[Webkit-unassigned] [Bug 55671] REGRESSION (r79987-r80210): Crash in JSWeakObjectMapClear

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Mar 11 11:45:01 PST 2011 

https://bugs.webkit.org/show_bug.cgi?id=55671





--- Comment #26 from Oliver Hunt <oliver at apple.com>  2011-03-11 11:45:01 PST ---
You're getting slightly different traces as the crash occurs during an object's finalization, which can happen anytime there's a gc sweep.  The top of the trace is always the same.

(In reply to comment #25)
> (In reply to comment #24)
> > (In reply to comment #23)
> > > Did my previous backtrace give you what you need or do you need me to do it again after a rebuild?
> > 
> > I have an idea for how to deal with this, but i probably won't get to it for a couple of days.
> 
> Great, here's another backtrace that's a little different that I ran after doing a update / rebuild.
> 
> 
> Program received signal EXC_BAD_ACCESS, Could not access memory.
> Reason: KERN_PROTECTION_FAILURE at address: 0x0000007e
> 0x007dba9c in JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock (this=0xbfffba30, globalData=0x6, registerThread=true) at APIShims.h:40
> 40            , m_entryIdentifierTable(wtfThreadData().setCurrentIdentifierTable(globalData->identifierTable))
> (gdb) bt
> #0  0x007dba9c in JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock (this=0xbfffba30, globalData=0x6, registerThread=true) at APIShims.h:40
> #1  0x008210d0 in JSC::APIEntryShim::APIEntryShim (this=0xbfffba30, exec=0x22409d20, registerThread=true) at APIShims.h:67
> #2  0x008a8928 in JSWeakObjectMapClear (ctx=0x22409d20, map=0x2045ede0, key=0x1c45a120, object=0x2248e8b8) at /Users/kdean/WebKit/Source/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp:74
> #3  0x001b402c in ?? ()
> #4  0x001b3778 in ?? ()
> #5  0x008335d8 in JSC::JSCallbackObject<JSC::JSObjectWithGlobalObject>::~JSCallbackObject (this=Cannot access memory at address 0x79
> ) at JSCallbackObjectFunctions.h:100
> #6  0x008bb1a8 in JSC::MarkedBlock::allocate (this=0x2248c000) at JSCell.h:404
> #7  0x008ba0bc in JSC::MarkedSpace::allocateFromSizeClass (this=0x98d7cb4, sizeClass=@0x98d7d14) at /Users/kdean/WebKit/Source/JavaScriptCore/runtime/MarkedSpace.cpp:77
> #8  0x0073c988 in JSC::MarkedSpace::allocate (this=0x98d7cb4, bytes=56) at JSCell.h:424
> #9  0x0073d2a4 in JSC::Heap::allocate (this=0x98d7cb0, bytes=56) at JSCell.h:436
> #10 0x0073d334 in JSC::JSCell::operator new (size=56, exec=0x1a9d6038) at JSCell.h:451
> #11 0x0081109c in JSC::FunctionExecutable::make (this=0x224f0510, exec=0x1a9d6038, scopeChain=0x2240f7e0) at Executable.h:312
> #12 0x007fdc98 in JSC::Interpreter::privateExecute (this=0x98d0800, flag=JSC::Interpreter::Normal, registerFile=0x98d080c, callFrame=0x1a9d6038) at /Users/kdean/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:3793
> #13 0x00803da8 in JSC::Interpreter::execute (this=0x98d0800, program=0x2248e7a0, callFrame=0x22409aa0, scopeChain=0x2240f7e0, thisObj=0x2248da48) at /Users/kdean/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:776
> #14 0x007a5a9c in JSC::evaluate (exec=0x22409aa0, scopeChain=0x2240f7e0, source=@0xbfffd754, thisValue={u = {asEncodedJSValue = -16604669368, asDouble = -nan(0xffffc2248da48), asBits = {tag = -4, payload = 575199816}}}) at /Users/kdean/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:67
> #15 0x059ddeec in WebCore::JSMainThreadExecState::evaluate (exec=0x22409aa0, chain=0x2240f7e0, source=@0xbfffd754, thisValue={u = {asEncodedJSValue = -16604669368, asDouble = -nan(0xffffc2248da48), asBits = {tag = -4, payload = 575199816}}}) at JSMainThreadExecState.h:54
> #16 0x059d5fa4 in WebCore::ScriptController::evaluateInWorld (this=0x20b21fe8, sourceCode=@0xbfffd750, world=0x1b01f420) at /Users/kdean/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:142
> #17 0x04f28d80 in WebCore::Frame::injectUserScriptsForWorld (this=0x20b21c00, world=0x1b01f420, userScripts=@0x1c44abb0, injectionTime=WebCore::InjectAtDocumentEnd) at /Users/kdean/WebKit/Source/WebCore/page/Frame.cpp:550
> #18 0x04f28ec4 in WebCore::Frame::injectUserScripts (this=0x20b21c00, injectionTime=WebCore::InjectAtDocumentEnd) at /Users/kdean/WebKit/Source/WebCore/page/Frame.cpp:530
> #19 0x04f43248 in WebCore::FrameLoader::finishedParsing (this=0x20b21c78) at /Users/kdean/WebKit/Source/WebCore/loader/FrameLoader.cpp:764
> #20 0x04d11210 in WebCore::Document::finishedParsing (this=0x24098200) at /Users/kdean/WebKit/Source/WebCore/dom/Document.cpp:4282
> #21 0x050a7fec in WebCore::HTMLTreeBuilder::finished (this=0x230ea5e0) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2807
> #22 0x05003f5c in WebCore::HTMLDocumentParser::end (this=0x20ba3e00) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:354
> #23 0x050040d8 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x20ba3e00) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:363
> #24 0x05005f60 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x20ba3e00) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:151
> #25 0x05003df4 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x20ba3e00) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:375
> #26 0x05003e58 in WebCore::HTMLDocumentParser::finish (this=0x20ba3e00) at /Users/kdean/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:403
> #27 0x04cfa04c in WebCore::Document::finishParsing (this=0x24098200) at /Users/kdean/WebKit/Source/WebCore/dom/Document.cpp:2271
> #28 0x04d6aec0 in WebCore::DocumentWriter::endIfNotLoadingMainResource (this=0x20c036ec) at /Users/kdean/WebKit/Source/WebCore/loader/DocumentWriter.cpp:222
> #29 0x04d6af1c in WebCore::DocumentWriter::end (this=0x20c036ec) at /Users/kdean/WebKit/Source/WebCore/loader/DocumentWriter.cpp:207
> #30 0x04d4bacc in WebCore::DocumentLoader::finishedLoading (this=0x20c03600) at /Users/kdean/WebKit/Source/WebCore/loader/DocumentLoader.cpp:284
> #31 0x04f42454 in WebCore::FrameLoader::finishedLoading (this=0x20b21c78) at /Users/kdean/WebKit/Source/WebCore/loader/FrameLoader.cpp:2188
> #32 0x0564a25c in WebCore::MainResourceLoader::didFinishLoading (this=0x20be0e00, finishTime=0) at /Users/kdean/WebKit/Source/WebCore/loader/MainResourceLoader.cpp:467
> #33 0x0599cc0c in WebCore::ResourceLoader::didFinishLoading (this=0x20be0e00, finishTime=0) at /Users/kdean/WebKit/Source/WebCore/loader/ResourceLoader.cpp:436
> #34 0x05997a58 in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] (self=0x230dfe60, _cmd=0x917a1300, connection=0x230dc930) at /Users/kdean/WebKit/Source/WebCore/platform/network/mac/ResourceHandleMac.mm:969
> #35 0x937d8818 in _NSURLConnectionDidFinishLoading ()
> #36 0x9636bd90 in URLConnectionClient::_clientDidFinishLoading ()
> #37 0x9636ca0c in URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload ()
> #38 0x9636ccdc in URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload ()
> #39 0x9636b504 in URLConnectionClient::processEvents ()
> #40 0x96315004 in MultiplexerSource::perform ()
> #41 0x901cc1a0 in CFRunLoopRunSpecific ()
> #42 0x91f71b18 in RunCurrentEventLoopInMode ()
> #43 0x91f7193c in ReceiveNextEventCommon ()
> #44 0x91f7177c in BlockUntilNextEventMatchingListInMode ()
> #45 0x90831248 in _DPSNextEvent ()
> #46 0x90830c00 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
> #47 0x00019a14 in ?? ()
> #48 0x9082a8a0 in -[NSApplication run] ()
> #49 0x907fb29c in NSApplicationMain ()
> #50 0x0000c05c in ?? ()
> Current language:  auto; currently c++

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list