<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - DocumentLoader::detachFromFrame() is being called with no current Frame set"
href="https://bugs.webkit.org/show_bug.cgi?id=146786">146786</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>DocumentLoader::detachFromFrame() is being called with no current Frame set
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>528+ (Nightly build)
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>Page Loading
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>beidson@apple.com
</td>
</tr></table>
<p>
<div>
<pre>DocumentLoader::detachFromFrame() is being called with no current Frame set
We're seeing the crashes in <rdar://problem/21293082>
Sample backtrace:
<span class="quote">> 1 com.apple.WebCore 0x7fff88ab2985 WebCore::DocumentLoader::detachFromFrame() + 0xa5</span >
2 com.apple.WebCore 0x7fff88bc77ae WebCore::FrameLoader::clearProvisionalLoad() + 0x1e
3 com.apple.WebCore 0x7fff88a810e9 WebCore::FrameLoader::checkLoadCompleteForThisFrame() + 0x499
4 com.apple.WebCore 0x7fff88a80b86 WebCore::FrameLoader::checkLoadComplete() + 0x136
5 com.apple.WebCore 0x7fff88bc6657 WebCore::FrameLoader::receivedMainResourceError(WebCore::ResourceError const&) + 0x247
6 com.apple.WebCore 0x7fff88ae73b9 WebCore::CachedResource::checkNotify() + 0x99
7 com.apple.WebCore 0x7fff88bc6137 WebCore::SubresourceLoader::didFail(WebCore::ResourceError const&) + 0x177
8 com.apple.WebCore 0x7fff88aca3a5 WebCore::DocumentLoader::continueAfterContentPolicy(WebCore::PolicyAction) + 0x2a5
9 com.apple.WebCore 0x7fff88aca0ec WebCore::PolicyCallback::call(WebCore::PolicyAction) + 0x1c
10 com.apple.WebCore 0x7fff88aca0a3 WebCore::PolicyChecker::continueAfterContentPolicy(WebCore::PolicyAction) + 0x183
11 com.apple.WebKit 0x7fff8b60657a WebKit::WebFrame::didReceivePolicyDecision(unsigned long long, WebCore::PolicyAction, unsigned long long, unsigned long long) + 0xc0
12 com.apple.WebKit 0x7fff8b6078b3 WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse(WebCore::ResourceResponse const&, WebCore::ResourceRequest const&, std::__1::function<void (WebCore::PolicyAction)>) + 0x2c3
13 com.apple.WebCore 0x7fff8956a1a6 WebCore::PolicyChecker::checkContentPolicy(WebCore::ResourceResponse const&, std::__1::function<void (WebCore::PolicyAction)>) + 0xe6
14 com.apple.WebCore 0x7fff88aa8b14 WebCore::DocumentLoader::responseReceived(WebCore::CachedResource*, WebCore::ResourceResponse const&) + 0x724
15 com.apple.WebCore 0x7fff88aa829d WebCore::CachedRawResource::responseReceived(WebCore::ResourceResponse const&) + 0xcd
16 com.apple.WebCore 0x7fff88aa8019 WebCore::SubresourceLoader::didReceiveResponse(WebCore::ResourceResponse const&) + 0x1b9
17 com.apple.WebKit 0x7fff8b6ab6c5 WebKit::WebResourceLoader::didReceiveResponse(WebCore::ResourceResponse const&, bool) + 0x41
Digging in deeper to the detachFromFrame() frame of the backtrace, the crash is dereferencing m_frame when calling InspectorInstrumentation::loaderDetachedFromFrame
The null frame case means that either:
1 - The DocumentLoader is being detached twice
2 - The DocumentLoader is being detached before ever being attached.
We can't quite figure out which.
The ASSERT(m_frame) at the top of this method is still valid - it is a mistake for this case to ever happen.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>