Bug 105987
| Summary: | [Mac] svg/dynamic-updates/SVGFEMorphologyElement-dom*-in-attr.html intermittently asserts in SharedBuffer::releasePurgeableBuffer() | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Ryosuke Niwa <rniwa> |
| Component: | SVG | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | beidson, japhet, kling, koivisto, krit, zimmermann |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Ryosuke Niwa
http://test-results.appspot.com/dashboards/flakiness_dashboard.html#group=%40ToT%20-%20webkit.org&tests=svg%2Fdynamic-updates%2FSVGFEMorphologyElement-dom-in-attr.html
http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r138686%20(5395)/svg/dynamic-updates/SVGFEMorphologyElement-dom-in-attr-crash-log.txt
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x000000011039f075 WebCore::SharedBuffer::releasePurgeableBuffer() + 101 (SharedBuffer.cpp:251)
1 com.apple.WebCore 0x00000001102902c6 WebCore::ResourceBuffer::releasePurgeableBuffer() + 54 (ResourceBuffer.cpp:119)
2 com.apple.WebCore 0x000000010ee7bad3 WebCore::CachedResource::makePurgeable(bool) + 451 (CachedResource.cpp:827)
3 com.apple.WebCore 0x000000010ee6e2cb WebCore::CachedImage::destroyDecodedData() + 283 (CachedImage.cpp:423)
4 com.apple.WebCore 0x000000010fe739f9 WebCore::MemoryCache::pruneDeadResourcesToSize(unsigned int) + 713 (MemoryCache.cpp:321)
5 com.apple.WebCore 0x000000010fe7371b WebCore::MemoryCache::pruneDeadResources() + 123 (MemoryCache.cpp:265)
6 com.apple.WebCore 0x000000010fe73f92 WebCore::MemoryCache::prune() + 82 (MemoryCache.cpp:762)
7 com.apple.WebCore 0x000000010ee7a6ee WebCore::CachedResource::removeClient(WebCore::CachedResourceClient*) + 606 (CachedResource.cpp:541)
8 com.apple.WebCore 0x00000001105608ce WebCore::SVGFEImageElement::clearResourceReferences() + 94 (SVGFEImageElement.cpp:74)
9 com.apple.WebCore 0x000000011056072a WebCore::SVGFEImageElement::~SVGFEImageElement() + 106 (SVGFEImageElement.cpp:69)
10 com.apple.WebCore 0x00000001105605f5 WebCore::SVGFEImageElement::~SVGFEImageElement() + 21 (SVGFEImageElement.cpp:69)
11 com.apple.WebCore 0x00000001105605c9 WebCore::SVGFEImageElement::~SVGFEImageElement() + 25 (SVGFEImageElement.cpp:67)
12 com.apple.WebCore 0x000000010ef28f8b void WebCore::removeAllChildrenInContainer<WebCore::Node, WebCore::ContainerNode>(WebCore::ContainerNode*) + 283 (ContainerNodeAlgorithms.h:105)
13 com.apple.WebCore 0x000000010ef240a5 WebCore::ContainerNode::removeAllChildren() + 21 (ContainerNode.cpp:95)
14 com.apple.WebCore 0x000000010f136af0 WebCore::Document::removedLastRef() + 448 (Document.cpp:710)
15 com.apple.WebCore 0x000000010fecd662 WebCore::Node::removedLastRef() + 50 (Node.cpp:2579)
16 com.apple.WebCore 0x000000010ed27bef WebCore::TreeShared<WebCore::Node, WebCore::ContainerNode>::deref() + 479 (TreeShared.h:83)
17 com.apple.WebCore 0x000000010f9eb076 WebCore::JSNode::releaseImpl() + 38 (JSNode.h:69)
18 com.apple.WebCore 0x000000010fb0bc06 WebCore::JSNodeOwner::finalize(JSC::Handle<JSC::Unknown>, void*) + 102 (JSNodeCustom.cpp:142)
19 com.apple.JavaScriptCore 0x000000010e11d984 JSC::WeakBlock::finalize(JSC::WeakImpl*) + 212 (WeakSetInlines.h:53)
20 com.apple.JavaScriptCore 0x000000010e11d29e JSC::WeakBlock::sweep() + 158 (WeakBlock.cpp:77)
21 com.apple.JavaScriptCore 0x000000010e11dcd0 JSC::WeakSet::sweep() + 64 (WeakSet.cpp:46)
22 com.apple.JavaScriptCore 0x000000010dff7f78 JSC::MarkedBlock::sweep(JSC::MarkedBlock::SweepMode) + 40 (MarkedBlock.cpp:112)
23 com.apple.JavaScriptCore 0x000000010e11b685 JSC::MarkedAllocator::tryAllocateHelper(unsigned long) + 85 (MarkedAllocator.cpp:34)
24 com.apple.JavaScriptCore 0x000000010e11a7c9 JSC::MarkedAllocator::tryAllocate(unsigned long) + 137 (MarkedAllocator.cpp:66)
25 com.apple.JavaScriptCore 0x000000010e11a1d8 JSC::MarkedAllocator::allocateSlowCase(unsigned long) + 232 (MarkedAllocator.cpp:82)
26 com.apple.JavaScriptCore 0x000000010dd1f59b JSC::MarkedAllocator::allocate(unsigned long) + 75 (MarkedAllocator.h:78)
27 com.apple.JavaScriptCore 0x000000010dd34819 JSC::MarkedSpace::allocateWithNormalDestructor(unsigned long) + 41 (MarkedSpace.h:220)
28 com.apple.JavaScriptCore 0x000000010dd347dd JSC::Heap::allocateWithNormalDestructor(unsigned long) + 141 (Heap.h:402)
29 com.apple.JavaScriptCore 0x000000010df953c9 void* JSC::allocateCell<JSC::FunctionPrototype>(JSC::Heap&, unsigned long) + 233 (JSCell.h:318)
30 com.apple.JavaScriptCore 0x000000010df952cf void* JSC::allocateCell<JSC::FunctionPrototype>(JSC::Heap&) + 31 (JSCell.h:328)
31 com.apple.JavaScriptCore 0x000000010df8bc35 JSC::FunctionPrototype::create(JSC::ExecState*, JSC::JSGlobalObject*, JSC::Structure*) + 37 (FunctionPrototype.h:34)
32 com.apple.JavaScriptCore 0x000000010df862fe JSC::JSGlobalObject::reset(JSC::JSValue) + 190 (JSGlobalObject.cpp:203)
33 com.apple.JavaScriptCore 0x000000010df861fe JSC::JSGlobalObject::init(JSC::JSObject*) + 254 (JSGlobalObject.cpp:150)
34 com.apple.WebCore 0x000000010f914428 JSC::JSGlobalObject::finishCreation(JSC::JSGlobalData&, JSC::JSObject*) + 120 (JSGlobalObject.h:218)
35 com.apple.WebCore 0x000000010f913e8a WebCore::JSDOMGlobalObject::finishCreation(JSC::JSGlobalData&, JSC::JSObject*) + 58 (JSDOMGlobalObject.cpp:65)
36 com.apple.WebCore 0x000000010f9773f8 WebCore::JSDOMWindowBase::finishCreation(JSC::JSGlobalData&, WebCore::JSDOMWindowShell*) + 72 (JSDOMWindowBase.cpp:65)
37 com.apple.WebCore 0x000000010f980504 WebCore::JSDOMWindow::create(JSC::JSGlobalData&, JSC::Structure*, WTF::PassRefPtr<WebCore::DOMWindow>, WebCore::JSDOMWindowShell*) + 164 (JSDOMWindow.h:41)
38 com.apple.WebCore 0x000000010f97ff87 WebCore::JSDOMWindowShell::setWindow(WTF::PassRefPtr<WebCore::DOMWindow>) + 359 (JSDOMWindowShell.cpp:75)
39 com.apple.WebCore 0x00000001102f0183 WebCore::ScriptController::clearWindowShell(WebCore::DOMWindow*, bool) + 323 (ScriptController.cpp:188)
40 com.apple.WebCore 0x000000010f45ad89 WebCore::FrameLoader::clear(WebCore::Document*, bool, bool, bool) + 425 (FrameLoader.cpp:568)
41 com.apple.WebCore 0x000000010f1c1833 WebCore::DocumentWriter::begin(WebCore::KURL const&, bool, WebCore::Document*) + 499 (DocumentWriter.cpp:135)
42 com.apple.WebCore 0x000000010f18f58a WebCore::DocumentLoader::commitData(char const*, unsigned long) + 106 (DocumentLoader.cpp:325)
43 com.apple.WebCore 0x000000010f18f21e WebCore::DocumentLoader::finishedLoading() + 110 (DocumentLoader.cpp:292)
44 com.apple.WebCore 0x000000010f191b2b WebCore::DocumentLoader::maybeLoadEmpty() + 875 (DocumentLoader.cpp:870)
45 com.apple.WebCore 0x000000010f191c1f WebCore::DocumentLoader::startLoadingMainResource() + 191 (DocumentLoader.cpp:880)
46 com.apple.WebCore 0x000000010f463df9 WebCore::FrameLoader::continueLoadAfterWillSubmitForm() + 185 (FrameLoader.cpp:2218)
47 com.apple.WebCore 0x000000010f46058f WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 991 (FrameLoader.cpp:2819)
48 com.apple.WebCore 0x000000010f4605f7 WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 87 (FrameLoader.cpp:2688)
49 com.apple.WebCore 0x000000010ff6e97c WebCore::PolicyCallback::call(bool) + 140 (PolicyCallback.cpp:103)
50 com.apple.WebCore 0x000000010ff6f57c WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction) + 652 (PolicyChecker.cpp:167)
51 com.apple.WebKit2 0x000000010cb62ed3 WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(void (WebCore::PolicyChecker::*)(WebCore::PolicyAction), WebCore::NavigationAction const&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>) + 691 (WebFrameLoaderClient.cpp:716)
52 com.apple.WebCore 0x000000010ff6f29c WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, void (*)(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool), void*) + 956 (PolicyChecker.cpp:88)
53 com.apple.WebCore 0x000000010f45ffc5 WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>) + 1477 (FrameLoader.cpp:1397)
54 com.apple.WebCore 0x000000010f45d672 WebCore::FrameLoader::load(WebCore::DocumentLoader*) + 450 (FrameLoader.cpp:1339)
55 com.apple.WebCore 0x000000010f45f9b7 WebCore::FrameLoader::load(WebCore::FrameLoadRequest const&) + 1207 (FrameLoader.cpp:1289)
56 com.apple.WebKit2 0x000000010cbc1afa WebKit::WebPage::loadURLRequest(WebCore::ResourceRequest const&, WebKit::SandboxExtension::Handle const&) + 266 (WebPage.cpp:841)
57 com.apple.WebKit2 0x000000010cbc19c2 WebKit::WebPage::loadURL(WTF::String const&, WebKit::SandboxExtension::Handle const&) + 114 (WebPage.cpp:833)
58 com.apple.WebKit2 0x000000010cc04ed5 void CoreIPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, WebKit::SandboxExtension::Handle const&), WTF::String, WebKit::SandboxExtension::Handle>(CoreIPC::Arguments2<WTF::String, WebKit::SandboxExtension::Handle> const&, WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, WebKit::SandboxExtension::Handle const&)) + 149 (HandleMessage.h:28)
59 com.apple.WebKit2 0x000000010cbf8e69 void CoreIPC::handleMessage<Messages::WebPage::LoadURL, WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, WebKit::SandboxExtension::Handle const&)>(CoreIPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, WebKit::SandboxExtension::Handle const&)) + 121 (HandleMessage.h:323)
60 com.apple.WebKit2 0x000000010cbf383e WebKit::WebPage::didReceiveWebPageMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::MessageDecoder&) + 3598 (WebPageMessageReceiver.cpp:202)
61 com.apple.WebKit2 0x000000010cbc7ead WebKit::WebPage::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::MessageDecoder&) + 301 (WebPage.cpp:2976)
62 com.apple.WebKit2 0x000000010cbc7efd non-virtual thunk to WebKit::WebPage::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::MessageDecoder&) + 61
63 com.apple.WebKit2 0x000000010cd3bd8a CoreIPC::MessageReceiverMap::dispatchMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::MessageDecoder&) + 634 (MessageReceiverMap.cpp:87)
64 com.apple.WebKit2 0x000000010cc9dc1d WebKit::WebProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::MessageDecoder&) + 77 (WebProcess.cpp:590)
65 com.apple.WebKit2 0x000000010c9945c8 CoreIPC::Connection::dispatchMessage(CoreIPC::MessageID, CoreIPC::MessageDecoder&) + 72 (Connection.cpp:662)
66 com.apple.WebKit2 0x000000010c991a8e CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::MessageDecoder>&) + 318 (Connection.cpp:684)
67 com.apple.WebKit2 0x000000010c99456b CoreIPC::Connection::dispatchOneMessage() + 203 (Connection.cpp:711)
68 com.apple.WebKit2 0x000000010c99be52 WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>::operator()(CoreIPC::Connection*) + 114 (Functional.h:173)
69 com.apple.WebKit2 0x000000010c99bdd5 WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void (CoreIPC::Connection*)>::operator()() + 53 (Functional.h:405)
70 com.apple.WebCore 0x00000001102d1e39 WTF::Function<void ()>::operator()() const + 137 (Functional.h:613)
71 com.apple.WebCore 0x00000001102d1b3b WebCore::RunLoop::performWork() + 395 (RunLoop.cpp:89)
72 com.apple.WebCore 0x00000001102d2f8e WebCore::RunLoop::performWork(void*) + 62 (RunLoopCF.cpp:66)
73 com.apple.CoreFoundation 0x00007fff8dedf101 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
74 com.apple.CoreFoundation 0x00007fff8dedea25 __CFRunLoopDoSources0 + 245
75 com.apple.CoreFoundation 0x00007fff8df01dc5 __CFRunLoopRun + 789
76 com.apple.CoreFoundation 0x00007fff8df016b2 CFRunLoopRunSpecific + 290
77 com.apple.HIToolbox 0x00007fff867b00a4 RunCurrentEventLoopInMode + 209
78 com.apple.HIToolbox 0x00007fff867afe42 ReceiveNextEventCommon + 356
79 com.apple.HIToolbox 0x00007fff867afcd3 BlockUntilNextEventMatchingListInMode + 62
80 com.apple.AppKit 0x00007fff897ba613 _DPSNextEvent + 685
81 com.apple.AppKit 0x00007fff897b9ed2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
82 com.apple.AppKit 0x00007fff897b1283 -[NSApplication run] + 517
83 com.apple.WebCore 0x00000001102d3bec WebCore::RunLoop::run() + 92 (RunLoopMac.mm:37)
84 com.apple.WebKit2 0x000000010ccb85b3 WebKit::WebProcessMain(WebKit::CommandLine const&) + 4451 (WebProcessMainMac.mm:187)
85 com.apple.WebKit2 0x000000010cba2fd9 WebKitMain(WebKit::CommandLine const&) + 201 (WebKitMain.cpp:58)
86 com.apple.WebKit2 0x000000010cba2ee9 WebKitMain + 153 (WebKitMain.cpp:88)
87 com.apple.WebProcess 0x000000010c929da2 main + 274
88 libdyld.dylib 0x00007fff8f4327e1 start + 1
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Ryosuke Niwa
Also see http://webkit.org/b/105986.
Ryosuke Niwa
Added a flaky crash expectation in http://trac.webkit.org/changeset/138694.
Ryosuke Niwa
Apparently this is also reproducible on WebKit1:
http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK1%20(Tests)/r138694%20(4263)/svg/dynamic-updates/SVGFEMorphologyElement-dom-radius-attr-crash-log.txt
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x0000000104258fb5 WebCore::SharedBuffer::releasePurgeableBuffer() + 101 (SharedBuffer.cpp:251)
1 com.apple.WebCore 0x000000010414a206 WebCore::ResourceBuffer::releasePurgeableBuffer() + 54 (ResourceBuffer.cpp:119)
2 com.apple.WebCore 0x0000000102d35853 WebCore::CachedResource::makePurgeable(bool) + 451 (CachedResource.cpp:827)
3 com.apple.WebCore 0x0000000102d2804b WebCore::CachedImage::destroyDecodedData() + 283 (CachedImage.cpp:423)
4 com.apple.WebCore 0x0000000103d2d939 WebCore::MemoryCache::pruneDeadResourcesToSize(unsigned int) + 713 (MemoryCache.cpp:321)
5 com.apple.WebCore 0x0000000103d2d65b WebCore::MemoryCache::pruneDeadResources() + 123 (MemoryCache.cpp:265)
6 com.apple.WebCore 0x0000000103d2ded2 WebCore::MemoryCache::prune() + 82 (MemoryCache.cpp:762)
7 com.apple.WebCore 0x0000000102d3446e WebCore::CachedResource::removeClient(WebCore::CachedResourceClient*) + 606 (CachedResource.cpp:541)
8 com.apple.WebCore 0x000000010441a80e WebCore::SVGFEImageElement::clearResourceReferences() + 94 (SVGFEImageElement.cpp:74)
9 com.apple.WebCore 0x000000010441a66a WebCore::SVGFEImageElement::~SVGFEImageElement() + 106 (SVGFEImageElement.cpp:69)
10 com.apple.WebCore 0x000000010441a535 WebCore::SVGFEImageElement::~SVGFEImageElement() + 21 (SVGFEImageElement.cpp:69)
11 com.apple.WebCore 0x000000010441a509 WebCore::SVGFEImageElement::~SVGFEImageElement() + 25 (SVGFEImageElement.cpp:67)
12 com.apple.WebCore 0x0000000102de2c5b void WebCore::removeAllChildrenInContainer<WebCore::Node, WebCore::ContainerNode>(WebCore::ContainerNode*) + 283 (ContainerNodeAlgorithms.h:105)
13 com.apple.WebCore 0x0000000102dddd75 WebCore::ContainerNode::removeAllChildren() + 21 (ContainerNode.cpp:95)
14 com.apple.WebCore 0x0000000102ff07c0 WebCore::Document::removedLastRef() + 448 (Document.cpp:710)
15 com.apple.WebCore 0x0000000103d875a2 WebCore::Node::removedLastRef() + 50 (Node.cpp:2579)
16 com.apple.WebCore 0x0000000102be196f WebCore::TreeShared<WebCore::Node, WebCore::ContainerNode>::deref() + 479 (TreeShared.h:83)
17 com.apple.WebCore 0x0000000102be177b void WTF::derefIfNotNull<WebCore::Node>(WebCore::Node*) + 59 (PassRefPtr.h:54)
18 com.apple.WebCore 0x0000000102be1738 WTF::RefPtr<WebCore::Node>::~RefPtr() + 24 (RefPtr.h:56)
19 com.apple.WebCore 0x0000000102be1715 WTF::RefPtr<WebCore::Node>::~RefPtr() + 21 (RefPtr.h:56)
20 com.apple.WebCore 0x0000000102d8447b WebCore::LiveNodeListBase::~LiveNodeListBase() + 91 (LiveNodeList.h:78)
21 com.apple.WebCore 0x0000000102d843f5 WebCore::LiveNodeList::~LiveNodeList() + 21 (LiveNodeList.h:195)
22 com.apple.WebCore 0x0000000102d8423f WebCore::ChildNodeList::~ChildNodeList() + 79 (ChildNodeList.cpp:39)
23 com.apple.WebCore 0x0000000102d841e5 WebCore::ChildNodeList::~ChildNodeList() + 21 (ChildNodeList.cpp:39)
24 com.apple.WebCore 0x0000000102d841b9 WebCore::ChildNodeList::~ChildNodeList() + 25 (ChildNodeList.cpp:37)
25 com.apple.WebCore 0x0000000102be0ed3 WTF::RefCounted<WebCore::NodeList>::deref() + 83 (RefCounted.h:203)
26 com.apple.WebCore 0x00000001039d2df6 WebCore::JSNodeList::releaseImpl() + 38 (JSNodeList.h:58)
27 com.apple.WebCore 0x00000001039d1ffe WebCore::JSNodeListOwner::finalize(JSC::Handle<JSC::Unknown>, void*) + 110 (JSNodeList.cpp:266)
28 com.apple.JavaScriptCore 0x0000000101914984 JSC::WeakBlock::finalize(JSC::WeakImpl*) + 212 (WeakSetInlines.h:53)
29 com.apple.JavaScriptCore 0x000000010191429e JSC::WeakBlock::sweep() + 158 (WeakBlock.cpp:77)
30 com.apple.JavaScriptCore 0x0000000101914cd0 JSC::WeakSet::sweep() + 64 (WeakSet.cpp:46)
31 com.apple.JavaScriptCore 0x00000001017eef78 JSC::MarkedBlock::sweep(JSC::MarkedBlock::SweepMode) + 40 (MarkedBlock.cpp:112)
32 com.apple.JavaScriptCore 0x0000000101912685 JSC::MarkedAllocator::tryAllocateHelper(unsigned long) + 85 (MarkedAllocator.cpp:34)
33 com.apple.JavaScriptCore 0x00000001019117c9 JSC::MarkedAllocator::tryAllocate(unsigned long) + 137 (MarkedAllocator.cpp:66)
34 com.apple.JavaScriptCore 0x00000001019111d8 JSC::MarkedAllocator::allocateSlowCase(unsigned long) + 232 (MarkedAllocator.cpp:82)
35 com.apple.WebCore 0x0000000102d0e4eb JSC::MarkedAllocator::allocate(unsigned long) + 75 (MarkedAllocator.h:78)
36 com.apple.WebCore 0x0000000102d0ef59 JSC::MarkedSpace::allocateWithNormalDestructor(unsigned long) + 41 (MarkedSpace.h:220)
37 com.apple.WebCore 0x0000000102d0ef1d JSC::Heap::allocateWithNormalDestructor(unsigned long) + 141 (Heap.h:402)
38 com.apple.WebCore 0x00000001038d3739 void* JSC::allocateCell<WebCore::JSHTMLSpanElement>(JSC::Heap&, unsigned long) + 233 (JSCell.h:318)
39 com.apple.WebCore 0x00000001038d35df void* JSC::allocateCell<WebCore::JSHTMLSpanElement>(JSC::Heap&) + 31 (JSCell.h:328)
40 com.apple.WebCore 0x00000001038d322e WebCore::JSHTMLSpanElement::create(JSC::Structure*, WebCore::JSDOMGlobalObject*, WTF::PassRefPtr<WebCore::HTMLSpanElement>) + 46 (JSHTMLSpanElement.h:36)
41 com.apple.WebCore 0x00000001038d310d WebCore::JSDOMWrapper* WebCore::createWrapper<WebCore::JSHTMLSpanElement, WebCore::HTMLSpanElement>(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::HTMLSpanElement*) + 253 (JSDOMBinding.h:192)
42 com.apple.WebCore 0x00000001038cbb98 WebCore::createHTMLSpanElementWrapper(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WTF::PassRefPtr<WebCore::HTMLElement>) + 56 (JSHTMLElementWrapperFactory.cpp:591)
43 com.apple.WebCore 0x00000001038cac09 WebCore::createJSHTMLWrapper(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WTF::PassRefPtr<WebCore::HTMLElement>) + 13417 (JSHTMLElementWrapperFactory.cpp:840)
44 com.apple.WebCore 0x000000010384acd3 WebCore::toJSNewlyCreated(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::Element*) + 227 (JSElementCustom.cpp:63)
45 com.apple.WebCore 0x00000001037ab37e WebCore::jsDocumentPrototypeFunctionCreateElement(JSC::ExecState*) + 638 (JSDocument.cpp:2135)
46 ??? 0x000036e7ab801045 0 + 60368642641989
47 com.apple.JavaScriptCore 0x0000000101702714 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::JSGlobalData*) + 84 (JITCode.h:134)
48 com.apple.JavaScriptCore 0x00000001016ff19f JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 4735 (Interpreter.cpp:983)
49 com.apple.JavaScriptCore 0x00000001015c52e3 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 483 (Completion.cpp:75)
50 com.apple.WebCore 0x0000000103970722 WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 82 (JSMainThreadExecState.h:77)
51 com.apple.WebCore 0x00000001041a9dd3 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) + 339 (ScriptController.cpp:141)
52 com.apple.WebCore 0x00000001041a9f14 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) + 68 (ScriptController.cpp:158)
53 com.apple.WebCore 0x00000001041c1f9a WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 746 (ScriptElement.cpp:304)
54 com.apple.WebCore 0x00000001041c226e WebCore::ScriptElement::execute(WebCore::CachedScript*) + 270 (ScriptElement.cpp:325)
55 com.apple.WebCore 0x00000001041d81b9 WebCore::ScriptRunner::timerFired(WebCore::Timer<WebCore::ScriptRunner>*) + 505 (ScriptRunner.cpp:122)
56 com.apple.WebCore 0x00000001041dbe43 WebCore::Timer<WebCore::ScriptRunner>::fired() + 115 (Timer.h:106)
57 com.apple.WebCore 0x000000010452d996 WebCore::ThreadTimers::sharedTimerFiredInternal() + 294 (ThreadTimers.cpp:119)
58 com.apple.WebCore 0x000000010452d729 WebCore::ThreadTimers::sharedTimerFired() + 25 (ThreadTimers.cpp:94)
59 com.apple.WebCore 0x000000010425c493 WebCore::timerFired(__CFRunLoopTimer*, void*) + 67 (SharedTimerMac.mm:167)
60 com.apple.CoreFoundation 0x00007fff8a050da4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
61 com.apple.CoreFoundation 0x00007fff8a0508bd __CFRunLoopDoTimer + 557
62 com.apple.CoreFoundation 0x00007fff8a036099 __CFRunLoopRun + 1513
63 com.apple.CoreFoundation 0x00007fff8a0356b2 CFRunLoopRunSpecific + 290
64 com.apple.Foundation 0x00007fff8702389e -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 268
65 DumpRenderTree 0x0000000101261839 runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 5017 (DumpRenderTree.mm:1381)
Updated the test expectation accordingly in http://trac.webkit.org/changeset/138698.
Ryosuke Niwa
I'm pretty certain this is a duplicate of 105986. I'm seeing more crashes in SharedBuffer::releasePurgeableBuffer:
http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r138709%20(5405)/results.html
*** This bug has been marked as a duplicate of bug 105986 ***