Bug 98158

Summary:

REGRESSION(r130160): It made 3 tests crash

Product:

WebKit

Reporter:

Csaba Osztrogonác <ossy>

Component:

New Bugs

Assignee:

Stephen Chenney <schenney>

Status:

RESOLVED FIXED

Severity:

Critical

CC:

ayao, cmarcelo, eric, inferno, macpherson, menard, ojan, ossy, schenney, webkit.review.bot

Priority:

Keywords:

Qt, QtTriaged

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Bug Depends on:

Bug Blocks:

79668, 95866

Attachments:

Description	Flags
Patch	eric: review+, eric: commit-queue-

Csaba Osztrogonác

Reported 2012-10-02 07:34:57 PDT

Unfortunately it is a crazy regression, I can't reproduce them with running only these tests, but running all tests. http/tests/css/link-css-disabled-value-with-slow-loading-sheet-in-error.html: ------------------------------------------------------------------------------ crash log for DumpRenderTree (pid 2364): STDOUT: <empty> STDERR: 1 0x7fac8b06cf88 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x19e7f88) [0x7fac8b06cf88] STDERR: 2 0x7fac862c6230 /lib/libc.so.6(+0x32230) [0x7fac862c6230] STDERR: 3 0x7fac8a37a5a2 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xcf55a2) [0x7fac8a37a5a2] STDERR: 4 0x7fac8a42acc0 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xda5cc0) [0x7fac8a42acc0] STDERR: 5 0x7fac8a55524d /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xed024d) [0x7fac8a55524d] STDERR: 6 0x7fac8a558342 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xed3342) [0x7fac8a558342] STDERR: 7 0x7fac8a54faf6 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xecaaf6) [0x7fac8a54faf6] STDERR: 8 0x7fac8a558255 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xed3255) [0x7fac8a558255] STDERR: 9 0x7fac8a45ea15 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdd9a15) [0x7fac8a45ea15] STDERR: 10 0x7fac8a461ac1 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xddcac1) [0x7fac8a461ac1] STDERR: 11 0x7fac8a464418 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xddf418) [0x7fac8a464418] STDERR: 12 0x7fac8a464f1b /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xddff1b) [0x7fac8a464f1b] STDERR: 13 0x7fac8a451052 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdcc052) [0x7fac8a451052] STDERR: 14 0x7fac8a449846 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdc4846) [0x7fac8a449846] STDERR: 15 0x7fac8a44b7bf /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdc67bf) [0x7fac8a44b7bf] STDERR: 16 0x7fac8a450a98 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdcba98) [0x7fac8a450a98] STDERR: 17 0x7fac8a45156c /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdcc56c) [0x7fac8a45156c] STDERR: 18 0x7fac8a449846 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdc4846) [0x7fac8a449846] STDERR: 19 0x7fac8a44b7bf /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdc67bf) [0x7fac8a44b7bf] STDERR: 20 0x7fac8a450a98 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdcba98) [0x7fac8a450a98] STDERR: 21 0x7fac8a45156c /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdcc56c) [0x7fac8a45156c] STDERR: 22 0x7fac8a449846 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdc4846) [0x7fac8a449846] STDERR: 23 0x7fac8a44b7bf /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdc67bf) [0x7fac8a44b7bf] STDERR: 24 0x7fac8a450a98 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdcba98) [0x7fac8a450a98] STDERR: 25 0x7fac8a45156c /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdcc56c) [0x7fac8a45156c] STDERR: 26 0x7fac8a449846 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdc4846) [0x7fac8a449846] STDERR: 27 0x7fac8a56b5f9 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xee65f9) [0x7fac8a56b5f9] STDERR: 28 0x7fac8a3187bc /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xc937bc) [0x7fac8a3187bc] STDERR: 29 0x7fac8a3e8096 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xd63096) [0x7fac8a3e8096] STDERR: 30 0x7fac879caff9 /usr/local/Trolltech/Qt5/Qt-5.0.0-beta1/lib/libQtCore.so.5(_ZN7QObject5eventEP6QEvent+0x99) [0x7fac879caff9] STDERR: 31 0x7fac88f7d0dc /usr/local/Trolltech/Qt5/Qt-5.0.0-beta1/lib/libQtWidgets.so.5(_ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent+0xac) [0x7fac88f7d0dc] svg/text/text-fonts-02-t.svg: ------------------------------ crash log for DumpRenderTree (pid 2656): STDOUT: <empty> STDERR: 1 0x7fcdba5f8f88 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x19e7f88) [0x7fcdba5f8f88] STDERR: 2 0x7fcdb6889ff0 /lib/libpthread.so.0(+0xeff0) [0x7fcdb6889ff0] STDERR: 3 0x7fcdb9c9e7ca /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x108d7ca) [0x7fcdb9c9e7ca] STDERR: 4 0x7fcdb9c9f44c /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x108e44c) [0x7fcdb9c9f44c] STDERR: 5 0x7fcdb9c9ff6b /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x108ef6b) [0x7fcdb9c9ff6b] STDERR: 6 0x7fcdb9ca0554 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x108f554) [0x7fcdb9ca0554] STDERR: 7 0x7fcdb9ca0583 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x108f583) [0x7fcdb9ca0583] STDERR: 8 0x7fcdb9ca0628 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x108f628) [0x7fcdb9ca0628] STDERR: 9 0x7fcdb9c7c2db /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x106b2db) [0x7fcdb9c7c2db] STDERR: 10 0x7fcdb9c683c4 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x10573c4) [0x7fcdb9c683c4] STDERR: 11 0x7fcdb9a99a84 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xe88a84) [0x7fcdb9a99a84] STDERR: 12 0x7fcdb9522fd2 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x911fd2) [0x7fcdb9522fd2] STDERR: 13 0x7fcdb94cc337 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x8bb337) [0x7fcdb94cc337] STDERR: 14 0x7fcdb94cc2eb /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x8bb2eb) [0x7fcdb94cc2eb]

Attachments
Patch (3.22 KB, patch) 2012-10-03 06:44 PDT, Stephen Chenney	eric: review+ eric: commit-queue-	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Stephen Chenney

Comment 1 2012-10-02 07:41:08 PDT

Sounds like some kind of race condition on loading the fonts, which makes me suspect an issue with pointer ownership in the code that handles the font loading. I'll look into it and see if anything pops out.

Csaba Osztrogonác

Comment 2 2012-10-02 07:44:57 PDT

I managed to reproduce crashes with the following commands: - $ run-tests-in-xvfb.sh svg/text/ - $ run-tests-in-xvfb.sh http/tests/css/ And I got better crash logs: 07:42:29.635 19800 worker/0 http/tests/css/link-css-disabled-value-with-slow-loading-sheet-in-error.html crashed, (stderr lines): 07:42:29.635 19800 1 0x7f447d770338 /home/oszi/WebKit/WebKitBuild/Release/lib/libWTF.so.1(+0x16338) [0x7f447d770338] 07:42:29.635 19800 2 0x7f447509b230 /lib/libc.so.6(+0x32230) [0x7f447509b230] 07:42:29.635 19800 3 0x7f447fe90322 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZNK7WebCore17SegmentedFontData20fontDataForCharacterEi+0x62) [0x7f447fe90322] 07:42:29.635 19800 4 0x7f447ff5bae0 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock16constructTextRunEPNS_12RenderObjectERKNS_4FontEPKtiPNS_11RenderStyleEjj+0x1b0) [0x7f447ff5bae0] 07:42:29.635 19800 5 0x7f448008c40d /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore10RenderText29computePreferredLogicalWidthsEfRN3WTF7HashSetIPKNS_14SimpleFontDataENS1_7PtrHashIS5_EENS1_10HashTraitsIS5_EEEERNS_13GlyphOverflowE+0x52d) [0x7f448008c40d] 07:42:29.635 19800 6 0x7f448008f512 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore10RenderText29computePreferredLogicalWidthsEf+0x62) [0x7f448008f512] 07:42:29.635 19800 7 0x7f4480086c96 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZNK7WebCore10RenderText15maxLogicalWidthEv+0x16) [0x7f4480086c96] 07:42:29.635 19800 8 0x7f448008f425 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZNK7WebCore10RenderText5widthEjjRKNS_4FontEfPN3WTF7HashSetIPKNS_14SimpleFontDataENS4_7PtrHashIS8_EENS4_10HashTraitsIS8_EEEEPNS_13GlyphOverflowE+0x505) [0x7f448008f425] 07:42:29.635 19800 9 0x7f447ff8fb3b /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock11LineBreaker13nextLineBreakERNS_12BidiResolverINS_14InlineIteratorENS_7BidiRunEEERNS_8LineInfoERNS0_14RenderTextInfoEPNS0_14FloatingObjectEj+0x281b) [0x7f447ff8fb3b] 07:42:29.635 19800 10 0x7f447ff93ca0 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock26layoutRunsAndFloatsInRangeERNS_15LineLayoutStateERNS_12BidiResolverINS_14InlineIteratorENS_7BidiRunEEERKS4_RKNS_10BidiStatusEj+0x4f0) [0x7f447ff93ca0] 07:42:29.635 19800 11 0x7f447ff95b88 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock19layoutRunsAndFloatsERNS_15LineLayoutStateEb+0x388) [0x7f447ff95b88] 07:42:29.635 19800 12 0x7f447ff9668b /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock20layoutInlineChildrenEbRNS_20FractionalLayoutUnitES2_+0x8fb) [0x7f447ff9668b] 07:42:29.635 19800 13 0x7f447ff82712 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock11layoutBlockEbNS_20FractionalLayoutUnitE+0x542) [0x7f447ff82712] 07:42:29.635 19800 14 0x7f447ff7af06 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock6layoutEv+0x76) [0x7f447ff7af06] 07:42:29.635 19800 15 0x7f447ff7cfef /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock16layoutBlockChildEPNS_9RenderBoxERNS0_10MarginInfoERNS_20FractionalLayoutUnitES6_+0x59f) [0x7f447ff7cfef] 07:42:29.635 19800 16 0x7f447ff82158 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock19layoutBlockChildrenEbRNS_20FractionalLayoutUnitE+0x318) [0x7f447ff82158] 07:42:29.636 19800 17 0x7f447ff82c34 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock11layoutBlockEbNS_20FractionalLayoutUnitE+0xa64) [0x7f447ff82c34] 07:42:29.636 19800 18 0x7f447ff7af06 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock6layoutEv+0x76) [0x7f447ff7af06] 07:42:29.636 19800 19 0x7f447ff7cfef /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock16layoutBlockChildEPNS_9RenderBoxERNS0_10MarginInfoERNS_20FractionalLayoutUnitES6_+0x59f) [0x7f447ff7cfef] 07:42:29.636 19800 20 0x7f447ff82158 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock19layoutBlockChildrenEbRNS_20FractionalLayoutUnitE+0x318) [0x7f447ff82158] 07:42:29.636 19800 21 0x7f447ff82c34 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock11layoutBlockEbNS_20FractionalLayoutUnitE+0xa64) [0x7f447ff82c34] 07:42:29.636 19800 22 0x7f447ff7af06 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock6layoutEv+0x76) [0x7f447ff7af06] 07:42:29.636 19800 23 0x7f447ff7cfef /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock16layoutBlockChildEPNS_9RenderBoxERNS0_10MarginInfoERNS_20FractionalLayoutUnitES6_+0x59f) [0x7f447ff7cfef] 07:42:29.636 19800 24 0x7f447ff82158 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock19layoutBlockChildrenEbRNS_20FractionalLayoutUnitE+0x318) [0x7f447ff82158] 07:42:29.636 19800 25 0x7f447ff82c34 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock11layoutBlockEbNS_20FractionalLayoutUnitE+0xa64) [0x7f447ff82c34] 07:42:29.636 19800 26 0x7f447ff7af06 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock6layoutEv+0x76) [0x7f447ff7af06] 07:42:29.636 19800 27 0x7f44800a4d39 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore10RenderView6layoutEv+0x2f9) [0x7f44800a4d39] 07:42:29.636 19800 28 0x7f447fe20e00 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore9FrameView6layoutEb+0x4b0) [0x7f447fe20e00] 07:42:29.636 19800 29 0x7f447ff12db6 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore12ThreadTimers24sharedTimerFiredInternalEv+0xa6) [0x7f447ff12db6] 07:42:29.639 19800 30 0x7f4476464ff9 /usr/local/Trolltech/Qt5/Qt-5.0.0-beta1/lib/libQtCore.so.5(_ZN7QObject5eventEP6QEvent+0x99) [0x7f4476464ff9] 07:42:29.639 19800 31 0x7f4477a170dc /usr/local/Trolltech/Qt5/Qt-5.0.0-beta1/lib/libQtWidgets.so.5(_ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent+0xac) [0x7f4477a170dc] 07:42:29.639 19800 [7/12] http/tests/css/link-css-disabled-value-with-slow-loading-sheet-in-error.html crashed unexpectedly 07:42:29.639 19800 worker/0 killing driver 07:42:29.640 19800 worker/0 http/tests/css/link-css-disabled-value-with-slow-loading-sheet-in-error.html failed: 07:42:29.640 19800 worker/0 DumpRenderTree (pid 20018) crashed 07:43:49.830 20127 worker/0 svg/text/text-fonts-02-t.svg crashed, (stderr lines): 07:43:49.830 20127 1 0x7f925e878338 /home/oszi/WebKit/WebKitBuild/Release/lib/libWTF.so.1(+0x16338) [0x7f925e878338] 07:43:49.831 20127 2 0x7f92561a3230 /lib/libc.so.6(+0x32230) [0x7f92561a3230] 07:43:49.831 20127 3 0x7f926139063a /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore14SVGTextMetrics16constructTextRunEPNS_19RenderSVGInlineTextEPKtjj+0xca) [0x7f926139063a] 07:43:49.831 20127 4 0x7f92613917ac /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore21SVGTextMetricsBuilder37initializeMeasurementWithTextRendererEPNS_19RenderSVGInlineTextE+0x1ec) [0x7f92613917ac] 07:43:49.831 20127 5 0x7f92613922cb /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore21SVGTextMetricsBuilder19measureTextRendererEPNS_19RenderSVGInlineTextEPNS_15MeasureTextDataE+0x4b) [0x7f92613922cb] 07:43:49.831 20127 6 0x7f92613928b4 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore21SVGTextMetricsBuilder8walkTreeEPNS_12RenderObjectEPNS_19RenderSVGInlineTextEPNS_15MeasureTextDataE+0xb4) [0x7f92613928b4] 07:43:49.831 20127 7 0x7f92613928e3 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore21SVGTextMetricsBuilder8walkTreeEPNS_12RenderObjectEPNS_19RenderSVGInlineTextEPNS_15MeasureTextDataE+0xe3) [0x7f92613928e3] 07:43:49.831 20127 8 0x7f9261392988 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore21SVGTextMetricsBuilder19measureTextRendererEPNS_19RenderSVGInlineTextE+0x58) [0x7f9261392988] 07:43:49.831 20127 9 0x7f926136d39b /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore13RenderSVGText21subtreeStyleDidChangeEPNS_19RenderSVGInlineTextE+0x7b) [0x7f926136d39b] 07:43:49.831 20127 10 0x7f92613580a4 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore19RenderSVGInlineText14styleDidChangeENS_15StyleDifferenceEPKNS_11RenderStyleE+0x124) [0x7f92613580a4] 07:43:49.831 20127 11 0x7f926114b7a4 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore12RenderObject8setStyleEN3WTF10PassRefPtrINS_11RenderStyleEEE+0x1a4) [0x7f926114b7a4] 07:43:49.831 20127 12 0x7f9260b62d22 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore4Text15recalcTextStyleENS_4Node11StyleChangeE+0x92) [0x7f9260b62d22] 07:43:49.831 20127 13 0x7f9260afe277 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore7Element11recalcStyleENS_4Node11StyleChangeE+0x317) [0x7f9260afe277] 07:43:49.831 20127 14 0x7f9260afe22b /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore7Element11recalcStyleENS_4Node11StyleChangeE+0x2cb) [0x7f9260afe22b] 07:43:49.857 20127 [65/98] svg/text/text-fonts-02-t.svg crashed unexpectedly 07:43:49.857 20127 worker/0 killing driver 07:43:49.857 20127 worker/0 svg/text/text-fonts-02-t.svg failed: 07:43:49.857 20127 worker/0 DumpRenderTree (pid 20136) crashed

Csaba Osztrogonác

Comment 3 2012-10-02 07:53:40 PDT

I marked them as crashing tests - https://trac.webkit.org/changeset/130170 Please unskip them with the proper fix.

Ojan Vafai

Comment 4 2012-10-02 09:36:28 PDT

It also caused webaudio/audiochannelmerger-basic.html to crash on Chromium SnowLeopard Debug: http://test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=webaudio%2Faudiochannelmerger-basic.html STDERR: ASSERTION FAILED: i < size() STDERR: ../../WTF/wtf/Vector.h(574) : const T &WTF::Vector<WebCore::FontDataRange, 1>::at(size_t) const [T = WebCore::FontDataRange, inlineCapacity = 1] STDERR: 1 0x2d99c2d1 WTF::Vector<WebCore::FontDataRange, 1ul>::at(unsigned long) const STDERR: 2 0x2d99c229 WTF::Vector<WebCore::FontDataRange, 1ul>::operator[](unsigned long) const STDERR: 3 0x2d9ef786 WebCore::SegmentedFontData::fontDataForCharacter(int) const STDERR: 4 0x2c499e9b WebCore::FontFallbackList::primarySimpleFontData(WebCore::Font const*) STDERR: 5 0x2c499cea WebCore::Font::primaryFont() const STDERR: 6 0x2ea33bcd WebCore::textRunNeedsRenderingContext(WebCore::Font const&) STDERR: 7 0x2ede6195 WebCore::SVGTextMetrics::constructTextRun(WebCore::RenderSVGInlineText*, unsigned short const*, unsigned int, unsigned int) STDERR: 8 0x2ede6ff4 WebCore::SVGTextMetricsBuilder::initializeMeasurementWithTextRenderer(WebCore::RenderSVGInlineText*) STDERR: 9 0x2ede7264 WebCore::SVGTextMetricsBuilder::measureTextRenderer(WebCore::RenderSVGInlineText*, WebCore::MeasureTextData*) STDERR: 10 0x2ede767d WebCore::SVGTextMetricsBuilder::walkTree(WebCore::RenderObject*, WebCore::RenderSVGInlineText*, WebCore::MeasureTextData*) STDERR: 11 0x2ede76cf WebCore::SVGTextMetricsBuilder::walkTree(WebCore::RenderObject*, WebCore::RenderSVGInlineText*, WebCore::MeasureTextData*) STDERR: 12 0x2ede77fc WebCore::SVGTextMetricsBuilder::measureTextRenderer(WebCore::RenderSVGInlineText*) STDERR: 13 0x2eddd3b8 WebCore::SVGTextLayoutAttributesBuilder::rebuildMetricsForTextRenderer(WebCore::RenderSVGInlineText*) STDERR: 14 0x2eda0a6b WebCore::RenderSVGText::subtreeStyleDidChange(WebCore::RenderSVGInlineText*) STDERR: 15 0x2ed5ead4 WebCore::RenderSVGInlineText::styleDidChange(WebCore::StyleDifference, WebCore::RenderStyle const*) STDERR: 16 0x2ebf1258 WebCore::RenderObject::setStyle(WTF::PassRefPtr<WebCore::RenderStyle>) STDERR: 17 0x2d4068da WebCore::Text::recalcTextStyle(WebCore::Node::StyleChange) STDERR: 18 0x2d2f1678 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) STDERR: 19 0x2d2f1766 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) STDERR: 20 0x2d2f1766 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) STDERR: 21 0x2d2f1766 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) STDERR: 22 0x2d2381dc WebCore::Document::recalcStyle(WebCore::Node::StyleChange) STDERR: 23 0x2d238aed WebCore::Document::updateStyleIfNeeded() STDERR: 24 0x2d22dbbb WebCore::Document::styleRecalcTimerFired(WebCore::Timer<WebCore::Document>*) STDERR: 25 0x2d2ad167 WebCore::Timer<WebCore::Document>::fired() STDERR: 26 0x2d90daa3 WebCore::ThreadTimers::sharedTimerFiredInternal() STDERR: 27 0x2d90d82f WebCore::ThreadTimers::sharedTimerFired() STDERR: 28 0x37e19669 webkit_glue::WebKitPlatformSupportImpl::DoTimeout() STDERR: 29 0x37e1b174 base::internal::RunnableAdapter<void (webkit_glue::WebKitPlatformSupportImpl::*)()>::Run(webkit_glue::WebKitPlatformSupportImpl*) STDERR: 30 0x37e1b073 base::internal::InvokeHelper<false, void, base::internal::RunnableAdapter<void (webkit_glue::WebKitPlatformSupportImpl::*)()>, void () STDERR: ax: bbadbeef, bx: c24a104, cx: b9a15158, dx: b9a15158 STDERR: di: 2efe0be2, si: 2f1d643b, bp: bfffc488, sp: bfffc440, ss: 23, flags: 210282 STDERR: ip: 2d99c2db, cs: 1b, ds: 23, es: 23, fs: 0, gs: f

Ojan Vafai

Comment 5 2012-10-02 13:40:36 PDT

Another flaky assert: http://test-results.appspot.com/dashboards/flakiness_dashboard.html#showExpectations=true&tests=webintents%2Fweb-intents-reload.html.

Stephen Chenney

Comment 6 2012-10-03 06:44:38 PDT

Created attachment 166883 [details] Patch

Eric Seidel (no email)

Comment 7 2012-10-03 08:39:43 PDT

Comment on attachment 166883 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=166883&action=review > Source/WebCore/css/CSSSegmentedFontFace.cpp:113 > + if (m_fontDataTable.contains(hashKey)) > + return m_fontDataTable.get(hashKey); > + > + RefPtr<SegmentedFontData> fontData = SegmentedFontData::create(); I'm confused. This looks identical to the code you're removing, just slower. :)

Stephen Chenney

Comment 8 2012-10-03 09:43:17 PDT

Comment on attachment 166883 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=166883&action=review >> Source/WebCore/css/CSSSegmentedFontFace.cpp:113 >> + RefPtr<SegmentedFontData> fontData = SegmentedFontData::create(); > > I'm confused. This looks identical to the code you're removing, just slower. :) Previous code always added the key to the cache. If the key was already in the map, the add would return the FontData and this method would return it. When the key was absent, we would go ahead and create the FontData, which at the time of creation has empty m_ranges. Because we're holding a reference to the RefPtr value from the hash map, that also puts the created FontData in the map. If the attempt to populate the range data failed, we return 0 from this method, but that leaves the newly created FontData in the map, with empty m_ranges. Later, when another caller asks for the FontData, it's there in the map and FontData with empty m_ranges is returned, which violates an assumption of SegmentedFontData. There are at least two other potential fixes that leave the "add" in place. We can check for null ranges before returning the cached result and, if empty, try again to create them. That avoids a tiny bit of ref pointer thrashing. In hindsight this is probably a better solution. Or, when we fail to create range data we can remove the FontData from the cache before returning 0.

Eric Seidel (no email)

Comment 9 2012-10-03 13:32:46 PDT

Comment on attachment 166883 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=166883&action=review I like the idea. It hink there are some nits you might chose to fix yet. > Source/WebCore/css/CSSSegmentedFontFace.cpp:111 > + if (m_fontDataTable.contains(hashKey)) > + return m_fontDataTable.get(hashKey); OK. So seems we could at least do one lookup instead of two. RefPtr<SegmentedFontData> fontData = m_fontDataTable.get(); if (fontData) return fontData; >>> Source/WebCore/css/CSSSegmentedFontFace.cpp:113 >>> + RefPtr<SegmentedFontData> fontData = SegmentedFontData::create(); >> >> I'm confused. This looks identical to the code you're removing, just slower. :) > > Previous code always added the key to the cache. If the key was already in the map, the add would return the FontData and this method would return it. When the key was absent, we would go ahead and create the FontData, which at the time of creation has empty m_ranges. Because we're holding a reference to the RefPtr value from the hash map, that also puts the created FontData in the map. > > If the attempt to populate the range data failed, we return 0 from this method, but that leaves the newly created FontData in the map, with empty m_ranges. Later, when another caller asks for the FontData, it's there in the map and FontData with empty m_ranges is returned, which violates an assumption of SegmentedFontData. > > There are at least two other potential fixes that leave the "add" in place. We can check for null ranges before returning the cached result and, if empty, try again to create them. That avoids a tiny bit of ref pointer thrashing. In hindsight this is probably a better solution. > > Or, when we fail to create range data we can remove the FontData from the cache before returning 0. I see. That makes sense, thank you. > Source/WebCore/css/CSSSegmentedFontFace.cpp:130 > + m_fontDataTable.add(hashKey, fontData); I might add a comment here that said something like: // Onyl add our font to the table if we succeeded in creating ranges for it. (Or something nicer.)

Stephen Chenney

Comment 10 2012-10-03 14:29:21 PDT

I actually ended up putting in the cleaner fix along with http://trac.webkit.org/changeset/130319. It adds the check for numRanges == 0 before returning an existing FontData object, and only creates a new FontData object if there is not an existing one. I think that before the ref-counting change we used to leak data that ended up with numRanges == 0, over and over and over again.

Drew Yao

Comment 11 2012-10-03 15:20:09 PDT

*** Bug 98293 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.