[Webkit-unassigned] [Bug 164897] New: Crash in com.apple.JavaScriptCore: JSC::JSObject::visitButterfly + 302

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Nov 17 16:31:43 PST 2016 

https://bugs.webkit.org/show_bug.cgi?id=164897

            Bug ID: 164897
           Summary: Crash in com.apple.JavaScriptCore:
                    JSC::JSObject::visitButterfly + 302
    Classification: Unclassified
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ryanhaddad at apple.com

Created attachment 295108
  --> https://bugs.webkit.org/attachment.cgi?id=295108&action=review
Crash log

Encountered with LayoutTest sputnik/Unicode/Unicode_510/S7.6_A3.2.html

https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK2%20(Tests)/r208860%20(16285)/results.html

Thread 13 Crashed:: WTF::AutomaticThread
0   com.apple.JavaScriptCore          0x000000010a1ff937 WTFCrash + 39
1   com.apple.JavaScriptCore          0x0000000109c8847e JSC::JSObject::visitButterfly(JSC::SlotVisitor&, JSC::Butterfly*, JSC::Structure*) + 302
2   com.apple.JavaScriptCore          0x0000000109c759c6 JSC::JSObject::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) + 518
3   com.apple.JavaScriptCore          0x0000000109cac853 JSC::JSScope::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) + 307
4   com.apple.JavaScriptCore          0x0000000109cbdd13 JSC::JSSymbolTableObject::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) + 307
5   com.apple.JavaScriptCore          0x0000000109cb04e3 JSC::JSSegmentedVariableObject::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) + 307
6   com.apple.JavaScriptCore          0x0000000109bec533 JSC::JSGlobalObject::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) + 307
7   com.apple.WebCore                 0x000000010da81e1e WebCore::JSDOMGlobalObject::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) + 366
8   com.apple.WebCore                 0x000000010dbac553 WebCore::JSDOMWindowBase::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) + 307
9   com.apple.WebCore                 0x000000010daf16d3 WebCore::JSDOMWindow::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) + 307
10  com.apple.JavaScriptCore          0x0000000109fc9bcd JSC::SlotVisitor::visitChildren(JSC::JSCell const*) + 269
11  com.apple.JavaScriptCore          0x0000000109fc847a JSC::SlotVisitor::drain(WTF::MonotonicTime) + 538
12  com.apple.JavaScriptCore          0x0000000109fc8cd5 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, WTF::MonotonicTime) + 2005
13  com.apple.JavaScriptCore          0x00000001099d1df6 JSC::Heap::markToFixpoint(double)::$_1::operator()() const + 774
14  com.apple.JavaScriptCore          0x00000001099d1abc WTF::SharedTaskFunctor<void (), JSC::Heap::markToFixpoint(double)::$_1>::run() + 28
15  com.apple.JavaScriptCore          0x000000010a23f4d0 WTF::ParallelHelperClient::runTask(WTF::RefPtr<WTF::SharedTask<void ()> >) + 176
16  com.apple.JavaScriptCore          0x000000010a2404f2 WTF::ParallelHelperPool::Thread::work() + 66
17  com.apple.JavaScriptCore          0x000000010a2652d3 WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0::operator()() const + 579
18  com.apple.JavaScriptCore          0x000000010a26507d void std::__1::__invoke_void_return_wrapper<void>::__call<WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0&>(WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0&&&) + 45
19  com.apple.JavaScriptCore          0x000000010a264e6c std::__1::__function::__func<WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0, std::__1::allocator<WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0>, void ()>::operator()() + 44
20  com.apple.JavaScriptCore          0x0000000109770e2a std::__1::function<void ()>::operator()() const + 26
21  com.apple.JavaScriptCore          0x000000010a277d0e WTF::threadEntryPoint(void*) + 158
22  com.apple.JavaScriptCore          0x000000010a2797b1 WTF::wtfThreadEntryPoint(void*) + 289
23  libsystem_pthread.dylib           0x7fff8a09405a _pthread_body + 131 (~rc/Software/SUSyrahFalls/Projects/libpthread/libpthread-105.40.1/src/pthread.c:644)
24  libsystem_pthread.dylib           0x7fff8a093fd7 _pthread_start + 176 (~rc/Software/SUSyrahFalls/Projects/libpthread/libpthread-105.40.1/src/pthread.c:680)
25  libsystem_pthread.dylib           0x7fff8a0913ed thread_start + 13 (~rc/Software/SUSyrahFalls/Projects/libpthread/libpthread-105.40.1/src/pthread_asm.s:57)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161118/ade126d9/attachment.html>

More information about the webkit-unassigned mailing list