[Webkit-unassigned] [Bug 105987] [Mac] svg/dynamic-updates/SVGFEMorphologyElement-dom*-in-attr.html intermittently asserts in SharedBuffer::releasePurgeableBuffer()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jan 2 21:37:53 PST 2013


https://bugs.webkit.org/show_bug.cgi?id=105987


Ryosuke Niwa <rniwa at webkit.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|[Mac] [WK2]                 |[Mac]
                   |svg/dynamic-updates/SVGFEMo |svg/dynamic-updates/SVGFEMo
                   |rphologyElement-dom-in-attr |rphologyElement-dom*-in-att
                   |.html intermittently        |r.html intermittently
                   |asserts in                  |asserts in
                   |SharedBuffer::releasePurgea |SharedBuffer::releasePurgea
                   |bleBuffer()                 |bleBuffer()




--- Comment #3 from Ryosuke Niwa <rniwa at webkit.org>  2013-01-02 21:39:52 PST ---
Apparently this is also reproducible on WebKit1:
http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK1%20(Tests)/r138694%20(4263)/svg/dynamic-updates/SVGFEMorphologyElement-dom-radius-attr-crash-log.txt

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                 0x0000000104258fb5 WebCore::SharedBuffer::releasePurgeableBuffer() + 101 (SharedBuffer.cpp:251)
1   com.apple.WebCore                 0x000000010414a206 WebCore::ResourceBuffer::releasePurgeableBuffer() + 54 (ResourceBuffer.cpp:119)
2   com.apple.WebCore                 0x0000000102d35853 WebCore::CachedResource::makePurgeable(bool) + 451 (CachedResource.cpp:827)
3   com.apple.WebCore                 0x0000000102d2804b WebCore::CachedImage::destroyDecodedData() + 283 (CachedImage.cpp:423)
4   com.apple.WebCore                 0x0000000103d2d939 WebCore::MemoryCache::pruneDeadResourcesToSize(unsigned int) + 713 (MemoryCache.cpp:321)
5   com.apple.WebCore                 0x0000000103d2d65b WebCore::MemoryCache::pruneDeadResources() + 123 (MemoryCache.cpp:265)
6   com.apple.WebCore                 0x0000000103d2ded2 WebCore::MemoryCache::prune() + 82 (MemoryCache.cpp:762)
7   com.apple.WebCore                 0x0000000102d3446e WebCore::CachedResource::removeClient(WebCore::CachedResourceClient*) + 606 (CachedResource.cpp:541)
8   com.apple.WebCore                 0x000000010441a80e WebCore::SVGFEImageElement::clearResourceReferences() + 94 (SVGFEImageElement.cpp:74)
9   com.apple.WebCore                 0x000000010441a66a WebCore::SVGFEImageElement::~SVGFEImageElement() + 106 (SVGFEImageElement.cpp:69)
10  com.apple.WebCore                 0x000000010441a535 WebCore::SVGFEImageElement::~SVGFEImageElement() + 21 (SVGFEImageElement.cpp:69)
11  com.apple.WebCore                 0x000000010441a509 WebCore::SVGFEImageElement::~SVGFEImageElement() + 25 (SVGFEImageElement.cpp:67)
12  com.apple.WebCore                 0x0000000102de2c5b void WebCore::removeAllChildrenInContainer<WebCore::Node, WebCore::ContainerNode>(WebCore::ContainerNode*) + 283 (ContainerNodeAlgorithms.h:105)
13  com.apple.WebCore                 0x0000000102dddd75 WebCore::ContainerNode::removeAllChildren() + 21 (ContainerNode.cpp:95)
14  com.apple.WebCore                 0x0000000102ff07c0 WebCore::Document::removedLastRef() + 448 (Document.cpp:710)
15  com.apple.WebCore                 0x0000000103d875a2 WebCore::Node::removedLastRef() + 50 (Node.cpp:2579)
16  com.apple.WebCore                 0x0000000102be196f WebCore::TreeShared<WebCore::Node, WebCore::ContainerNode>::deref() + 479 (TreeShared.h:83)
17  com.apple.WebCore                 0x0000000102be177b void WTF::derefIfNotNull<WebCore::Node>(WebCore::Node*) + 59 (PassRefPtr.h:54)
18  com.apple.WebCore                 0x0000000102be1738 WTF::RefPtr<WebCore::Node>::~RefPtr() + 24 (RefPtr.h:56)
19  com.apple.WebCore                 0x0000000102be1715 WTF::RefPtr<WebCore::Node>::~RefPtr() + 21 (RefPtr.h:56)
20  com.apple.WebCore                 0x0000000102d8447b WebCore::LiveNodeListBase::~LiveNodeListBase() + 91 (LiveNodeList.h:78)
21  com.apple.WebCore                 0x0000000102d843f5 WebCore::LiveNodeList::~LiveNodeList() + 21 (LiveNodeList.h:195)
22  com.apple.WebCore                 0x0000000102d8423f WebCore::ChildNodeList::~ChildNodeList() + 79 (ChildNodeList.cpp:39)
23  com.apple.WebCore                 0x0000000102d841e5 WebCore::ChildNodeList::~ChildNodeList() + 21 (ChildNodeList.cpp:39)
24  com.apple.WebCore                 0x0000000102d841b9 WebCore::ChildNodeList::~ChildNodeList() + 25 (ChildNodeList.cpp:37)
25  com.apple.WebCore                 0x0000000102be0ed3 WTF::RefCounted<WebCore::NodeList>::deref() + 83 (RefCounted.h:203)
26  com.apple.WebCore                 0x00000001039d2df6 WebCore::JSNodeList::releaseImpl() + 38 (JSNodeList.h:58)
27  com.apple.WebCore                 0x00000001039d1ffe WebCore::JSNodeListOwner::finalize(JSC::Handle<JSC::Unknown>, void*) + 110 (JSNodeList.cpp:266)
28  com.apple.JavaScriptCore          0x0000000101914984 JSC::WeakBlock::finalize(JSC::WeakImpl*) + 212 (WeakSetInlines.h:53)
29  com.apple.JavaScriptCore          0x000000010191429e JSC::WeakBlock::sweep() + 158 (WeakBlock.cpp:77)
30  com.apple.JavaScriptCore          0x0000000101914cd0 JSC::WeakSet::sweep() + 64 (WeakSet.cpp:46)
31  com.apple.JavaScriptCore          0x00000001017eef78 JSC::MarkedBlock::sweep(JSC::MarkedBlock::SweepMode) + 40 (MarkedBlock.cpp:112)
32  com.apple.JavaScriptCore          0x0000000101912685 JSC::MarkedAllocator::tryAllocateHelper(unsigned long) + 85 (MarkedAllocator.cpp:34)
33  com.apple.JavaScriptCore          0x00000001019117c9 JSC::MarkedAllocator::tryAllocate(unsigned long) + 137 (MarkedAllocator.cpp:66)
34  com.apple.JavaScriptCore          0x00000001019111d8 JSC::MarkedAllocator::allocateSlowCase(unsigned long) + 232 (MarkedAllocator.cpp:82)
35  com.apple.WebCore                 0x0000000102d0e4eb JSC::MarkedAllocator::allocate(unsigned long) + 75 (MarkedAllocator.h:78)
36  com.apple.WebCore                 0x0000000102d0ef59 JSC::MarkedSpace::allocateWithNormalDestructor(unsigned long) + 41 (MarkedSpace.h:220)
37  com.apple.WebCore                 0x0000000102d0ef1d JSC::Heap::allocateWithNormalDestructor(unsigned long) + 141 (Heap.h:402)
38  com.apple.WebCore                 0x00000001038d3739 void* JSC::allocateCell<WebCore::JSHTMLSpanElement>(JSC::Heap&, unsigned long) + 233 (JSCell.h:318)
39  com.apple.WebCore                 0x00000001038d35df void* JSC::allocateCell<WebCore::JSHTMLSpanElement>(JSC::Heap&) + 31 (JSCell.h:328)
40  com.apple.WebCore                 0x00000001038d322e WebCore::JSHTMLSpanElement::create(JSC::Structure*, WebCore::JSDOMGlobalObject*, WTF::PassRefPtr<WebCore::HTMLSpanElement>) + 46 (JSHTMLSpanElement.h:36)
41  com.apple.WebCore                 0x00000001038d310d WebCore::JSDOMWrapper* WebCore::createWrapper<WebCore::JSHTMLSpanElement, WebCore::HTMLSpanElement>(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::HTMLSpanElement*) + 253 (JSDOMBinding.h:192)
42  com.apple.WebCore                 0x00000001038cbb98 WebCore::createHTMLSpanElementWrapper(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WTF::PassRefPtr<WebCore::HTMLElement>) + 56 (JSHTMLElementWrapperFactory.cpp:591)
43  com.apple.WebCore                 0x00000001038cac09 WebCore::createJSHTMLWrapper(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WTF::PassRefPtr<WebCore::HTMLElement>) + 13417 (JSHTMLElementWrapperFactory.cpp:840)
44  com.apple.WebCore                 0x000000010384acd3 WebCore::toJSNewlyCreated(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::Element*) + 227 (JSElementCustom.cpp:63)
45  com.apple.WebCore                 0x00000001037ab37e WebCore::jsDocumentPrototypeFunctionCreateElement(JSC::ExecState*) + 638 (JSDocument.cpp:2135)
46  ???                               0x000036e7ab801045 0 + 60368642641989
47  com.apple.JavaScriptCore          0x0000000101702714 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::JSGlobalData*) + 84 (JITCode.h:134)
48  com.apple.JavaScriptCore          0x00000001016ff19f JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 4735 (Interpreter.cpp:983)
49  com.apple.JavaScriptCore          0x00000001015c52e3 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 483 (Completion.cpp:75)
50  com.apple.WebCore                 0x0000000103970722 WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 82 (JSMainThreadExecState.h:77)
51  com.apple.WebCore                 0x00000001041a9dd3 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) + 339 (ScriptController.cpp:141)
52  com.apple.WebCore                 0x00000001041a9f14 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) + 68 (ScriptController.cpp:158)
53  com.apple.WebCore                 0x00000001041c1f9a WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 746 (ScriptElement.cpp:304)
54  com.apple.WebCore                 0x00000001041c226e WebCore::ScriptElement::execute(WebCore::CachedScript*) + 270 (ScriptElement.cpp:325)
55  com.apple.WebCore                 0x00000001041d81b9 WebCore::ScriptRunner::timerFired(WebCore::Timer<WebCore::ScriptRunner>*) + 505 (ScriptRunner.cpp:122)
56  com.apple.WebCore                 0x00000001041dbe43 WebCore::Timer<WebCore::ScriptRunner>::fired() + 115 (Timer.h:106)
57  com.apple.WebCore                 0x000000010452d996 WebCore::ThreadTimers::sharedTimerFiredInternal() + 294 (ThreadTimers.cpp:119)
58  com.apple.WebCore                 0x000000010452d729 WebCore::ThreadTimers::sharedTimerFired() + 25 (ThreadTimers.cpp:94)
59  com.apple.WebCore                 0x000000010425c493 WebCore::timerFired(__CFRunLoopTimer*, void*) + 67 (SharedTimerMac.mm:167)
60  com.apple.CoreFoundation          0x00007fff8a050da4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
61  com.apple.CoreFoundation          0x00007fff8a0508bd __CFRunLoopDoTimer + 557
62  com.apple.CoreFoundation          0x00007fff8a036099 __CFRunLoopRun + 1513
63  com.apple.CoreFoundation          0x00007fff8a0356b2 CFRunLoopRunSpecific + 290
64  com.apple.Foundation              0x00007fff8702389e -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 268
65  DumpRenderTree                    0x0000000101261839 runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 5017 (DumpRenderTree.mm:1381)

Updated the test expectation accordingly in http://trac.webkit.org/changeset/138698.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


More information about the webkit-unassigned mailing list