Bug 105986

Summary: [Mac] Some tests intermittently asserts in SharedBuffer::releasePurgeableBuffer()
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: Page LoadingAssignee: Simon Fraser (smfr) <simon.fraser>
Status: RESOLVED FIXED    
Severity: Critical CC: ap, bdakin, beidson, dfarler, japhet, jberlin, kling, koivisto, krit, psolanki, simon.fraser, slewis, webkit-bug-importer, webkit.review.bot
Priority: P1 Keywords: InRadar, Regression
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch beidson: review+, webkit.review.bot: commit-queue-

Ryosuke Niwa
Reported 2013-01-02 19:16:08 PST
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x0000000104064075 WebCore::SharedBuffer::releasePurgeableBuffer() + 101 (SharedBuffer.cpp:251) 1 com.apple.WebCore 0x0000000103f552c6 WebCore::ResourceBuffer::releasePurgeableBuffer() + 54 (ResourceBuffer.cpp:119) 2 com.apple.WebCore 0x0000000102b40ad3 WebCore::CachedResource::makePurgeable(bool) + 451 (CachedResource.cpp:827) 3 com.apple.WebCore 0x0000000102b332cb WebCore::CachedImage::destroyDecodedData() + 283 (CachedImage.cpp:423) 4 com.apple.WebCore 0x0000000103b389f9 WebCore::MemoryCache::pruneDeadResourcesToSize(unsigned int) + 713 (MemoryCache.cpp:321) 5 com.apple.WebCore 0x0000000103b3871b WebCore::MemoryCache::pruneDeadResources() + 123 (MemoryCache.cpp:265) 6 com.apple.WebCore 0x0000000103b38f92 WebCore::MemoryCache::prune() + 82 (MemoryCache.cpp:762) 7 com.apple.WebCore 0x0000000102b3f6ee WebCore::CachedResource::removeClient(WebCore::CachedResourceClient*) + 606 (CachedResource.cpp:541) 8 com.apple.WebCore 0x0000000104117db9 WebCore::StyleCachedImage::~StyleCachedImage() + 89 (StyleCachedImage.cpp:42) 9 com.apple.WebCore 0x0000000104117d25 WebCore::StyleCachedImage::~StyleCachedImage() + 21 (StyleCachedImage.cpp:42) 10 com.apple.WebCore 0x0000000104117cf9 WebCore::StyleCachedImage::~StyleCachedImage() + 25 (StyleCachedImage.cpp:40) 11 com.apple.WebCore 0x0000000102a2b633 WTF::RefCounted<WebCore::StyleImage>::deref() + 83 (RefCounted.h:203) 12 com.apple.WebCore 0x0000000102a2b5cb void WTF::derefIfNotNull<WebCore::StyleImage>(WebCore::StyleImage*) + 59 (PassRefPtr.h:54) 13 com.apple.WebCore 0x0000000102a2b588 WTF::RefPtr<WebCore::StyleImage>::~RefPtr() + 24 (RefPtr.h:56) 14 com.apple.WebCore 0x0000000102a2b565 WTF::RefPtr<WebCore::StyleImage>::~RefPtr() + 21 (RefPtr.h:56) 15 com.apple.WebCore 0x0000000102cc13b7 WebCore::CSSImageValue::~CSSImageValue() + 55 (CSSImageValue.cpp:57) 16 com.apple.WebCore 0x0000000102cc1375 WebCore::CSSImageValue::~CSSImageValue() + 21 (CSSImageValue.cpp:57) 17 com.apple.WebCore 0x0000000102d6fa62 WebCore::CSSValue::destroy() + 818 (CSSValue.cpp:431) 18 com.apple.WebCore 0x0000000102a81ad5 WebCore::CSSValue::deref() + 53 (CSSValue.h:56) 19 com.apple.WebCore 0x0000000104126072 WebCore::ImmutableStylePropertySet::~ImmutableStylePropertySet() + 82 (StylePropertySet.cpp:106) 20 com.apple.WebCore 0x0000000104126015 WebCore::ImmutableStylePropertySet::~ImmutableStylePropertySet() + 21 (StylePropertySet.cpp:108) 21 com.apple.WebCore 0x0000000102a81f00 WebCore::StylePropertySet::deref() + 144 (StylePropertySet.h:274) 22 com.apple.WebCore 0x0000000102a81e62 void WTF::derefIfNotNull<WebCore::StylePropertySet>(WebCore::StylePropertySet*) + 50 (PassRefPtr.h:54) 23 com.apple.WebCore 0x0000000102a842d8 WTF::RefPtr<WebCore::StylePropertySet>::~RefPtr() + 24 (RefPtr.h:56) 24 com.apple.WebCore 0x0000000102a7c7d5 WTF::RefPtr<WebCore::StylePropertySet>::~RefPtr() + 21 (RefPtr.h:56) 25 com.apple.WebCore 0x000000010417e5a5 WebCore::StyleResolver::MatchedProperties::~MatchedProperties() + 21 (StyleResolver.h:322) 26 com.apple.WebCore 0x000000010417e585 WebCore::StyleResolver::MatchedProperties::~MatchedProperties() + 21 (StyleResolver.h:322) 27 com.apple.WebCore 0x000000010417e87f WTF::VectorDestructor<true, WebCore::StyleResolver::MatchedProperties>::destruct(WebCore::StyleResolver::MatchedProperties*, WebCore::StyleResolver::MatchedProperties*) + 47 (Vector.h:51) 28 com.apple.WebCore 0x000000010417e83d WTF::VectorTypeOperations<WebCore::StyleResolver::MatchedProperties>::destruct(WebCore::StyleResolver::MatchedProperties*, WebCore::StyleResolver::MatchedProperties*) + 29 (Vector.h:215) 29 com.apple.WebCore 0x000000010417e052 WTF::Vector<WebCore::StyleResolver::MatchedProperties, 0ul>::shrink(unsigned long) + 146 (Vector.h:875) 30 com.apple.WebCore 0x000000010418e154 WTF::Vector<WebCore::StyleResolver::MatchedProperties, 0ul>::~Vector() + 52 (Vector.h:529) 31 com.apple.WebCore 0x000000010418e115 WTF::Vector<WebCore::StyleResolver::MatchedProperties, 0ul>::~Vector() + 21 (Vector.h:529) 32 com.apple.WebCore 0x000000010418e0f0 WebCore::StyleResolver::MatchedPropertiesCacheItem::~MatchedPropertiesCacheItem() + 64 (StyleResolver.h:452) 33 com.apple.WebCore 0x000000010415fda5 WebCore::StyleResolver::MatchedPropertiesCacheItem::~MatchedPropertiesCacheItem() + 21 (StyleResolver.h:452) 34 com.apple.WebCore 0x000000010417d17c WTF::KeyValuePair<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem>::~KeyValuePair() + 28 (HashTraits.h:190) 35 com.apple.WebCore 0x000000010417d155 WTF::KeyValuePair<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem>::~KeyValuePair() + 21 (HashTraits.h:190) 36 com.apple.WebCore 0x000000010417d11e WTF::HashTable<unsigned int, WTF::KeyValuePair<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem> >, WTF::IntHash<unsigned int>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned int>, WTF::HashTraits<WebCore::StyleResolver::MatchedPropertiesCacheItem> >, WTF::HashTraits<unsigned int> >::deallocateTable(WTF::KeyValuePair<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem>*, int) + 94 (HashTable.h:1087) 37 com.apple.WebCore 0x000000010418f3b9 WTF::HashTable<unsigned int, WTF::KeyValuePair<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem> >, WTF::IntHash<unsigned int>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned int>, WTF::HashTraits<WebCore::StyleResolver::MatchedPropertiesCacheItem> >, WTF::HashTraits<unsigned int> >::~HashTable() + 57 (HashTable.h:371) 38 com.apple.WebCore 0x000000010418f375 WTF::HashTable<unsigned int, WTF::KeyValuePair<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem> >, WTF::IntHash<unsigned int>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned int>, WTF::HashTraits<WebCore::StyleResolver::MatchedPropertiesCacheItem> >, WTF::HashTraits<unsigned int> >::~HashTable() + 21 (HashTable.h:375) 39 com.apple.WebCore 0x000000010418f355 WTF::HashMap<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem, WTF::IntHash<unsigned int>, WTF::HashTraits<unsigned int>, WTF::HashTraits<WebCore::StyleResolver::MatchedPropertiesCacheItem> >::~HashMap() + 21 (HashMap.h:43) 40 com.apple.WebCore 0x000000010415d7f5 WTF::HashMap<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem, WTF::IntHash<unsigned int>, WTF::HashTraits<unsigned int>, WTF::HashTraits<WebCore::StyleResolver::MatchedPropertiesCacheItem> >::~HashMap() + 21 (HashMap.h:43) 41 com.apple.WebCore 0x000000010414760b WebCore::StyleResolver::~StyleResolver() + 315 (StyleResolver.cpp:458) 42 com.apple.WebCore 0x00000001041474c5 WebCore::StyleResolver::~StyleResolver() + 21 (StyleResolver.cpp:458) 43 com.apple.WebCore 0x0000000102e3d58a void WTF::deleteOwnedPtr<WebCore::StyleResolver>(WebCore::StyleResolver*) + 42 (OwnPtrCommon.h:65) 44 com.apple.WebCore 0x0000000102e144b7 WTF::OwnPtr<WebCore::StyleResolver>::clear() + 39 (OwnPtr.h:120) 45 com.apple.WebCore 0x0000000102dfb91c WebCore::Document::clearStyleResolver() + 28 (Document.cpp:2017) 46 com.apple.WebCore 0x0000000102dfafa6 WebCore::Document::~Document() + 1206 (Document.cpp:659) 47 com.apple.WebCore 0x0000000103240145 WebCore::HTMLDocument::~HTMLDocument() + 149 (HTMLDocument.cpp:91) 48 com.apple.WebCore 0x0000000103240015 WebCore::HTMLDocument::~HTMLDocument() + 21 (HTMLDocument.cpp:91) 49 com.apple.WebCore 0x000000010323ffe9 WebCore::HTMLDocument::~HTMLDocument() + 25 (HTMLDocument.cpp:90) 50 com.apple.WebCore 0x0000000102e127e2 WebCore::Document::guardDeref() + 194 (Document.h:251) 51 com.apple.WebCore 0x0000000102dfbb76 WebCore::Document::removedLastRef() + 582 (Document.cpp:726) 52 com.apple.WebCore 0x0000000103b92662 WebCore::Node::removedLastRef() + 50 (Node.cpp:2579) 53 com.apple.WebCore 0x00000001029ecbef WebCore::TreeShared<WebCore::Node, WebCore::ContainerNode>::deref() + 479 (TreeShared.h:83) 54 com.apple.WebCore 0x00000001036b0076 WebCore::JSNode::releaseImpl() + 38 (JSNode.h:69) 55 com.apple.WebCore 0x00000001037d0c06 WebCore::JSNodeOwner::finalize(JSC::Handle<JSC::Unknown>, void*) + 102 (JSNodeCustom.cpp:142) 56 com.apple.JavaScriptCore 0x0000000101de2984 JSC::WeakBlock::finalize(JSC::WeakImpl*) + 212 (WeakSetInlines.h:53) 57 com.apple.JavaScriptCore 0x0000000101de229e JSC::WeakBlock::sweep() + 158 (WeakBlock.cpp:77) 58 com.apple.JavaScriptCore 0x0000000101de2cd0 JSC::WeakSet::sweep() + 64 (WeakSet.cpp:46) 59 com.apple.JavaScriptCore 0x0000000101cbcf78 JSC::MarkedBlock::sweep(JSC::MarkedBlock::SweepMode) + 40 (MarkedBlock.cpp:112) 60 com.apple.JavaScriptCore 0x0000000101e17539 JSC::IncrementalSweeper::sweepNextBlock() + 137 (IncrementalSweeper.cpp:125) 61 com.apple.JavaScriptCore 0x0000000101e17459 JSC::IncrementalSweeper::doSweep(double) + 73 (IncrementalSweeper.cpp:105) 62 com.apple.JavaScriptCore 0x0000000101e17402 JSC::IncrementalSweeper::doWork() + 34 (IncrementalSweeper.cpp:98) 63 com.apple.JavaScriptCore 0x0000000101e1fef5 JSC::HeapTimer::timerDidFire(__CFRunLoopTimer*, void*) + 165 (HeapTimer.cpp:98) 64 com.apple.CoreFoundation 0x00007fff8df1cda4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 65 com.apple.CoreFoundation 0x00007fff8df1c8bd __CFRunLoopDoTimer + 557 66 com.apple.CoreFoundation 0x00007fff8df02099 __CFRunLoopRun + 1513 67 com.apple.CoreFoundation 0x00007fff8df016b2 CFRunLoopRunSpecific + 290 68 com.apple.HIToolbox 0x00007fff867b00a4 RunCurrentEventLoopInMode + 209 69 com.apple.HIToolbox 0x00007fff867afe42 ReceiveNextEventCommon + 356 70 com.apple.HIToolbox 0x00007fff867afcd3 BlockUntilNextEventMatchingListInMode + 62 71 com.apple.AppKit 0x00007fff897ba613 _DPSNextEvent + 685 72 com.apple.AppKit 0x00007fff897b9ed2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 73 com.apple.AppKit 0x00007fff897b1283 -[NSApplication run] + 517 74 com.apple.WebCore 0x0000000103f98bec WebCore::RunLoop::run() + 92 (RunLoopMac.mm:37) 75 com.apple.WebKit2 0x000000010097d5b3 WebKit::WebProcessMain(WebKit::CommandLine const&) + 4451 (WebProcessMainMac.mm:187) 76 com.apple.WebKit2 0x0000000100867fd9 WebKitMain(WebKit::CommandLine const&) + 201 (WebKitMain.cpp:58) 77 com.apple.WebKit2 0x0000000100867ee9 WebKitMain + 153 (WebKitMain.cpp:88) 78 com.apple.WebProcess 0x00000001005ecda2 main + 274 79 libdyld.dylib 0x00007fff8f4327e1 start + 1
Attachments
Patch (4.32 KB, patch)
2013-03-17 10:16 PDT, Simon Fraser (smfr) 		beidson: review+
webkit.review.bot: commit-queue-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 2 2013-01-02 19:19:09 PST
Also see http://webkit.org/b/105987.
Ryosuke Niwa
Comment 3 2013-01-02 19:25:48 PST
Added a flaky crash expectation in http://trac.webkit.org/changeset/138694.
Ryosuke Niwa
Comment 4 2013-01-03 10:35:20 PST
*** Bug 105987 has been marked as a duplicate of this bug. ***
Ryosuke Niwa
Comment 5 2013-01-03 10:37:34 PST
This assertion also happens on following tests: svg/dynamic-updates/SVGFEMorphologyElement-dom-in-attr.html svg/dynamic-updates/SVGFEMorphologyElement-dom-radius-attr.html transitions/interrupt-transform-transition.html And they appear to affect random tests. We need to fix this crash ASAP. It's making all debug bots always red.
Ryosuke Niwa
Comment 6 2013-01-03 10:40:16 PST
Updated the test expectation in http://trac.webkit.org/changeset/138718 but this is really a losing battle as the assertion failure appears to affect random tests.
Ryosuke Niwa
Comment 7 2013-01-03 10:42:03 PST
Another crash in SharedBuffer code that might be related to this one: http://build.webkit.org/results/Apple%20MountainLion%20Release%20WK2%20(Tests)/r138711%20(4424)/results.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010d7d8354 WebCore::SharedBuffer::hasPlatformData() const + 4 (RetainPtr.h:101) 1 com.apple.WebCore 0x000000010d7d74ee WebCore::SharedBuffer::size() const + 14 (SharedBuffer.cpp:118) 2 com.apple.WebCore 0x000000010d7d8544 -[WebCoreSharedBufferData length] + 20 (SharedBufferMac.mm:84) 3 com.apple.Foundation 0x00007fff88482e4d -[NSData(NSData) initWithData:] + 37 4 com.apple.AppKit 0x00007fff8619cf74 -[NSRTFReader initWithRTF:] + 239 5 com.apple.AppKit 0x00007fff85c59870 _NSReadAttributedStringFromURLOrData + 4932 6 com.apple.AppKit 0x00007fff85c58493 -[NSAttributedString(NSAttributedStringKitAdditions) initWithData:options:documentAttributes:error:] + 112 7 com.apple.WebCore 0x000000010d5d27fe WebCore::documentFragmentWithRTF(WebCore::Frame*, NSString*, WTF::String const&) + 622 (PasteboardMac.mm:410) 8 com.apple.WebCore 0x000000010d5d0436 WebCore::Pasteboard::documentFragment(WebCore::Frame*, WTF::PassRefPtr<WebCore::Range>, bool, bool&) + 5606 (PassRefPtr.h:105) 9 com.apple.WebCore 0x000000010cf7c61b WebCore::Editor::pasteWithPasteboard(WebCore::Pasteboard*, bool) + 187 (PassRefPtr.h:105) 10 com.apple.WebCore 0x000000010cf6edfa WebCore::Editor::paste() + 154 (Editor.cpp:1031) 11 com.apple.WebCore 0x000000010cf7a5b9 WebCore::executePaste(WebCore::Frame*, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) + 73 (EditorCommand.cpp:915) 12 com.apple.WebCore 0x000000010cf77f24 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const + 196 (EditorCommand.cpp:1705) 13 com.apple.WebCore 0x000000010ce5aad7 WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) + 103 (Document.cpp:4159) 14 com.apple.WebCore 0x000000010d269b08 WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*) + 584 (JSValue.h:424) 15 ??? 0x000027b369001045 0 + 43651514241093 16 com.apple.JavaScriptCore 0x000000010c84b2b0 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 3840 (JSValueInlines.h:360) 17 com.apple.JavaScriptCore 0x000000010c79a720 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 512 (Completion.cpp:75) 18 com.apple.WebCore 0x000000010d790600 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) + 448 (JSMainThreadExecState.h:77) 19 com.apple.WebCore 0x000000010d790789 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) + 41 (ScriptController.cpp:158) 20 com.apple.WebCore 0x000000010d7997b3 WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 467 (ScriptValue.h:51) 21 com.apple.WebCore 0x000000010d7984dc WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 1068 (ScriptSourceCode.h:44) 22 com.apple.WebCore 0x000000010d0d078b WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) + 331 (ScriptElement.h:58) 23 com.apple.WebCore 0x000000010d0d05f0 WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) + 48 (RefPtr.h:58) 24 com.apple.WebCore 0x000000010d07d3f4 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 84 (PassRefPtr.h:68) 25 com.apple.WebCore 0x000000010d07d478 WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) + 88 (HTMLDocumentParser.cpp:218) 26 com.apple.WebCore 0x000000010d07d17c WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 284 (HTMLDocumentParser.cpp:254) 27 com.apple.WebCore 0x000000010d07d7fd WebCore::HTMLDocumentParser::append(WebCore::SegmentedString const&) + 237 (HTMLDocumentParser.cpp:363) 28 com.apple.WebCore 0x000000010ce3a757 WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter*) + 103 (SegmentedString.h:138) 29 com.apple.WebCore 0x000000010ce7b9ee WebCore::DocumentWriter::end() + 46 (RefPtr.h:66) 30 com.apple.WebCore 0x000000010ce6b133 WebCore::DocumentLoader::finishedLoading() + 147 (ResourceErrorBase.h:42) 31 com.apple.WebCore 0x000000010d55602c WebCore::MainResourceLoader::didFinishLoading(double) + 316 (OwnPtr.h:65) 32 com.apple.WebCore 0x000000010cd240ad WebCore::CachedResource::checkNotify() + 93 (CachedResource.cpp:336) 33 com.apple.WebCore 0x000000010cd21ba6 WebCore::CachedRawResource::data(WTF::PassRefPtr<WebCore::ResourceBuffer>, bool) + 454 (PassRefPtr.h:68) 34 com.apple.WebCore 0x000000010d86641f WebCore::SubresourceLoader::didFinishLoading(double) + 143 (PassRefPtr.h:68) 35 com.apple.Foundation 0x00007fff88440f58 __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke_0 + 28 36 com.apple.Foundation 0x00007fff88440e9c -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 227 37 com.apple.Foundation 0x00007fff88440d98 -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] + 63 38 com.apple.CFNetwork 0x00007fff8d772fd1 ___delegate_didFinishLoading_block_invoke_0 + 40 39 com.apple.CFNetwork 0x00007fff8d765753 ___withDelegateAsync_block_invoke_0 + 90 40 com.apple.CFNetwork 0x00007fff8d7f42ca __block_global_1 + 28 41 com.apple.CoreFoundation 0x00007fff8d46d724 CFArrayApplyFunction + 68 42 com.apple.CFNetwork 0x00007fff8d756a6c RunloopBlockContext::perform() + 126 43 com.apple.CFNetwork 0x00007fff8d75694b MultiplexerSource::perform() + 221 44 com.apple.CoreFoundation 0x00007fff8d44f101 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 45 com.apple.CoreFoundation 0x00007fff8d44ea25 __CFRunLoopDoSources0 + 245 46 com.apple.CoreFoundation 0x00007fff8d471dc5 __CFRunLoopRun + 789 47 com.apple.CoreFoundation 0x00007fff8d4716b2 CFRunLoopRunSpecific + 290 48 com.apple.HIToolbox 0x00007fff8c56e0a4 RunCurrentEventLoopInMode + 209 49 com.apple.HIToolbox 0x00007fff8c56de42 ReceiveNextEventCommon + 356 50 com.apple.HIToolbox 0x00007fff8c56dcd3 BlockUntilNextEventMatchingListInMode + 62 51 com.apple.AppKit 0x00007fff85d25613 _DPSNextEvent + 685 52 com.apple.AppKit 0x00007fff85d24ed2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 53 com.apple.AppKit 0x00007fff85d1c283 -[NSApplication run] + 517 54 com.apple.WebCore 0x000000010d786e93 WebCore::RunLoop::run() + 67 (RunLoopMac.mm:36) 55 com.apple.WebKit2 0x000000010c288774 WebKit::WebProcessMain(WebKit::CommandLine const&) + 3485 (RefPtr.h:56) 56 com.apple.WebKit2 0x000000010c22ba4c WebKitMain + 324 (WebKitMain.cpp:58)
Radar WebKit Bug Importer
Comment 8 2013-01-03 17:37:57 PST
<rdar://problem/12954768>
Brady Eidson
Comment 9 2013-01-03 18:33:04 PST
Any idea when this started?
Ryosuke Niwa
Comment 10 2013-01-03 18:34:27 PST
(In reply to comment #9) > Any idea when this started? It’s hard to tell because this is an intermittent failure.
Ryosuke Niwa
Comment 11 2013-01-04 10:27:18 PST
http://build.webkit.org/results/Apple%20MountainLion%20Release%20WK2%20(Tests)/r138800%20(4459)/results.html Also has a crash in SharedBuffer::hasPlatformData(). Despite of the fact I only comment on this bug few times a day, this crash is recurring on bots extremely often and preventing us from making WebKit2 bots green.
Pratik Solanki
Comment 13 2013-01-11 17:10:04 PST
This may have been caused by my change in <http://trac.webkit.org/changeset/134987>. Looking.
Jessie Berlin
Comment 14 2013-02-04 10:25:49 PST
(In reply to comment #13) > This may have been caused by my change in <http://trac.webkit.org/changeset/134987>. Looking. Any update on this? We are still seeing this intermittently (e.g: http://build.webkit.org/results/Apple%20Lion%20Debug%20WK2%20(Tests)/r141772%20(7103)/transitions/inherit-crash-log.txt)
Simon Fraser (smfr)
Comment 15 2013-03-16 12:24:34 PDT
This is the most common remaining cause of red bots. It affects lots of different tests so we can't just skip tests to avoid it.
Simon Fraser (smfr)
Comment 16 2013-03-16 17:52:45 PDT
Always hit on http://www.thewildernessdowntown.com for several different buffers.
Simon Fraser (smfr)
Comment 17 2013-03-16 18:48:19 PDT
These buffers seem to be always wrapped in WebCoreSharedBufferData: * thread #1: tid = 0x2203, 0x0000000104dd21b8 WebCore`-[WebCoreSharedBufferData initWithSharedBuffer:] + 24 at SharedBufferMac.mm:76, stop reason = breakpoint 10.1 frame #0: 0x0000000104dd21b8 WebCore`-[WebCoreSharedBufferData initWithSharedBuffer:] + 24 at SharedBufferMac.mm:76 frame #1: 0x0000000104dd247e WebCore`WebCore::SharedBuffer::createCFData() + 158 at SharedBufferMac.mm:115 frame #2: 0x000000010403c1bb WebCore`WebCore::ImageSource::setData(WebCore::SharedBuffer*, bool) + 75 at ImageSourceCG.cpp:148 frame #3: 0x000000010371a156 WebCore`WebCore::BitmapImage::dataChanged(bool) + 374 at BitmapImage.cpp:256 frame #4: 0x0000000104026fc5 WebCore`WebCore::Image::setData(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) + 165 at Image.cpp:81 frame #5: 0x000000010374b237 WebCore`WebCore::CachedImage::data(WTF::PassRefPtr<WebCore::ResourceBuffer>, bool) + 263 at CachedImage.cpp:370 frame #6: 0x0000000104f01d64 WebCore`WebCore::SubresourceLoader::sendDataToResource(char const*, int) + 340 at SubresourceLoader.cpp:267 frame #7: 0x0000000104f0211f WebCore`WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::PassRefPtr<WebCore::SharedBuffer>, long long, WebCore::DataPayloadType) + 623 at SubresourceLoader.cpp:241 frame #8: 0x0000000104f01e96 WebCore`WebCore::SubresourceLoader::didReceiveData(char const*, int, long long, WebCore::DataPayloadType) + 102 at SubresourceLoader.cpp:218 frame #9: 0x000000010140c6bf WebKit2`WebKit::WebResourceLoader::didReceiveData(CoreIPC::DataReference const&, long long) + 223 at WebResourceLoader.cpp:93 frame #10: 0x000000010140e272 WebKit2`void CoreIPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(CoreIPC::DataReference const&, long long), CoreIPC::DataReference, long long>(CoreIPC::Arguments2<CoreIPC::DataReference, long long> const&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(CoreIPC::DataReference const&, long long)) + 146 at HandleMessage.h:27
Simon Fraser (smfr)
Comment 18 2013-03-17 09:25:10 PDT
I marked some more tests as crashing in debug in r146009
Simon Fraser (smfr)
Comment 19 2013-03-17 10:16:11 PDT
Created attachment 193468 [details] Patch
WebKit Review Bot
Comment 20 2013-03-18 10:31:03 PDT
Comment on attachment 193468 [details] Patch Rejecting attachment 193468 [details] from commit-queue. Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=webkit-commit-queue.appspot.com', '--bot-id=gce-cq-02', 'land-attachment', '--force-clean', '--non-interactive', '--parent-command=commit-queue', 193468, '--port=chromium-xvfb']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue Last 500 characters of output: WebKit/chromium/v8 --revision 13956 --non-interactive --force --accept theirs-conflict --ignore-externals' in '/mnt/git/webkit-commit-queue/Source/WebKit/chromium' 55>At revision 13956. ________ running '/usr/bin/python tools/clang/scripts/update.py --mac-only' in '/mnt/git/webkit-commit-queue/Source/WebKit/chromium' ________ running '/usr/bin/python gyp_webkit' in '/mnt/git/webkit-commit-queue/Source/WebKit/chromium' Updating webkit projects from gyp files... Total errors found: 0 in 0 files Full output: http://webkit-commit-queue.appspot.com/results/17238171
Simon Fraser (smfr)
Comment 21 2013-03-18 10:37:24 PDT
https://trac.webkit.org/r146082
Note You need to log in before you can comment on or make changes to this bug.