[Webkit-unassigned] [Bug 137311] New: media/video-fullscreeen-only-playback.html sometimes crashes in TreeShared::ref()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Oct 1 13:50:06 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=137311
Summary: media/video-fullscreeen-only-playback.html sometimes
crashes in TreeShared::ref()
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Media Elements
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: bdakin at apple.com
media/video-fullscreeen-only-playback.html has been intermittently asserting on the debug bots. The crash seems kind of bad. The assertion that is failing is:
ASSERT(!m_inRemovedLastRefFunction);
Process: com.apple.WebKit.WebContent.Development [18909]
Path: /Volumes/VOLUME/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development
Identifier: com.apple.WebKit.WebContent.Development
Version: 601+ (601.1.1+)
Code Type: X86-64 (Native)
Parent Process: ??? [1]
Responsible: com.apple.WebKit.WebContent.Development [18909]
User ID: 501
Date/Time: 2014-10-01 10:12:41.972 -0700
OS Version: Mac OS X 10.9.4 (13E28)
Report Version: 11
Anonymous UUID: 15CE1938-3EF8-12B1-337A-3F91683D9720
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef
VM Regions Near 0xbbadbeef:
-->
__TEXT 000000010ecc7000-000000010ecc9000 [ 8K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development
Application Specific Information:
CRASHING TEST:media/video-fullscreeen-only-playback.html
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.JavaScriptCore 0x0000000115bd5d6a WTFCrash + 42 (Assertions.cpp:321)
1 com.apple.WebCore 0x0000000117096b22 WebCore::TreeShared<WebCore::Node>::ref() + 178 (TreeShared.h:64)
2 com.apple.WebCore 0x00000001170a104d WTF::Ref<WebCore::Document>::Ref(WebCore::Document&) + 45 (Ref.h:39)
3 com.apple.WebCore 0x000000011708203d WTF::Ref<WebCore::Document>::Ref(WebCore::Document&) + 29 (Ref.h:39)
4 com.apple.WebCore 0x00000001172ec34d WebCore::ChildNodeInsertionNotifier::notify(WebCore::Node&) + 125 (ContainerNodeAlgorithms.h:224)
5 com.apple.WebCore 0x0000000117774017 WebCore::Element::addShadowRoot(WTF::PassRefPtr<WebCore::ShadowRoot>) + 247 (Element.cpp:1455)
6 com.apple.WebCore 0x0000000117774115 WebCore::Element::ensureUserAgentShadowRoot() + 85 (Element.cpp:1506)
7 com.apple.WebCore 0x0000000117ad41ab WebCore::HTMLMediaElement::configureMediaControls() + 75 (HTMLMediaElement.cpp:5189)
8 com.apple.WebCore 0x0000000117ad54f4 WebCore::HTMLMediaElement::prepareForLoad() + 900 (HTMLMediaElement.cpp:978)
9 com.apple.WebCore 0x0000000117ad40e3 WebCore::HTMLMediaElement::scheduleDelayedAction(WebCore::HTMLMediaElement::DelayedActionType) + 115 (HTMLMediaElement.cpp:722)
10 com.apple.WebCore 0x0000000117ae0bac WebCore::HTMLMediaElement::pauseInternal() + 188 (HTMLMediaElement.cpp:2799)
11 com.apple.WebCore 0x0000000117ae0ae5 WebCore::HTMLMediaElement::pause() + 117 (HTMLMediaElement.cpp:2776)
12 com.apple.WebCore 0x0000000117ad4ce0 WebCore::HTMLMediaElement::removedFrom(WebCore::ContainerNode&) + 192 (HTMLMediaElement.cpp:681)
13 com.apple.WebCore 0x00000001172f1ddb WebCore::ChildNodeRemovalNotifier::notifyNodeRemovedFromDocument(WebCore::Node&) + 107 (ContainerNodeAlgorithms.h:242)
14 com.apple.WebCore 0x00000001172f2c8e WebCore::ChildNodeRemovalNotifier::notifyDescendantRemovedFromDocument(WebCore::ContainerNode&) + 190 (ContainerNodeAlgorithms.cpp:72)
15 com.apple.WebCore 0x00000001172f1e06 WebCore::ChildNodeRemovalNotifier::notifyNodeRemovedFromDocument(WebCore::Node&) + 150 (ContainerNodeAlgorithms.h:244)
16 com.apple.WebCore 0x00000001172f2c8e WebCore::ChildNodeRemovalNotifier::notifyDescendantRemovedFromDocument(WebCore::ContainerNode&) + 190 (ContainerNodeAlgorithms.cpp:72)
17 com.apple.WebCore 0x00000001172f1e06 WebCore::ChildNodeRemovalNotifier::notifyNodeRemovedFromDocument(WebCore::Node&) + 150 (ContainerNodeAlgorithms.h:244)
18 com.apple.WebCore 0x00000001172ec64b WebCore::ChildNodeRemovalNotifier::notify(WebCore::Node&) + 59 (ContainerNodeAlgorithms.h:259)
19 com.apple.WebCore 0x00000001172ef4c4 WebCore::Private::NodeRemovalDispatcher<WebCore::Node, WebCore::ContainerNode, true>::dispatch(WebCore::Node&, WebCore::ContainerNode&) + 116 (ContainerNodeAlgorithms.h:146)
20 com.apple.WebCore 0x00000001172ef40f void WebCore::Private::addChildNodesToDeletionQueue<WebCore::Node, WebCore::ContainerNode>(WebCore::Node*&, WebCore::Node*&, WebCore::ContainerNode&) + 335 (ContainerNodeAlgorithms.h:188)
21 com.apple.WebCore 0x00000001172ebef0 void WebCore::removeDetachedChildrenInContainer<WebCore::Node, WebCore::ContainerNode>(WebCore::ContainerNode&) + 48 (ContainerNodeAlgorithms.h:94)
22 com.apple.WebCore 0x00000001172e77ae WebCore::ContainerNode::removeDetachedChildren() + 110 (ContainerNode.cpp:96)
23 com.apple.WebCore 0x00000001175cae2c WebCore::Document::removedLastRef() + 428 (Document.cpp:671)
24 com.apple.WebCore 0x000000011858aba7 WebCore::Node::removedLastRef() + 55 (Node.cpp:2203)
25 com.apple.WebCore 0x00000001170969b4 WebCore::TreeShared<WebCore::Node>::deref() + 372 (TreeShared.h:83)
26 com.apple.WebCore 0x0000000117ffc6c6 WebCore::JSNode::releaseImpl() + 38 (JSNode.h:68)
27 com.apple.WebCore 0x0000000118132039 WebCore::JSNodeOwner::finalize(JSC::Handle<JSC::Unknown>, void*) + 105 (JSNode.cpp:911)
28 com.apple.JavaScriptCore 0x0000000115b900dd JSC::WeakBlock::finalize(JSC::WeakImpl*) + 189 (WeakSetInlines.h:53)
29 com.apple.JavaScriptCore 0x0000000115b8fa5e JSC::WeakBlock::sweep() + 158 (WeakBlock.cpp:77)
30 com.apple.JavaScriptCore 0x0000000115b95730 JSC::WeakSet::sweep() + 64 (WeakSet.cpp:47)
31 com.apple.JavaScriptCore 0x00000001159cd46d JSC::MarkedBlock::sweep(JSC::MarkedBlock::SweepMode) + 109 (MarkedBlock.cpp:118)
32 com.apple.JavaScriptCore 0x00000001159cc9de JSC::MarkedAllocator::tryAllocateHelper(unsigned long) + 270 (MarkedAllocator.cpp:80)
33 com.apple.JavaScriptCore 0x00000001159caf82 JSC::MarkedAllocator::tryAllocate(unsigned long) + 114 (MarkedAllocator.cpp:129)
34 com.apple.JavaScriptCore 0x00000001159ca86e JSC::MarkedAllocator::allocateSlowCase(unsigned long) + 254 (MarkedAllocator.cpp:171)
35 com.apple.WebCore 0x000000011703b7e1 JSC::MarkedAllocator::allocate(unsigned long) + 81 (MarkedAllocator.h:95)
36 com.apple.WebCore 0x000000011703bb39 JSC::MarkedSpace::allocateWithNormalDestructor(unsigned long) + 41 (MarkedSpace.h:251)
37 com.apple.WebCore 0x000000011703bb06 JSC::Heap::allocateWithNormalDestructor(unsigned long) + 118 (HeapInlines.h:187)
38 com.apple.WebCore 0x0000000117fc24e7 void* JSC::allocateCell<WebCore::JSEvent>(JSC::Heap&, unsigned long) + 151 (JSCellInlines.h:135)
39 com.apple.WebCore 0x0000000117fc243f void* JSC::allocateCell<WebCore::JSEvent>(JSC::Heap&) + 31 (JSCellInlines.h:149)
40 com.apple.WebCore 0x0000000117fc228e WebCore::JSEvent::create(JSC::Structure*, WebCore::JSDOMGlobalObject*, WTF::PassRefPtr<WebCore::Event>) + 46 (JSEvent.h:36)
41 com.apple.WebCore 0x0000000117fb3ba6 WebCore::JSDOMWrapper* WebCore::createWrapper<WebCore::JSEvent, WebCore::Event>(WebCore::JSDOMGlobalObject*, WebCore::Event*) + 214 (JSDOMBinding.h:219)
42 com.apple.WebCore 0x0000000117fb2d99 WebCore::toJS(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::Event*) + 457 (JSEventCustom.cpp:68)
43 com.apple.WebCore 0x0000000117fc6e36 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 774 (JSEventListener.cpp:114)
44 com.apple.WebCore 0x00000001177cb72b WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) + 1499 (EventTarget.cpp:247)
45 com.apple.WebCore 0x00000001177caffe WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 334 (EventTarget.cpp:197)
46 com.apple.WebCore 0x0000000118589ecc WebCore::Node::handleLocalEvents(WebCore::Event&) + 156 (Node.cpp:2024)
47 com.apple.WebCore 0x0000000117797931 WebCore::EventContext::handleLocalEvents(WebCore::Event&) const + 177 (EventContext.cpp:55)
48 com.apple.WebCore 0x0000000117798f44 WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&, WebCore::WindowEventContext&) + 356 (EventDispatcher.cpp:306)
49 com.apple.WebCore 0x000000011779897f WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) + 815 (EventDispatcher.cpp:363)
50 com.apple.WebCore 0x0000000118589f4d WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 45 (Node.cpp:2038)
51 com.apple.WebCore 0x000000011799c651 WebCore::GenericEventQueue::timerFired(WebCore::Timer<WebCore::GenericEventQueue>&) + 417 (GenericEventQueue.cpp:72)
52 com.apple.WebCore 0x000000011799e49e std::__1::__function::__func<std::__1::__bind<void (WebCore::GenericEventQueue::*&)(WebCore::Timer<WebCore::GenericEventQueue>&), WebCore::GenericEventQueue*&, std::__1::reference_wrapper<WebCore::Timer<WebCore::GenericEventQueue> > >, std::__1::allocator<std::__1::__bind<void (WebCore::GenericEventQueue::*&)(WebCore::Timer<WebCore::GenericEventQueue>&), WebCore::GenericEventQueue*&, std::__1::reference_wrapper<WebCore::Timer<WebCore::GenericEventQueue> > > >, void ()>::operator()() + 350 (functional:1370)
53 com.apple.WebCore 0x00000001170acffa std::__1::function<void ()>::operator()() const + 26 (functional:1755)
54 com.apple.WebCore 0x000000011799cf0c WebCore::Timer<WebCore::GenericEventQueue>::fired() + 28 (Timer.h:134)
55 com.apple.WebCore 0x0000000118e6794c WebCore::ThreadTimers::sharedTimerFiredInternal() + 396 (ThreadTimers.cpp:135)
56 com.apple.WebCore 0x0000000118e67609 WebCore::ThreadTimers::sharedTimerFired() + 25 (ThreadTimers.cpp:108)
57 com.apple.WebCore 0x0000000118b70f2f WebCore::timerFired(__CFRunLoopTimer*, void*) + 31 (SharedTimerMac.mm:125)
58 com.apple.CoreFoundation 0x00007fff933cb3e4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
59 com.apple.CoreFoundation 0x00007fff933caf1f __CFRunLoopDoTimer + 1151
60 com.apple.CoreFoundation 0x00007fff9343c5aa __CFRunLoopDoTimers + 298
61 com.apple.CoreFoundation 0x00007fff933866a5 __CFRunLoopRun + 1525
62 com.apple.CoreFoundation 0x00007fff93385e75 CFRunLoopRunSpecific + 309
63 com.apple.HIToolbox 0x00007fff9ae36a0d RunCurrentEventLoopInMode + 226
64 com.apple.HIToolbox 0x00007fff9ae367b7 ReceiveNextEventCommon + 479
65 com.apple.HIToolbox 0x00007fff9ae365bc _BlockUntilNextEventMatchingListInModeWithFilter + 65
66 com.apple.AppKit 0x00007fff96b8224e _DPSNextEvent + 1434
67 com.apple.AppKit 0x00007fff96b8189b -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 122
68 com.apple.AppKit 0x00007fff96b7599c -[NSApplication run] + 553
69 com.apple.AppKit 0x00007fff96b60783 NSApplicationMain + 940
70 com.apple.XPCService 0x00007fff8d84cc0f _xpc_main + 385
71 libxpc.dylib 0x00007fff98e96bde xpc_main + 399
72 com.apple.WebKit.WebContent.Development 0x000000010ecc8135 main + 37
73 libdyld.dylib 0x00007fff993595fd start + 1
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list