Bug 106718 - REGRESSION (r139218): Flaky assertion in WebCore::StorageTask::StorageTask releasing memory.
Summary: REGRESSION (r139218): Flaky assertion in WebCore::StorageTask::StorageTask re...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-11 16:12 PST by Stephanie Lewis
Modified: 2013-01-14 12:18 PST (History)
3 users (show)

See Also:


Attachments
crash log (53.96 KB, text/plain)
2013-01-11 16:12 PST, Stephanie Lewis
no flags Details
patch (1.28 KB, patch)
2013-01-14 12:10 PST, Antti Koivisto
kling: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Stephanie Lewis 2013-01-11 16:12:08 PST
Created attachment 182443 [details]
crash log

Seems to occur on random tests.  Only seen on Lion WK2 Debug bot so far.
http://build.webkit.org/results/Apple%20Lion%20Debug%20WK2%20(Tests)/r139493%20(6379)/results.html

Probably caused by http://trac.webkit.org/projects/webkit/changeset/139218

ASSERTION FAILED: m_type == ImportOrigins || m_type == DeleteAllOrigins
/Volumes/Data/slave/lion-debug/build/Source/WebCore/storage/StorageTask.cpp(58) : WebCore::StorageTask::StorageTask(WebCore::StorageTask::Type)
1   0x10dff2c73 WebCore::StorageTask::StorageTask(WebCore::StorageTask::Type)
2   0x10dff2bcb WebCore::StorageTask::StorageTask(WebCore::StorageTask::Type)
3   0x10dff3eb6 WebCore::StorageTask::createReleaseFastMallocFreeMemory()
4   0x10dff3881 WebCore::StorageThread::releaseFastMallocFreeMemoryInAllThreads()
5   0x10da85957 WebCore::MemoryPressureHandler::releaseMemory(bool)
6   0x10da85418 WebCore::MemoryPressureHandler::respondToMemoryPressure()
7   0x10da853c9 __block_global_0
8   0x7fff93514497 _dispatch_source_invoke
9   0x7fff9351113f _dispatch_queue_invoke
10  0x7fff935118bf _dispatch_main_queue_callback_4CF
11  0x7fff8f730e7c __CFRunLoopRun
12  0x7fff8f730486 CFRunLoopRunSpecific
13  0x7fff90a872bf RunCurrentEventLoopInMode
14  0x7fff90a8e56d ReceiveNextEventCommon
15  0x7fff90a8e3fa BlockUntilNextEventMatchingListInMode
16  0x7fff8e5a9779 _DPSNextEvent
17  0x7fff8e5a907d -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
18  0x7fff8e5a59b9 -[NSApplication run]
19  0x10dee2c2c WebCore::RunLoop::run()
20  0x10a97c03f int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMainDelegate>(WebKit::CommandLine const&)
21  0x10a97bd05 WebKit::WebProcessMain(WebKit::CommandLine const&)
22  0x10a875049 _ZL10WebKitMainRKN6WebKit11CommandLineE
23  0x10a874f59 WebKitMain
24  0x10a5afd92 main
25  0x10a5afc74 start
26  0xc


Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef

VM Regions Near 0xbbadbeef:
--> 
    __TEXT                 000000010a5af000-000000010a5b0000 [    4K] r-x/rwx SM=COW  /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess

Application Specific Information:
objc[6054]: garbage collection is OFF
CRASHING TEST: inspector/styles/styles-disable-then-change.html

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x000000010dff2c82 WebCore::StorageTask::StorageTask(WebCore::StorageTask::Type) + 162 (StorageTask.cpp:58)
1   com.apple.WebCore             	0x000000010dff2bcb WebCore::StorageTask::StorageTask(WebCore::StorageTask::Type) + 27 (StorageTask.cpp:59)
2   com.apple.WebCore             	0x000000010dff3eb6 WebCore::StorageTask::createReleaseFastMallocFreeMemory() + 54 (StorageTask.h:52)
3   com.apple.WebCore             	0x000000010dff3881 WebCore::StorageThread::releaseFastMallocFreeMemoryInAllThreads() + 113 (StorageThread.cpp:119)
4   com.apple.WebCore             	0x000000010da85957 WebCore::MemoryPressureHandler::releaseMemory(bool) + 439 (MemoryPressureHandlerMac.mm:170)
5   com.apple.WebCore             	0x000000010da85418 WebCore::MemoryPressureHandler::respondToMemoryPressure() + 72 (MemoryPressureHandlerMac.mm:139)
6   com.apple.WebCore             	0x000000010da853c9 __block_global_0 + 25 (MemoryPressureHandlerMac.mm:76)
7   libdispatch.dylib             	0x00007fff93514497 _dispatch_source_invoke + 649
8   libdispatch.dylib             	0x00007fff9351113f _dispatch_queue_invoke + 71
9   libdispatch.dylib             	0x00007fff935118bf _dispatch_main_queue_callback_4CF + 257
10  com.apple.CoreFoundation      	0x00007fff8f730e7c __CFRunLoopRun + 1724
11  com.apple.CoreFoundation      	0x00007fff8f730486 CFRunLoopRunSpecific + 230
12  com.apple.HIToolbox           	0x00007fff90a872bf RunCurrentEventLoopInMode + 277
13  com.apple.HIToolbox           	0x00007fff90a8e56d ReceiveNextEventCommon + 355
14  com.apple.HIToolbox           	0x00007fff90a8e3fa BlockUntilNextEventMatchingListInMode + 62
15  com.apple.AppKit              	0x00007fff8e5a9779 _DPSNextEvent + 659
16  com.apple.AppKit              	0x00007fff8e5a907d -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135
17  com.apple.AppKit              	0x00007fff8e5a59b9 -[NSApplication run] + 470
18  com.apple.WebCore             	0x000000010dee2c2c WebCore::RunLoop::run() + 92 (RunLoopMac.mm:37)
19  com.apple.WebKit2             	0x000000010a97c03f int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMainDelegate>(WebKit::CommandLine const&) + 815 (ChildProcessMain.h:106)
20  com.apple.WebKit2             	0x000000010a97bd05 WebKit::WebProcessMain(WebKit::CommandLine const&) + 21 (WebProcessMainMac.mm:152)
21  com.apple.WebKit2             	0x000000010a875049 _ZL10WebKitMainRKN6WebKit11CommandLineE + 201 (WebKitMain.cpp:56)
22  com.apple.WebKit2             	0x000000010a874f59 WebKitMain + 153 (WebKitMain.cpp:86)
23  com.apple.WebProcess          	0x000000010a5afd92 main + 274
24  com.apple.WebProcess          	0x000000010a5afc74 start + 52
Comment 1 Alexey Proskuryakov 2013-01-11 16:52:50 PST
I can reproduce reliably with:

run-webkit-tests --guard-malloc -v svg/zoom/page --repeat-each 20

(and that's WebKit1)
Comment 2 Antti Koivisto 2013-01-14 12:10:40 PST
Created attachment 182607 [details]
patch
Comment 3 Antti Koivisto 2013-01-14 12:18:42 PST
http://trac.webkit.org/changeset/139638