[Webkit-unassigned] [Bug 26349] crash in WTF::TCMalloc_Central_FreeList::FetchFromSpans
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jun 12 12:00:37 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=26349
------- Comment #1 from amd at store20.com 2009-06-12 12:00 PDT -------
This is with Webkit-gtk-1.1.9 release on amd64
#0 WTF::TCMalloc_Central_FreeList::FetchFromSpans (this=0x7fd1c6ed9d20) at
JavaScriptCore/wtf/FastMalloc.cpp:2360
span = (WTF::Span *) 0x7fd1b2dfd9b0
result = (void *) 0x200000010
#1 0x00007fd1c62293f5 in WTF::TCMalloc_Central_FreeList::RemoveRange
(this=0x7fd1c6ed9d20, start=0x7fff22383518,
end=0x7fff22383510, N=0x7fff22383524) at
JavaScriptCore/wtf/FastMalloc.cpp:2332
t = (void *) 0x6e10
num = 32
tail = (void *) 0x7fd1a5fb1fc0
head = (void *) 0x7fd1a5fb0000
count = 16
#2 0x00007fd1c6229a2e in WTF::fastMalloc (size=<value optimized out>) at
JavaScriptCore/wtf/FastMalloc.cpp:2490
No locals.
#3 0x00007fd1c65e723c in WebCore::StringImpl::createUninitialized
(length=<value optimized out>, data=@0x7fff22383588)
at WebCore/platform/text/StringImpl.cpp:987
No locals.
#4 0x00007fd1c65e78b8 in WebCore::StringImpl::create
(characters=0x7fd1ae05d3e8, length=11)
at WebCore/platform/text/StringImpl.cpp:1000
data = <value optimized out>
string = {m_ptr = 0x10030}
#5 0x00007fd1c65e8278 in WebCore::StringImpl::stripWhiteSpace
(this=0x7fd1ae05d3c0) at WebCore/platform/text/StringImpl.cpp:375
start = 0
end = 10
#6 0x00007fd1c65e1998 in WebCore::String::stripWhiteSpace (this=<value
optimized out>) at WebCore/platform/text/String.cpp:289
No locals.
#7 0x00007fd1c63ce90b in WebCore::OptionElement::collectOptionText
(data=<value optimized out>, element=0x7fd1a6be1b00)
at WebCore/dom/OptionElement.cpp:96
text = {m_impl = {m_ptr = 0x7fff22383760}}
document = (class WebCore::Document *) 0x7fd1b0a06c00
#8 0x00007fd1c63ceba6 in
WebCore::OptionElement::collectOptionTextRespectingGroupLabel
(data=@0x7fd1a6be1b88,
element=0x7fd1a6be1b00) at WebCore/dom/OptionElement.cpp:109
parentElement = <value optimized out>
#9 0x00007fd1c64b3336 in
WebCore::HTMLOptionElement::textIndentedToRespectGroupLabel (this=0x6e10)
at WebCore/html/HTMLOptionElement.cpp:205
No locals.
#10 0x00007fd1c6666cfa in WebCore::RenderMenuList::updateOptionsWidth
(this=0x7fd1ae1dcec8)
at WebCore/rendering/RenderMenuList.cpp:139
element = (class WebCore::Element *) 0x7fd1a6be1b00
optionElement = (WebCore::OptionElement *) 0x6e00
text = {m_impl = {m_ptr = 0x7fd1ae05d3c0}}
i = 3
maxOptionWidth = 93
listItems = (const WTF::Vector<WebCore::Element*, 0ul> &)
@0x7fd1addb59e0: {m_size = 8,
m_buffer = {<WTF::VectorBufferBase<WebCore::Element*>> =
{<WTFNoncopyable::Noncopyable> = {<No data fields>},
m_buffer = 0x7fd1a7ed8500, m_capacity = 16}, <No data fields>}}
size = 8
width = <value optimized out>
#11 0x00007fd1c6666f55 in WebCore::RenderMenuList::updateFromElement
(this=0x7fd1c6ed9d20)
at WebCore/rendering/RenderMenuList.cpp:164
No locals.
#12 0x00007fd1c63b4a8f in WebCore::Element::recalcStyle (this=0x7fd1ae587070,
change=WebCore::Node::NoChange)
at WebCore/dom/Element.cpp:845
childRulesChanged = true
n = (class WebCore::Node *) 0x7fd1addb5900
currentStyle = <value optimized out>
hasParentStyle = true
hasPositionalRules = false
hasDirectAdjacentRules = false
forceCheckOfNextElementSibling = false
#13 0x00007fd1c63b4a8f in WebCore::Element::recalcStyle (this=0x7fd1a6d54bd0,
change=WebCore::Node::NoChange)
at WebCore/dom/Element.cpp:845
childRulesChanged = false
n = (class WebCore::Node *) 0x7fd1ae587070
currentStyle = <value optimized out>
hasParentStyle = true
hasPositionalRules = false
hasDirectAdjacentRules = false
forceCheckOfNextElementSibling = false
#14 0x00007fd1c63b4a8f in WebCore::Element::recalcStyle (this=0x7fd1ad92a0f0,
change=WebCore::Node::NoChange)
at WebCore/dom/Element.cpp:845
childRulesChanged = false
n = (class WebCore::Node *) 0x7fd1a6d54bd0
currentStyle = <value optimized out>
hasParentStyle = true
hasPositionalRules = false
hasDirectAdjacentRules = false
forceCheckOfNextElementSibling = false
#15 0x00007fd1c63b4a8f in WebCore::Element::recalcStyle (this=0x7fd1ad83e0e0,
change=WebCore::Node::NoChange)
at WebCore/dom/Element.cpp:845
childRulesChanged = false
n = (class WebCore::Node *) 0x7fd1ad92a0f0
currentStyle = <value optimized out>
hasParentStyle = true
hasPositionalRules = false
hasDirectAdjacentRules = false
forceCheckOfNextElementSibling = false
#16 0x00007fd1c63b4a8f in WebCore::Element::recalcStyle (this=0x7fd1ae46bd20,
change=WebCore::Node::NoChange)
at WebCore/dom/Element.cpp:845
childRulesChanged = false
n = (class WebCore::Node *) 0x7fd1ad83e0e0
currentStyle = <value optimized out>
hasParentStyle = true
hasPositionalRules = false
hasDirectAdjacentRules = false
forceCheckOfNextElementSibling = false
#17 0x00007fd1c63b4a8f in WebCore::Element::recalcStyle (this=0x7fd1ad6e7d20,
change=WebCore::Node::NoChange)
at WebCore/dom/Element.cpp:845
childRulesChanged = false
n = (class WebCore::Node *) 0x7fd1ae46bd20
currentStyle = <value optimized out>
hasParentStyle = true
hasPositionalRules = false
hasDirectAdjacentRules = false
forceCheckOfNextElementSibling = false
#18 0x00007fd1c639e3af in WebCore::Document::recalcStyle (this=0x7fd1b0a06c00,
change=WebCore::Node::NoChange)
at WebCore/dom/Document.cpp:1192
n = (class WebCore::Node *) 0x7fd1ad6e7d20
#19 0x00007fd1c639635f in WebCore::Document::updateStyleIfNeeded
(this=0x7fd1b0a06c00) at WebCore/dom/Document.cpp:1228
No locals.
#20 0x00007fd1c639a6cc in WebCore::Document::updateStyleForAllDocuments () at
WebCore/dom/Document.cpp:1245
doc = (class WebCore::Document *) 0x7fd1b0a06c00
#21 0x00007fd1c62e605d in WebCore::JSEventListener::handleEvent
(this=0x7fd1ad2df190, event=0x7fd1a7e2ad40, isWindowEvent=true)
at WebCore/bindings/js/JSEventListener.cpp:151
args = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, static
inlineCapacity = 8, m_buffer = 0x7fff22383d88,
m_size = 1, m_vector = {m_size = 1,
m_buffer = {<WTF::VectorBufferBase<JSC::Register>> =
{<WTFNoncopyable::Noncopyable> = {<No data fields>},
m_buffer = 0x7fff22383d88, m_capacity = 8}, static m_inlineBufferSize =
64, m_inlineBuffer = {
buffer =
"@|���\177\000\000\200\000\000\000\000\000\000\000#\227\"��\177\000\000�\rP\001\000\000\000\000Q���\177\000\000����\000\000\000\000X�\224��\177\000\000H@\000��\177\000"}}},
m_markSet = 0x0}
savedEvent = (class WebCore::Event *) 0x0
jsFunction = (class JSC::JSObject *) 0x7fd1adbf8000
globalObject = (class WebCore::JSDOMGlobalObject *) 0x7fd1b2dec2c0
scriptExecutionContext = (class WebCore::ScriptExecutionContext *)
0x7fd1b0a06c58
exec = (class JSC::ExecState *) 0x7fd1af265088
callData = {native = {function = 0x7fd1ae3590e0}, js = {functionBody =
0x7fd1ae3590e0, scopeChain = 0x7fd1a7f4f9b0}}
callType = JSC::CallTypeJS
#22 0x00007fd1c6555d65 in WebCore::DOMWindow::handleEvent (this=<value
optimized out>, event=0x7fd1a7e2ad40, useCapture=false,
alternateListeners=<value optimized out>) at
WebCore/page/DOMWindow.cpp:1204
r = <value optimized out>
i = 1
listeners = <value optimized out>
listenersCopy = {m_size = 2,
m_buffer =
{<WTF::VectorBufferBase<WTF::RefPtr<WebCore::RegisteredEventListener> >> =
{<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_buffer = 0x7fd1a6b48a80,
m_capacity = 16}, <No data fields>}}
size = 2
#23 0x00007fd1c655748a in WebCore::DOMWindow::dispatchLoadEvent
(this=0x7fd1a792d780) at WebCore/page/DOMWindow.cpp:1284
ownerElement = <value optimized out>
#24 0x00007fd1c6397b2d in WebCore::Document::implicitClose
(this=0x7fd1b0a06c00) at WebCore/dom/Document.cpp:1631
wasLocationChangePending = <value optimized out>
f = (class WebCore::Frame *) 0x7fd1ad671800
#25 0x00007fd1c651b797 in WebCore::FrameLoader::checkCompleted
(this=0x7fd1ad671850) at WebCore/loader/FrameLoader.cpp:1289
protect = {m_ptr = 0x7fd1ad671800}
#26 0x00007fd1c6549718 in WebCore::Loader::Host::didReceiveResponse
(this=0x7fd1ad7d6140, loader=0x7fd1ad8b2080,
response=@0x7fd1a7f3b0f0) at WebCore/loader/loader.cpp:415
request = (class WebCore::Request *) 0x7fd1adaf6900
resource = (class WebCore::CachedResource *) 0x7fd1ae354800
encoding = {m_impl = {m_ptr = 0x1b86948}}
#27 0x00007fd1c6538bf0 in WebCore::SubresourceLoader::didReceiveResponse
(this=0x7fd1ad8b2080, r=@0x7fd1a7f3b0f0)
at WebCore/loader/SubresourceLoader.cpp:137
No locals.
#28 0x00007fd1c6835e37 in gotHeadersCallback (msg=0x16055b0, data=<value
optimized out>)
at WebCore/platform/network/soup/ResourceHandleSoup.cpp:274
contentType = <value optimized out>
handle = {m_ptr = 0x7fd1ad766740}
d = (class WebCore::ResourceHandleInternal *) 0x7fd1a7f3b000
client = (class WebCore::ResourceHandleClient *) 0x7fd1ad8b2080
#29 0x00007fd1bb0b72cf in IA__g_closure_invoke (closure=0x191ae60,
return_value=0x0, n_param_values=1, param_values=0x1be6440,
invocation_hint=0x7fff223841f0) at gclosure.c:767
marshal = (GClosureMarshal) 0x7fd1bb0c3d10
<IA__g_cclosure_marshal_VOID__VOID>
marshal_data = <value optimized out>
__PRETTY_FUNCTION__ = "IA__g_closure_invoke"
#30 0x00007fd1bb0ccd6a in signal_emit_unlocked_R (node=0x10d6c80, detail=0,
instance=0x16055b0, emission_return=0x0,
instance_and_params=0x1be6440) at gsignal.c:3247
tmp = <value optimized out>
handler = (Handler *) 0x1b88a70
accumulator = (SignalAccumulator *) 0x0
emission = {next = 0x7fff22384620, instance = 0x16055b0, ihint =
{signal_id = 367, detail = 0,
run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4}
class_closure = (GClosure *) 0x11529e0
handler_list = (Handler *) 0x1b88a70
return_accu = (GValue *) 0x0
accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong
= 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0,
v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}}}
signal_id = 367
max_sequential_handler_number = 75980
return_value_altered = 1
#31 0x00007fd1bb0ce361 in IA__g_signal_emit_valist (instance=0x16055b0,
signal_id=<value optimized out>, detail=0,
var_args=0x7fff223843d0) at gsignal.c:2980
signal_return_type = 4
param_values = (GValue *) 0x1be6458
node = (SignalNode *) 0x10d6c80
i = 0
n_params = 0
__PRETTY_FUNCTION__ = "IA__g_signal_emit_valist"
#32 0x00007fd1bb0ce853 in IA__g_signal_emit (instance=0x7fd1c6ed9d20,
signal_id=16, detail=28160) at gsignal.c:3037
var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area =
0x7fff223844b0, reg_save_area = 0x7fff223843f0}}
#33 0x00007fd1bd54cfe0 in io_read (sock=0x196e280, msg=0x16055b0) at
soup-message-io.c:767
priv = (SoupMessagePrivate *) 0x1605600
io = (SoupMessageIOData *) 0x19d6be0
status = 200
__PRETTY_FUNCTION__ = "io_read"
#34 0x00007fd1bb0b72cf in IA__g_closure_invoke (closure=0xfbbf40,
return_value=0x0, n_param_values=1, param_values=0x1876120,
invocation_hint=0x7fff22384630) at gclosure.c:767
marshal = (GClosureMarshal) 0x7fd1bb0c3d10
<IA__g_cclosure_marshal_VOID__VOID>
marshal_data = <value optimized out>
__PRETTY_FUNCTION__ = "IA__g_closure_invoke"
#35 0x00007fd1bb0ccd6a in signal_emit_unlocked_R (node=0x10d43e0, detail=0,
instance=0x196e280, emission_return=0x0,
instance_and_params=0x1876120) at gsignal.c:3247
tmp = <value optimized out>
handler = (Handler *) 0x123a040
accumulator = (SignalAccumulator *) 0x0
emission = {next = 0x0, instance = 0x196e280, ihint = {signal_id = 379,
detail = 0, run_type = G_SIGNAL_RUN_FIRST},
state = EMISSION_RUN, chain_type = 4}
class_closure = (GClosure *) 0x11b3400
handler_list = (Handler *) 0x123a040
return_accu = (GValue *) 0x0
accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong
= 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0,
v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}}}
signal_id = 379
max_sequential_handler_number = 75980
return_value_altered = 0
#36 0x00007fd1bb0ce361 in IA__g_signal_emit_valist (instance=0x196e280,
signal_id=<value optimized out>, detail=0,
var_args=0x7fff22384810) at gsignal.c:2980
signal_return_type = 4
param_values = (GValue *) 0x1876138
node = (SignalNode *) 0x10d43e0
i = 0
n_params = 0
__PRETTY_FUNCTION__ = "IA__g_signal_emit_valist"
#37 0x00007fd1bb0ce853 in IA__g_signal_emit (instance=0x7fd1c6ed9d20,
signal_id=16, detail=28160) at gsignal.c:3037
var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area =
0x7fff223848f0, reg_save_area = 0x7fff22384830}}
#38 0x00007fd1bd556ed2 in socket_read_watch (chan=<value optimized out>,
cond=0, user_data=<value optimized out>)
at soup-socket.c:1152
sock = (SoupSocket *) 0x196e280
#39 0x00007fd1bae00ea9 in IA__g_main_context_dispatch (context=0xaa7c70) at
gmain.c:1814
No locals.
#40 0x00007fd1bae04518 in g_main_context_iterate (context=0xaa7c70, block=1,
dispatch=1, self=<value optimized out>)
at gmain.c:2445
max_priority = 2147483647
timeout = 91
some_ready = 1
nfds = 13
allocated_nfds = <value optimized out>
fds = (GPollFD *) 0x14dffd0
__PRETTY_FUNCTION__ = "g_main_context_iterate"
#41 0x00007fd1bae04a0d in IA__g_main_loop_run (loop=0xb07650) at gmain.c:2653
self = (GThread *) 0xa6d0e0
__PRETTY_FUNCTION__ = "IA__g_main_loop_run"
#42 0x00007fd1c23f8307 in IA__gtk_main () at gtkmain.c:1205
tmp_list = (GList *) 0xb05830
functions = (GList *) 0x0
init = (GtkInitFunction *) 0xaeca40
loop = (GMainLoop *) 0xb07650
#43 0x0000000000431ad6 in main (argc=1, argv=0x7fff22385d78) at ephy-main.c:781
option_context = <value optimized out>
option_group = <value optimized out>
proxy = <value optimized out>
error = (GError *) 0x0
user_time = 77377788
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list