[Webkit-unassigned] [Bug 164840] New: Crash in com.apple.JavaScriptCore: JSC::JSObject::visitButterfly + 302
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 16 15:34:33 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=164840
Bug ID: 164840
Summary: Crash in com.apple.JavaScriptCore:
JSC::JSObject::visitButterfly + 302
Classification: Unclassified
Product: WebKit
Version: Other
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ryanhaddad at apple.com
Crash in com.apple.JavaScriptCore: JSC::JSObject::visitButterfly + 302
Seen with LayoutTest sputnik/Unicode/Unicode_510/S7.6_A3.2.html
https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK2%20(Tests)/r208806%20(16264)/results.html
Process: com.apple.WebKit.WebContent.Development [61271]
Path: /Volumes/VOLUME/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development
Identifier: com.apple.WebKit.WebContent
Version: 603+ (603.1.12+)
Code Type: X86-64 (Native)
Parent Process: ??? [1]
Responsible: com.apple.WebKit.WebContent.Development [61271]
User ID: 501
Date/Time: 2016-11-16 14:49:45.400 -0800
OS Version: Mac OS X 10.10.5 (14F1909)
Report Version: 11
Anonymous UUID: C9EC8ADD-8E2F-2A5C-D1B0-4BDF54F896B6
Time Awake Since Boot: 3600000 seconds
Crashed Thread: 14 WTF::AutomaticThread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef
VM Regions Near 0xbbadbeef:
-->
__TEXT 00000001053ef000-00000001053f4000 [ 20K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development
Application Specific Information:
CRASHING TEST: sputnik/Unicode/Unicode_510/S7.6_A3.2.html
Thread 0:: Dispatch queue: com.apple.main-thread
0 libsystem_kernel.dylib 0x00007fff86f8d136 __psynch_cvwait + 10
1 com.apple.JavaScriptCore 0x0000000109faefc0 WTF::ThreadCondition::wait(WTF::Mutex&) + 48
2 com.apple.JavaScriptCore 0x0000000109faf068 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 104
3 com.apple.JavaScriptCore 0x0000000109f766c2 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 418
4 com.apple.JavaScriptCore 0x0000000109732ef0 WTF::ParkingLot::ParkResult WTF::ParkingLot::parkConditionally<WTF::ParkingLot::ParkResult WTF::ParkingLot::compareAndPark<unsigned int, unsigned int>(WTF::Atomic<unsigned int> const*, unsigned int)::'lambda'(), WTF::ParkingLot::ParkResult WTF::ParkingLot::compareAndPark<unsigned int, unsigned int>(WTF::Atomic<unsigned int> const*, unsigned int)::'lambda0'()>(void const*, unsigned int const&, unsigned int const&, WTF::TimeWithDynamicClockType const&) + 96
5 com.apple.JavaScriptCore 0x00000001097203cd WTF::ParkingLot::ParkResult WTF::ParkingLot::compareAndPark<unsigned int, unsigned int>(WTF::Atomic<unsigned int> const*, unsigned int) + 77
6 com.apple.JavaScriptCore 0x000000010971b093 JSC::Heap::stopIfNecessarySlow(unsigned int) + 291
7 com.apple.JavaScriptCore 0x000000010971af46 JSC::Heap::stopIfNecessarySlow() + 54
8 com.apple.JavaScriptCore 0x00000001097208ce JSC::Heap::stopIfNecessary() + 62
9 com.apple.JavaScriptCore 0x00000001097155fb JSC::Heap::collectIfNecessaryOrDefer(JSC::GCDeferralContext*) + 155
10 com.apple.JavaScriptCore 0x000000010971c5ef JSC::Heap::decrementDeferralDepthAndGCIfNeeded() + 79
11 com.apple.JavaScriptCore 0x0000000108e99188 JSC::DeferGC::~DeferGC() + 24
12 com.apple.JavaScriptCore 0x0000000108e969e5 JSC::DeferGC::~DeferGC() + 21
13 com.apple.JavaScriptCore 0x0000000108eacbdf bool JSC::JSObject::putDirectInternal<(JSC::JSObject::PutMode)1>(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int, JSC::PutPropertySlot&) + 1759
14 com.apple.JavaScriptCore 0x0000000108ea8b4d JSC::JSObject::putDirect(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int) + 269
15 com.apple.JavaScriptCore 0x000000010991b379 JSC::JSFunction::createBuiltinFunction(JSC::VM&, JSC::FunctionExecutable*, JSC::JSGlobalObject*) + 169
16 com.apple.JavaScriptCore 0x00000001099cdad0 JSC::JSObject::putDirectBuiltinFunction(JSC::VM&, JSC::JSGlobalObject*, JSC::PropertyName const&, JSC::FunctionExecutable*, unsigned int) + 176
17 com.apple.JavaScriptCore 0x00000001099d2d37 JSC::reifyStaticProperty(JSC::VM&, JSC::PropertyName const&, JSC::HashTableValue const&, JSC::JSObject&) + 247
18 com.apple.JavaScriptCore 0x0000000109aba634 JSC::setUpStaticFunctionSlot(JSC::VM&, JSC::HashTableValue const*, JSC::JSObject*, JSC::PropertyName, JSC::PropertySlot&) + 292
19 com.apple.JavaScriptCore 0x00000001099d26a8 JSC::getStaticPropertySlotFromTable(JSC::VM&, JSC::HashTable const&, JSC::JSObject*, JSC::PropertyName, JSC::PropertySlot&) + 168
20 com.apple.JavaScriptCore 0x00000001099c9448 JSC::JSObject::getOwnStaticPropertySlot(JSC::VM&, JSC::PropertyName, JSC::PropertySlot&) + 120
21 com.apple.JavaScriptCore 0x0000000108e94eb5 JSC::JSObject::getOwnNonIndexPropertySlot(JSC::VM&, JSC::Structure*, JSC::PropertyName, JSC::PropertySlot&) + 165
22 com.apple.JavaScriptCore 0x0000000108e9440a JSC::JSObject::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 90
23 com.apple.JavaScriptCore 0x0000000109d1bf60 JSC::StringObject::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 128
24 com.apple.JavaScriptCore 0x0000000108eb3b75 JSC::JSObject::getNonIndexPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 533
25 com.apple.JavaScriptCore 0x0000000108eb3786 JSC::JSObject::getPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 294
26 com.apple.JavaScriptCore 0x0000000108eb736a JSC::JSValue::getPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const + 266
27 com.apple.JavaScriptCore 0x0000000108eaba35 JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const + 53
28 com.apple.JavaScriptCore 0x0000000109aacf0a llint_slow_path_get_by_id + 346
29 com.apple.JavaScriptCore 0x0000000109abdf50 llint_entry + 12444
30 com.apple.JavaScriptCore 0x0000000109ac23d5 llint_entry + 29985
31 com.apple.JavaScriptCore 0x0000000109ac23d5 llint_entry + 29985
32 com.apple.JavaScriptCore 0x0000000109abac9e vmEntryToJavaScript + 334
33 com.apple.JavaScriptCore 0x000000010988a81c JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 332
34 com.apple.JavaScriptCore 0x00000001098052ce JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 4878
35 com.apple.JavaScriptCore 0x00000001090d55d5 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 677
36 com.apple.JavaScriptCore 0x00000001090d572e JSC::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 94
37 com.apple.WebCore 0x000000010e97c9eb WebCore::JSMainThreadExecState::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 75
38 com.apple.WebCore 0x000000010e976378 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&, WebCore::ExceptionDetails*) + 312
39 com.apple.WebCore 0x000000010e97649d WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&, WebCore::ExceptionDetails*) + 61
40 com.apple.WebCore 0x000000010e98b40a WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 730
41 com.apple.WebCore 0x000000010e989cb8 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 2376
42 com.apple.WebCore 0x000000010d28245c WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) + 364
43 com.apple.WebCore 0x000000010d28226a WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) + 138
44 com.apple.WebCore 0x000000010d1a33a2 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 1362
45 com.apple.WebCore 0x000000010d1a3526 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) + 214
46 com.apple.WebCore 0x000000010d1a268d WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 445
47 com.apple.WebCore 0x000000010d1a2daf WebCore::HTMLDocumentParser::resumeParsingAfterYield() + 47
48 com.apple.WebCore 0x000000010d26b048 WebCore::HTMLParserScheduler::continueNextChunkTimerFired() + 152
49 com.apple.WebCore 0x000000010d26c928 void std::__1::__invoke_void_return_wrapper<void>::__call<std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*>&>(std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*>&&&) + 248
50 com.apple.WebCore 0x000000010d26c7fc std::__1::__function::__func<std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*>, std::__1::allocator<std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*> >, void ()>::operator()() + 44
51 com.apple.WebCore 0x000000010c56fe8a std::__1::function<void ()>::operator()() const + 26
52 com.apple.WebCore 0x000000010c56fd9c WebCore::Timer::fired() + 28
53 com.apple.WebCore 0x000000010ee5e9ea WebCore::ThreadTimers::sharedTimerFiredInternal() + 394
54 com.apple.WebCore 0x000000010ee5fc31 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const + 33
55 com.apple.WebCore 0x000000010ee5fbfd void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&>(WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&&&) + 45
56 com.apple.WebCore 0x000000010ee5fb9c std::__1::__function::__func<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, std::__1::allocator<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>, void ()>::operator()() + 44
57 com.apple.WebCore 0x000000010c56fe8a std::__1::function<void ()>::operator()() const + 26
58 com.apple.WebCore 0x000000010e134f4f WebCore::MainThreadSharedTimer::fired() + 111
59 com.apple.WebCore 0x000000010e135359 WebCore::timerFired(__CFRunLoopTimer*, void*) + 41
60 com.apple.CoreFoundation 0x00007fff8d0532e4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
61 com.apple.CoreFoundation 0x00007fff8d052f73 __CFRunLoopDoTimer + 1059
62 com.apple.CoreFoundation 0x00007fff8d0c653d __CFRunLoopDoTimers + 301
63 com.apple.CoreFoundation 0x00007fff8d00e608 __CFRunLoopRun + 2024
64 com.apple.CoreFoundation 0x00007fff8d00dbd8 CFRunLoopRunSpecific + 296
65 com.apple.HIToolbox 0x00007fff8bd5356f RunCurrentEventLoopInMode + 235
66 com.apple.HIToolbox 0x00007fff8bd532ea ReceiveNextEventCommon + 431
67 com.apple.HIToolbox 0x00007fff8bd5312b _BlockUntilNextEventMatchingListInModeWithFilter + 71
68 com.apple.AppKit 0x00007fff8570d8ab _DPSNextEvent + 978
69 com.apple.AppKit 0x00007fff8570ce58 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 346
70 com.apple.AppKit 0x00007fff85702af3 -[NSApplication run] + 594
71 com.apple.AppKit 0x00007fff8567f244 NSApplicationMain + 1832
72 libxpc.dylib 0x00007fff8c158928 _xpc_objc_main + 793
73 libxpc.dylib 0x00007fff8c15a030 xpc_main + 490
74 com.apple.WebKit.WebContent 0x00000001053f0710 main + 800
75 libdyld.dylib 0x00007fff848fc5c9 start + 1
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161116/c0c05725/attachment-0001.html>
More information about the webkit-unassigned
mailing list