svg/zoom/page/zoom-img-preserveAspectRatio-support-1.html started to flakily crash yesterday, first time in r164807. <http://trac.webkit.org/r164804> looks like an obvious culprit. http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r164860%20(16318)/svg/zoom/page/zoom-img-preserveAspectRatio-support-1-crash-log.txt Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000001074e06cc WTF::RefPtr<WebCore::Frame>::operator*() const + 12 (RefPtr.h:63) 1 com.apple.WebCore 0x00000001074af15c WebCore::FrameView::frame() const + 28 (FrameView.h:84) 2 com.apple.WebCore 0x0000000107cea092 WebCore::FrameView::scrollToFragment(WebCore::URL const&) + 50 (FrameView.cpp:1803) 3 com.apple.WebCore 0x00000001090bddf9 WebCore::SVGImageForContainer::setURL(WebCore::URL const&) + 41 (SVGImageForContainer.cpp:60) 4 com.apple.WebCore 0x00000001090b8acb WebCore::SVGImageCache::imageForRenderer(WebCore::RenderObject const*) + 395 (SVGImageCache.cpp:97) 5 com.apple.WebCore 0x000000010762875c WebCore::CachedImage::imageForRenderer(WebCore::RenderObject const*) + 316 (CachedImage.cpp:213) 6 com.apple.WebCore 0x0000000108b981f8 WebCore::RenderImageResource::image(int, int) const + 104 (RenderImageResource.cpp:95)
svg/as-background-image/background-image-preserveaspectRatio-support.html too.
I'm not managing to reproduce this on Mavericks running `Tools/Scripts/run-webkit-tests --debug svg/zoom/page/zoom-img-preserveAspectRatio-support-1.html`. Always passes.
Will it reproduce for you with this invocation? I didn't try myself, as I'm still on an earlier revision. Tools/Scripts/run-webkit-tests --debug -2 --repeat-each 1000 svg/zoom/page/zoom-img-preserveAspectRatio-support.html svg/zoom/page/zoom-img-preserveAspectRatio-support-1.html
(In reply to comment #3) > Will it reproduce for you with this invocation? I didn't try myself, as I'm still on an earlier revision. > > Tools/Scripts/run-webkit-tests --debug -2 --repeat-each 1000 svg/zoom/page/zoom-img-preserveAspectRatio-support.html svg/zoom/page/zoom-img-preserveAspectRatio-support-1.html In this case I do very rare crashes. I think the crash is coming from a NULL frame when we call this line in FrameView::scrollToFragment(): if (!url.hasFragmentIdentifier() && !frame().document()->cssTarget())
What's the next step here? Does r164804 need to be rolled out? It's important to make the bots green again ASAP, as existing failures make it much more difficult to spot future unrelated regressions.
(In reply to comment #5) > What's the next step here? Does r164804 need to be rolled out? > > It's important to make the bots green again ASAP, as existing failures make it much more difficult to spot future unrelated regressions. We're tracking a slightly different approach to fix https://bugs.webkit.org/show_bug.cgi?id=129387 which would also prevent this crash. I hope to have a revised patch out tomorrow at the latest, but I can't promise when it'd be get in the tree.
(In reply to comment #6) > (In reply to comment #5) > > What's the next step here? Does r164804 need to be rolled out? > > > > It's important to make the bots green again ASAP, as existing failures make it much more difficult to spot future unrelated regressions. > > We're tracking a slightly different approach to fix https://bugs.webkit.org/show_bug.cgi?id=129387 which would also prevent this crash. I hope to have a revised patch out tomorrow at the latest, but I can't promise when it'd be get in the tree. Patch that should prevent this crash is now attached to https://bugs.webkit.org/show_bug.cgi?id=129387.z
Hopefully, https://trac.webkit.org/r164983 fixes this flakiness.
Thank you! I'll re-open if I see this happen again.