[Webkit-unassigned] [Bug 64874] REGRESSION(r91332): css3/images/optimize-contrast-canvas.html crashes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jul 20 21:42:06 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=64874
--- Comment #1 from Kenneth Russell <kbr at google.com> 2011-07-20 21:42:06 PST ---
These crashes look bad; they are occurring in random locations that would be indicative of heap corruption. I would suggest rolling out r91332 and see if the crashes reliably go away.
On 10.5:
Thread 0 Crashed:
0 DumpRenderTree 0x009214fe v8::internal::HeapObject::map_word() + 10
1 DumpRenderTree 0x00921525 v8::internal::HeapObject::map() + 17
2 DumpRenderTree 0x00923969 v8::internal::HeapObject::GetHeap() + 73
3 DumpRenderTree 0x00a7ae03 v8::internal::HeapObject::HeapObjectShortPrint(v8::internal::StringStream*) + 27
4 DumpRenderTree 0x00a7b8d2 v8::internal::Object::ShortPrint(v8::internal::StringStream*) + 124
5 DumpRenderTree 0x00b514cd v8::internal::StringStream::PrintObject(v8::internal::Object*) + 31
6 DumpRenderTree 0x00b50f9e v8::internal::StringStream::Add(v8::internal::Vector<char const>, v8::internal::Vector<v8::internal::FmtElm>) + 1076
7 DumpRenderTree 0x00b51432 v8::internal::StringStream::Add(char const*, v8::internal::FmtElm, v8::internal::FmtElm) + 126
8 DumpRenderTree 0x0099d976 v8::internal::JavaScriptFrame::Print(v8::internal::StringStream*, v8::internal::StackFrame::PrintMode, int) const + 2186
9 DumpRenderTree 0x00b5e43c __ZN2v88internalL11PrintFramesEPNS0_12StringStreamENS0_10StackFrame9PrintModeE + 84
10 DumpRenderTree 0x00b5f41e v8::internal::Isolate::PrintStack(v8::internal::StringStream*) + 232
11 DumpRenderTree 0x00b5f4db v8::internal::Isolate::PrintStack() + 139
12 DumpRenderTree 0x00950e4a V8_Fatal + 188
13 DumpRenderTree 0x00b618ee __ZL11CheckHelperPKciS0_b + 74
14 DumpRenderTree 0x00b6276c v8::internal::TypeFeedbackOracle::SetInfo(unsigned int, v8::internal::Object*) + 78
15 DumpRenderTree 0x00b629e6 v8::internal::TypeFeedbackOracle::PopulateMap(v8::internal::Handle<v8::internal::Code>) + 480
16 DumpRenderTree 0x00b62be1 v8::internal::TypeFeedbackOracle::TypeFeedbackOracle(v8::internal::Handle<v8::internal::Code>, v8::internal::Handle<v8::internal::Context>) + 75
17 DumpRenderTree 0x00957b1c __ZN2v88internalL18MakeCrankshaftCodeEPNS0_15CompilationInfoE + 1528
18 DumpRenderTree 0x00957fad __ZN2v88internalL8MakeCodeEPNS0_15CompilationInfoE + 131
19 DumpRenderTree 0x0095811f v8::internal::Compiler::CompileLazy(v8::internal::CompilationInfo*) + 327
20 DumpRenderTree 0x009a9f48 __ZN2v88internalL17CompileLazyHelperEPNS0_15CompilationInfoENS0_18ClearExceptionFlagE + 168
21 DumpRenderTree 0x009a9fe4 v8::internal::CompileOptimized(v8::internal::Handle<v8::internal::JSFunction>, int, v8::internal::ClearExceptionFlag) + 60
22 DumpRenderTree 0x00b04886 v8::internal::Runtime_LazyRecompile(v8::internal::Arguments, v8::internal::Isolate*) + 480
23 ??? 0x0664e0d6 0 + 107274454
24 ??? 0x0665f07c 0 + 107343996
25 ??? 0x1e5214ec 0 + 508695788
26 ??? 0x06665d13 0 + 107371795
27 ??? 0x1c8e57dc 0 + 479090652
28 ??? 0x0664f47f 0 + 107279487
29 ??? 0x1c8ef69b 0 + 479131291
30 ??? 0x1c8e925c 0 + 479105628
31 ??? 0x06655fa2 0 + 107306914
32 ??? 0x0665efd6 0 + 107343830
33 ??? 0x0664fa62 0 + 107280994
34 DumpRenderTree 0x00980733 __ZN2v88internalL6InvokeEbNS0_6HandleINS0_10JSFunctionEEENS1_INS0_6ObjectEEEiPPPS4_Pb + 483
35 DumpRenderTree 0x00980d81 v8::internal::Execution::Call(v8::internal::Handle<v8::internal::JSFunction>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Object***, bool*) + 53
36 DumpRenderTree 0x00920001 v8::Script::Run() + 579
37 DumpRenderTree 0x00ec52c3 WebCore::V8Proxy::runScript(v8::Handle<v8::Script>, bool) + 467
38 DumpRenderTree 0x00ec5674 WebCore::V8Proxy::evaluate(WebCore::ScriptSourceCode const&, WebCore::Node*) + 596
39 DumpRenderTree 0x00e99942 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) + 216
40 DumpRenderTree 0x010a335d WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 427
41 DumpRenderTree 0x010a4369 WebCore::ScriptElement::prepareScript(WTF::TextPosition<WTF::OneBasedNumber> const&, WebCore::ScriptElement::LegacyTypeSupport) + 1589
42 DumpRenderTree 0x002800e0 WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition<WTF::OneBasedNumber> const&) + 344
43 DumpRenderTree 0x00280d4f WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition<WTF::OneBasedNumber> const&) + 155
44 DumpRenderTree 0x002738aa WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 282
45 DumpRenderTree 0x00273959 WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) + 139
46 DumpRenderTree 0x00273fe6 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 650
47 DumpRenderTree 0x002742de WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) + 180
48 DumpRenderTree 0x002748a6 WebCore::HTMLDocumentParser::append(WebCore::SegmentedString const&) + 302
49 DumpRenderTree 0x01013670 WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter*, char const*, int, bool) + 210
50 DumpRenderTree 0x0120b203 WebCore::DocumentWriter::addData(char const*, int, bool) + 109
51 DumpRenderTree 0x0120b290 WebCore::DocumentWriter::endIfNotLoadingMainResource() + 138
52 DumpRenderTree 0x0120b2d8 WebCore::DocumentWriter::end() + 38
53 DumpRenderTree 0x012017c9 WebCore::DocumentLoader::finishedLoading() + 81
54 DumpRenderTree 0x0121babc WebCore::FrameLoader::finishedLoading() + 72
55 DumpRenderTree 0x0122ac02 WebCore::MainResourceLoader::didFinishLoading(double) + 338
56 DumpRenderTree 0x0123d343 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) + 47
57 DumpRenderTree 0x0007dc03 WebCore::ResourceHandleInternal::didFinishLoading(WebKit::WebURLLoader*, double) + 221
58 DumpRenderTree 0x01bbd953 webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest(net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::Time const&) + 669
59 DumpRenderTree 0x01be840b (anonymous namespace)::RequestProxy::NotifyCompletedRequest(net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::Time const&) + 61
60 DumpRenderTree 0x01be8887 void DispatchToMethod<(anonymous namespace)::RequestProxy, void ((anonymous namespace)::RequestProxy::*)(net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::Time const&), net::URLRequestStatus, std::basic_string<char, std::char_traits<char>, std::allocator<char> >, base::Time>((anonymous namespace)::RequestProxy*, void ((anonymous namespace)::RequestProxy::*)(net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::Time const&), Tuple3<net::URLRequestStatus, std::basic_string<char, std::char_traits<char>, std::allocator<char> >, base::Time> const&) + 93
61 DumpRenderTree 0x01be88c2 RunnableMethod<(anonymous namespace)::RequestProxy, void ((anonymous namespace)::RequestProxy::*)(net::URLRequestStatus const&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, base::Time const&), Tuple3<net::URLRequestStatus, std::basic_string<char, std::char_traits<char>, std::allocator<char> >, base::Time> >::Run() + 52
62 DumpRenderTree 0x005e1c58 MessageLoop::RunTask(Task*) + 312
63 DumpRenderTree 0x005e1deb MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) + 53
64 DumpRenderTree 0x005e2699 MessageLoop::DoWork() + 253
65 DumpRenderTree 0x005a9d11 base::MessagePumpCFRunLoopBase::RunWork() + 77
66 DumpRenderTree 0x005a9e89 base::MessagePumpCFRunLoopBase::RunWorkSource(void*) + 23
67 com.apple.CoreFoundation 0x912e23c5 CFRunLoopRunSpecific + 3141
68 com.apple.CoreFoundation 0x912e2aa8 CFRunLoopRunInMode + 88
69 com.apple.HIToolbox 0x90f4a2ac RunCurrentEventLoopInMode + 283
70 com.apple.HIToolbox 0x90f4a0c5 ReceiveNextEventCommon + 374
71 com.apple.HIToolbox 0x90f49f39 BlockUntilNextEventMatchingListInMode + 106
72 com.apple.AppKit 0x91c946d5 _DPSNextEvent + 657
73 com.apple.AppKit 0x91c93f88 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
74 com.apple.AppKit 0x91c8cf9f -[NSApplication run] + 795
75 DumpRenderTree 0x005a97fa base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) + 256
76 DumpRenderTree 0x005a9b3b base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) + 143
77 DumpRenderTree 0x005e2990 MessageLoop::RunInternal() + 200
78 DumpRenderTree 0x005e29ab MessageLoop::RunHandler() + 17
79 DumpRenderTree 0x005e2a0f MessageLoop::Run() + 35
80 DumpRenderTree 0x001af17b webkit_support::RunMessageLoop() + 19
81 DumpRenderTree 0x0003d7cb TestShell::waitTestFinished() + 343 (TestShellMac.mm:121)
82 DumpRenderTree 0x00038638 TestShell::runFileTest(TestParams const&) + 654 (TestShell.cpp:215)
83 DumpRenderTree 0x000120b8 __ZL7runTestR9TestShellR10TestParamsRKSsb + 958
84 DumpRenderTree 0x00012852 main + 1910 (DumpRenderTree.cpp:224)
85 DumpRenderTree 0x00002b76 start + 54
On 10.6:
Thread 5 Crashed: IOThread
0 libSystem.B.dylib 0x928854ee __semwait_signal_nocancel + 10
1 libSystem.B.dylib 0x928853d2 nanosleep$NOCANCEL$UNIX2003 + 166
2 libSystem.B.dylib 0x929002a6 usleep$NOCANCEL$UNIX2003 + 61
3 libSystem.B.dylib 0x92921959 __abort + 136
4 libSystem.B.dylib 0x929219c9 abort_report_np + 0
5 libstdc++.6.dylib 0x900a0fda __gnu_cxx::__verbose_terminate_handler() + 433
6 libstdc++.6.dylib 0x9009f17a __cxxabiv1::__terminate(void (*)()) + 10
7 libstdc++.6.dylib 0x9009f1ba __cxxabiv1::__unexpected(void (*)()) + 0
8 libstdc++.6.dylib 0x9009f2b8 __gxx_exception_cleanup(_Unwind_Reason_Code, _Unwind_Exception*) + 0
9 libstdc++.6.dylib 0x9005b856 std::__throw_logic_error(char const*) + 158
10 libstdc++.6.dylib 0x90086ced char* std::string::_S_construct<char const*>(char const*, char const*, std::allocator<char> const&, std::forward_iterator_tag) + 57
11 libstdc++.6.dylib 0x90086d85 std::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, unsigned long, std::allocator<char> const&) + 37
12 DumpRenderTree 0x679d95a6 GURL::GURL(char const*, unsigned long, url_parse::Parsed const&, bool) + 136
13 DumpRenderTree 0x6734180b WebKit::WebURL::operator GURL() const + 147 (WebURL.h:132)
14 DumpRenderTree 0x69da1bbd void DispatchToMethod<TestShellWebBlobRegistryImpl, void (TestShellWebBlobRegistryImpl::*)(GURL const&), WebKit::WebURL>(TestShellWebBlobRegistryImpl*, void (TestShellWebBlobRegistryImpl::*)(GURL const&), Tuple1<WebKit::WebURL> const&) + 111
15 DumpRenderTree 0x69da1c4f RunnableMethod<TestShellWebBlobRegistryImpl, void (TestShellWebBlobRegistryImpl::*)(GURL const&), Tuple1<WebKit::WebURL> >::Run() + 85
16 DumpRenderTree 0x67a53162 (anonymous namespace)::TaskClosureAdapter::Run() + 58
17 DumpRenderTree 0x67a53834 base::internal::Invoker1<false, base::internal::InvokerStorage1<void ((anonymous namespace)::TaskClosureAdapter::*)(), (anonymous namespace)::TaskClosureAdapter*>, void ((anonymous namespace)::TaskClosureAdapter::*)()>::DoInvoke(base::internal::InvokerStorageBase*) + 122
18 DumpRenderTree 0x67a58b2c base::Callback<void ()()>::Run() const + 62
19 DumpRenderTree 0x67a54d65 MessageLoop::RunTask(MessageLoop::PendingTask const&) + 413
20 DumpRenderTree 0x67a54ef9 MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) + 85
21 DumpRenderTree 0x67a55235 MessageLoop::DoWork() + 271
22 DumpRenderTree 0x679f7a9b base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) + 339
23 DumpRenderTree 0x67a564bb MessageLoop::RunInternal() + 245
24 DumpRenderTree 0x67a56505 MessageLoop::RunHandler() + 45
25 DumpRenderTree 0x67a565d1 MessageLoop::Run() + 63
26 DumpRenderTree 0x67acaf75 base::Thread::Run(MessageLoop*) + 51
27 DumpRenderTree 0x67acadd5 base::Thread::ThreadMain() + 337
28 DumpRenderTree 0x67acaad9 base::(anonymous namespace)::ThreadFunc(void*) + 103
29 libSystem.B.dylib 0x928457fd _pthread_start + 345
30 libSystem.B.dylib 0x92845682 thread_start + 34
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list