[Webkit-unassigned] [Bug 120099] New: Assertion failure in JSC::SlotVisitor::copyLater

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Aug 20 20:20:29 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=120099

           Summary: Assertion failure in JSC::SlotVisitor::copyLater
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P1
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rniwa at webkit.org
                CC: ggaren at apple.com, oliver at apple.com, thorton at apple.com,
                    fpizlo at apple.com, mhahnenberg at apple.com


Saw this crash on fast/canvas/webgl/array-message-passing.html:

Thread 9 Crashed:: JavaScriptCore::Marking
0   com.apple.JavaScriptCore          0x000000010658986a WTFCrash + 42 (Assertions.cpp:342)
1   com.apple.JavaScriptCore          0x00000001061b68f5 JSC::SlotVisitor::copyLater(JSC::JSCell*, JSC::CopyToken, void*, unsigned long) + 85 (SlotVisitorInlines.h:213)
2   com.apple.JavaScriptCore          0x00000001063cb624 JSC::JSObject::visitButterfly(JSC::SlotVisitor&, JSC::Butterfly*, unsigned long) + 356 (JSObject.cpp:193)
3   com.apple.JavaScriptCore          0x00000001063bf6e9 JSC::JSObject::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) + 409 (JSObject.cpp:223)
4   com.apple.JavaScriptCore          0x00000001064fe5a8 JSC::visitChildren(JSC::SlotVisitor&, JSC::JSCell const*) + 264 (SlotVisitor.cpp:96)
5   com.apple.JavaScriptCore          0x00000001064fe40d JSC::SlotVisitor::drain() + 237 (SlotVisitor.cpp:136)
6   com.apple.JavaScriptCore          0x00000001064fea18 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) + 1128 (SlotVisitor.cpp:226)
7   com.apple.JavaScriptCore          0x00000001062e568d JSC::GCThread::gcThreadMain() + 189 (GCThread.cpp:109)
8   com.apple.JavaScriptCore          0x00000001062e576d JSC::GCThread::gcThreadStartFunc(void*) + 29 (GCThread.cpp:136)
9   com.apple.JavaScriptCore          0x00000001065cf8b0 WTF::threadEntryPoint(void*) + 144 (Threading.cpp:70)
10  com.apple.JavaScriptCore          0x00000001065d0258 WTF::wtfThreadEntryPoint(void*) + 104 (ThreadingPthreads.cpp:195)
11  libsystem_c.dylib                 0x00007fff96a7b7a2 _pthread_start + 327
12  libsystem_c.dylib                 0x00007fff96a681e1 thread_start + 13

http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r154377%20(11827)/fast/canvas/webgl/array-message-passing-crash-log.txt

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list