[Webkit-unassigned] [Bug 18368] New: Crash during sunspider string-unpack-code

[bugzilla-daemon at webkit.org]

http://bugs.webkit.org/show_bug.cgi?id=18368

           Summary: Crash during sunspider string-unpack-code
           Product: WebKit
           Version: 526+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Major
          Priority: P2
         Component: WebKit Gtk
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mh+webkit at glandium.org


I spotted a crash during sunspider string-unpack-code test
(http://webkit.org/perf/sunspider-0.9/string-unpack-code.html) on amd64 (not
tested anywhere else), confirmed on r31722.

I bisected and found this crash has been happening first with r29470.

The full backtrace is as follows:
[Thread debugging using libthread_db enabled]
[New Thread 0x2b04e1a8cec0 (LWP 3167)]
0x00002b04d83cbea5 in waitpid () from /lib/libpthread.so.0
#0  0x00002b04d83cbea5 in waitpid () from /lib/libpthread.so.0
#1  0x00002b04d918a4f6 in g_spawn_sync () from /usr/lib/libglib-2.0.so.0
#2  0x00002b04d918a808 in g_spawn_command_line_sync () from
/usr/lib/libglib-2.0.so.0
#3  0x00002b04e24064b3 in ?? () from
/usr/lib/gtk-2.0/modules/libgnomebreakpad.so
#4  <signal handler called>
#5  0x00002b04d7ff707f in KJS::stringProtoFuncSplit () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#6  0x00002b04d7fd1e49 in KJS::JSObject::call () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#7  0x00002b04d7fe5ae3 in KJS::FunctionCallDotNode::evaluate () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#8  0x00002b04d7fe051e in KJS::ArgumentListNode::evaluateList () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#9  0x00002b04d7fe0b37 in KJS::FunctionCallValueNode::evaluate () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#10 0x00002b04d7fdce2e in KJS::AssignLocalVarNode::evaluate () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#11 0x00002b04d7fd9d8e in KJS::VarStatementNode::execute () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#12 0x00002b04d7fa846a in KJS::BlockNode::execute () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#13 0x00002b04d7fd99b9 in KJS::ForNode::execute () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#14 0x00002b04d7fa846a in KJS::BlockNode::execute () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#15 0x00002b04d7ffb2c0 in KJS::ProgramNode::execute () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#16 0x00002b04d7ffc9c3 in KJS::Interpreter::evaluate () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#17 0x00002b04d7c9f7b3 in WebCore::KJSProxy::evaluate () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#18 0x00002b04d7e2e8f1 in WebCore::FrameLoader::executeScript () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#19 0x00002b04d7df75c9 in WebCore::HTMLTokenizer::scriptExecution () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#20 0x00002b04d7df8685 in WebCore::HTMLTokenizer::scriptHandler () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#21 0x00002b04d7df94e2 in WebCore::HTMLTokenizer::parseSpecial () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#22 0x00002b04d7dfc09c in WebCore::HTMLTokenizer::write () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#23 0x00002b04d7e1cb17 in WebCore::FrameLoader::write () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#24 0x00002b04d7e0ef59 in WebCore::DocumentLoader::commitLoad () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#25 0x00002b04d7e44313 in WebCore::ResourceLoader::didReceiveData () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#26 0x00002b04d7e3f256 in WebCore::MainResourceLoader::didReceiveData () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#27 0x00002b04d7f5e477 in WebCore::writeCallback () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#28 0x00002b04db46d6a8 in ?? () from /usr/lib/libcurl-gnutls.so.4
#29 0x00002b04db482b5e in ?? () from /usr/lib/libcurl-gnutls.so.4
#30 0x00002b04db47f71d in ?? () from /usr/lib/libcurl-gnutls.so.4
#31 0x00002b04db484b1c in ?? () from /usr/lib/libcurl-gnutls.so.4
#32 0x00002b04db48548b in curl_multi_perform () from
/usr/lib/libcurl-gnutls.so.4
#33 0x00002b04d7f5fea0 in WebCore::ResourceHandleManager::downloadTimerCallback
() from /home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#34 0x00002b04d7eba493 in WebCore::TimerBase::fireTimers () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#35 0x00002b04d7eba54b in WebCore::TimerBase::sharedTimerFired () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#36 0x00002b04d7bdeba2 in WebCore::timeout_cb () from
/home/mh/git/webkit/.libs/libwebkit-1.0.so.1
#37 0x00002b04d91570b2 in g_main_context_dispatch () from
/usr/lib/libglib-2.0.so.0
#38 0x00002b04d915a356 in ?? () from /usr/lib/libglib-2.0.so.0
#39 0x00002b04d915a617 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#40 0x00002b04d8a67b63 in IA__gtk_main () at
/build/buildd/gtk+2.0-2.12.9/gtk/gtkmain.c:1163
#41 0x0000000000401eab in main ()


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.