apple.WebKit              	0x000000010ffdaa53 void IPC::callMemberFunctionImpl<WebKit::WebPage, void (WebKit::WebPage::*)(), std::__1::tuple<> >(WebKit::WebPage*, void (WebKit::WebPage::*)(), std::__1::tuple<>&&, std::index_sequence<>) + 131 (HandleMessage.h:17)
6   com.apple.WebKit              	0x000000010ffda9c8 void IPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(), std::__1::tuple<>, std::make_index_sequence<0ul> >(std::__1::tuple<>&&, WebKit::WebPage*, void (WebKit::WebPage::*)()) + 88 (HandleMessage.h:23)
7   com.apple.WebKit              	0x000000010ffd1f9a void IPC::handleMessage<Messages::WebPage::Close, WebKit::WebPage, void (WebKit::WebPage::*)()>(IPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)()) + 186 (HandleMessage.h:93)
8   com.apple.WebKit              	0x000000010ffca224 WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::MessageDecoder&) + 7604 (WebPageMessageReceiver.cpp:674)
9   com.apple.WebKit              	0x000000010ff6c140 WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 384 (WebPage.cpp:3615)
10  com.apple.WebKit              	0x000000010ff6c187 non-virtual thunk to WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 55 (WebPage.cpp:3615)
11  com.apple.WebKit              	0x000000010f9ac9fd IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::MessageDecoder&) + 461 (MessageReceiverMap.cpp:103)
12  com.apple.WebKit              	0x00000001100ef22d WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) + 61 (WebProcess.cpp:619)
13  com.apple.WebKit              	0x000000010f861bf3 IPC::Connection::dispatchMessage(IPC::MessageDecoder&) + 51 (Connection.cpp:901)
14  com.apple.WebKit              	0x000000010f858e2e IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 782 (Connection.cpp:933)
15  com.apple.WebKit              	0x000000010f8621ef IPC::Connection::dispatchOneMessage() + 1519 (Connection.cpp:962)
16  com.apple.WebKit              	0x000000010f863a6d IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const + 29 (Connection.cpp:895)
17  com.apple.WebKit              	0x000000010f863a3c std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10>, void ()>::operator()() + 60 (functional:1370)
18  com.apple.JavaScriptCore      	0x0000000112fe173a std::__1::function<void ()>::operator()() const + 26
19  com.apple.JavaScriptCore      	0x000000011359ef38 WTF::RunLoop::performWork() + 648
20  com.apple.JavaScriptCore      	0x000000011359f564 WTF::RunLoop::performWork(void*) + 36
21  com.apple.CoreFoundation      	0x00007fff86770a01 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
22  com.apple.CoreFoundation      	0x00007fff86762b8d __CFRunLoopDoSources0 + 269
23  com.apple.CoreFoundation      	0x00007fff867621bf __CFRunLoopRun + 927
24  com.apple.CoreFoundation      	0x00007fff86761bd8 CFRunLoopRunSpecific + 296
25  com.apple.HIToolbox           	0x00007fff8835c56f RunCurrentEventLoopInMode + 235
26  com.apple.HIToolbox           	0x00007fff8835c2ea ReceiveNextEventCommon + 431
27  com.apple.HIToolbox           	0x00007fff8835c12b _BlockUntilNextEventMatchingListInModeWithFilter + 71
28  com.apple.AppKit              	0x00007fff8d6c38ab _DPSNextEvent + 978
29  com.apple.AppKit              	0x00007fff8d6c2e58 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 346
30  com.apple.AppKit              	0x00007fff8d6b8af3 -[NSApplication run] + 594
31  com.apple.AppKit              	0x00007fff8d635244 NSApplicationMain + 1832
32  libxpc.dylib                  	0x00007fff945e5928 _xpc_objc_main + 793
33  libxpc.dylib                  	0x00007fff945e7030 xpc_main + 490
34  com.apple.WebKit.WebContent.Development	0x000000010a6ecbe1 main + 785 (XPCServiceMain.Development.mm:187)
35  libdyld.dylib                 	0x00007fff923a05c9 start + 1

Comment 1 Radar WebKit Bug Importer 2015-10-28 07:24:32 PDT

<rdar://problem/23294110>

Comment 2 David Kilzer (:ddkilzer) 2015-10-28 07:25:37 PDT

The Flakiness Dashboard says this may have started with WebKit trunk r191652:

<http://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=fast%2Fevents%2Fform-onchange.html>

<https://trac.webkit.org/changeset/191652>

Comment 3 Chris Dumez 2015-10-28 09:43:39 PDT

The assertion seems to be:
ASSERT(timing.navigationStart());

Comment 4 Chris Dumez 2015-10-28 10:44:04 PDT

Created attachment 264229 [details]
Patch

Comment 5 WebKit Commit Bot 2015-10-28 13:05:12 PDT

Comment on attachment 264229 [details]
Patch

Clearing flags on attachment: 264229

Committed r191688: <http://trac.webkit.org/changeset/191688>

Comment 6 WebKit Commit Bot 2015-10-28 13:05:18 PDT

All reviewed patches have been landed.  Closing bug.