Bug 181756 - REGRESSION (r226622): ASSERTION FAILED: !m_frame in WebCore::DOMWindowProperty::willDestroyGlobalObjectInCachedFrame()
Summary: REGRESSION (r226622): ASSERTION FAILED: !m_frame in WebCore::DOMWindowPropert...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Ali Juma
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-01-17 11:34 PST by Ryan Haddad
Modified: 2018-01-23 15:14 PST (History)
7 users (show)

See Also:


Attachments
Crash log (161.27 KB, text/plain)
2018-01-17 11:34 PST, Ryan Haddad
no flags Details
Patch (3.32 KB, patch)
2018-01-23 13:16 PST, Ali Juma
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ryan Haddad 2018-01-17 11:34:34 PST
Created attachment 331526 [details]
Crash log

The following assertion failure was seen on iOS with LayoutTest http/tests/navigation/https-in-page-cache.html

ASSERTION FAILED: !m_frame
/Volumes/Data/slave/ios-simulator-11-debug/build/Source/WebCore/page/DOMWindowProperty.cpp(83) : virtual void WebCore::DOMWindowProperty::willDestroyGlobalObjectInCachedFrame()
1   0x11039928d WTFCrash
2   0x114ea7a67 WebCore::DOMWindowProperty::willDestroyGlobalObjectInCachedFrame()
3   0x114e9ba51 WebCore::DOMWindow::willDestroyCachedFrame()
4   0x11495f945 WebCore::CachedFrame::destroy()
5   0x1149619e9 WebCore::CachedPage::~CachedPage()
6   0x114961ad5 WebCore::CachedPage::~CachedPage()
7   0x114963936 WebCore::PageCache::remove(WebCore::HistoryItem&)
8   0x1072a68d1 WebKit::WebBackForwardListProxy::removeItem(unsigned long long)
9   0x107471039 WebKit::WebPage::didRemoveBackForwardItem(unsigned long long)
10  0x1075257ed void IPC::callMemberFunctionImpl<WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long long), std::__1::tuple<unsigned long long>, 0ul>(WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned long long), std::__1::tuple<unsigned long long>&&, std::__1::integer_sequence<unsigned long, 0ul>)
11  0x107525740 void IPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long long), std::__1::tuple<unsigned long long>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<unsigned long long>&&, WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned long long))
12  0x107514df0 void IPC::handleMessage<Messages::WebPage::DidRemoveBackForwardItem, WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long long)>(IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned long long))
13  0x107509308 WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&)
14  0x107470743 WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
15  0x107470784 non-virtual thunk to WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
16  0x106e12148 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)
17  0x1076e620d WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
18  0x106d11f13 IPC::Connection::dispatchMessage(IPC::Decoder&)
19  0x106d07be8 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)
20  0x106d1251a IPC::Connection::dispatchOneMessage()
21  0x106d2a33d IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()()
22  0x106d2a299 WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call()
23  0x1103b554b WTF::Function<void ()>::operator()() const
24  0x1103f8c33 WTF::RunLoop::performWork()
25  0x1103f94d4 WTF::RunLoop::performWork(void*)
26  0x1040852b1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
27  0x104124d31 __CFRunLoopDoSource0
28  0x104069c19 __CFRunLoopDoSources0
29  0x1040691ff __CFRunLoopRun
30  0x104068a89 CFRunLoopRunSpecific
31  0x1033a5e5e -[NSRunLoop(NSRunLoop) runMode:beforeDate:]
LEAK: 1 WebPageProxy

https://build.webkit.org/results/Apple%20iOS%2011%20Simulator%20Debug%20WK2%20(Tests)/r227069%20(2128)/results.html
Comment 1 Radar WebKit Bug Importer 2018-01-17 11:35:43 PST
<rdar://problem/36590566>
Comment 2 Ryan Haddad 2018-01-22 17:43:20 PST
It looks like this regressed with https://trac.webkit.org/changeset/226622
Comment 3 Ali Juma 2018-01-23 13:16:31 PST
Created attachment 332066 [details]
Patch
Comment 4 WebKit Commit Bot 2018-01-23 15:14:20 PST
Comment on attachment 332066 [details]
Patch

Clearing flags on attachment: 332066

Committed r227450: <https://trac.webkit.org/changeset/227450>
Comment 5 WebKit Commit Bot 2018-01-23 15:14:22 PST
All reviewed patches have been landed.  Closing bug.