Bug 79707

Summary: REGRESSION: Numerous svg tests are flaky crashers on 10.6 Chromium
Product: WebKit Reporter: Adrienne Walker <enne>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: adamk, dino, enne, jamesr, knorton, schenney, thorton, zimmermann
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 78315    

Description Adrienne Walker 2012-02-27 15:17:52 PST 
From http://build.chromium.org/p/chromium.webkit/builders/Webkit%20Mac10.6%20(dbg)/builds/8459/steps/webkit_tests/logs/stdio:

--SNIP--
ASSERTION FAILED: !needsLayout()
/b/build/slave/webkit-mac-latest-dbg/build/src/third_party/WebKit/Source/WebCore/WebCore.gyp/../page/FrameView.cpp(2877) : virtual void WebCore::FrameView::paintContents(WebCore::GraphicsContext *, const WebCore::IntRect &)
1   0x603f1c8a WebCore::FrameView::paintContents(WebCore::GraphicsContext*, WebCore::IntRect const&)
2   0x5f85918e WebCore::ScrollView::paint(WebCore::GraphicsContext*, WebCore::IntRect const&)
3   0x60fed643 WebCore::SVGImage::draw(WebCore::GraphicsContext*, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ColorSpace, WebCore::CompositeOperator)
4   0x60fed099 WebCore::SVGImage::drawSVGToImageBuffer(WebCore::ImageBuffer*, WebCore::IntSize const&, float, WebCore::SVGImage::ShouldClearBuffer)
5   0x60fe2d8d WebCore::SVGImageCache::redraw()
6   0x60fe2b95 WebCore::SVGImageCache::imageContentChanged()
7   0x603287ab WebCore::CachedImage::changedInRect(WebCore::Image const*, WebCore::IntRect const&)
8   0x60328826 non-virtual thunk to WebCore::CachedImage::changedInRect(WebCore::Image const*, WebCore::IntRect const&)
9   0x60ff28c5 WebCore::SVGImageChromeClient::invalidateContentsAndRootView(WebCore::IntRect const&, bool)
10  0x603683de WebCore::Chrome::invalidateContentsAndRootView(WebCore::IntRect const&, bool)
11  0x5f85846e WebCore::ScrollView::repaintContentRectangle(WebCore::IntRect const&, bool)
12  0x603ee194 WebCore::FrameView::doDeferredRepaints()
13  0x603ea447 WebCore::FrameView::endDeferredRepaints()
14  0x603e9058 WebCore::FrameView::layout(bool)
15  0x603e4672 WebCore::FrameView::layoutTimerFired(WebCore::Timer<WebCore::FrameView>*)
16  0x604067b7 WebCore::Timer<WebCore::FrameView>::fired()
17  0x5f86d24e WebCore::ThreadTimers::sharedTimerFiredInternal()
18  0x5f86cfdf WebCore::ThreadTimers::sharedTimerFired()
19  0x613b90f9 webkit_glue::WebKitPlatformSupportImpl::DoTimeout()
20  0x613b9c57 base::BaseTimer<webkit_glue::WebKitPlatformSupportImpl, false>::TimerTask::Run()
21  0x5df61964 base::internal::RunnableAdapter<void (base::BaseTimer_Helper::TimerTask::*)()>::Run(base::BaseTimer_Helper::TimerTask*)
22  0x5df61863 base::internal::InvokeHelper<false, void, base::internal::RunnableAdapter<void (base::BaseTimer_Helper::TimerTask::*)()>, void ()(base::BaseTimer_Helper::TimerTask*)>::MakeItSo(base::internal::RunnableAdapter<void (base::BaseTimer_Helper::TimerTask::*)()>, base::BaseTimer_Helper::TimerTask*)
23  0x5df6179e base::internal::Invoker<1, base::internal::BindState<base::internal::RunnableAdapter<void (base::BaseTimer_Helper::TimerTask::*)()>, void ()(base::BaseTimer_Helper::TimerTask*), void ()(base::internal::OwnedWrapper<base::BaseTimer_Helper::TimerTask>)>, void ()(base::BaseTimer_Helper::TimerTask*)>::Run(base::internal::BindStateBase*)
24  0x5deb70eb base::Callback<void ()()>::Run() const
25  0x5deb480e MessageLoop::RunTask(base::PendingTask const&)
26  0x5deb4bb1 MessageLoop::DeferOrRunPendingTask(base::PendingTask const&)
27  0x5deb4de8 MessageLoop::DoWork()
28  0x5de2847b base::MessagePumpCFRunLoopBase::RunWork()
29  0x5de27b72 base::MessagePumpCFRunLoopBase::RunWorkSource(void*)
30  0x91d8942b __CFRunLoopDoSources0
31  0x91d86eef __CFRunLoopRun
--SNIP--

This is an assertion on 10.6 debug, but the 10.6 release version is also crashing.  There's no stack trace there, unfortunately.

It's hard to tell when this started, because it's flaky, but the earliest is r108841 from the following set of tests:

http://test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=svg%2Fas-background-image%2Fbackground-image-preserveaspectRatio-support.html%20svg%2Fas-background-image%2Fsame-image-two-instances-background-image.html%20svg%2Fas-border-image%2Fsvg-as-border-image.html%20svg%2Fas-image%2Fdrag-svg-as-image.html%20svg%2Fas-image%2Fsvg-as-relative-image-with-explicit-size.html%20svg%2Fas-image%2Fsvg-non-integer-scaled-image.html%20svg%2Fclip-path%2Fclip-path-nonzero-evenodd.svg%20svg%2Fcustom%2FfeDisplacementMap-01.svg%20svg%2Fcustom%2Ffont-face-name-without-name-attr.svg%20svg%2Fzoom%2Fpage%2Fzoom-replaced-intrinsic-ratio-001.htm%20svg%2Fzoom%2Fpage%2Fzoom-svg-as-background-with-relative-size-and-viewBox.html

To me, that makes it seem like http://trac.webkit.org/changeset/108834/ is the most likely culprit.
Comment 1 Adrienne Walker 2012-02-27 15:41:14 PST 
Committed r109032: <http://trac.webkit.org/changeset/109032>
Comment 2 Adrienne Walker 2012-02-27 17:17:10 PST 
Committed r109046: <http://trac.webkit.org/changeset/109046>
Comment 3 Adrienne Walker 2012-02-27 17:24:47 PST 
Committed r109048: <http://trac.webkit.org/changeset/109048>
Comment 4 Adam Klein 2012-02-28 14:55:17 PST 
Committed r109153: <http://trac.webkit.org/changeset/109153>
Comment 5 James Robinson 2012-02-28 15:16:44 PST 
This might be http://code.google.com/p/chromium/issues/detail?id=116155
Comment 6 Adam Klein 2012-02-28 16:07:24 PST 
Committed r109165: <http://trac.webkit.org/changeset/109165>
Comment 7 Adam Klein 2012-02-29 15:42:24 PST 
No crashes seen since rolling out 108834 24 hours ago, I'm going to call this fixed.