167738 – [Crash] com.apple.WebKit.WebContent at WebKit: WebKit::WebPage::fromCorePage()

Bug 167738 - [Crash] com.apple.WebKit.WebContent at WebKit: WebKit::WebPage::fromCorePage()

Summary: [Crash] com.apple.WebKit.WebContent at WebKit: WebKit::WebPage::fromCorePage()

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2017-02-02 09:21 PST by Chris Dumez
Modified:	2017-02-04 18:22 PST (History)
CC List:	6 users (show)

See Also:

Attachments
Patch (11.25 KB, patch) 2017-02-02 09:29 PST, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2017-02-02 09:21:34 PST

com.apple.WebKit.WebContent at WebKit: WebKit::WebPage::fromCorePage():
Thread[0]
[  0] 0x00000001917fddc8 WebKit`WebKit::WebPage::fromCorePage(WebCore::Page*) [inlined] WebCore::Chrome::client() at Chrome.h:69:37
[  0] 0x00000001917fddc8 WebKit`WebKit::WebPage::fromCorePage(WebCore::Page*) + 4 at WebPage.cpp:1363
[  1] 0x00000001917cadef WebKit`WebKit::WebFrameLoaderClient::detachedFromParent2() + 27 at WebFrameLoaderClient.cpp:142:33
[  2] 0x000000018c98c5c7 WebCore`WebCore::FrameLoader::detachViewsAndDocumentLoader() + 31 at FrameLoader.cpp:2552:14
[  3] 0x000000018c986953 WebCore`WebCore::CachedFrame::destroy() + 59 at CachedFrame.cpp:243:34
[  4] 0x000000018c98698b WebCore`WebCore::CachedFrame::destroy() + 115 at CachedFrame.cpp:248:27
[  5] 0x000000018c9868eb WebCore`WebCore::CachedPage::~CachedPage() [inlined] WebCore::CachedPage::~CachedPage() + 11 at CachedPage.cpp:68:28
[  5] 0x000000018c9868e0 WebCore`WebCore::CachedPage::~CachedPage() + 16 at CachedPage.cpp:62
[  6] 0x000000018d48dc9b WebCore`WebCore::PageCache::prune(WebCore::PruningReason) [inlined] std::__1::default_delete<WebCore::CachedPage>::operator()(WebCore::CachedPage*) const + 7 at memory:2537:13
[  6] 0x000000018d48dc94 WebCore`WebCore::PageCache::prune(WebCore::PruningReason) [inlined] std::__1::unique_ptr<WebCore::CachedPage, std::__1::default_delete<WebCore::CachedPage> >::reset(WebCore::CachedPage*) + 12 at memory:2736
[  6] 0x000000018d48dc88 WebCore`WebCore::PageCache::prune(WebCore::PruningReason) [inlined] std::__1::unique_ptr<WebCore::CachedPage, std::__1::default_delete<WebCore::CachedPage> >::operator=(std::nullptr_t) at memory:2708
[  6] 0x000000018d48dc88 WebCore`WebCore::PageCache::prune(WebCore::PruningReason) + 68 at PageCache.cpp:474
[  7] 0x000000018d48dc33 WebCore`WebCore::PageCache::pruneToSizeNow(unsigned int, WebCore::PruningReason) + 31 at PageCache.cpp:295:5
[  8] 0x000000018d45754f WebCore`WebCore::releaseMemory(WebCore::Critical, WebCore::Synchronous) [inlined] WebCore::releaseCriticalMemory(WebCore::Synchronous) + 43 at MemoryRelease.cpp:69:28
[  8] 0x000000018d457524 WebCore`WebCore::releaseMemory(WebCore::Critical, WebCore::Synchronous) + 52 at MemoryRelease.cpp:108
[  9] 0x000000018d456db7 WebCore`WebCore::MemoryPressureHandler::releaseMemory(WebCore::Critical, WebCore::Synchronous) [inlined] std::__1::function<void (WebCore::Critical, WebCore::Synchronous)>::operator()(WebCore::Critical, WebCore::Synchronous) const + 23 at functional:1817:12
[  9] 0x000000018d456da0 WebCore`WebCore::MemoryPressureHandler::releaseMemory(WebCore::Critical, WebCore::Synchronous) + 76 at MemoryPressureHandler.cpp:65
[ 10] 0x0000000191886117 WebKit`WebKit::WebProcess::actualPrepareToSuspend(WebKit::WebProcess::ShouldAcknowledgeWhenReadyToSuspend) + 63 at WebProcess.cpp:1289:44
[ 11] 0x0000000191886603 WebKit`WebKit::WebProcess::prepareToSuspend() + 159 at WebProcess.cpp:1322:5
[ 12] 0x00000001916ba967 WebKit`IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) [inlined] IPC::Connection::dispatchMessage(IPC::Decoder&) + 19 at Connection.cpp:897:14

Comment 1 Chris Dumez 2017-02-02 09:22:12 PST

<rdar://problem/30229990>

Comment 2 Chris Dumez 2017-02-02 09:29:28 PST

Created attachment 300415 [details]
Patch

Comment 3 Andreas Kling 2017-02-02 09:42:15 PST

Comment on attachment 300415 [details]
Patch

r=me
Even if this isn't the thing that fixes the bug, it's a *really* nice cleanup.

Comment 4 Chris Dumez 2017-02-02 09:56:11 PST

(In reply to comment #3)
> Comment on attachment 300415 [details]
> Patch
> 
> r=me
> Even if this isn't the thing that fixes the bug, it's a *really* nice
> cleanup.

If it does not fix the crashes, then I guess it would mean that someone is adding HistoryItem to PageCache for a given Page, after the Page has died. Sounds unlikely but we'll see.

Comment 5 WebKit Commit Bot 2017-02-02 10:33:20 PST

Comment on attachment 300415 [details]
Patch

Clearing flags on attachment: 300415

Committed r211569: <http://trac.webkit.org/changeset/211569>

Comment 6 WebKit Commit Bot 2017-02-02 10:33:25 PST

All reviewed patches have been landed.  Closing bug.

Comment 7 Darin Adler 2017-02-04 18:17:26 PST

Comment on attachment 300415 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=300415&action=review

> Source/WebCore/history/PageCache.cpp:472
> +        // Increment iterator first so it stays invalid after the removal.

You meant to say "stays valid".

Comment 8 Chris Dumez 2017-02-04 18:22:24 PST

(In reply to comment #7)
> Comment on attachment 300415 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=300415&action=review
> 
> > Source/WebCore/history/PageCache.cpp:472
> > +        // Increment iterator first so it stays invalid after the removal.
> 
> You meant to say "stays valid".

Indeed. Fixed in <http://trac.webkit.org/changeset/211676>, thanks.