[Webkit-unassigned] [Bug 90957] [Qt] There are GC related crashes regularly

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jul 11 06:28:41 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=90957





--- Comment #6 from Csaba Osztrogonac <ossy at webkit.org>  2012-07-11 06:28:41 PST ---
I managed to reproduce this bug inside gdb (Qt 4.8, 64bit, release mode with debug symbols)

I don't know anything about GC, so I can't debug it. 
But I hope this backtrace can help you:

$ gdb WebKitBuild/Release/bin/DumpRenderTree
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree...done.
(gdb) run --no-timeout PerformanceTests/Dromaeo/jslib-event-jquery.html
Starting program: /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree --no-timeout PerformanceTests/Dromaeo/jslib-event-jquery.html
[Thread debugging using libthread_db enabled]
[New Thread 0x7fffeb154700 (LWP 15118)]
[New Thread 0x7fffa9889700 (LWP 15119)]
[Thread 0x7fffa9889700 (LWP 15119) exited]
[New Thread 0x7fffa9889700 (LWP 15120)]
[New Thread 0x7fffa947e700 (LWP 15121)]
[New Thread 0x7fffa927d700 (LWP 15122)]
[New Thread 0x7fffa907c700 (LWP 15123)]
[New Thread 0x7fffa8e7b700 (LWP 15124)]
[New Thread 0x7fffa8c7a700 (LWP 15125)]
[New Thread 0x7fffa8a79700 (LWP 15126)]
[New Thread 0x7fffa839f700 (LWP 15127)]
main frame - has 1 onunload handler(s)
frame "<!--framePath //<!--frame0-->-->" - has 1 onunload handler(s)

Program received signal SIGSEGV, Segmentation fault.
JSC::MarkStackSegmentAllocator::shrinkReserve (this=0x7fffa293b000) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkStack.cpp:89
89              segments = segments->m_previous;
(gdb) bt
#0  JSC::MarkStackSegmentAllocator::shrinkReserve (this=0x7fffa293b000) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkStack.cpp:89
#1  0x00007ffff72a139d in JSC::MarkStackThreadSharedData::reset (this=0x7fffeaeb9b98) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkStack.cpp:297
#2  0x00007ffff729ddd6 in JSC::Heap::markRoots (this=<value optimized out>, fullGC=<value optimized out>) at /home/oszi/WebKit/Source/JavaScriptCore/heap/Heap.cpp:595
#3  0x00007ffff729df8b in JSC::Heap::collect (this=0x7fffeaeb9050, sweepToggle=JSC::Heap::DoNotSweep) at /home/oszi/WebKit/Source/JavaScriptCore/heap/Heap.cpp:717
#4  0x00007ffff7292d80 in JSC::CopiedSpace::allocateBlock (this=0x7fffeaeb9a38, bytes=12240, outPtr=0x7fffffffd100) at /home/oszi/WebKit/Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h:104
#5  JSC::CopiedSpace::tryAllocateSlowCase (this=0x7fffeaeb9a38, bytes=12240, outPtr=0x7fffffffd100) at /home/oszi/WebKit/Source/JavaScriptCore/heap/CopiedSpace.cpp:72
#6  0x00007ffff7293310 in JSC::CopiedSpace::tryAllocate (this=0x1000, ptr=0x7fffffffd150, oldSize=8160, newSize=140737134697192) at /home/oszi/WebKit/Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h:124
#7  JSC::CopiedSpace::tryReallocate (this=0x1000, ptr=0x7fffffffd150, oldSize=8160, newSize=140737134697192) at /home/oszi/WebKit/Source/JavaScriptCore/heap/CopiedSpace.cpp:123
#8  0x00007ffff746244d in JSC::Heap::tryReallocateStorage (this=0x7fffa0afea80, globalData=<value optimized out>, newLength=<value optimized out>) at /home/oszi/WebKit/Source/JavaScriptCore/heap/Heap.h:378
#9  JSC::JSArray::increaseVectorLength (this=0x7fffa0afea80, globalData=<value optimized out>, newLength=<value optimized out>) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSArray.cpp:1046
#10 0x00007ffff7466203 in JSC::JSArray::putDirectIndexBeyondVectorLength (this=0x7fffa0afea80, exec=0x7fffa845a450, i=1017, value=..., shouldThrow=true) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSArray.cpp:868
#11 0x00007ffff7439e66 in JSC::JSArray::putDirectIndex (exec=0x7fffa845a450) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSArray.h:183
#12 arrayProtoFuncSlice (exec=0x7fffa845a450) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/ArrayPrototype.cpp:614
#13 0x00007fffaae4b265 in ?? ()
#14 0x00007fffa2aabc80 in ?? ()
#15 0x00007fffaaf9738e in ?? ()
#16 0x0000000000000000 in ?? ()
(gdb)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list