70841 – Assert failure in WebCore::HistoryItem::addChildItem(WTF::PassRefPtr<WebCore::HistoryItem>)

Bug 70841 - Assert failure in WebCore::HistoryItem::addChildItem(WTF::PassRefPtr<WebCore::HistoryItem>)

Summary: Assert failure in WebCore::HistoryItem::addChildItem(WTF::PassRefPtr<WebCore:...

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore JavaScript (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Mac (Intel) OS X 10.7

Importance:	P2 Normal
Assignee:	Nobody

URL:	https://www.facebook.com/people/Julie...
Keywords:

Depends on:
Blocks:

Reported:	2011-10-25 13:08 PDT by Dimitris Apostolou
Modified:	2016-08-03 13:45 PDT (History)
CC List:	2 users (show)

See Also:	127092

Attachments
Crash log. (49.08 KB, text/plain) 2011-10-25 13:08 PDT, Dimitris Apostolou	no flags	Details
One more crash log. (44.13 KB, text/plain) 2011-10-25 13:37 PDT, Dimitris Apostolou	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dimitris Apostolou 2011-10-25 13:08:17 PDT

Created attachment 112382 [details]
Crash log.

r

Reproducibility: once

Steps:
Go to https://www.facebook.com/people/Julie-Tritaki/1227438852

What happened:
Assert failure and crash.

ASSERTION FAILED: !childItemWithTarget(child->target())
/Users/rex/WebKit/Source/WebCore/history/HistoryItem.cpp(463) : void WebCore::HistoryItem::addChildItem(PassRefPtr<WebCore::HistoryItem>)
1   0x1113fe4c3 WebCore::HistoryItem::addChildItem(WTF::PassRefPtr<WebCore::HistoryItem>)
2   0x1113fbef2 WebCore::HistoryController::createItemTree(WebCore::Frame*, bool)
3   0x1113fc254 WebCore::HistoryController::pushState(WTF::PassRefPtr<WebCore::SerializedScriptValue>, WTF::String const&, WTF::String const&)
4   0x1113f87aa WebCore::History::stateObjectAdded(WTF::PassRefPtr<WebCore::SerializedScriptValue>, WTF::String const&, WTF::String const&, WebCore::History::StateObjectType, int&)
5   0x1117f2e02 WebCore::JSHistory::pushState(JSC::ExecState*)
6   0x1117f12b9 WebCore::jsHistoryPrototypeFunctionPushState(JSC::ExecState*)
7   0x31fd9f8011f8
8   0x1101d75f9 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*)
9   0x1101d3f16 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
10  0x11012b281 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
11  0x1116a5b33 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
12  0x1117c920b WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*)
13  0x1112bd3cc WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&)
14  0x1112bd224 WebCore::EventTarget::fireEventListeners(WebCore::Event*)
15  0x111c3103b WebCore::Node::handleLocalEvents(WebCore::Event*)
16  0x111291779 WebCore::EventDispatcher::dispatchEvent(WTF::PassRefPtr<WebCore::Event>)
17  0x111c0fe74 WebCore::MouseEventDispatchMediator::dispatchEvent(WebCore::EventDispatcher*) const
18  0x111290b85 WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::EventDispatchMediator>)
19  0x111c31b4f WebCore::Node::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WTF::AtomicString const&, int, WebCore::Node*)
20  0x11129bb02 WebCore::EventHandler::dispatchMouseEvent(WTF::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool)
21  0x11129e06b WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&)
22  0x10f37c1ba _ZN6WebKitL16handleMouseEventERKNS_13WebMouseEventEPN7WebCore4PageE
23  0x10f37c02b WebKit::WebPage::mouseEvent(WebKit::WebMouseEvent const&)
24  0x10f48b707 void CoreIPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&), WebKit::WebMouseEvent>(CoreIPC::Arguments1<WebKit::WebMouseEvent> const&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&))
25  0x10f4807c6 void CoreIPC::handleMessage<Messages::WebPage::MouseEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)>(CoreIPC::ArgumentDecoder*, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&))
26  0x10f47e553 WebKit::WebPage::didReceiveWebPageMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*)
27  0x10f37fe1d WebKit::WebPage::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*)
28  0x10f3f8881 WebKit::WebProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*)
29  0x10f2b579c CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&)
30  0x10f2b7fb3 CoreIPC::Connection::dispatchMessages()
31  0x10f2bedcb MemberFunctionWorkItem0<CoreIPC::Connection>::execute()

Expected result:
No assert failure, no crash.

Comment 1 Dimitris Apostolou 2011-10-25 13:08:36 PDT

r98372

Comment 2 Dimitris Apostolou 2011-10-25 13:37:15 PDT

Created attachment 112391 [details]
One more crash log.

Actually happens pretty often on that page.

ASSERTION FAILED: !childItemWithTarget(child->target())
/Users/rex/WebKit/Source/WebCore/history/HistoryItem.cpp(463) : void WebCore::HistoryItem::addChildItem(PassRefPtr<WebCore::HistoryItem>)
1   0x1069a54c3 WebCore::HistoryItem::addChildItem(WTF::PassRefPtr<WebCore::HistoryItem>)
2   0x1069a2ef2 WebCore::HistoryController::createItemTree(WebCore::Frame*, bool)
3   0x1069a3254 WebCore::HistoryController::pushState(WTF::PassRefPtr<WebCore::SerializedScriptValue>, WTF::String const&, WTF::String const&)
4   0x10699f7aa WebCore::History::stateObjectAdded(WTF::PassRefPtr<WebCore::SerializedScriptValue>, WTF::String const&, WTF::String const&, WebCore::History::StateObjectType, int&)
5   0x106d99e02 WebCore::JSHistory::pushState(JSC::ExecState*)
6   0x106d982b9 WebCore::jsHistoryPrototypeFunctionPushState(JSC::ExecState*)
7   0x34e859e011f8
8   0x10577e5f9 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*)
9   0x10577af16 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
10  0x1056d2281 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
11  0x106c4cb33 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
12  0x106d7020b WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*)
13  0x1068643cc WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&)
14  0x106864224 WebCore::EventTarget::fireEventListeners(WebCore::Event*)
15  0x1071d803b WebCore::Node::handleLocalEvents(WebCore::Event*)
16  0x106838779 WebCore::EventDispatcher::dispatchEvent(WTF::PassRefPtr<WebCore::Event>)
17  0x1071b6e74 WebCore::MouseEventDispatchMediator::dispatchEvent(WebCore::EventDispatcher*) const
18  0x106837b85 WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::EventDispatchMediator>)
19  0x1071d8b4f WebCore::Node::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WTF::AtomicString const&, int, WebCore::Node*)
20  0x106842b02 WebCore::EventHandler::dispatchMouseEvent(WTF::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool)
21  0x10684506b WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&)
22  0x1049231ba _ZN6WebKitL16handleMouseEventERKNS_13WebMouseEventEPN7WebCore4PageE
23  0x10492302b WebKit::WebPage::mouseEvent(WebKit::WebMouseEvent const&)
24  0x104a32707 void CoreIPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&), WebKit::WebMouseEvent>(CoreIPC::Arguments1<WebKit::WebMouseEvent> const&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&))
25  0x104a277c6 void CoreIPC::handleMessage<Messages::WebPage::MouseEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)>(CoreIPC::ArgumentDecoder*, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&))
26  0x104a25553 WebKit::WebPage::didReceiveWebPageMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*)
27  0x104926e1d WebKit::WebPage::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*)
28  0x10499f881 WebKit::WebProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*)
29  0x10485c79c CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&)
30  0x10485efb3 CoreIPC::Connection::dispatchMessages()
31  0x104865dcb MemberFunctionWorkItem0<CoreIPC::Connection>::execute()

Comment 3 Sergio Villar Senin 2012-01-17 08:58:42 PST

Likely a dup of https://bugs.webkit.org/show_bug.cgi?id=51224

Comment 4 Brent Fulgham 2016-08-03 13:43:18 PDT

I'm not able to reproduce crashes on Facebook using any Safari or WebKit variant. If you are able to reproduce the problem, please reopen this bug with relevant steps to reproduce.