Summary: | REGRESSION(r106408): crashes in chromium mac release tests (Requested by japhet on #webkit). | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | WebKit Review Bot <webkit.review.bot> | ||||
Component: | New Bugs | Assignee: | WebKit Review Bot <webkit.review.bot> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | andersca, danakj, japhet | ||||
Priority: | P2 | ||||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Bug Depends on: | |||||||
Bug Blocks: | 72294 | ||||||
Attachments: |
|
Description
WebKit Review Bot
2012-02-01 18:21:19 PST
Created attachment 125061 [details] ROLLOUT of r106408 Any committer can land this patch automatically by marking it commit-queue+. The commit-queue will build and test the patch before landing to ensure that the rollout will be successful. This process takes approximately 15 minutes. If you would like to land the rollout faster, you can use the following command: webkit-patch land-attachment ATTACHMENT_ID where ATTACHMENT_ID is the ID of this attachment. The crashes seem to be of the form: #0 0x6e9abef9 in CrMallocErrorBreak at process_util_mac.mm:556 #1 0x95525563 in free #2 0x6f69826f in WTF::VectorBufferBase<int>::deallocateBuffer at Vector.h:285 #3 0x6f69826f in WTF::Vector<int, 0ul>::expandCapacity at Vector.h:899 #4 0x6f69826f in WebCore::Region::Shape::shapeOperation<WebCore::Region::Shape::SubtractOperation> at Vector.h:820 #5 0x6f6971ae in WebCore::Region::subtract at Region.cpp:411 #6 0x6f6b34fd in WebCore::TiledLayerChromium::updateBounds at TiledLayerChromium.cpp:140 #7 0x6f6b4b61 in WebCore::TiledLayerChromium::prepareToUpdate at TiledLayerChromium.cpp:527 #8 0x6f69e288 in WebCore::ContentLayerChromium::paintContentsIfDirty at ContentLayerChromium.cpp:107 #9 0x6f6c4e24 in WebCore::CCLayerTreeHost::paintLayerContents at CCLayerTreeHost.cpp:422 #10 0x6f6c48c8 in WebCore::CCLayerTreeHost::updateLayers at CCLayerTreeHost.cpp:385 #11 0x6f6c4408 in WebCore::CCLayerTreeHost::updateLayers at CCLayerTreeHost.cpp:355 #12 0x6f6cd1af in WebCore::CCSingleThreadProxy::commitIfNeeded at CCSingleThreadProxy.h:275 #13 0x6f6cd1af in WebCore::CCSingleThreadProxy::compositeImmediately at CCSingleThreadProxy.cpp:217 #14 0x6f6c43d4 in WebCore::CCLayerTreeHost::composite at CCLayerTreeHost.cpp:344 They're occurring reliable on chromium mac release ToT. See http://build.chromium.org/p/chromium.webkit/builders/Mac10.6%20Tests/builds/8700. I'm also hitting it reliably by going to http://chrome.angrybirds.com with a ToT chromium build. Comment on attachment 125061 [details] ROLLOUT of r106408 Clearing flags on attachment: 125061 Committed r106525: <http://trac.webkit.org/changeset/106525> All reviewed patches have been landed. Closing bug. |