Bug 105986

Summary:

[Mac] Some tests intermittently asserts in SharedBuffer::releasePurgeableBuffer()

Product:

WebKit

Reporter:

Ryosuke Niwa <rniwa>

Component:

Page Loading

Assignee:

Simon Fraser (smfr) <simon.fraser>

Status:

RESOLVED FIXED

Severity:

Critical

CC:

ap, bdakin, beidson, dfarler, japhet, jberlin, kling, koivisto, krit, psolanki, simon.fraser, slewis, webkit-bug-importer, webkit.review.bot

Priority:

Keywords:

InRadar, Regression

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	beidson: review+, webkit.review.bot: commit-queue-

Description Ryosuke Niwa 2013-01-02 19:16:08 PST

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x0000000104064075 WebCore::SharedBuffer::releasePurgeableBuffer() + 101 (SharedBuffer.cpp:251)
1   com.apple.WebCore             	0x0000000103f552c6 WebCore::ResourceBuffer::releasePurgeableBuffer() + 54 (ResourceBuffer.cpp:119)
2   com.apple.WebCore             	0x0000000102b40ad3 WebCore::CachedResource::makePurgeable(bool) + 451 (CachedResource.cpp:827)
3   com.apple.WebCore             	0x0000000102b332cb WebCore::CachedImage::destroyDecodedData() + 283 (CachedImage.cpp:423)
4   com.apple.WebCore             	0x0000000103b389f9 WebCore::MemoryCache::pruneDeadResourcesToSize(unsigned int) + 713 (MemoryCache.cpp:321)
5   com.apple.WebCore             	0x0000000103b3871b WebCore::MemoryCache::pruneDeadResources() + 123 (MemoryCache.cpp:265)
6   com.apple.WebCore             	0x0000000103b38f92 WebCore::MemoryCache::prune() + 82 (MemoryCache.cpp:762)
7   com.apple.WebCore             	0x0000000102b3f6ee WebCore::CachedResource::removeClient(WebCore::CachedResourceClient*) + 606 (CachedResource.cpp:541)
8   com.apple.WebCore             	0x0000000104117db9 WebCore::StyleCachedImage::~StyleCachedImage() + 89 (StyleCachedImage.cpp:42)
9   com.apple.WebCore             	0x0000000104117d25 WebCore::StyleCachedImage::~StyleCachedImage() + 21 (StyleCachedImage.cpp:42)
10  com.apple.WebCore             	0x0000000104117cf9 WebCore::StyleCachedImage::~StyleCachedImage() + 25 (StyleCachedImage.cpp:40)
11  com.apple.WebCore             	0x0000000102a2b633 WTF::RefCounted<WebCore::StyleImage>::deref() + 83 (RefCounted.h:203)
12  com.apple.WebCore             	0x0000000102a2b5cb void WTF::derefIfNotNull<WebCore::StyleImage>(WebCore::StyleImage*) + 59 (PassRefPtr.h:54)
13  com.apple.WebCore             	0x0000000102a2b588 WTF::RefPtr<WebCore::StyleImage>::~RefPtr() + 24 (RefPtr.h:56)
14  com.apple.WebCore             	0x0000000102a2b565 WTF::RefPtr<WebCore::StyleImage>::~RefPtr() + 21 (RefPtr.h:56)
15  com.apple.WebCore             	0x0000000102cc13b7 WebCore::CSSImageValue::~CSSImageValue() + 55 (CSSImageValue.cpp:57)
16  com.apple.WebCore             	0x0000000102cc1375 WebCore::CSSImageValue::~CSSImageValue() + 21 (CSSImageValue.cpp:57)
17  com.apple.WebCore             	0x0000000102d6fa62 WebCore::CSSValue::destroy() + 818 (CSSValue.cpp:431)
18  com.apple.WebCore             	0x0000000102a81ad5 WebCore::CSSValue::deref() + 53 (CSSValue.h:56)
19  com.apple.WebCore             	0x0000000104126072 WebCore::ImmutableStylePropertySet::~ImmutableStylePropertySet() + 82 (StylePropertySet.cpp:106)
20  com.apple.WebCore             	0x0000000104126015 WebCore::ImmutableStylePropertySet::~ImmutableStylePropertySet() + 21 (StylePropertySet.cpp:108)
21  com.apple.WebCore             	0x0000000102a81f00 WebCore::StylePropertySet::deref() + 144 (StylePropertySet.h:274)
22  com.apple.WebCore             	0x0000000102a81e62 void WTF::derefIfNotNull<WebCore::StylePropertySet>(WebCore::StylePropertySet*) + 50 (PassRefPtr.h:54)
23  com.apple.WebCore             	0x0000000102a842d8 WTF::RefPtr<WebCore::StylePropertySet>::~RefPtr() + 24 (RefPtr.h:56)
24  com.apple.WebCore             	0x0000000102a7c7d5 WTF::RefPtr<WebCore::StylePropertySet>::~RefPtr() + 21 (RefPtr.h:56)
25  com.apple.WebCore             	0x000000010417e5a5 WebCore::StyleResolver::MatchedProperties::~MatchedProperties() + 21 (StyleResolver.h:322)
26  com.apple.WebCore             	0x000000010417e585 WebCore::StyleResolver::MatchedProperties::~MatchedProperties() + 21 (StyleResolver.h:322)
27  com.apple.WebCore             	0x000000010417e87f WTF::VectorDestructor<true, WebCore::StyleResolver::MatchedProperties>::destruct(WebCore::StyleResolver::MatchedProperties*, WebCore::StyleResolver::MatchedProperties*) + 47 (Vector.h:51)
28  com.apple.WebCore             	0x000000010417e83d WTF::VectorTypeOperations<WebCore::StyleResolver::MatchedProperties>::destruct(WebCore::StyleResolver::MatchedProperties*, WebCore::StyleResolver::MatchedProperties*) + 29 (Vector.h:215)
29  com.apple.WebCore             	0x000000010417e052 WTF::Vector<WebCore::StyleResolver::MatchedProperties, 0ul>::shrink(unsigned long) + 146 (Vector.h:875)
30  com.apple.WebCore             	0x000000010418e154 WTF::Vector<WebCore::StyleResolver::MatchedProperties, 0ul>::~Vector() + 52 (Vector.h:529)
31  com.apple.WebCore             	0x000000010418e115 WTF::Vector<WebCore::StyleResolver::MatchedProperties, 0ul>::~Vector() + 21 (Vector.h:529)
32  com.apple.WebCore             	0x000000010418e0f0 WebCore::StyleResolver::MatchedPropertiesCacheItem::~MatchedPropertiesCacheItem() + 64 (StyleResolver.h:452)
33  com.apple.WebCore             	0x000000010415fda5 WebCore::StyleResolver::MatchedPropertiesCacheItem::~MatchedPropertiesCacheItem() + 21 (StyleResolver.h:452)
34  com.apple.WebCore             	0x000000010417d17c WTF::KeyValuePair<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem>::~KeyValuePair() + 28 (HashTraits.h:190)
35  com.apple.WebCore             	0x000000010417d155 WTF::KeyValuePair<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem>::~KeyValuePair() + 21 (HashTraits.h:190)
36  com.apple.WebCore             	0x000000010417d11e WTF::HashTable<unsigned int, WTF::KeyValuePair<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem> >, WTF::IntHash<unsigned int>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned int>, WTF::HashTraits<WebCore::StyleResolver::MatchedPropertiesCacheItem> >, WTF::HashTraits<unsigned int> >::deallocateTable(WTF::KeyValuePair<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem>*, int) + 94 (HashTable.h:1087)
37  com.apple.WebCore             	0x000000010418f3b9 WTF::HashTable<unsigned int, WTF::KeyValuePair<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem> >, WTF::IntHash<unsigned int>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned int>, WTF::HashTraits<WebCore::StyleResolver::MatchedPropertiesCacheItem> >, WTF::HashTraits<unsigned int> >::~HashTable() + 57 (HashTable.h:371)
38  com.apple.WebCore             	0x000000010418f375 WTF::HashTable<unsigned int, WTF::KeyValuePair<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem> >, WTF::IntHash<unsigned int>, WTF::HashMapValueTraits<WTF::HashTraits<unsigned int>, WTF::HashTraits<WebCore::StyleResolver::MatchedPropertiesCacheItem> >, WTF::HashTraits<unsigned int> >::~HashTable() + 21 (HashTable.h:375)
39  com.apple.WebCore             	0x000000010418f355 WTF::HashMap<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem, WTF::IntHash<unsigned int>, WTF::HashTraits<unsigned int>, WTF::HashTraits<WebCore::StyleResolver::MatchedPropertiesCacheItem> >::~HashMap() + 21 (HashMap.h:43)
40  com.apple.WebCore             	0x000000010415d7f5 WTF::HashMap<unsigned int, WebCore::StyleResolver::MatchedPropertiesCacheItem, WTF::IntHash<unsigned int>, WTF::HashTraits<unsigned int>, WTF::HashTraits<WebCore::StyleResolver::MatchedPropertiesCacheItem> >::~HashMap() + 21 (HashMap.h:43)
41  com.apple.WebCore             	0x000000010414760b WebCore::StyleResolver::~StyleResolver() + 315 (StyleResolver.cpp:458)
42  com.apple.WebCore             	0x00000001041474c5 WebCore::StyleResolver::~StyleResolver() + 21 (StyleResolver.cpp:458)
43  com.apple.WebCore             	0x0000000102e3d58a void WTF::deleteOwnedPtr<WebCore::StyleResolver>(WebCore::StyleResolver*) + 42 (OwnPtrCommon.h:65)
44  com.apple.WebCore             	0x0000000102e144b7 WTF::OwnPtr<WebCore::StyleResolver>::clear() + 39 (OwnPtr.h:120)
45  com.apple.WebCore             	0x0000000102dfb91c WebCore::Document::clearStyleResolver() + 28 (Document.cpp:2017)
46  com.apple.WebCore             	0x0000000102dfafa6 WebCore::Document::~Document() + 1206 (Document.cpp:659)
47  com.apple.WebCore             	0x0000000103240145 WebCore::HTMLDocument::~HTMLDocument() + 149 (HTMLDocument.cpp:91)
48  com.apple.WebCore             	0x0000000103240015 WebCore::HTMLDocument::~HTMLDocument() + 21 (HTMLDocument.cpp:91)
49  com.apple.WebCore             	0x000000010323ffe9 WebCore::HTMLDocument::~HTMLDocument() + 25 (HTMLDocument.cpp:90)
50  com.apple.WebCore             	0x0000000102e127e2 WebCore::Document::guardDeref() + 194 (Document.h:251)
51  com.apple.WebCore             	0x0000000102dfbb76 WebCore::Document::removedLastRef() + 582 (Document.cpp:726)
52  com.apple.WebCore             	0x0000000103b92662 WebCore::Node::removedLastRef() + 50 (Node.cpp:2579)
53  com.apple.WebCore             	0x00000001029ecbef WebCore::TreeShared<WebCore::Node, WebCore::ContainerNode>::deref() + 479 (TreeShared.h:83)
54  com.apple.WebCore             	0x00000001036b0076 WebCore::JSNode::releaseImpl() + 38 (JSNode.h:69)
55  com.apple.WebCore             	0x00000001037d0c06 WebCore::JSNodeOwner::finalize(JSC::Handle<JSC::Unknown>, void*) + 102 (JSNodeCustom.cpp:142)
56  com.apple.JavaScriptCore      	0x0000000101de2984 JSC::WeakBlock::finalize(JSC::WeakImpl*) + 212 (WeakSetInlines.h:53)
57  com.apple.JavaScriptCore      	0x0000000101de229e JSC::WeakBlock::sweep() + 158 (WeakBlock.cpp:77)
58  com.apple.JavaScriptCore      	0x0000000101de2cd0 JSC::WeakSet::sweep() + 64 (WeakSet.cpp:46)
59  com.apple.JavaScriptCore      	0x0000000101cbcf78 JSC::MarkedBlock::sweep(JSC::MarkedBlock::SweepMode) + 40 (MarkedBlock.cpp:112)
60  com.apple.JavaScriptCore      	0x0000000101e17539 JSC::IncrementalSweeper::sweepNextBlock() + 137 (IncrementalSweeper.cpp:125)
61  com.apple.JavaScriptCore      	0x0000000101e17459 JSC::IncrementalSweeper::doSweep(double) + 73 (IncrementalSweeper.cpp:105)
62  com.apple.JavaScriptCore      	0x0000000101e17402 JSC::IncrementalSweeper::doWork() + 34 (IncrementalSweeper.cpp:98)
63  com.apple.JavaScriptCore      	0x0000000101e1fef5 JSC::HeapTimer::timerDidFire(__CFRunLoopTimer*, void*) + 165 (HeapTimer.cpp:98)
64  com.apple.CoreFoundation      	0x00007fff8df1cda4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
65  com.apple.CoreFoundation      	0x00007fff8df1c8bd __CFRunLoopDoTimer + 557
66  com.apple.CoreFoundation      	0x00007fff8df02099 __CFRunLoopRun + 1513
67  com.apple.CoreFoundation      	0x00007fff8df016b2 CFRunLoopRunSpecific + 290
68  com.apple.HIToolbox           	0x00007fff867b00a4 RunCurrentEventLoopInMode + 209
69  com.apple.HIToolbox           	0x00007fff867afe42 ReceiveNextEventCommon + 356
70  com.apple.HIToolbox           	0x00007fff867afcd3 BlockUntilNextEventMatchingListInMode + 62
71  com.apple.AppKit              	0x00007fff897ba613 _DPSNextEvent + 685
72  com.apple.AppKit              	0x00007fff897b9ed2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
73  com.apple.AppKit              	0x00007fff897b1283 -[NSApplication run] + 517
74  com.apple.WebCore             	0x0000000103f98bec WebCore::RunLoop::run() + 92 (RunLoopMac.mm:37)
75  com.apple.WebKit2             	0x000000010097d5b3 WebKit::WebProcessMain(WebKit::CommandLine const&) + 4451 (WebProcessMainMac.mm:187)
76  com.apple.WebKit2             	0x0000000100867fd9 WebKitMain(WebKit::CommandLine const&) + 201 (WebKitMain.cpp:58)
77  com.apple.WebKit2             	0x0000000100867ee9 WebKitMain + 153 (WebKitMain.cpp:88)
78  com.apple.WebProcess          	0x00000001005ecda2 main + 274
79  libdyld.dylib                 	0x00007fff8f4327e1 start + 1

Comment 1 Ryosuke Niwa 2013-01-02 19:16:37 PST

http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r138686%20(5395)/transitions/hang-with-bad-transition-list-crash-log.txt

http://test-results.appspot.com/dashboards/flakiness_dashboard.html#group=%40ToT%20-%20webkit.org&tests=svg%2Fdynamic-updates%2FSVGFEMorphologyElement-dom-in-attr.html

Comment 2 Ryosuke Niwa 2013-01-02 19:19:09 PST

Also see http://webkit.org/b/105987.

Comment 3 Ryosuke Niwa 2013-01-02 19:25:48 PST

Added a flaky crash expectation in http://trac.webkit.org/changeset/138694.

Comment 4 Ryosuke Niwa 2013-01-03 10:35:20 PST

*** Bug 105987 has been marked as a duplicate of this bug. ***

Comment 5 Ryosuke Niwa 2013-01-03 10:37:34 PST

This assertion also happens on following tests:
svg/dynamic-updates/SVGFEMorphologyElement-dom-in-attr.html
svg/dynamic-updates/SVGFEMorphologyElement-dom-radius-attr.html
transitions/interrupt-transform-transition.html

And they appear to affect random tests. We need to fix this crash ASAP. It's making all debug bots always red.

Comment 6 Ryosuke Niwa 2013-01-03 10:40:16 PST

Updated the test expectation in http://trac.webkit.org/changeset/138718 but this is really a losing battle as the assertion failure appears to affect random tests.

Comment 7 Ryosuke Niwa 2013-01-03 10:42:03 PST

Another crash in SharedBuffer code that might be related to this one:
http://build.webkit.org/results/Apple%20MountainLion%20Release%20WK2%20(Tests)/r138711%20(4424)/results.html

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x000000010d7d8354 WebCore::SharedBuffer::hasPlatformData() const + 4 (RetainPtr.h:101)
1   com.apple.WebCore             	0x000000010d7d74ee WebCore::SharedBuffer::size() const + 14 (SharedBuffer.cpp:118)
2   com.apple.WebCore             	0x000000010d7d8544 -[WebCoreSharedBufferData length] + 20 (SharedBufferMac.mm:84)
3   com.apple.Foundation          	0x00007fff88482e4d -[NSData(NSData) initWithData:] + 37
4   com.apple.AppKit              	0x00007fff8619cf74 -[NSRTFReader initWithRTF:] + 239
5   com.apple.AppKit              	0x00007fff85c59870 _NSReadAttributedStringFromURLOrData + 4932
6   com.apple.AppKit              	0x00007fff85c58493 -[NSAttributedString(NSAttributedStringKitAdditions) initWithData:options:documentAttributes:error:] + 112
7   com.apple.WebCore             	0x000000010d5d27fe WebCore::documentFragmentWithRTF(WebCore::Frame*, NSString*, WTF::String const&) + 622 (PasteboardMac.mm:410)
8   com.apple.WebCore             	0x000000010d5d0436 WebCore::Pasteboard::documentFragment(WebCore::Frame*, WTF::PassRefPtr<WebCore::Range>, bool, bool&) + 5606 (PassRefPtr.h:105)
9   com.apple.WebCore             	0x000000010cf7c61b WebCore::Editor::pasteWithPasteboard(WebCore::Pasteboard*, bool) + 187 (PassRefPtr.h:105)
10  com.apple.WebCore             	0x000000010cf6edfa WebCore::Editor::paste() + 154 (Editor.cpp:1031)
11  com.apple.WebCore             	0x000000010cf7a5b9 WebCore::executePaste(WebCore::Frame*, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) + 73 (EditorCommand.cpp:915)
12  com.apple.WebCore             	0x000000010cf77f24 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const + 196 (EditorCommand.cpp:1705)
13  com.apple.WebCore             	0x000000010ce5aad7 WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) + 103 (Document.cpp:4159)
14  com.apple.WebCore             	0x000000010d269b08 WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*) + 584 (JSValue.h:424)
15  ???                           	0x000027b369001045 0 + 43651514241093
16  com.apple.JavaScriptCore      	0x000000010c84b2b0 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 3840 (JSValueInlines.h:360)
17  com.apple.JavaScriptCore      	0x000000010c79a720 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 512 (Completion.cpp:75)
18  com.apple.WebCore             	0x000000010d790600 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) + 448 (JSMainThreadExecState.h:77)
19  com.apple.WebCore             	0x000000010d790789 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) + 41 (ScriptController.cpp:158)
20  com.apple.WebCore             	0x000000010d7997b3 WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 467 (ScriptValue.h:51)
21  com.apple.WebCore             	0x000000010d7984dc WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 1068 (ScriptSourceCode.h:44)
22  com.apple.WebCore             	0x000000010d0d078b WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) + 331 (ScriptElement.h:58)
23  com.apple.WebCore             	0x000000010d0d05f0 WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) + 48 (RefPtr.h:58)
24  com.apple.WebCore             	0x000000010d07d3f4 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 84 (PassRefPtr.h:68)
25  com.apple.WebCore             	0x000000010d07d478 WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) + 88 (HTMLDocumentParser.cpp:218)
26  com.apple.WebCore             	0x000000010d07d17c WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 284 (HTMLDocumentParser.cpp:254)
27  com.apple.WebCore             	0x000000010d07d7fd WebCore::HTMLDocumentParser::append(WebCore::SegmentedString const&) + 237 (HTMLDocumentParser.cpp:363)
28  com.apple.WebCore             	0x000000010ce3a757 WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter*) + 103 (SegmentedString.h:138)
29  com.apple.WebCore             	0x000000010ce7b9ee WebCore::DocumentWriter::end() + 46 (RefPtr.h:66)
30  com.apple.WebCore             	0x000000010ce6b133 WebCore::DocumentLoader::finishedLoading() + 147 (ResourceErrorBase.h:42)
31  com.apple.WebCore             	0x000000010d55602c WebCore::MainResourceLoader::didFinishLoading(double) + 316 (OwnPtr.h:65)
32  com.apple.WebCore             	0x000000010cd240ad WebCore::CachedResource::checkNotify() + 93 (CachedResource.cpp:336)
33  com.apple.WebCore             	0x000000010cd21ba6 WebCore::CachedRawResource::data(WTF::PassRefPtr<WebCore::ResourceBuffer>, bool) + 454 (PassRefPtr.h:68)
34  com.apple.WebCore             	0x000000010d86641f WebCore::SubresourceLoader::didFinishLoading(double) + 143 (PassRefPtr.h:68)
35  com.apple.Foundation          	0x00007fff88440f58 __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke_0 + 28
36  com.apple.Foundation          	0x00007fff88440e9c -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 227
37  com.apple.Foundation          	0x00007fff88440d98 -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] + 63
38  com.apple.CFNetwork           	0x00007fff8d772fd1 ___delegate_didFinishLoading_block_invoke_0 + 40
39  com.apple.CFNetwork           	0x00007fff8d765753 ___withDelegateAsync_block_invoke_0 + 90
40  com.apple.CFNetwork           	0x00007fff8d7f42ca __block_global_1 + 28
41  com.apple.CoreFoundation      	0x00007fff8d46d724 CFArrayApplyFunction + 68
42  com.apple.CFNetwork           	0x00007fff8d756a6c RunloopBlockContext::perform() + 126
43  com.apple.CFNetwork           	0x00007fff8d75694b MultiplexerSource::perform() + 221
44  com.apple.CoreFoundation      	0x00007fff8d44f101 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
45  com.apple.CoreFoundation      	0x00007fff8d44ea25 __CFRunLoopDoSources0 + 245
46  com.apple.CoreFoundation      	0x00007fff8d471dc5 __CFRunLoopRun + 789
47  com.apple.CoreFoundation      	0x00007fff8d4716b2 CFRunLoopRunSpecific + 290
48  com.apple.HIToolbox           	0x00007fff8c56e0a4 RunCurrentEventLoopInMode + 209
49  com.apple.HIToolbox           	0x00007fff8c56de42 ReceiveNextEventCommon + 356
50  com.apple.HIToolbox           	0x00007fff8c56dcd3 BlockUntilNextEventMatchingListInMode + 62
51  com.apple.AppKit              	0x00007fff85d25613 _DPSNextEvent + 685
52  com.apple.AppKit              	0x00007fff85d24ed2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
53  com.apple.AppKit              	0x00007fff85d1c283 -[NSApplication run] + 517
54  com.apple.WebCore             	0x000000010d786e93 WebCore::RunLoop::run() + 67 (RunLoopMac.mm:36)
55  com.apple.WebKit2             	0x000000010c288774 WebKit::WebProcessMain(WebKit::CommandLine const&) + 3485 (RefPtr.h:56)
56  com.apple.WebKit2             	0x000000010c22ba4c WebKitMain + 324 (WebKitMain.cpp:58)

Comment 8 Radar WebKit Bug Importer 2013-01-03 17:37:57 PST

<rdar://problem/12954768>

Comment 9 Brady Eidson 2013-01-03 18:33:04 PST

Any idea when this started?

Comment 10 Ryosuke Niwa 2013-01-03 18:34:27 PST

(In reply to comment #9)
> Any idea when this started?

It’s hard to tell because this is an intermittent failure.

Comment 11 Ryosuke Niwa 2013-01-04 10:27:18 PST

http://build.webkit.org/results/Apple%20MountainLion%20Release%20WK2%20(Tests)/r138800%20(4459)/results.html

Also has a crash in SharedBuffer::hasPlatformData(). Despite of the fact I only comment on this bug few times a day, this crash is recurring on bots extremely often and preventing us from making WebKit2 bots green.

Comment 12 Ryosuke Niwa 2013-01-04 16:48:41 PST

Another example:
http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK1%20(Tests)/r138819%20(4325)/results.html

Comment 13 Pratik Solanki 2013-01-11 17:10:04 PST

This may have been caused by my change in <http://trac.webkit.org/changeset/134987>. Looking.

Comment 14 Jessie Berlin 2013-02-04 10:25:49 PST

(In reply to comment #13)
> This may have been caused by my change in <http://trac.webkit.org/changeset/134987>. Looking.

Any update on this?

We are still seeing this intermittently (e.g: http://build.webkit.org/results/Apple%20Lion%20Debug%20WK2%20(Tests)/r141772%20(7103)/transitions/inherit-crash-log.txt)

Comment 15 Simon Fraser (smfr) 2013-03-16 12:24:34 PDT

This is the most common remaining cause of red bots. It affects lots of different tests so we can't just skip tests to avoid it.

Comment 16 Simon Fraser (smfr) 2013-03-16 17:52:45 PDT

Always hit on http://www.thewildernessdowntown.com for several different buffers.

Comment 17 Simon Fraser (smfr) 2013-03-16 18:48:19 PDT

These buffers seem to be always wrapped in WebCoreSharedBufferData:

* thread #1: tid = 0x2203, 0x0000000104dd21b8 WebCore`-[WebCoreSharedBufferData initWithSharedBuffer:] + 24 at SharedBufferMac.mm:76, stop reason = breakpoint 10.1
    frame #0: 0x0000000104dd21b8 WebCore`-[WebCoreSharedBufferData initWithSharedBuffer:] + 24 at SharedBufferMac.mm:76
    frame #1: 0x0000000104dd247e WebCore`WebCore::SharedBuffer::createCFData() + 158 at SharedBufferMac.mm:115
    frame #2: 0x000000010403c1bb WebCore`WebCore::ImageSource::setData(WebCore::SharedBuffer*, bool) + 75 at ImageSourceCG.cpp:148
    frame #3: 0x000000010371a156 WebCore`WebCore::BitmapImage::dataChanged(bool) + 374 at BitmapImage.cpp:256
    frame #4: 0x0000000104026fc5 WebCore`WebCore::Image::setData(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) + 165 at Image.cpp:81
    frame #5: 0x000000010374b237 WebCore`WebCore::CachedImage::data(WTF::PassRefPtr<WebCore::ResourceBuffer>, bool) + 263 at CachedImage.cpp:370
    frame #6: 0x0000000104f01d64 WebCore`WebCore::SubresourceLoader::sendDataToResource(char const*, int) + 340 at SubresourceLoader.cpp:267
    frame #7: 0x0000000104f0211f WebCore`WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::PassRefPtr<WebCore::SharedBuffer>, long long, WebCore::DataPayloadType) + 623 at SubresourceLoader.cpp:241
    frame #8: 0x0000000104f01e96 WebCore`WebCore::SubresourceLoader::didReceiveData(char const*, int, long long, WebCore::DataPayloadType) + 102 at SubresourceLoader.cpp:218
    frame #9: 0x000000010140c6bf WebKit2`WebKit::WebResourceLoader::didReceiveData(CoreIPC::DataReference const&, long long) + 223 at WebResourceLoader.cpp:93
    frame #10: 0x000000010140e272 WebKit2`void CoreIPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(CoreIPC::DataReference const&, long long), CoreIPC::DataReference, long long>(CoreIPC::Arguments2<CoreIPC::DataReference, long long> const&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(CoreIPC::DataReference const&, long long)) + 146 at HandleMessage.h:27

Comment 18 Simon Fraser (smfr) 2013-03-17 09:25:10 PDT

I marked some more tests as crashing in debug in r146009

Comment 19 Simon Fraser (smfr) 2013-03-17 10:16:11 PDT

Created attachment 193468 [details]
Patch

Comment 20 WebKit Review Bot 2013-03-18 10:31:03 PDT

Comment on attachment 193468 [details]
Patch

Rejecting attachment 193468 [details] from commit-queue.

Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=webkit-commit-queue.appspot.com', '--bot-id=gce-cq-02', 'land-attachment', '--force-clean', '--non-interactive', '--parent-command=commit-queue', 193468, '--port=chromium-xvfb']" exit_code: 2 cwd: /mnt/git/webkit-commit-queue

Last 500 characters of output:
WebKit/chromium/v8 --revision 13956 --non-interactive --force --accept theirs-conflict --ignore-externals' in '/mnt/git/webkit-commit-queue/Source/WebKit/chromium'
55>At revision 13956.

________ running '/usr/bin/python tools/clang/scripts/update.py --mac-only' in '/mnt/git/webkit-commit-queue/Source/WebKit/chromium'

________ running '/usr/bin/python gyp_webkit' in '/mnt/git/webkit-commit-queue/Source/WebKit/chromium'
Updating webkit projects from gyp files...
Total errors found: 0 in 0 files

Full output: http://webkit-commit-queue.appspot.com/results/17238171

Comment 21 Simon Fraser (smfr) 2013-03-18 10:37:24 PDT

https://trac.webkit.org/r146082