(gdb) bt #0 0x00007f1008dd1c6e in WTF::OwnPtr<WTF::Mutex>::operator* (this=0x16f98d8) at WebKit/Source/WTF/wtf/OwnPtr.h:63 #1 0x00007f1008f72823 in WTF::addIterator<unsigned long, std::pair<unsigned long, _Ewk_Web_Resource*>, WTF::PairFirstExtractor<std::pair<unsigned long, _Ewk_Web_Resource*> >, WTF::IntHash<unsigned long>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >, WTF::HashTraits<unsigned long> > (table=0x16f98b8, it=0x7fff602b7ce0) at WebKit/Source/WTF/wtf/HashTable.h:1136 #2 0x00007f1008f73af2 in WTF::HashTableConstIterator<unsigned long, std::pair<unsigned long, _Ewk_Web_Resource*>, WTF::PairFirstExtractor<std::pair<unsigned long, _Ewk_Web_Resource*> >, WTF::IntHash<unsigned long>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >, WTF::HashTraits<unsigned long> >::HashTableConstIterator (this=0x7fff602b7ce0, table=0x16f98b8, position=0x0, endPosition=0x0) at WebKit/Source/WTF/wtf/HashTable.h:132 #3 0x00007f1008f736e6 in WTF::HashTableIterator<unsigned long, std::pair<unsigned long, _Ewk_Web_Resource*>, WTF::PairFirstExtractor<std::pair<unsigned long, _Ewk_Web_Resource*> >, WTF::IntHash<unsigned long>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >, WTF::HashTraits<unsigned long> >::HashTableIterator (this=0x7fff602b7ce0, table=0x16f98b8, pos=0x0, end=0x0, tag=WTF::HashItemKnownGood) at WebKit/Source/WTF/wtf/HashTable.h:252 #4 0x00007f1008f7306a in WTF::HashTable<unsigned long, std::pair<unsigned long, _Ewk_Web_Resource*>, WTF::PairFirstExtractor<std::pair<unsigned long, _Ewk_Web_Resource*> >, WTF::IntHash<unsigned long>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >, WTF::HashTraits<unsigned long> >::makeKnownGoodIterator (this=0x16f98b8, pos=0x0) at WebKit/Source/WTF/wtf/HashTable.h:425 #5 0x00007f1008f7294c in WTF::HashTable<unsigned long, std::pair<unsigned long, _Ewk_Web_Resource*>, WTF::PairFirstExtractor<std::pair<unsigned long, _Ewk_Web_Resource*> >, WTF::IntHash<unsigned long>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >, WTF::HashTraits<unsigned long> >::end (this=0x16f98b8) at WebKit/Source/WTF/wtf/HashTable.h:341 #6 0x00007f1008f7278b in WTF::HashTable<unsigned long, std::pair<unsigned long, _Ewk_Web_Resource*>, WTF::PairFirstExtractor<std::pair<unsigned long, _Ewk_Web_Resource*> >, WTF::IntHash<unsigned long>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >, WTF::HashTraits<unsigned long> >::begin (this=0x16f98b8) at WebKit/Source/WTF/wtf/HashTable.h:340 #7 0x00007f1008f72145 in WTF::HashMap<unsigned long, _Ewk_Web_Resource*, WTF::IntHash<unsigned long>, WTF::HashTraits<unsigned long>, WTF::HashTraits<_Ewk_Web_Resource*> >::begin (this=0x16f98b8) at WebKit/Source/WTF/wtf/HashMap.h:268 #8 0x00007f1008f71397 in ewk_view_load_provisional_started (ewkView=0x16cc1d0) at WebKit/Source/WebKit2/UIProcess/API/efl/ewk_view.cpp:871 #9 0x00007f1008f7423f in didStartProvisionalLoadForFrame (page=0x16fbd60, frame=0x1727a20, userData=0x0, clientInfo=0x16cc1d0) at WebKit/Source/WebKit2/UIProcess/API/efl/ewk_view_loader_client.cpp:103 #10 0x00007f1008e5a043 in WebKit::WebLoaderClient::didStartProvisionalLoadForFrame (this=0x16fbd88, page=0x16fbd60, frame=0x1727a20, userData=0x0) at WebKit/Source/WebKit2/UIProcess/WebLoaderClient.cpp:48 #11 0x00007f1008e6924b in WebKit::WebPageProxy::didStartProvisionalLoadForFrame (this=0x16fbd60, frameID=1, url="http://www.google.com/", unreachableURL="(null)", arguments=0x7f0fa4000b30) at WebKit/Source/WebKit2/UIProcess/WebPageProxy.cpp:1923 #12 0x00007f1008f904eb in CoreIPC::callMemberFunction<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long, WTF::String const&, WTF::String const&, CoreIPC::ArgumentDecoder*), unsigned long, WTF::String, WTF::String> (args=..., argumentDecoder=0x7f0fa4000b30, object=0x16fbd60, function= (void (WebKit::WebPageProxy::*)(WebKit::WebPageProxy * const, unsigned long, const WTF::String &, const WTF::String &, CoreIPC::ArgumentDecoder *)) 0x7f1008e6903a <WebKit::WebPageProxy::didStartProvisionalLoadForFrame(unsigned long, WTF::String const&, WTF::String const&, CoreIPC::ArgumentDecoder*)>) at WebKit/Source/WebKit2/Platform/CoreIPC/HandleMessage.h:247 #13 0x00007f1008f8caf0 in CoreIPC::handleMessageVariadic<Messages::WebPageProxy::DidStartProvisionalLoadForFrame, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long, WTF::String const&, WTF::String const&, CoreIPC::ArgumentDecoder*)> (argumentDecoder=0x7f0fa4000b30, object=0x16fbd60, function= (void (WebKit::WebPageProxy::*)(WebKit::WebPageProxy * const, unsigned long, const WTF::String &, const WTF::String &, CoreIPC::ArgumentDecoder *)) 0x7f1008e6903a <WebKit::WebPageProxy::didStartProvisionalLoadForFrame(unsigned long, WTF::String const&, WTF::String const&, CoreIPC::ArgumentDecoder*)>) at WebKit/Source/WebKit2/Platform/CoreIPC/HandleMessage.h:332 #14 0x00007f1008f89c44 in WebKit::WebPageProxy::didReceiveWebPageProxyMessage (this=0x16fbd60, messageID=..., arguments=0x7f0fa4000b30) at WebKit/WebKitBuild/Debug/DerivedSources/WebKit2/WebPageProxyMessageReceiver.cpp:301 #15 0x00007f1008e6821b in WebKit::WebPageProxy::didReceiveMessage (this=0x16fbd60, connection=0x16d2ff0, messageID=..., arguments=0x7f0fa4000b30) at WebKit/Source/WebKit2/UIProcess/WebPageProxy.cpp:1771 #16 0x00007f1008e9f0ae in WebKit::WebProcessProxy::didReceiveMessage (this=0x16fb340, connection=0x16d2ff0, messageID=..., arguments=0x7f0fa4000b30) at WebKit/Source/WebKit2/UIProcess/WebProcessProxy.cpp:336 #17 0x00007f1008e2caff in WebKit::WebConnectionToWebProcess::didReceiveMessage (this=0x16fe6f0, connection=0x16d2ff0, messageID=..., arguments=0x7f0fa4000b30) at WebKit/Source/WebKit2/UIProcess/WebConnectionToWebProcess.cpp:92 #18 0x00007f1008dd83db in CoreIPC::Connection::dispatchMessage (this=0x16d2ff0, message=...) at WebKit/Source/WebKit2/Platform/CoreIPC/Connection.cpp:691 #19 0x00007f1008dd8579 in CoreIPC::Connection::dispatchOneMessage (this=0x16d2ff0) at WebKit/Source/WebKit2/Platform/CoreIPC/Connection.cpp:717 #20 0x00007f1008de246c in WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>::operator() (this=0x7f0fa4000c00, c=0x16d2ff0) at WebKit/Source/WTF/wtf/Functional.h:173 #21 0x00007f1008de2272 in WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void (CoreIPC::Connection*)>::operator()() (this=0x7f0fa4000bf0) at WebKit/Source/WTF/wtf/Functional.h:405 #22 0x00007f1008f329f2 in WTF::Function<void ()>::operator()() const (this=0x7fff602b8840) at WebKit/Source/WTF/wtf/Functional.h:613 #23 0x00007f1003ea578e in WebCore::RunLoop::performWork (this=0x16da100) at WebKit/Source/WebCore/platform/RunLoop.cpp:102 #24 0x00007f1004893dd7 in WebCore::RunLoop::wakeUpEvent (data=0x16da100) at WebKit/Source/WebCore/platform/efl/RunLoopEfl.cpp:100 #25 0x00007f1009364061 in _ecore_pipe_read (data=0x168b750, fd_handler=<optimized out>) at ecore_pipe.c:625 #26 0x00007f1009363131 in _ecore_call_fd_cb (data=<optimized out>, func=<optimized out>, fd_handler=0x168be50) at ecore_private.h:343 #27 _ecore_main_fd_handlers_call () at ecore_main.c:1562 #28 _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1809 #29 0x00007f1009363677 in ecore_main_loop_begin () at ecore_main.c:931 #30 0x0000000000401db3 in main (argc=1, argv=0x7fff602b8a88) at WebKit/Tools/MiniBrowser/efl/main.c:201
I cannot reproduce in release. I'll try a debug build.
This happens in debug mode only because CHECK_HASHTABLE_ITERATORS flag is turned on. For some reason, the m_mutex property of the WTF::HashTable is null, which seems impossible since it is properly initialized in the HashTable constructor. This happens when requesting the begin() iterator of an empty HashTable.
Created attachment 151912 [details] Patch Turns out this was caused by calloc() overwriting with zeros structure members that are not pointers (e.g. HashMap members). This patch removes usage of calloc() and uses the new operator instead since it is too bug prone when extending structures.
LGTM. Thanks for fixing the crash.
LGTM. The difference between calloc and new is basically that [c|m]alloc doesn't call the constructor.
Created attachment 151927 [details] Patch Use constructors instead of post initialization, as advised by Haraken.
Comment on attachment 151927 [details] Patch LGTM
Comment on attachment 151927 [details] Patch Clearing flags on attachment: 151927 Committed r122452: <http://trac.webkit.org/changeset/122452>
All reviewed patches have been landed. Closing bug.