[Webkit-unassigned] [Bug 119781] New: [WK2] Assertion failure in WebCore::Page::checkSubframeCountConsistency when going back

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Aug 13 19:40:59 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=119781

           Summary: [WK2] Assertion failure in
                    WebCore::Page::checkSubframeCountConsistency when
                    going back
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: History
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: changseok.oh at collabora.com


I faced this assertion failure when going back to a page which has multiple frames.

The backtrace is ...
Program received signal SIGSEGV, Segmentation fault.
0x00007ff42b9e9ee5 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:342
342        *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ff42b9e9ee5 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:342
#1  0x00007ff42d7757f2 in WebCore::Page::checkSubframeCountConsistency (
    this=0x1afc210) at ../../Source/WebCore/page/Page.cpp:1255
#2  0x00007ff42d3c9d02 in WebCore::Page::subframeCount (this=0x1afc210)
    at ../../Source/WebCore/page/Page.h:185
#3  0x00007ff42d74e152 in WebCore::Frame::isURLAllowed (this=0x3445710, url=...)
    at ../../Source/WebCore/page/Frame.cpp:1022
#4  0x00007ff42d489639 in WebCore::HTMLPlugInImageElement::allowedToLoadFrameURL (
    this=0x374a410, url=...)
    at ../../Source/WebCore/html/HTMLPlugInImageElement.cpp:177
#5  0x00007ff42d44e09e in WebCore::HTMLEmbedElement::updateWidget (this=0x374a410, 
    pluginCreationOption=WebCore::CreateOnlyNonNetscapePlugins)
    at ../../Source/WebCore/html/HTMLEmbedElement.cpp:137
#6  0x00007ff42d489d03 in WebCore::HTMLPlugInImageElement::updateWidgetIfNecessary (
    this=0x374a410) at ../../Source/WebCore/html/HTMLPlugInImageElement.cpp:274
#7  0x00007ff42d489fc5 in WebCore::HTMLPlugInImageElement::updateWidgetCallback (n=
    0x374a410) at ../../Source/WebCore/html/HTMLPlugInImageElement.cpp:331
#8  0x00007ff42d207b2a in WebCore::ContainerNode::dispatchPostAttachCallbacks ()
    at ../../Source/WebCore/dom/ContainerNode.cpp:772
#9  0x00007ff42d207981 in WebCore::ContainerNode::resumePostAttachCallbacks (
    this=0x3748570) at ../../Source/WebCore/dom/ContainerNode.cpp:739
#10 0x00007ff42d229d79 in WebCore::PostAttachCallbackDisabler::~PostAttachCallbackDisabler (this=0x7fffaa656620, __in_chrg=<optimized out>)
    at ../../Source/WebCore/dom/ContainerNode.h:345
#11 0x00007ff42d489bac in WebCore::HTMLPlugInImageElement::attach (this=0x3748570, 
    context=...) at ../../Source/WebCore/html/HTMLPlugInImageElement.cpp:250
#12 0x00007ff42d2ff799 in WebCore::Node::reattach (this=0x3748570, context=...)
    at ../../Source/WebCore/dom/Node.h:811
#13 0x00007ff42da295d7 in WebCore::Style::resolveLocal (current=0x3748570, 
    inheritedChange=WebCore::Style::Force)
    at ../../Source/WebCore/style/StyleResolveTree.cpp:152
#14 0x00007ff42da29b4b in WebCore::Style::resolveTree (current=0x3748570, 
    change=WebCore::Style::Force)
    at ../../Source/WebCore/style/StyleResolveTree.cpp:236
#15 0x00007ff42d489f09 in WebCore::HTMLPlugInImageElement::documentDidResumeFromPageCache (this=0x3748570) at ../../Source/WebCore/html/HTMLPlugInImageElement.cpp:316
#16 0x00007ff42d2222b0 in WebCore::Document::documentDidResumeFromPageCache (
    this=0x2be2f90) at ../../Source/WebCore/dom/Document.cpp:4023
#17 0x00007ff42d3c7d18 in WebCore::CachedFrameBase::restore (this=0x32ea688)
    at ../../Source/WebCore/history/CachedFrame.cpp:149
#18 0x00007ff42d6888b3 in WebCore::FrameLoader::open (this=0x3445790, cachedFrame=...)
    at ../../Source/WebCore/loader/FrameLoader.cpp:2023
---Type <return> to continue, or q <return> to quit---
#19 0x00007ff42d3c82b8 in WebCore::CachedFrame::open (this=0x32ea680)
    at ../../Source/WebCore/history/CachedFrame.cpp:220
#20 0x00007ff42d3c7c1c in WebCore::CachedFrameBase::restore (this=0x21da638)
    at ../../Source/WebCore/history/CachedFrame.cpp:134
#21 0x00007ff42d6888b3 in WebCore::FrameLoader::open (this=0x1a39d20, cachedFrame=...)
    at ../../Source/WebCore/loader/FrameLoader.cpp:2023
#22 0x00007ff42d3c82b8 in WebCore::CachedFrame::open (this=0x21da630)
    at ../../Source/WebCore/history/CachedFrame.cpp:220
#23 0x00007ff42d3c9a75 in WebCore::CachedPage::restore (this=0x2ea4d40, 
    page=0x1afc210) at ../../Source/WebCore/history/CachedPage.cpp:83
#24 0x00007ff42d687623 in WebCore::FrameLoader::commitProvisionalLoad (this=0x1a39d20)
    at ../../Source/WebCore/loader/FrameLoader.cpp:1742
#25 0x00007ff42d68d0ba in WebCore::FrameLoader::loadProvisionalItemFromCachedPage (
    this=0x1a39d20) at ../../Source/WebCore/loader/FrameLoader.cpp:3040
#26 0x00007ff42d68bfdf in WebCore::FrameLoader::continueLoadAfterNavigationPolicy (
    this=0x1a39d20, formState=..., shouldContinue=true)
    at ../../Source/WebCore/loader/FrameLoader.cpp:2882
#27 0x00007ff42d68b575 in WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy
    (argument=0x1a39d20, request=..., formState=..., shouldContinue=true)
    at ../../Source/WebCore/loader/FrameLoader.cpp:2718
#28 0x00007ff42d6b8029 in WebCore::PolicyCallback::call (this=0x7fffaa657010, 
    shouldContinue=true) at ../../Source/WebCore/loader/PolicyCallback.cpp:103
#29 0x00007ff42d6b8f98 in WebCore::PolicyChecker::continueAfterNavigationPolicy (
    this=0x1a39fa0, policy=WebCore::PolicyUse)
    at ../../Source/WebCore/loader/PolicyChecker.cpp:180
#30 0x00007ff42cecbc6a in WebKit::WebFrame::didReceivePolicyDecision (this=0x19f7230, 
    listenerID=48, action=WebCore::PolicyUse, downloadID=0)
    at ../../Source/WebKit2/WebProcess/WebPage/WebFrame.cpp:234
#31 0x00007ff42cea321d in WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction (this=0x19f7268, function=
    (void (WebCore::PolicyChecker::*)(WebCore::PolicyChecker * const, WebCore::PolicyAction)) 0x7ff42d6b8d2e <WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction)>, navigationAction=..., request=..., formState=...)
    at ../../Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:708
#32 0x00007ff42d6b8951 in WebCore::PolicyChecker::checkNavigationPolicy (
    this=0x1a39fa0, request=..., loader=0x3111780, formState=..., 
    function=0x7ff42d68b526 <WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>, argument=0x1a39d20) at ../../Source/WebCore/loader/PolicyChecker.cpp:99
#33 0x00007ff42d685d40 in WebCore::FrameLoader::loadWithDocumentLoader (
    this=0x1a39d20, loader=0x3111780, type=WebCore::FrameLoadTypeBack, 
    prpFormState=...) at ../../Source/WebCore/loader/FrameLoader.cpp:1422
---Type <return> to continue, or q <return> to quit---
#34 0x00007ff42d68d699 in WebCore::FrameLoader::loadDifferentDocumentItem (
    this=0x1a39d20, item=0x1c58a50, loadType=WebCore::FrameLoadTypeBack, 
    cacheLoadPolicy=WebCore::FrameLoader::MayAttemptCacheOnlyLoadForFormSubmissionItem) at ../../Source/WebCore/loader/FrameLoader.cpp:3135
#35 0x00007ff42d68dd17 in WebCore::FrameLoader::loadItem (this=0x1a39d20, 
    item=0x1c58a50, loadType=WebCore::FrameLoadTypeBack)
    at ../../Source/WebCore/loader/FrameLoader.cpp:3223
#36 0x00007ff42d696f10 in WebCore::HistoryController::recursiveGoToItem (
    this=0x1a3a240, item=0x1c58a50, fromItem=0x36dc950, 
    type=WebCore::FrameLoadTypeBack)
    at ../../Source/WebCore/loader/HistoryController.cpp:765
#37 0x00007ff42d694fb2 in WebCore::HistoryController::goToItem (this=0x1a3a240, 
    targetItem=0x1c58a50, type=WebCore::FrameLoadTypeBack)
    at ../../Source/WebCore/loader/HistoryController.cpp:306
#38 0x00007ff42d77245a in WebCore::Page::goToItem (this=0x1afc210, item=0x1c58a50, 
    type=WebCore::FrameLoadTypeBack) at ../../Source/WebCore/page/Page.cpp:432
#39 0x00007ff42ced5db9 in WebKit::WebPage::goBack (this=0x1afbb60, 
    backForwardItemID=3) at ../../Source/WebKit2/WebProcess/WebPage/WebPage.cpp:1036
#40 0x00007ff42cf3b903 in CoreIPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long), unsigned long> (args=..., object=0x1afbb60, function=
    (void (WebKit::WebPage::*)(WebKit::WebPage * const, unsigned long)) 0x7ff42ced5d28 <WebKit::WebPage::goBack(unsigned long)>)
    at ../../Source/WebKit2/Platform/CoreIPC/HandleMessage.h:21
#41 0x00007ff42cf38905 in CoreIPC::handleMessage<Messages::WebPage::GoBack, WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long)> (decoder=..., object=0x1afbb60, 
    function=
    (void (WebKit::WebPage::*)(WebKit::WebPage * const, unsigned long)) 0x7ff42ced5d28 <WebKit::WebPage::goBack(unsigned long)>)
    at ../../Source/WebKit2/Platform/CoreIPC/HandleMessage.h:376
#42 0x00007ff42cf335be in WebKit::WebPage::didReceiveWebPageMessage (this=0x1afbb60, 
    decoder=...) at DerivedSources/WebKit2/WebPageMessageReceiver.cpp:172
#43 0x00007ff42cedcaca in WebKit::WebPage::didReceiveMessage (this=0x1afbb60, 
    connection=0x19934c0, decoder=...)
    at ../../Source/WebKit2/WebProcess/WebPage/WebPage.cpp:3179

#44 0x00007ff42e43450e in CoreIPC::MessageReceiverMap::dispatchMessage (
    this=0x19c3df0, connection=0x19934c0, decoder=...)
    at ../../Source/WebKit2/Platform/CoreIPC/MessageReceiverMap.cpp:86
#45 0x00007ff42cef376d in WebKit::WebProcess::didReceiveMessage (this=0x19c3d90, 
    connection=0x19934c0, decoder=...)
    at ../../Source/WebKit2/WebProcess/WebProcess.cpp:638
#46 0x00007ff42e423ea4 in CoreIPC::Connection::dispatchMessage (this=0x19934c0, 
    decoder=...) at ../../Source/WebKit2/Platform/CoreIPC/Connection.cpp:793
---Type <return> to continue, or q <return> to quit---
#47 0x00007ff42e423f84 in CoreIPC::Connection::dispatchMessage (this=0x19934c0, 
    incomingMessage=...) at ../../Source/WebKit2/Platform/CoreIPC/Connection.cpp:816
#48 0x00007ff42e424195 in CoreIPC::Connection::dispatchOneMessage (this=0x19934c0)
    at ../../Source/WebKit2/Platform/CoreIPC/Connection.cpp:842
#49 0x00007ff42e43391f in WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>::operator() (this=0x7ff3d0001f90, c=0x19934c0) at ../../Source/WTF/wtf/Functional.h:218
#50 0x00007ff42e4334a4 in WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void (CoreIPC::Connection*)>::operator()() (this=0x7ff3d0001f80)
    at ../../Source/WTF/wtf/Functional.h:496
#51 0x00007ff42ceb4aed in WTF::Function<void ()>::operator()() const (
    this=0x7fffaa658830) at ../../Source/WTF/wtf/Functional.h:704
#52 0x00007ff42e2f924f in WebCore::RunLoop::performWork (this=0x19c3c10)
    at ../../Source/WebCore/platform/RunLoop.cpp:104
#53 0x00007ff42e3198cc in WebCore::RunLoop::queueWork (runLoop=0x19c3c10)
    at ../../Source/WebCore/platform/gtk/RunLoopGtk.cpp:104
#54 0x00007ff426483fd5 in g_main_dispatch (context=0x19538c0) at gmain.c:3058
#55 g_main_context_dispatch (context=context at entry=0x19538c0) at gmain.c:3634
#56 0x00007ff426484318 in g_main_context_iterate (context=0x19538c0, 
    block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>)
    at gmain.c:3705
#57 0x00007ff42648478a in g_main_loop_run (loop=0x19c3c90) at gmain.c:3899
#58 0x00007ff42e319692 in WebCore::RunLoop::run ()
    at ../../Source/WebCore/platform/gtk/RunLoopGtk.cpp:61
#59 0x00007ff42ce11d64 in WebKit::WebProcessMainGtk (argc=2, argv=0x7fffaa658b58)
    at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:78
#60 0x000000000040080c in main (argc=2, argv=0x7fffaa658b58)
    at ../../Source/WebKit2/gtk/MainGtk.cpp:31

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list