Bug 98158 - REGRESSION(r130160): It made 3 tests crash
Summary: REGRESSION(r130160): It made 3 tests crash
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P1 Critical
Assignee: Stephen Chenney
URL:
Keywords: Qt, QtTriaged
: 98293 (view as bug list)
Depends on:
Blocks: 79668 95866
  Show dependency treegraph
 
Reported: 2012-10-02 07:34 PDT by Csaba Osztrogonác
Modified: 2012-10-03 15:20 PDT (History)
10 users (show)

See Also:


Attachments
Patch (3.22 KB, patch)
2012-10-03 06:44 PDT, Stephen Chenney
eric: review+
eric: commit-queue-
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Csaba Osztrogonác 2012-10-02 07:34:57 PDT
Unfortunately it is a crazy regression, I can't reproduce them with
running only these tests, but running all tests.

http/tests/css/link-css-disabled-value-with-slow-loading-sheet-in-error.html:
------------------------------------------------------------------------------
crash log for DumpRenderTree (pid 2364):
STDOUT: <empty>
STDERR: 1   0x7fac8b06cf88 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x19e7f88) [0x7fac8b06cf88]
STDERR: 2   0x7fac862c6230 /lib/libc.so.6(+0x32230) [0x7fac862c6230]
STDERR: 3   0x7fac8a37a5a2 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xcf55a2) [0x7fac8a37a5a2]
STDERR: 4   0x7fac8a42acc0 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xda5cc0) [0x7fac8a42acc0]
STDERR: 5   0x7fac8a55524d /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xed024d) [0x7fac8a55524d]
STDERR: 6   0x7fac8a558342 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xed3342) [0x7fac8a558342]
STDERR: 7   0x7fac8a54faf6 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xecaaf6) [0x7fac8a54faf6]
STDERR: 8   0x7fac8a558255 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xed3255) [0x7fac8a558255]
STDERR: 9   0x7fac8a45ea15 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdd9a15) [0x7fac8a45ea15]
STDERR: 10  0x7fac8a461ac1 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xddcac1) [0x7fac8a461ac1]
STDERR: 11  0x7fac8a464418 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xddf418) [0x7fac8a464418]
STDERR: 12  0x7fac8a464f1b /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xddff1b) [0x7fac8a464f1b]
STDERR: 13  0x7fac8a451052 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdcc052) [0x7fac8a451052]
STDERR: 14  0x7fac8a449846 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdc4846) [0x7fac8a449846]
STDERR: 15  0x7fac8a44b7bf /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdc67bf) [0x7fac8a44b7bf]
STDERR: 16  0x7fac8a450a98 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdcba98) [0x7fac8a450a98]
STDERR: 17  0x7fac8a45156c /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdcc56c) [0x7fac8a45156c]
STDERR: 18  0x7fac8a449846 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdc4846) [0x7fac8a449846]
STDERR: 19  0x7fac8a44b7bf /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdc67bf) [0x7fac8a44b7bf]
STDERR: 20  0x7fac8a450a98 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdcba98) [0x7fac8a450a98]
STDERR: 21  0x7fac8a45156c /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdcc56c) [0x7fac8a45156c]
STDERR: 22  0x7fac8a449846 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdc4846) [0x7fac8a449846]
STDERR: 23  0x7fac8a44b7bf /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdc67bf) [0x7fac8a44b7bf]
STDERR: 24  0x7fac8a450a98 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdcba98) [0x7fac8a450a98]
STDERR: 25  0x7fac8a45156c /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdcc56c) [0x7fac8a45156c]
STDERR: 26  0x7fac8a449846 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xdc4846) [0x7fac8a449846]
STDERR: 27  0x7fac8a56b5f9 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xee65f9) [0x7fac8a56b5f9]
STDERR: 28  0x7fac8a3187bc /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xc937bc) [0x7fac8a3187bc]
STDERR: 29  0x7fac8a3e8096 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xd63096) [0x7fac8a3e8096]
STDERR: 30  0x7fac879caff9 /usr/local/Trolltech/Qt5/Qt-5.0.0-beta1/lib/libQtCore.so.5(_ZN7QObject5eventEP6QEvent+0x99) [0x7fac879caff9]
STDERR: 31  0x7fac88f7d0dc /usr/local/Trolltech/Qt5/Qt-5.0.0-beta1/lib/libQtWidgets.so.5(_ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent+0xac) [0x7fac88f7d0dc]

svg/text/text-fonts-02-t.svg:
------------------------------
crash log for DumpRenderTree (pid 2656):
STDOUT: <empty>
STDERR: 1   0x7fcdba5f8f88 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x19e7f88) [0x7fcdba5f8f88]
STDERR: 2   0x7fcdb6889ff0 /lib/libpthread.so.0(+0xeff0) [0x7fcdb6889ff0]
STDERR: 3   0x7fcdb9c9e7ca /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x108d7ca) [0x7fcdb9c9e7ca]
STDERR: 4   0x7fcdb9c9f44c /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x108e44c) [0x7fcdb9c9f44c]
STDERR: 5   0x7fcdb9c9ff6b /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x108ef6b) [0x7fcdb9c9ff6b]
STDERR: 6   0x7fcdb9ca0554 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x108f554) [0x7fcdb9ca0554]
STDERR: 7   0x7fcdb9ca0583 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x108f583) [0x7fcdb9ca0583]
STDERR: 8   0x7fcdb9ca0628 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x108f628) [0x7fcdb9ca0628]
STDERR: 9   0x7fcdb9c7c2db /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x106b2db) [0x7fcdb9c7c2db]
STDERR: 10  0x7fcdb9c683c4 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x10573c4) [0x7fcdb9c683c4]
STDERR: 11  0x7fcdb9a99a84 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xe88a84) [0x7fcdb9a99a84]
STDERR: 12  0x7fcdb9522fd2 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x911fd2) [0x7fcdb9522fd2]
STDERR: 13  0x7fcdb94cc337 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x8bb337) [0x7fcdb94cc337]
STDERR: 14  0x7fcdb94cc2eb /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x8bb2eb) [0x7fcdb94cc2eb]
Comment 1 Stephen Chenney 2012-10-02 07:41:08 PDT
Sounds like some kind of race condition on loading the fonts, which makes me suspect an issue with pointer ownership in the code that handles the font loading. I'll look into it and see if anything pops out.
Comment 2 Csaba Osztrogonác 2012-10-02 07:44:57 PDT
I managed to reproduce crashes with the following commands:
- $ run-tests-in-xvfb.sh svg/text/
- $ run-tests-in-xvfb.sh http/tests/css/

And I got better crash logs:

07:42:29.635 19800 worker/0 http/tests/css/link-css-disabled-value-with-slow-loading-sheet-in-error.html crashed, (stderr lines):
07:42:29.635 19800   1   0x7f447d770338 /home/oszi/WebKit/WebKitBuild/Release/lib/libWTF.so.1(+0x16338) [0x7f447d770338]
07:42:29.635 19800   2   0x7f447509b230 /lib/libc.so.6(+0x32230) [0x7f447509b230]
07:42:29.635 19800   3   0x7f447fe90322 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZNK7WebCore17SegmentedFontData20fontDataForCharacterEi+0x62) [0x7f447fe90322]
07:42:29.635 19800   4   0x7f447ff5bae0 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock16constructTextRunEPNS_12RenderObjectERKNS_4FontEPKtiPNS_11RenderStyleEjj+0x1b0) [0x7f447ff5bae0]
07:42:29.635 19800   5   0x7f448008c40d /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore10RenderText29computePreferredLogicalWidthsEfRN3WTF7HashSetIPKNS_14SimpleFontDataENS1_7PtrHashIS5_EENS1_10HashTraitsIS5_EEEERNS_13GlyphOverflowE+0x52d) [0x7f448008c40d]
07:42:29.635 19800   6   0x7f448008f512 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore10RenderText29computePreferredLogicalWidthsEf+0x62) [0x7f448008f512]
07:42:29.635 19800   7   0x7f4480086c96 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZNK7WebCore10RenderText15maxLogicalWidthEv+0x16) [0x7f4480086c96]
07:42:29.635 19800   8   0x7f448008f425 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZNK7WebCore10RenderText5widthEjjRKNS_4FontEfPN3WTF7HashSetIPKNS_14SimpleFontDataENS4_7PtrHashIS8_EENS4_10HashTraitsIS8_EEEEPNS_13GlyphOverflowE+0x505) [0x7f448008f425]
07:42:29.635 19800   9   0x7f447ff8fb3b /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock11LineBreaker13nextLineBreakERNS_12BidiResolverINS_14InlineIteratorENS_7BidiRunEEERNS_8LineInfoERNS0_14RenderTextInfoEPNS0_14FloatingObjectEj+0x281b) [0x7f447ff8fb3b]
07:42:29.635 19800   10  0x7f447ff93ca0 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock26layoutRunsAndFloatsInRangeERNS_15LineLayoutStateERNS_12BidiResolverINS_14InlineIteratorENS_7BidiRunEEERKS4_RKNS_10BidiStatusEj+0x4f0) [0x7f447ff93ca0]
07:42:29.635 19800   11  0x7f447ff95b88 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock19layoutRunsAndFloatsERNS_15LineLayoutStateEb+0x388) [0x7f447ff95b88]
07:42:29.635 19800   12  0x7f447ff9668b /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock20layoutInlineChildrenEbRNS_20FractionalLayoutUnitES2_+0x8fb) [0x7f447ff9668b]
07:42:29.635 19800   13  0x7f447ff82712 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock11layoutBlockEbNS_20FractionalLayoutUnitE+0x542) [0x7f447ff82712]
07:42:29.635 19800   14  0x7f447ff7af06 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock6layoutEv+0x76) [0x7f447ff7af06]
07:42:29.635 19800   15  0x7f447ff7cfef /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock16layoutBlockChildEPNS_9RenderBoxERNS0_10MarginInfoERNS_20FractionalLayoutUnitES6_+0x59f) [0x7f447ff7cfef]
07:42:29.635 19800   16  0x7f447ff82158 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock19layoutBlockChildrenEbRNS_20FractionalLayoutUnitE+0x318) [0x7f447ff82158]
07:42:29.636 19800   17  0x7f447ff82c34 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock11layoutBlockEbNS_20FractionalLayoutUnitE+0xa64) [0x7f447ff82c34]
07:42:29.636 19800   18  0x7f447ff7af06 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock6layoutEv+0x76) [0x7f447ff7af06]
07:42:29.636 19800   19  0x7f447ff7cfef /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock16layoutBlockChildEPNS_9RenderBoxERNS0_10MarginInfoERNS_20FractionalLayoutUnitES6_+0x59f) [0x7f447ff7cfef]
07:42:29.636 19800   20  0x7f447ff82158 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock19layoutBlockChildrenEbRNS_20FractionalLayoutUnitE+0x318) [0x7f447ff82158]
07:42:29.636 19800   21  0x7f447ff82c34 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock11layoutBlockEbNS_20FractionalLayoutUnitE+0xa64) [0x7f447ff82c34]
07:42:29.636 19800   22  0x7f447ff7af06 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock6layoutEv+0x76) [0x7f447ff7af06]
07:42:29.636 19800   23  0x7f447ff7cfef /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock16layoutBlockChildEPNS_9RenderBoxERNS0_10MarginInfoERNS_20FractionalLayoutUnitES6_+0x59f) [0x7f447ff7cfef]
07:42:29.636 19800   24  0x7f447ff82158 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock19layoutBlockChildrenEbRNS_20FractionalLayoutUnitE+0x318) [0x7f447ff82158]
07:42:29.636 19800   25  0x7f447ff82c34 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock11layoutBlockEbNS_20FractionalLayoutUnitE+0xa64) [0x7f447ff82c34]
07:42:29.636 19800   26  0x7f447ff7af06 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore11RenderBlock6layoutEv+0x76) [0x7f447ff7af06]
07:42:29.636 19800   27  0x7f44800a4d39 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore10RenderView6layoutEv+0x2f9) [0x7f44800a4d39]
07:42:29.636 19800   28  0x7f447fe20e00 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore9FrameView6layoutEb+0x4b0) [0x7f447fe20e00]
07:42:29.636 19800   29  0x7f447ff12db6 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore12ThreadTimers24sharedTimerFiredInternalEv+0xa6) [0x7f447ff12db6]
07:42:29.639 19800   30  0x7f4476464ff9 /usr/local/Trolltech/Qt5/Qt-5.0.0-beta1/lib/libQtCore.so.5(_ZN7QObject5eventEP6QEvent+0x99) [0x7f4476464ff9]
07:42:29.639 19800   31  0x7f4477a170dc /usr/local/Trolltech/Qt5/Qt-5.0.0-beta1/lib/libQtWidgets.so.5(_ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent+0xac) [0x7f4477a170dc]
07:42:29.639 19800 [7/12] http/tests/css/link-css-disabled-value-with-slow-loading-sheet-in-error.html crashed unexpectedly
07:42:29.639 19800 worker/0 killing driver
07:42:29.640 19800 worker/0 http/tests/css/link-css-disabled-value-with-slow-loading-sheet-in-error.html failed:
07:42:29.640 19800 worker/0  DumpRenderTree (pid 20018) crashed


07:43:49.830 20127 worker/0 svg/text/text-fonts-02-t.svg crashed, (stderr lines):
07:43:49.830 20127   1   0x7f925e878338 /home/oszi/WebKit/WebKitBuild/Release/lib/libWTF.so.1(+0x16338) [0x7f925e878338]
07:43:49.831 20127   2   0x7f92561a3230 /lib/libc.so.6(+0x32230) [0x7f92561a3230]
07:43:49.831 20127   3   0x7f926139063a /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore14SVGTextMetrics16constructTextRunEPNS_19RenderSVGInlineTextEPKtjj+0xca) [0x7f926139063a]
07:43:49.831 20127   4   0x7f92613917ac /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore21SVGTextMetricsBuilder37initializeMeasurementWithTextRendererEPNS_19RenderSVGInlineTextE+0x1ec) [0x7f92613917ac]
07:43:49.831 20127   5   0x7f92613922cb /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore21SVGTextMetricsBuilder19measureTextRendererEPNS_19RenderSVGInlineTextEPNS_15MeasureTextDataE+0x4b) [0x7f92613922cb]
07:43:49.831 20127   6   0x7f92613928b4 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore21SVGTextMetricsBuilder8walkTreeEPNS_12RenderObjectEPNS_19RenderSVGInlineTextEPNS_15MeasureTextDataE+0xb4) [0x7f92613928b4]
07:43:49.831 20127   7   0x7f92613928e3 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore21SVGTextMetricsBuilder8walkTreeEPNS_12RenderObjectEPNS_19RenderSVGInlineTextEPNS_15MeasureTextDataE+0xe3) [0x7f92613928e3]
07:43:49.831 20127   8   0x7f9261392988 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore21SVGTextMetricsBuilder19measureTextRendererEPNS_19RenderSVGInlineTextE+0x58) [0x7f9261392988]
07:43:49.831 20127   9   0x7f926136d39b /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore13RenderSVGText21subtreeStyleDidChangeEPNS_19RenderSVGInlineTextE+0x7b) [0x7f926136d39b]
07:43:49.831 20127   10  0x7f92613580a4 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore19RenderSVGInlineText14styleDidChangeENS_15StyleDifferenceEPKNS_11RenderStyleE+0x124) [0x7f92613580a4]
07:43:49.831 20127   11  0x7f926114b7a4 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore12RenderObject8setStyleEN3WTF10PassRefPtrINS_11RenderStyleEEE+0x1a4) [0x7f926114b7a4]
07:43:49.831 20127   12  0x7f9260b62d22 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore4Text15recalcTextStyleENS_4Node11StyleChangeE+0x92) [0x7f9260b62d22]
07:43:49.831 20127   13  0x7f9260afe277 /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore7Element11recalcStyleENS_4Node11StyleChangeE+0x317) [0x7f9260afe277]
07:43:49.831 20127   14  0x7f9260afe22b /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1(_ZN7WebCore7Element11recalcStyleENS_4Node11StyleChangeE+0x2cb) [0x7f9260afe22b]
07:43:49.857 20127 [65/98] svg/text/text-fonts-02-t.svg crashed unexpectedly
07:43:49.857 20127 worker/0 killing driver
07:43:49.857 20127 worker/0 svg/text/text-fonts-02-t.svg failed:
07:43:49.857 20127 worker/0  DumpRenderTree (pid 20136) crashed
Comment 3 Csaba Osztrogonác 2012-10-02 07:53:40 PDT
I marked them as crashing tests - https://trac.webkit.org/changeset/130170
Please unskip them with the proper fix.
Comment 4 Ojan Vafai 2012-10-02 09:36:28 PDT
It also caused webaudio/audiochannelmerger-basic.html to crash on Chromium SnowLeopard Debug:

http://test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=webaudio%2Faudiochannelmerger-basic.html

STDERR: ASSERTION FAILED: i < size()
STDERR: ../../WTF/wtf/Vector.h(574) : const T &WTF::Vector<WebCore::FontDataRange, 1>::at(size_t) const [T = WebCore::FontDataRange, inlineCapacity = 1]
STDERR: 1   0x2d99c2d1 WTF::Vector<WebCore::FontDataRange, 1ul>::at(unsigned long) const
STDERR: 2   0x2d99c229 WTF::Vector<WebCore::FontDataRange, 1ul>::operator[](unsigned long) const
STDERR: 3   0x2d9ef786 WebCore::SegmentedFontData::fontDataForCharacter(int) const
STDERR: 4   0x2c499e9b WebCore::FontFallbackList::primarySimpleFontData(WebCore::Font const*)
STDERR: 5   0x2c499cea WebCore::Font::primaryFont() const
STDERR: 6   0x2ea33bcd WebCore::textRunNeedsRenderingContext(WebCore::Font const&)
STDERR: 7   0x2ede6195 WebCore::SVGTextMetrics::constructTextRun(WebCore::RenderSVGInlineText*, unsigned short const*, unsigned int, unsigned int)
STDERR: 8   0x2ede6ff4 WebCore::SVGTextMetricsBuilder::initializeMeasurementWithTextRenderer(WebCore::RenderSVGInlineText*)
STDERR: 9   0x2ede7264 WebCore::SVGTextMetricsBuilder::measureTextRenderer(WebCore::RenderSVGInlineText*, WebCore::MeasureTextData*)
STDERR: 10  0x2ede767d WebCore::SVGTextMetricsBuilder::walkTree(WebCore::RenderObject*, WebCore::RenderSVGInlineText*, WebCore::MeasureTextData*)
STDERR: 11  0x2ede76cf WebCore::SVGTextMetricsBuilder::walkTree(WebCore::RenderObject*, WebCore::RenderSVGInlineText*, WebCore::MeasureTextData*)
STDERR: 12  0x2ede77fc WebCore::SVGTextMetricsBuilder::measureTextRenderer(WebCore::RenderSVGInlineText*)
STDERR: 13  0x2eddd3b8 WebCore::SVGTextLayoutAttributesBuilder::rebuildMetricsForTextRenderer(WebCore::RenderSVGInlineText*)
STDERR: 14  0x2eda0a6b WebCore::RenderSVGText::subtreeStyleDidChange(WebCore::RenderSVGInlineText*)
STDERR: 15  0x2ed5ead4 WebCore::RenderSVGInlineText::styleDidChange(WebCore::StyleDifference, WebCore::RenderStyle const*)
STDERR: 16  0x2ebf1258 WebCore::RenderObject::setStyle(WTF::PassRefPtr<WebCore::RenderStyle>)
STDERR: 17  0x2d4068da WebCore::Text::recalcTextStyle(WebCore::Node::StyleChange)
STDERR: 18  0x2d2f1678 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
STDERR: 19  0x2d2f1766 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
STDERR: 20  0x2d2f1766 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
STDERR: 21  0x2d2f1766 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
STDERR: 22  0x2d2381dc WebCore::Document::recalcStyle(WebCore::Node::StyleChange)
STDERR: 23  0x2d238aed WebCore::Document::updateStyleIfNeeded()
STDERR: 24  0x2d22dbbb WebCore::Document::styleRecalcTimerFired(WebCore::Timer<WebCore::Document>*)
STDERR: 25  0x2d2ad167 WebCore::Timer<WebCore::Document>::fired()
STDERR: 26  0x2d90daa3 WebCore::ThreadTimers::sharedTimerFiredInternal()
STDERR: 27  0x2d90d82f WebCore::ThreadTimers::sharedTimerFired()
STDERR: 28  0x37e19669 webkit_glue::WebKitPlatformSupportImpl::DoTimeout()
STDERR: 29  0x37e1b174 base::internal::RunnableAdapter<void (webkit_glue::WebKitPlatformSupportImpl::*)()>::Run(webkit_glue::WebKitPlatformSupportImpl*)
STDERR: 30  0x37e1b073 base::internal::InvokeHelper<false, void, base::internal::RunnableAdapter<void (webkit_glue::WebKitPlatformSupportImpl::*)()>, void ()
STDERR: ax: bbadbeef, bx: c24a104, cx: b9a15158, dx: b9a15158
STDERR: di: 2efe0be2, si: 2f1d643b, bp: bfffc488, sp: bfffc440, ss: 23, flags: 210282
STDERR: ip: 2d99c2db, cs: 1b, ds: 23, es: 23, fs: 0, gs: f
Comment 6 Stephen Chenney 2012-10-03 06:44:38 PDT
Created attachment 166883 [details]
Patch
Comment 7 Eric Seidel (no email) 2012-10-03 08:39:43 PDT
Comment on attachment 166883 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=166883&action=review

> Source/WebCore/css/CSSSegmentedFontFace.cpp:113
> +    if (m_fontDataTable.contains(hashKey))
> +        return m_fontDataTable.get(hashKey);
> +    
> +    RefPtr<SegmentedFontData> fontData = SegmentedFontData::create();

I'm confused.  This looks identical to the code you're removing, just slower. :)
Comment 8 Stephen Chenney 2012-10-03 09:43:17 PDT
Comment on attachment 166883 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=166883&action=review

>> Source/WebCore/css/CSSSegmentedFontFace.cpp:113
>> +    RefPtr<SegmentedFontData> fontData = SegmentedFontData::create();
> 
> I'm confused.  This looks identical to the code you're removing, just slower. :)

Previous code always added the key to the cache. If the key was already in the map, the add would return the FontData and this method would return it. When the key was absent, we would go ahead and create the FontData, which at the time of creation has empty m_ranges. Because we're holding a reference to the RefPtr value from the hash map, that also puts the created FontData in the map.

If the attempt to populate the range data failed, we return 0 from this method, but that leaves the newly created FontData in the map, with empty m_ranges. Later, when another caller asks for the FontData, it's there in the map and FontData with empty m_ranges is returned, which violates an assumption of SegmentedFontData.

There are at least two other potential fixes that leave the "add" in place. We can check for null ranges before returning the cached result and, if empty, try again to create them. That avoids a tiny bit of ref pointer thrashing. In hindsight this is probably a better solution.

Or, when we fail to create range data we can remove the FontData from the cache before returning 0.
Comment 9 Eric Seidel (no email) 2012-10-03 13:32:46 PDT
Comment on attachment 166883 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=166883&action=review

I like the idea.  It hink there are some nits you might chose to fix yet.

> Source/WebCore/css/CSSSegmentedFontFace.cpp:111
> +    if (m_fontDataTable.contains(hashKey))
> +        return m_fontDataTable.get(hashKey);

OK.  So seems we could at least do one lookup instead of two.  RefPtr<SegmentedFontData> fontData = m_fontDataTable.get(); if (fontData) return fontData;

>>> Source/WebCore/css/CSSSegmentedFontFace.cpp:113
>>> +    RefPtr<SegmentedFontData> fontData = SegmentedFontData::create();
>> 
>> I'm confused.  This looks identical to the code you're removing, just slower. :)
> 
> Previous code always added the key to the cache. If the key was already in the map, the add would return the FontData and this method would return it. When the key was absent, we would go ahead and create the FontData, which at the time of creation has empty m_ranges. Because we're holding a reference to the RefPtr value from the hash map, that also puts the created FontData in the map.
> 
> If the attempt to populate the range data failed, we return 0 from this method, but that leaves the newly created FontData in the map, with empty m_ranges. Later, when another caller asks for the FontData, it's there in the map and FontData with empty m_ranges is returned, which violates an assumption of SegmentedFontData.
> 
> There are at least two other potential fixes that leave the "add" in place. We can check for null ranges before returning the cached result and, if empty, try again to create them. That avoids a tiny bit of ref pointer thrashing. In hindsight this is probably a better solution.
> 
> Or, when we fail to create range data we can remove the FontData from the cache before returning 0.

I see.  That makes sense, thank you.

> Source/WebCore/css/CSSSegmentedFontFace.cpp:130
> +            m_fontDataTable.add(hashKey, fontData);

I might add a comment here that said something like:
// Onyl add our font to the table if we succeeded in creating ranges for it.
(Or something nicer.)
Comment 10 Stephen Chenney 2012-10-03 14:29:21 PDT
I actually ended up putting in the cleaner fix along with http://trac.webkit.org/changeset/130319. It adds the check for numRanges == 0 before returning an existing FontData object, and only creates a new FontData object if there is not an existing one.

I think that before the ref-counting change we used to leak data that ended up with numRanges == 0, over and over and over again.
Comment 11 Drew Yao 2012-10-03 15:20:09 PDT
*** Bug 98293 has been marked as a duplicate of this bug. ***