151700 – [GTK] ASSERTION FAILED: m_table running /webkit2/BackForwardList/navigation in Debug build

RESOLVED FIXED 151700

[GTK] ASSERTION FAILED: m_table running /webkit2/BackForwardList/navigation in Debug build

https://bugs.webkit.org/show_bug.cgi?id=151700

Summary [GTK] ASSERTION FAILED: m_table running /webkit2/BackForwardList/navigation i...

Carlos Garcia Campos

Reported 2015-12-01 01:44:20 PST

TEST: ./Tools/gtk/../../WebKitBuild/Debug/bin/TestWebKitAPI/WebKit2Gtk/TestBackForwardList... (pid=15102) /webkit2/BackForwardList/navigation: Error receiving IPC message on socket 12 in process 15582: Connection reset by peer ASSERTION FAILED: m_table ../../Source/WTF/wtf/HashTable.h(212) : void WTF::HashTableConstIterator<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::checkValidity() const [with Key = WebCore::FrameDestructionObserver*; Value = WebCore::FrameDestructionObserver*; Extractor = WTF::IdentityExtractor; HashFunctions = WTF::PtrHash<WebCore::FrameDestructionObserver*>; Traits = WTF::HashTraits<WebCore::FrameDestructionObserver*>; KeyTraits = WTF::HashTraits<WebCore::FrameDestructionObserver*>] 1 0x7f201d2a67d7 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x1e) [0x7f201d2a67d7] 2 0x7f202429dac9 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNK3WTF22HashTableConstIteratorIPN7WebCore24FrameDestructionObserverES3_NS_17IdentityExtractorENS_7PtrHashIS3_EENS_10HashTraitsIS3_EES8_E13checkValidityEv+0x3d) [0x7f202429dac9] 3 0x7f202429d06a /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF22HashTableConstIteratorIPN7WebCore24FrameDestructionObserverES3_NS_17IdentityExtractorENS_7PtrHashIS3_EENS_10HashTraitsIS3_EES8_EppEv+0x18) [0x7f202429d06a] 4 0x7f202429bc30 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF29HashTableConstIteratorAdapterINS_9HashTableIPN7WebCore24FrameDestructionObserverES4_NS_17IdentityExtractorENS_7PtrHashIS4_EENS_10HashTraitsIS4_EES9_EES4_EppEv+0x18) [0x7f202429bc30] 5 0x7f20242995f8 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore5Frame14willDetachPageEv+0xc4) [0x7f20242995f8] 6 0x7f20241580fe /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore11FrameLoader16detachFromParentEv+0x142) [0x7f20241580fe] 7 0x7f20233f5fc6 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit7WebPage5closeEv+0x410) [0x7f20233f5fc6] 8 0x7f202360d447 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC22callMemberFunctionImplIN6WebKit7WebPageEMS2_FvvESt5tupleIJEEJEEEvPT_T0_OT1_St14index_sequenceIJXspT2_EEE+0x65) [0x7f202360d447] 9 0x7f202360b524 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC18callMemberFunctionIN6WebKit7WebPageEMS2_FvvESt5tupleIIEESt19make_index_sequenceILm0EEEEvOT1_PT_T0_+0x41) [0x7f202360b524] 10 0x7f2023607728 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC13handleMessageIN8Messages7WebPage5CloseEN6WebKit7WebPageEMS5_FvvEEEvRNS_14MessageDecoderEPT0_T1_+0x8f) [0x7f2023607728] 11 0x7f2023601a15 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit7WebPage24didReceiveWebPageMessageERN3IPC10ConnectionERNS1_14MessageDecoderE+0x1e2b) [0x7f2023601a15] 12 0x7f2023400b64 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit7WebPage17didReceiveMessageERN3IPC10ConnectionERNS1_14MessageDecoderE+0x18a) [0x7f2023400b64] 13 0x7f202306bda6 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC18MessageReceiverMap15dispatchMessageERNS_10ConnectionERNS_14MessageDecoderE+0x120) [0x7f202306bda6] 14 0x7f2023296eba /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit10WebProcess17didReceiveMessageERN3IPC10ConnectionERNS1_14MessageDecoderE+0x4c) [0x7f2023296eba] 15 0x7f2023059396 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection15dispatchMessageERNS_14MessageDecoderE+0x3a) [0x7f2023059396] 16 0x7f20230594f9 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection15dispatchMessageESt10unique_ptrINS_14MessageDecoderESt14default_deleteIS2_EE+0x161) [0x7f20230594f9] 17 0x7f20230596e0 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection18dispatchOneMessageEv+0xc8) [0x7f20230596e0] 18 0x7f20230591e4 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0x4b261e4) [0x7f20230591e4] 19 0x7f202305a99f /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0x4b2799f) [0x7f202305a99f] 20 0x7f2022fd275a /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZNKSt8functionIFvvEEclEv+0x32) [0x7f2022fd275a] 21 0x7f201d2c00b9 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF7RunLoop11performWorkEv+0xdb) [0x7f201d2c00b9] 22 0x7f201d2f8bc0 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x1a7ebc0) [0x7f201d2f8bc0] 23 0x7f201d2f8be5 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x1a7ebe5) [0x7f201d2f8be5] 24 0x7f201d2f8b60 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x1a7eb60) [0x7f201d2f8b60] 25 0x7f201d2f8b8f /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x1a7eb8f) [0x7f201d2f8b8f] 26 0x7f201997ea26 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib64/libglib-2.0.so.0(+0x53a26) [0x7f201997ea26] 27 0x7f201997f854 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x33) [0x7f201997f854] 28 0x7f201997fa39 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib64/libglib-2.0.so.0(+0x54a39) [0x7f201997fa39] 29 0x7f201997fe60 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib64/libglib-2.0.so.0(g_main_loop_run+0x1d7) [0x7f201997fe60] 30 0x7f201d2f9160 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF7RunLoop3runEv+0xac) [0x7f201d2f9160] 31 0x7f202356f408 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit16ChildProcessMainINS_10WebProcessENS_14WebProcessMainEEEiiPPc+0x82) [0x7f202356f408] This happens when the frame notifies its observers that the page will be detached. The m_table that asserts is the FrameDestructionObserver HashSet. It happens when clearing the GObject DOM cache wrappers during frame destruction, and there's a Document object wrapped whose last reference is held by the dom wrapper. In that case the Document object is destroyed while the frame is being destroyed. Deleting the wrapper objects after the frame destruction fixes the crash.

Attachments
Patch (2.24 KB, patch) 2015-12-01 01:47 PST, Carlos Garcia Campos	mrobinson: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Carlos Garcia Campos

Comment 1 2015-12-01 01:47:13 PST

Created attachment 266349 [details] Patch

Carlos Garcia Campos

Comment 2 2015-12-01 04:23:54 PST

Committed r192880: <http://trac.webkit.org/changeset/192880>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKitGTK

Assignee

Nobody

Reported

2015-12-01 01:44 PST

Modified

2015-12-01 04:23 PST History

CC List

1 user Show

URL

Keywords Gtk

Depends on

Blocks