[Webkit-unassigned] [Bug 111059] New: Crash in JSC::MarkedBlock::FreeList JSC::MarkedBlock::sweepHelper

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Feb 28 02:16:34 PST 2013 

https://bugs.webkit.org/show_bug.cgi?id=111059

           Summary: Crash in JSC::MarkedBlock::FreeList
                    JSC::MarkedBlock::sweepHelper
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rniwa at webkit.org
                CC: ggaren at apple.com, msaboff at apple.com, fpizlo at apple.com


CRASHING TEST: fast/js/regress/int-or-other-add-then-get-by-val.html

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore          0x000000010422be86 WTF::TCMalloc_ThreadCache_FreeList::Validate(WTF::HardenedSLL, unsigned long) + 70 (FastMalloc.cpp:2626)
1   com.apple.JavaScriptCore          0x000000010422bd11 WTF::TCMalloc_ThreadCache::Deallocate(WTF::HardenedSLL, unsigned long) + 209 (FastMalloc.cpp:3247)
2   com.apple.JavaScriptCore          0x0000000104147345 JSC::MarkedBlock::FreeList JSC::MarkedBlock::sweepHelper<(JSC::MarkedBlock::DestructorType)2>(JSC::MarkedBlock::SweepMode) + 309 (JSCell.h:117)
3   com.apple.JavaScriptCore          0x0000000104146f57 JSC::MarkedBlock::sweep(JSC::MarkedBlock::SweepMode) + 71 (MarkedBlock.cpp:118)
4   com.apple.JavaScriptCore          0x000000010406864c JSC::IncrementalSweeper::doSweep(double) + 108 (IncrementalSweeper.cpp:130)
5   com.apple.JavaScriptCore          0x0000000104066c03 JSC::HeapTimer::timerDidFire(__CFRunLoopTimer*, void*) + 179 (TimeoutChecker.h:57)
6   com.apple.CoreFoundation          0x00007fff92ac7da4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
7   com.apple.CoreFoundation          0x00007fff92ac78bd __CFRunLoopDoTimer + 557
8   com.apple.CoreFoundation          0x00007fff92aad099 __CFRunLoopRun + 1513
9   com.apple.CoreFoundation          0x00007fff92aac6b2 CFRunLoopRunSpecific + 290
10  com.apple.Foundation              0x00007fff87a8089e -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 268
11  DumpRenderTree                    0x0000000103e33e12 runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 1639 (DumpRenderTree.mm:1375)
12  DumpRenderTree                    0x0000000103e335a6 dumpRenderTree(int, char const**) + 1727 (DumpRenderTree.mm:832)
13  DumpRenderTree                    0x0000000103e3417b main + 86 (DumpRenderTree.mm:925)
14  libdyld.dylib                     0x00007fff895837e1 start + 1

e.g.
http://build.webkit.org/results/Apple%20MountainLion%20Release%20WK1%20(Tests)/r144275%20(7359)/results.html

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list