RESOLVED FIXED 167738
[Crash] com.apple.WebKit.WebContent at WebKit: WebKit::WebPage::fromCorePage() 
https://bugs.webkit.org/show_bug.cgi?id=167738
Summary [Crash] com.apple.WebKit.WebContent at WebKit: WebKit::WebPage::fromCorePage()
Chris Dumez
Reported Thursday, February 2, 2017 5:21:34 PM UTC
com.apple.WebKit.WebContent at WebKit: WebKit::WebPage::fromCorePage(): Thread[0] [ 0] 0x00000001917fddc8 WebKit`WebKit::WebPage::fromCorePage(WebCore::Page*) [inlined] WebCore::Chrome::client() at Chrome.h:69:37 [ 0] 0x00000001917fddc8 WebKit`WebKit::WebPage::fromCorePage(WebCore::Page*) + 4 at WebPage.cpp:1363 [ 1] 0x00000001917cadef WebKit`WebKit::WebFrameLoaderClient::detachedFromParent2() + 27 at WebFrameLoaderClient.cpp:142:33 [ 2] 0x000000018c98c5c7 WebCore`WebCore::FrameLoader::detachViewsAndDocumentLoader() + 31 at FrameLoader.cpp:2552:14 [ 3] 0x000000018c986953 WebCore`WebCore::CachedFrame::destroy() + 59 at CachedFrame.cpp:243:34 [ 4] 0x000000018c98698b WebCore`WebCore::CachedFrame::destroy() + 115 at CachedFrame.cpp:248:27 [ 5] 0x000000018c9868eb WebCore`WebCore::CachedPage::~CachedPage() [inlined] WebCore::CachedPage::~CachedPage() + 11 at CachedPage.cpp:68:28 [ 5] 0x000000018c9868e0 WebCore`WebCore::CachedPage::~CachedPage() + 16 at CachedPage.cpp:62 [ 6] 0x000000018d48dc9b WebCore`WebCore::PageCache::prune(WebCore::PruningReason) [inlined] std::__1::default_delete<WebCore::CachedPage>::operator()(WebCore::CachedPage*) const + 7 at memory:2537:13 [ 6] 0x000000018d48dc94 WebCore`WebCore::PageCache::prune(WebCore::PruningReason) [inlined] std::__1::unique_ptr<WebCore::CachedPage, std::__1::default_delete<WebCore::CachedPage> >::reset(WebCore::CachedPage*) + 12 at memory:2736 [ 6] 0x000000018d48dc88 WebCore`WebCore::PageCache::prune(WebCore::PruningReason) [inlined] std::__1::unique_ptr<WebCore::CachedPage, std::__1::default_delete<WebCore::CachedPage> >::operator=(std::nullptr_t) at memory:2708 [ 6] 0x000000018d48dc88 WebCore`WebCore::PageCache::prune(WebCore::PruningReason) + 68 at PageCache.cpp:474 [ 7] 0x000000018d48dc33 WebCore`WebCore::PageCache::pruneToSizeNow(unsigned int, WebCore::PruningReason) + 31 at PageCache.cpp:295:5 [ 8] 0x000000018d45754f WebCore`WebCore::releaseMemory(WebCore::Critical, WebCore::Synchronous) [inlined] WebCore::releaseCriticalMemory(WebCore::Synchronous) + 43 at MemoryRelease.cpp:69:28 [ 8] 0x000000018d457524 WebCore`WebCore::releaseMemory(WebCore::Critical, WebCore::Synchronous) + 52 at MemoryRelease.cpp:108 [ 9] 0x000000018d456db7 WebCore`WebCore::MemoryPressureHandler::releaseMemory(WebCore::Critical, WebCore::Synchronous) [inlined] std::__1::function<void (WebCore::Critical, WebCore::Synchronous)>::operator()(WebCore::Critical, WebCore::Synchronous) const + 23 at functional:1817:12 [ 9] 0x000000018d456da0 WebCore`WebCore::MemoryPressureHandler::releaseMemory(WebCore::Critical, WebCore::Synchronous) + 76 at MemoryPressureHandler.cpp:65 [ 10] 0x0000000191886117 WebKit`WebKit::WebProcess::actualPrepareToSuspend(WebKit::WebProcess::ShouldAcknowledgeWhenReadyToSuspend) + 63 at WebProcess.cpp:1289:44 [ 11] 0x0000000191886603 WebKit`WebKit::WebProcess::prepareToSuspend() + 159 at WebProcess.cpp:1322:5 [ 12] 0x00000001916ba967 WebKit`IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) [inlined] IPC::Connection::dispatchMessage(IPC::Decoder&) + 19 at Connection.cpp:897:14
Attachments
Patch (11.25 KB, patch)
2017-02-02 09:29 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 Thursday, February 2, 2017 5:22:12 PM UTC
<rdar://problem/30229990>
Chris Dumez
Comment 2 Thursday, February 2, 2017 5:29:28 PM UTC
Created attachment 300415 [details] Patch
Andreas Kling
Comment 3 Thursday, February 2, 2017 5:42:15 PM UTC
Comment on attachment 300415 [details] Patch r=me Even if this isn't the thing that fixes the bug, it's a *really* nice cleanup.
Chris Dumez
Comment 4 Thursday, February 2, 2017 5:56:11 PM UTC
(In reply to comment #3) > Comment on attachment 300415 [details] > Patch > > r=me > Even if this isn't the thing that fixes the bug, it's a *really* nice > cleanup. If it does not fix the crashes, then I guess it would mean that someone is adding HistoryItem to PageCache for a given Page, after the Page has died. Sounds unlikely but we'll see.
WebKit Commit Bot
Comment 5 Thursday, February 2, 2017 6:33:20 PM UTC
Comment on attachment 300415 [details] Patch Clearing flags on attachment: 300415 Committed r211569: <http://trac.webkit.org/changeset/211569>
WebKit Commit Bot
Comment 6 Thursday, February 2, 2017 6:33:25 PM UTC
All reviewed patches have been landed. Closing bug.
Darin Adler
Comment 7 Sunday, February 5, 2017 2:17:26 AM UTC
Comment on attachment 300415 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=300415&action=review > Source/WebCore/history/PageCache.cpp:472 > + // Increment iterator first so it stays invalid after the removal. You meant to say "stays valid".
Chris Dumez
Comment 8 Sunday, February 5, 2017 2:22:24 AM UTC
(In reply to comment #7) > Comment on attachment 300415 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=300415&action=review > > > Source/WebCore/history/PageCache.cpp:472 > > + // Increment iterator first so it stays invalid after the removal. > > You meant to say "stays valid". Indeed. Fixed in <http://trac.webkit.org/changeset/211676>, thanks.
Note You need to log in before you can comment on or make changes to this bug.