Bug 106718

Summary:

REGRESSION (r139218): Flaky assertion in WebCore::StorageTask::StorageTask releasing memory.

Product:

WebKit

Reporter:

Stephanie Lewis <slewis>

Component:

WebCore Misc.

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

koivisto, rniwa, slewis

Priority:

Version:

528+ (Nightly build)

Hardware:

Mac

OS:

Unspecified

Attachments:

Description	Flags
crash log	none
patch	kling: review+

Stephanie Lewis

Reported 2013-01-11 16:12:08 PST

Created attachment 182443 [details] crash log Seems to occur on random tests. Only seen on Lion WK2 Debug bot so far. http://build.webkit.org/results/Apple%20Lion%20Debug%20WK2%20(Tests)/r139493%20(6379)/results.html Probably caused by http://trac.webkit.org/projects/webkit/changeset/139218 ASSERTION FAILED: m_type == ImportOrigins || m_type == DeleteAllOrigins /Volumes/Data/slave/lion-debug/build/Source/WebCore/storage/StorageTask.cpp(58) : WebCore::StorageTask::StorageTask(WebCore::StorageTask::Type) 1 0x10dff2c73 WebCore::StorageTask::StorageTask(WebCore::StorageTask::Type) 2 0x10dff2bcb WebCore::StorageTask::StorageTask(WebCore::StorageTask::Type) 3 0x10dff3eb6 WebCore::StorageTask::createReleaseFastMallocFreeMemory() 4 0x10dff3881 WebCore::StorageThread::releaseFastMallocFreeMemoryInAllThreads() 5 0x10da85957 WebCore::MemoryPressureHandler::releaseMemory(bool) 6 0x10da85418 WebCore::MemoryPressureHandler::respondToMemoryPressure() 7 0x10da853c9 __block_global_0 8 0x7fff93514497 _dispatch_source_invoke 9 0x7fff9351113f _dispatch_queue_invoke 10 0x7fff935118bf _dispatch_main_queue_callback_4CF 11 0x7fff8f730e7c __CFRunLoopRun 12 0x7fff8f730486 CFRunLoopRunSpecific 13 0x7fff90a872bf RunCurrentEventLoopInMode 14 0x7fff90a8e56d ReceiveNextEventCommon 15 0x7fff90a8e3fa BlockUntilNextEventMatchingListInMode 16 0x7fff8e5a9779 _DPSNextEvent 17 0x7fff8e5a907d -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] 18 0x7fff8e5a59b9 -[NSApplication run] 19 0x10dee2c2c WebCore::RunLoop::run() 20 0x10a97c03f int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMainDelegate>(WebKit::CommandLine const&) 21 0x10a97bd05 WebKit::WebProcessMain(WebKit::CommandLine const&) 22 0x10a875049 _ZL10WebKitMainRKN6WebKit11CommandLineE 23 0x10a874f59 WebKitMain 24 0x10a5afd92 main 25 0x10a5afc74 start 26 0xc Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef VM Regions Near 0xbbadbeef: --> __TEXT 000000010a5af000-000000010a5b0000 [ 4K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Application Specific Information: objc[6054]: garbage collection is OFF CRASHING TEST: inspector/styles/styles-disable-then-change.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010dff2c82 WebCore::StorageTask::StorageTask(WebCore::StorageTask::Type) + 162 (StorageTask.cpp:58) 1 com.apple.WebCore 0x000000010dff2bcb WebCore::StorageTask::StorageTask(WebCore::StorageTask::Type) + 27 (StorageTask.cpp:59) 2 com.apple.WebCore 0x000000010dff3eb6 WebCore::StorageTask::createReleaseFastMallocFreeMemory() + 54 (StorageTask.h:52) 3 com.apple.WebCore 0x000000010dff3881 WebCore::StorageThread::releaseFastMallocFreeMemoryInAllThreads() + 113 (StorageThread.cpp:119) 4 com.apple.WebCore 0x000000010da85957 WebCore::MemoryPressureHandler::releaseMemory(bool) + 439 (MemoryPressureHandlerMac.mm:170) 5 com.apple.WebCore 0x000000010da85418 WebCore::MemoryPressureHandler::respondToMemoryPressure() + 72 (MemoryPressureHandlerMac.mm:139) 6 com.apple.WebCore 0x000000010da853c9 __block_global_0 + 25 (MemoryPressureHandlerMac.mm:76) 7 libdispatch.dylib 0x00007fff93514497 _dispatch_source_invoke + 649 8 libdispatch.dylib 0x00007fff9351113f _dispatch_queue_invoke + 71 9 libdispatch.dylib 0x00007fff935118bf _dispatch_main_queue_callback_4CF + 257 10 com.apple.CoreFoundation 0x00007fff8f730e7c __CFRunLoopRun + 1724 11 com.apple.CoreFoundation 0x00007fff8f730486 CFRunLoopRunSpecific + 230 12 com.apple.HIToolbox 0x00007fff90a872bf RunCurrentEventLoopInMode + 277 13 com.apple.HIToolbox 0x00007fff90a8e56d ReceiveNextEventCommon + 355 14 com.apple.HIToolbox 0x00007fff90a8e3fa BlockUntilNextEventMatchingListInMode + 62 15 com.apple.AppKit 0x00007fff8e5a9779 _DPSNextEvent + 659 16 com.apple.AppKit 0x00007fff8e5a907d -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135 17 com.apple.AppKit 0x00007fff8e5a59b9 -[NSApplication run] + 470 18 com.apple.WebCore 0x000000010dee2c2c WebCore::RunLoop::run() + 92 (RunLoopMac.mm:37) 19 com.apple.WebKit2 0x000000010a97c03f int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMainDelegate>(WebKit::CommandLine const&) + 815 (ChildProcessMain.h:106) 20 com.apple.WebKit2 0x000000010a97bd05 WebKit::WebProcessMain(WebKit::CommandLine const&) + 21 (WebProcessMainMac.mm:152) 21 com.apple.WebKit2 0x000000010a875049 _ZL10WebKitMainRKN6WebKit11CommandLineE + 201 (WebKitMain.cpp:56) 22 com.apple.WebKit2 0x000000010a874f59 WebKitMain + 153 (WebKitMain.cpp:86) 23 com.apple.WebProcess 0x000000010a5afd92 main + 274 24 com.apple.WebProcess 0x000000010a5afc74 start + 52

Attachments
crash log (53.96 KB, text/plain) 2013-01-11 16:12 PST, Stephanie Lewis	no flags	Details
patch (1.28 KB, patch) 2013-01-14 12:10 PST, Antti Koivisto	kling: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2013-01-11 16:52:50 PST

I can reproduce reliably with: run-webkit-tests --guard-malloc -v svg/zoom/page --repeat-each 20 (and that's WebKit1)

Antti Koivisto

Comment 2 2013-01-14 12:10:40 PST

Created attachment 182607 [details] patch

Antti Koivisto

Comment 3 2013-01-14 12:18:42 PST

http://trac.webkit.org/changeset/139638

Note You need to log in before you can comment on or make changes to this bug.