203546 – [cairo] thread safety assertion failure when destructing cairo ImageBackingStore

Bug 203546 - [cairo] thread safety assertion failure when destructing cairo ImageBackingStore

Summary: [cairo] thread safety assertion failure when destructing cairo ImageBackingStore

Status:	RESOLVED DUPLICATE of bug 201727

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Platform (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-10-28 19:25 PDT by Fujii Hironori
Modified:	2019-10-28 19:27 PDT (History)
CC List:	1 user (show)

See Also:

Attachments
decoding-attribute-async-small-image-crash-log.txt (71.72 KB, text/plain) 2019-10-28 19:25 PDT, Fujii Hironori	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Fujii Hironori 2019-10-28 19:25:59 PDT

Created attachment 382148 [details]
decoding-attribute-async-small-image-crash-log.txt

[cairo] thread safety assertion failure when destructing cairo ImageBackingStore

Some image tests are failing due to thread safety assertion failures.

GTK port, Debug build, r251652
https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Debug%20%28Tests%29/builds/5453

For example, fast/images/decoding-attribute-async-small-image.html

Callstack:

Thread 1 (Thread 0x7f26e029a9c0 (LWP 36149)):
#0  WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:305
#1  0x00007f26f613de47 in WTF::RefCountedBase::applyRefDerefThreadingCheck() const (this=0x7f2678d60000) at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:115
#2  0x00007f26f613dee4 in WTF::RefCountedBase::derefBase() const (this=0x7f2678d60000) at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:131
#3  0x00007f26f629bace in WTF::RefCounted<WebCore::SharedBuffer, std::default_delete<WebCore::SharedBuffer> >::deref() const (this=0x7f2678d60000) at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:190
#4  0x00007f26f9ae7688 in WebCore::ImageBackingStore::<lambda(void*)>::operator()(void *) const (__closure=0x0, data=0x7f2678d60000) at ../../Source/WebCore/platform/image-decoders/cairo/ImageBackingStoreCairo.cpp:40
#5  0x00007f26f9ae76a8 in WebCore::ImageBackingStore::<lambda(void*)>::_FUN(void *) () at ../../Source/WebCore/platform/image-decoders/cairo/ImageBackingStoreCairo.cpp:40
#6  0x00007f26e48f47c7 in _cairo_user_data_array_fini () at /home/slave/webkitgtk/gtk-linux-64-debug-tests/build/WebKitBuild/DependenciesGTK/Source/cairo-1.16.0/src/cairo-array.c:392
#7  0x00007f26e4951dbf in INT_cairo_surface_destroy () at /home/slave/webkitgtk/gtk-linux-64-debug-tests/build/WebKitBuild/DependenciesGTK/Source/cairo-1.16.0/src/cairo-surface.c:976
#8  0x00007f26f901472f in void WTF::derefIfNotNull<_cairo_surface>(_cairo_surface*) (ptr=0x557dd5a2b800) at ../../Source/WebCore/platform/graphics/cairo/RefPtrCairo.cpp:49
#9  0x00007f26f6b199af in WTF::RefPtr<_cairo_surface, WTF::DumbPtrTraits<_cairo_surface> >::operator=(decltype(nullptr)) (this=0x7f2678d65558) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:155
#10 0x00007f26f8fb09b7 in WebCore::ImageFrame::clearImage() (this=0x7f2678d65548) at ../../Source/WebCore/platform/graphics/ImageFrame.cpp:86
#11 0x00007f26f8fb079c in WebCore::ImageFrame::~ImageFrame() (this=0x7f2678d65548, __in_chrg=<optimized out>) at ../../Source/WebCore/platform/graphics/ImageFrame.cpp:39
#12 0x00007f26f8fbd43b in WTF::VectorDestructor<true, WebCore::ImageFrame>::destruct(WebCore::ImageFrame*, WebCore::ImageFrame*) (begin=0x7f2678d65548, end=0x7f2678d65588) at DerivedSources/ForwardingHeaders/wtf/Vector.h:64
#13 0x00007f26f8fbb800 in WTF::VectorTypeOperations<WebCore::ImageFrame>::destruct(WebCore::ImageFrame*, WebCore::ImageFrame*) (begin=0x7f2678d65548, end=0x7f2678d65588) at DerivedSources/ForwardingHeaders/wtf/Vector.h:243
#14 0x00007f26f8fb763e in WTF::Vector<WebCore::ImageFrame, 1ul, WTF::CrashOnOverflow, 16ul>::~Vector() (this=0x7f2678d65538, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Vector.h:675
#15 0x00007f26f8fb116a in WebCore::ImageSource::~ImageSource() (this=0x7f2678d65500, __in_chrg=<optimized out>) at ../../Source/WebCore/platform/graphics/ImageSource.cpp:70
#16 0x00007f26f8f2c34b in WTF::ThreadSafeRefCounted<WebCore::ImageSource, (WTF::DestructionThread)1>::deref() const::{lambda()#1}::operator()() const (this=0x7f2678d65500) at DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:77
#17 0x00007f26f8f2c412 in WTF::ThreadSafeRefCounted<WebCore::ImageSource, (WTF::DestructionThread)1>::deref() const (this=0x7f2678d65500) at DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:95
#18 0x00007f26f8f29274 in WTF::Ref<WebCore::ImageSource, WTF::DumbPtrTraits<WebCore::ImageSource> >::~Ref() (this=0x7f26df96aec8, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Ref.h:60
#19 0x00007f26f8f19c66 in WebCore::BitmapImage::~BitmapImage() (this=0x7f26df96aea0, __in_chrg=<optimized out>) at ../../Source/WebCore/platform/graphics/BitmapImage.cpp:56
#20 0x00007f26f8f19c8e in WebCore::BitmapImage::~BitmapImage() (this=0x7f26df96aea0, __in_chrg=<optimized out>) at ../../Source/WebCore/platform/graphics/BitmapImage.cpp:62
#21 0x00007f26f635a210 in std::default_delete<WebCore::Image>::operator()(WebCore::Image*) const (this=0x7ffc428e4e5f, __ptr=0x7f26df96aea0) at /usr/include/c++/8/bits/unique_ptr.h:81
#22 0x00007f26f6344865 in WTF::RefCounted<WebCore::Image, std::default_delete<WebCore::Image> >::deref() const (this=0x7f26df96aea8) at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:191
#23 0x00007f26f6336eb9 in void WTF::derefIfNotNull<WebCore::Image>(WebCore::Image*) (ptr=0x7f26df96aea0) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:44
#24 0x00007f26f6862c71 in WTF::RefPtr<WebCore::Image, WTF::DumbPtrTraits<WebCore::Image> >::operator=(decltype(nullptr)) (this=0x7f26903edab8) at DerivedSources/ForwardingHeaders/wtf/RefPtr.h:155
#25 0x00007f26f8c84c0b in WebCore::CachedImage::clearImage() (this=0x7f26903ed580) at ../../Source/WebCore/loader/cache/CachedImage.cpp:431
#26 0x00007f26f8c76f44 in WebCore::CachedImage::~CachedImage() (this=0x7f26903ed580, __in_chrg=<optimized out>) at ../../Source/WebCore/loader/cache/CachedImage.cpp:84
#27 0x00007f26f8c76fc6 in WebCore::CachedImage::~CachedImage() (this=0x7f26903ed580, __in_chrg=<optimized out>) at ../../Source/WebCore/loader/cache/CachedImage.cpp:85
#28 0x00007f26f8c7e875 in WebCore::CachedResource::deleteIfPossible() (this=0x7f26903ed580) at ../../Source/WebCore/loader/cache/CachedResource.cpp:626
#29 0x00007f26f8c7f5da in WebCore::CachedResource::unregisterHandle(WebCore::CachedResourceHandleBase*) (this=0x7f26903ed580, h=0x7f2678dc2a18) at ../../Source/WebCore/loader/cache/CachedResource.cpp:807
#30 0x00007f26f8c9f01e in WebCore::CachedResourceHandleBase::~CachedResourceHandleBase() (this=0x7f2678dc2a18, __in_chrg=<optimized out>) at ../../Source/WebCore/loader/cache/CachedResourceHandle.cpp:55
#31 0x00007f26f6e70732 in WebCore::CachedResourceHandle<WebCore::CachedResource>::~CachedResourceHandle() (this=0x7f2678dc2a18, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/WebCore/CachedResourceHandle.h:61
#32 0x00007f26f8bec2d2 in WTF::KeyValuePair<WTF::String, WebCore::CachedResourceHandle<WebCore::CachedResource> >::~KeyValuePair() (this=0x7f2678dc2a10, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/KeyValuePair.h:33
#33 0x00007f26f8caad4d in WTF::HashTable<WTF::String, WTF::KeyValuePair<WTF::String, WebCore::CachedResourceHandle<WebCore::CachedResource> >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::String, WebCore::CachedResourceHandle<WebCore::CachedResource> > >, WTF::StringHash, WTF::HashMap<WTF::String, WebCore::CachedResourceHandle<WebCore::CachedResource>, WTF::StringHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WebCore::CachedResourceHandle<WebCore::CachedResource> > >::KeyValuePairTraits, WTF::HashTraits<WTF::String> >::deallocateTable(WTF::KeyValuePair<WTF::String, WebCore::CachedResourceHandle<WebCore::CachedResource> >*, unsigned int) (table=0x7f2678dc2a00, size=8) at DerivedSources/ForwardingHeaders/wtf/HashTable.h:1196
#34 0x00007f26f8ca97e6 in WTF::HashTable<WTF::String, WTF::KeyValuePair<WTF::String, WebCore::CachedResourceHandle<WebCore::CachedResource> >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::String, WebCore::CachedResourceHandle<WebCore::CachedResource> > >, WTF::StringHash, WTF::HashMap<WTF::String, WebCore::CachedResourceHandle<WebCore::CachedResource>, WTF::StringHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WebCore::CachedResourceHandle<WebCore::CachedResource> > >::KeyValuePairTraits, WTF::HashTraits<WTF::String> >::~HashTable() (this=0x7f26df968ce8, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/HashTable.h:366
#35 0x00007f26f8ca92b2 in WTF::HashMap<WTF::String, WebCore::CachedResourceHandle<WebCore::CachedResource>, WTF::StringHash, WTF::HashTraits<WTF::String>, WTF::HashTraits<WebCore::CachedResourceHandle<WebCore::CachedResource> > >::~HashMap() (this=0x7f26df968ce8, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/HashMap.h:35
#36 0x00007f26f8c9f59e in WebCore::CachedResourceLoader::~CachedResourceLoader() (this=0x7f26df968cb8, __in_chrg=<optimized out>) at ../../Source/WebCore/loader/cache/CachedResourceLoader.cpp:162
#37 0x00007f26f84e0d20 in std::default_delete<WebCore::CachedResourceLoader>::operator()(WebCore::CachedResourceLoader*) const (this=0x7ffc428e50df, __ptr=0x7f26df968cb8) at /usr/include/c++/8/bits/unique_ptr.h:81
#38 0x00007f26f84d2de1 in WTF::RefCounted<WebCore::CachedResourceLoader, std::default_delete<WebCore::CachedResourceLoader> >::deref() const (this=0x7f26df968cb8) at DerivedSources/ForwardingHeaders/wtf/RefCounted.h:191
#39 0x00007f26f84c6984 in WTF::Ref<WebCore::CachedResourceLoader, WTF::DumbPtrTraits<WebCore::CachedResourceLoader> >::~Ref() (this=0x7f26902b16f0, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Ref.h:60
#40 0x00007f26f849dc71 in WebCore::Document::~Document() (this=0x7f26902b1480, __in_chrg=<optimized out>) at ../../Source/WebCore/dom/Document.cpp:611
#41 0x00007f26f87b1132 in WebCore::HTMLDocument::~HTMLDocument() (this=0x7f26902b1480, __in_chrg=<optimized out>) at ../../Source/WebCore/html/HTMLDocument.h:29
#42 0x00007f26f87b117e in WebCore::HTMLDocument::~HTMLDocument() (this=0x7f26902b1480, __in_chrg=<optimized out>) at ../../Source/WebCore/html/HTMLDocument.h:29
#43 0x00007f26f84c10a7 in WebCore::Document::decrementReferencingNodeCount() (this=0x7f26902b1480) at ../../Source/WebCore/dom/Document.h:380
#44 0x00007f26f85b4b2a in WebCore::Node::~Node() (this=0x7f26902b2880, __in_chrg=<optimized out>) at ../../Source/WebCore/dom/Node.cpp:364
#45 0x00007f26f845caab in WebCore::ContainerNode::~ContainerNode() (this=0x7f26902b2880, __in_chrg=<optimized out>) at ../../Source/WebCore/dom/ContainerNode.cpp:276
#46 0x00007f26f85190a3 in WebCore::Element::~Element() (this=0x7f26902b2880, __in_chrg=<optimized out>) at ../../Source/WebCore/dom/Element.cpp:193
#47 0x00007f26f86375b6 in WebCore::StyledElement::~StyledElement() (this=0x7f26902b2880, __in_chrg=<optimized out>) at ../../Source/WebCore/dom/StyledElement.cpp:68
#48 0x00007f26f803db10 in WebCore::HTMLElement::~HTMLElement() (this=0x7f26902b2880, __in_chrg=<optimized out>) at ../../Source/WebCore/html/HTMLElement.h:40
#49 0x00007f26f87a0f14 in WebCore::HTMLCanvasElement::~HTMLCanvasElement() (this=0x7f26902b2880, __in_chrg=<optimized out>) at ../../Source/WebCore/html/HTMLCanvasElement.cpp:145
#50 0x00007f26f87a0f38 in WebCore::HTMLCanvasElement::~HTMLCanvasElement() (this=0x7f26902b2880, __in_chrg=<optimized out>) at ../../Source/WebCore/html/HTMLCanvasElement.cpp:152
#51 0x00007f26f85bcce5 in WebCore::Node::removedLastRef() (this=0x7f26902b2880) at ../../Source/WebCore/dom/Node.cpp:2529
#52 0x00007f26f682ad85 in WebCore::Node::deref() (this=0x7f26902b2880) at DerivedSources/ForwardingHeaders/WebCore/Node.h:716
#53 0x00007f26f87a62bc in WebCore::HTMLCanvasElement::derefCanvasBase() (this=0x7f26902b2880) at ../../Source/WebCore/html/HTMLCanvasElement.h:180
#54 0x00007f26f890bcdd in WebCore::CanvasRenderingContext::deref() (this=0x7f26902b2eb0) at ../../Source/WebCore/html/canvas/CanvasRenderingContext.cpp:85
#55 0x00007f26f9bdc478 in WTF::Ref<WebCore::CanvasRenderingContext2D, WTF::DumbPtrTraits<WebCore::CanvasRenderingContext2D> >::~Ref() (this=0x7f267af98358, __in_chrg=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Ref.h:60
#56 0x00007f26f9bd683a in WebCore::JSDOMWrapper<WebCore::CanvasRenderingContext2D>::~JSDOMWrapper() (this=0x7f267af98340, __in_chrg=<optimized out>) at ../../Source/WebCore/bindings/js/JSDOMWrapper.h:72
#57 0x00007f26f9bd6856 in WebCore::JSCanvasRenderingContext2D::~JSCanvasRenderingContext2D() (this=0x7f267af98340, __in_chrg=<optimized out>) at DerivedSources/WebCore/JSCanvasRenderingContext2D.h:29
#58 0x00007f26f9bb508a in WebCore::JSCanvasRenderingContext2D::destroy(JSC::JSCell*) (cell=0x7f267af98340) at DerivedSources/WebCore/JSCanvasRenderingContext2D.cpp:379
#59 0x00007f26e9f3261f in JSC::JSDestructibleObjectDestroyFunc::operator()(JSC::VM&, JSC::JSCell*) const (this=0x7ffc428e56ff, cell=0x7f267af98340) at ../../Source/JavaScriptCore/runtime/JSDestructibleObjectHeapCellType.cpp:37
#60 0x00007f26e9f3c3f1 in JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&)::{lambda(void*)#1}::operator()(void*) const (this=0x7ffc428e5520, cell=0x7f267af98340) at ../../Source/JavaScriptCore/heap/MarkedBlockInlines.h:260
#61 0x00007f26e9f3c55c in JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&)::{lambda(unsigned long)#3}::operator()(unsigned long) const (this=0x7ffc428e54a0, i=52) at ../../Source/JavaScriptCore/heap/MarkedBlockInlines.h:319
#62 0x00007f26e9f3cae1 in void JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&) (this=0x7f26df935220, freeList=0x7f26df9371d0, emptyMode=JSC::MarkedBlock::Handle::NotEmpty, sweepMode=JSC::MarkedBlock::Handle::SweepToFreeList, destructionMode=JSC::MarkedBlock::Handle::BlockHasDestructors, scribbleMode=JSC::MarkedBlock::Handle::Scribble, newlyAllocatedMode=JSC::MarkedBlock::Handle::DoesNotHaveNewlyAllocated, marksMode=JSC::MarkedBlock::Handle::MarksNotStale, destroyFunc=...) at ../../Source/JavaScriptCore/heap/MarkedBlockInlines.h:341
#63 0x00007f26e9f36e03 in void JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::JSDestructibleObjectDestroyFunc const&) (this=0x7f26df935220, freeList=0x7f26df9371d0, destroyFunc=...) at ../../Source/JavaScriptCore/heap/MarkedBlockInlines.h:439
#64 0x00007f26e9f2dccb in JSC::JSDestructibleObjectHeapCellType::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) (this=0x7f26df9f9280, handle=..., freeList=0x7f26df9371d0) at ../../Source/JavaScriptCore/runtime/JSDestructibleObjectHeapCellType.cpp:52
#65 0x00007f26e9af3355 in JSC::Subspace::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) (this=0x7f267adf7f90, block=..., freeList=0x7f26df9371d0) at ../../Source/JavaScriptCore/heap/Subspace.cpp:63
#66 0x00007f26e9adce45 in JSC::MarkedBlock::Handle::sweep(JSC::FreeList*) (this=0x7f26df935220, freeList=0x7f26df9371d0) at ../../Source/JavaScriptCore/heap/MarkedBlock.cpp:426
#67 0x00007f26e9ad1265 in JSC::LocalAllocator::tryAllocateIn(JSC::MarkedBlock::Handle*) (this=0x7f26df9371b8, block=0x7f26df935220) at ../../Source/JavaScriptCore/heap/LocalAllocator.cpp:221
#68 0x00007f26e9ad1031 in JSC::LocalAllocator::tryAllocateWithoutCollecting() (this=0x7f26df9371b8) at ../../Source/JavaScriptCore/heap/LocalAllocator.cpp:187
#69 0x00007f26e9ad0e2b in JSC::LocalAllocator::allocateSlowCase(JSC::GCDeferralContext*, JSC::AllocationFailureMode) (this=0x7f26df9371b8, deferralContext=0x0, failureMode=JSC::AllocationFailureMode::Assert) at ../../Source/JavaScriptCore/heap/LocalAllocator.cpp:134
#70 0x00007f26f6d5766c in JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::{lambda()#1}::operator()() const (__closure=0x7ffc428e5960) at DerivedSources/ForwardingHeaders/JavaScriptCore/LocalAllocatorInlines.h:40
#71 0x00007f26f6d594cd in JSC::HeapCell* JSC::FreeList::allocate<JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::{lambda()#1}>(JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::{lambda()#1} const&) (this=0x7f26df9371d0, slowPath=...) at DerivedSources/ForwardingHeaders/JavaScriptCore/FreeListInlines.h:46
#72 0x00007f26f6d576f8 in JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode) (this=0x7f26df9371b8, deferralContext=0x0, failureMode=JSC::AllocationFailureMode::Assert) at DerivedSources/ForwardingHeaders/JavaScriptCore/LocalAllocatorInlines.h:37
#73 0x00007f26f6d574e4 in JSC::Allocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode) const (this=0x7ffc428e59f8, context=0x0, mode=JSC::AllocationFailureMode::Assert) at DerivedSources/ForwardingHeaders/JavaScriptCore/AllocatorInlines.h:35
#74 0x00007f26f6d57584 in JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode) (this=0x7f267adf7f90, vm=..., size=32, deferralContext=0x0, failureMode=JSC::AllocationFailureMode::Assert) at DerivedSources/ForwardingHeaders/JavaScriptCore/CompleteSubspaceInlines.h:36
#75 0x00007f26f8078b7a in void* JSC::tryAllocateCellHelper<WebCore::JSHTMLDocument>(JSC::Heap&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode) (heap=..., size=32, deferralContext=0x0, failureMode=JSC::AllocationFailureMode::Assert) at DerivedSources/ForwardingHeaders/JavaScriptCore/JSCellInlines.h:173
#76 0x00007f26f80774b3 in void* JSC::allocateCell<WebCore::JSHTMLDocument>(JSC::Heap&, unsigned long) (heap=..., size=32) at DerivedSources/ForwardingHeaders/JavaScriptCore/JSCellInlines.h:187
#77 0x00007f26f8076a00 in WebCore::JSHTMLDocument::create(JSC::Structure*, WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::HTMLDocument, WTF::DumbPtrTraits<WebCore::HTMLDocument> >&&) (structure=0x7f267afac000, globalObject=0x7f267837cfb0, impl=...) at DerivedSources/WebCore/JSHTMLDocument.h:35
#78 0x00007f26f8078e56 in std::enable_if<std::is_same<WebCore::HTMLDocument, WebCore::HTMLDocument>::value, WebCore::JSDOMWrapperConverterTraits<WebCore::HTMLDocument>::WrapperClass*>::type WebCore::createWrapper<WebCore::HTMLDocument, WebCore::HTMLDocument>(WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::HTMLDocument, WTF::DumbPtrTraits<WebCore::HTMLDocument> >&&) (globalObject=0x7f267837cfb0, domObject=...) at ../../Source/WebCore/bindings/js/JSDOMWrapperCache.h:187
#79 0x00007f26f80775ad in std::enable_if<!std::is_same<WebCore::HTMLDocument, WebCore::Document>::value, WebCore::JSDOMWrapperConverterTraits<WebCore::HTMLDocument>::WrapperClass*>::type WebCore::createWrapper<WebCore::HTMLDocument, WebCore::Document>(WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::Document, WTF::DumbPtrTraits<WebCore::Document> >&&) (globalObject=0x7f267837cfb0, domObject=...) at ../../Source/WebCore/bindings/js/JSDOMWrapperCache.h:194
#80 0x00007f26f8074258 in WebCore::createNewDocumentWrapper (state=..., globalObject=..., passedDocument=...) at ../../Source/WebCore/bindings/js/JSDocumentCustom.cpp:40
#81 0x00007f26f807447b in WebCore::toJSNewlyCreated(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::Document, WTF::DumbPtrTraits<WebCore::Document> >&&) (state=0x7f267837cff8, globalObject=0x7f267837cfb0, document=...) at ../../Source/WebCore/bindings/js/JSDocumentCustom.cpp:86
#82 0x00007f26f80744f9 in WebCore::toJS(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::Document&) (state=0x7f267837cff8, globalObject=0x7f267837cfb0, document=...) at ../../Source/WebCore/bindings/js/JSDocumentCustom.cpp:93
#83 0x00007f26f808b905 in WebCore::createWrapperInline (exec=0x7f267837cff8, globalObject=0x7f267837cfb0, node=...) at ../../Source/WebCore/bindings/js/JSNodeCustom.cpp:173
#84 0x00007f26f808ba02 in WebCore::createWrapper(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >&&) (exec=0x7f267837cff8, globalObject=0x7f267837cfb0, node=...) at ../../Source/WebCore/bindings/js/JSNodeCustom.cpp:192
#85 0x00007f26f6d878a0 in WebCore::toJS(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::Node&) (exec=0x7f267837cff8, globalObject=0x7f267837cfb0, node=...) at DerivedSources/ForwardingHeaders/WebCore/JSNodeCustom.h:62
#86 0x00007f26f6d877d0 in WebCore::toJS(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::Node*) (state=0x7f267837cff8, globalObject=0x7f267837cfb0, impl=0x7f269029ac40) at DerivedSources/ForwardingHeaders/WebCore/JSNode.h:98
#87 0x00007f26f8062f6d in WebCore::JSDOMWindowBase::updateDocument() (this=0x7f267837cfb0) at ../../Source/WebCore/bindings/js/JSDOMWindowBase.cpp:133
#88 0x00007f26f80a8cf8 in WebCore::ScriptController::updateDocument() (this=0x7f26df9c2208) at ../../Source/WebCore/bindings/js/ScriptController.cpp:404
#89 0x00007f26f84a4393 in WebCore::Document::didBecomeCurrentDocumentInFrame() (this=0x7f269029ac40) at ../../Source/WebCore/dom/Document.cpp:2333
#90 0x00007f26f8d375ba in WebCore::Frame::setDocument(WTF::RefPtr<WebCore::Document, WTF::DumbPtrTraits<WebCore::Document> >&&) (this=0x7f26df9c1348, newDocument=...) at ../../Source/WebCore/page/Frame.cpp:288
#91 0x00007f26f8baf1e4 in WebCore::DocumentWriter::begin(WTF::URL const&, bool, WebCore::Document*) (this=0x7f2663dea0b8, urlReference=..., dispatch=false, ownerDocument=0x0) at ../../Source/WebCore/loader/DocumentWriter.cpp:166
#92 0x00007f26f8b87b33 in WebCore::DocumentLoader::commitData(char const*, unsigned long) (this=0x7f2663dea000, bytes=0x7f26df983dc0 "<body>\n    <p>This test ensures an image with decoding=\"async\" will be decoded asynchronously regardless of its size.</p>\n    <img src=\"resources/green-24x24.jpg\">\n</body>\n", length=172) at ../../Source/WebCore/loader/DocumentLoader.cpp:1078
#93 0x00007f26f6fa2e6b in WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) (this=0x7f26df9f51a0, loader=0x7f2663dea000, data=0x7f26df983dc0 "<body>\n    <p>This test ensures an image with decoding=\"async\" will be decoded asynchronously regardless of its size.</p>\n    <img src=\"resources/green-24x24.jpg\">\n</body>\n", length=172) at ../../Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:1104
#94 0x00007f26f8b878e6 in WebCore::DocumentLoader::commitLoad(char const*, int) (this=0x7f2663dea000, data=0x7f26df983dc0 "<body>\n    <p>This test ensures an image with decoding=\"async\" will be decoded asynchronously regardless of its size.</p>\n    <img src=\"resources/green-24x24.jpg\">\n</body>\n", length=172) at ../../Source/WebCore/loader/DocumentLoader.cpp:1047
#95 0x00007f26f8b88698 in WebCore::DocumentLoader::dataReceived(char const*, int) (this=0x7f2663dea000, data=0x7f26df983dc0 "<body>\n    <p>This test ensures an image with decoding=\"async\" will be decoded asynchronously regardless of its size.</p>\n    <img src=\"resources/green-24x24.jpg\">\n</body>\n", length=172) at ../../Source/WebCore/loader/DocumentLoader.cpp:1193
#96 0x00007f26f8b884ba in WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int) (this=0x7f2663dea000, resource=..., data=0x7f26df983dc0 "<body>\n    <p>This test ensures an image with decoding=\"async\" will be decoded asynchronously regardless of its size.</p>\n    <img src=\"resources/green-24x24.jpg\">\n</body>\n", length=172) at ../../Source/WebCore/loader/DocumentLoader.cpp:1166
#97 0x00007f26f8c7a196 in WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) (this=0x7f26903db000, data=0x7f26df983dc0 "<body>\n    <p>This test ensures an image with decoding=\"async\" will be decoded asynchronously regardless of its size.</p>\n    <img src=\"resources/green-24x24.jpg\">\n</body>\n", length=172) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:136
#98 0x00007f26f8c79d9d in WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&) (this=0x7f26903db000, data=...) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:73
#99 0x00007f26f8c308a9 in WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer, WTF::DumbPtrTraits<WebCore::SharedBuffer> >&&, long long, WebCore::DataPayloadType) (this=0x7f26905cf200, data=0x7f2663de6050 "<body>\n    <p>This test ensures an image with decoding=\"async\" will be decoded asynchronously regardless of its size.</p>\n    <img src=\"resources/green-24x24.jpg\">\n</body>\n", length=172, buffer=..., encodedDataLength=172, dataPayloadType=WebCore::DataPayloadBytes) at ../../Source/WebCore/loader/SubresourceLoader.cpp:481
#100 0x00007f26f8c305fd in WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) (this=0x7f26905cf200, data=0x7f2663de6050 "<body>\n    <p>This test ensures an image with decoding=\"async\" will be decoded asynchronously regardless of its size.</p>\n    <img src=\"resources/green-24x24.jpg\">\n</body>\n", length=172, encodedDataLength=172, dataPayloadType=WebCore::DataPayloadBytes) at ../../Source/WebCore/loader/SubresourceLoader.cpp:449
#101 0x00007f26f6e635b8 in WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long) (this=0x7f2678d36380, data=..., encodedDataLength=172) at ../../Source/WebKit/WebProcess/Network/WebResourceLoader.cpp:198
#102 0x00007f26f64d3815 in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long), std::tuple<IPC::DataReference, long>, 0ul, 1ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long), std::tuple<IPC::DataReference, long>&&, std::integer_sequence<unsigned long, 0ul, 1ul>) (object=0x7f2678d36380, function=(void (WebKit::WebResourceLoader::*)(WebKit::WebResourceLoader * const, const IPC::DataReference &, long)) 0x7f26f6e633a0 <WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long)>, args=...) at ../../Source/WebKit/Platform/IPC/HandleMessage.h:41
#103 0x00007f26f64d3221 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long), std::tuple<IPC::DataReference, long>, std::integer_sequence<unsigned long, 0ul, 1ul> >(std::tuple<IPC::DataReference, long>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long)) (args=..., object=0x7f2678d36380, function=(void (WebKit::WebResourceLoader::*)(WebKit::WebResourceLoader * const, const IPC::DataReference &, long)) 0x7f26f6e633a0 <WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long)>) at ../../Source/WebKit/Platform/IPC/HandleMessage.h:47
#104 0x00007f26f64d2a75 in void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long)) (decoder=..., object=0x7f2678d36380, function=(void (WebKit::WebResourceLoader::*)(WebKit::WebResourceLoader * const, const IPC::DataReference &, long)) 0x7f26f6e633a0 <WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long)>) at ../../Source/WebKit/Platform/IPC/HandleMessage.h:120
#105 0x00007f26f64d2287 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (this=0x7f2678d36380, connection=..., decoder=...) at DerivedSources/WebKit/WebResourceLoaderMessageReceiver.cpp:60
#106 0x00007f26f6e5ce72 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (this=0x7f26df9e6180, connection=..., decoder=...) at ../../Source/WebKit/WebProcess/Network/NetworkProcessConnection.cpp:86
#107 0x00007f26f67c987e in IPC::Connection::dispatchMessage(IPC::Decoder&) (this=0x7f26df9e41c0, decoder=...) at ../../Source/WebKit/Platform/IPC/Connection.cpp:939
#108 0x00007f26f67c9cce in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (this=0x7f26df9e41c0, message=std::unique_ptr<IPC::Decoder> = {...}) at ../../Source/WebKit/Platform/IPC/Connection.cpp:991
#109 0x00007f26f67ca1c2 in IPC::Connection::dispatchOneIncomingMessage() (this=0x7f26df9e41c0) at ../../Source/WebKit/Platform/IPC/Connection.cpp:1060
#110 0x00007f26f67c95bc in IPC::Connection::<lambda()>::operator()(void) (__closure=0x7f26df9ca1f8) at ../../Source/WebKit/Platform/IPC/Connection.cpp:916
#111 0x00007f26f67ceebe in WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder>)::<lambda()>, void>::call(void) (this=0x7f26df9ca1f0) at DerivedSources/ForwardingHeaders/wtf/Function.h:52
#112 0x00007f26f6218419 in WTF::Function<void ()>::operator()() const (this=0x7ffc428e6ca8) at DerivedSources/ForwardingHeaders/wtf/Function.h:79
#113 0x00007f26ea3680a3 in WTF::RunLoop::performWork() (this=0x7f26df9f8000) at ../../Source/WTF/wtf/RunLoop.cpp:107
#114 0x00007f26ea3ddcc8 in WTF::RunLoop::<lambda(gpointer)>::operator()(gpointer) const (__closure=0x0, userData=0x7f26df9f8000) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:68
#115 0x00007f26ea3ddcec in WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer) () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:70
#116 0x00007f26ea3ddc7a in WTF::<lambda(GSource*, GSourceFunc, gpointer)>::operator()(GSource *, GSourceFunc, gpointer) const (__closure=0x0, source=0x557dd5a3bba0, callback=0x7f26ea3ddccf <WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer)>, userData=0x7f26df9f8000) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:45
#117 0x00007f26ea3ddcaa in WTF::<lambda(GSource*, GSourceFunc, gpointer)>::_FUN(GSource *, GSourceFunc, gpointer) () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:46
#118 0x00007f26e36b46b8 in g_main_dispatch () at ../../Source/glib-2.58.1/glib/gmain.c:3182
#119 g_main_context_dispatch () at ../../Source/glib-2.58.1/glib/gmain.c:3847
#120 0x00007f26e36b4a78 in g_main_context_iterate () at ../../Source/glib-2.58.1/glib/gmain.c:3920
#121 0x00007f26e36b4d62 in g_main_loop_run () at ../../Source/glib-2.58.1/glib/gmain.c:4116
#122 0x00007f26ea3de1b5 in WTF::RunLoop::run() () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:96
#123 0x00007f26f7080d44 in int WebKit::AuxiliaryProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (argc=3, argv=0x7ffc428e7098) at ../../Source/WebKit/Shared/unix/AuxiliaryProcessMain.h:66
#124 0x00007f26f70807fb in WebKit::WebProcessMainUnix (argc=3, argv=0x7ffc428e7098) at ../../Source/WebKit/WebProcess/gtk/WebProcessMainGtk.cpp:67
#125 0x0000557dd4aa5d30 in main (argc=3, argv=0x7ffc428e7098) at ../../Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp:52

Comment 1 Fujii Hironori 2019-10-28 19:27:17 PDT

Looks similar with Bug 201727.

*** This bug has been marked as a duplicate of bug 201727 ***