[Webkit-unassigned] [Bug 164989] New: Crash in WTF::FastBitVectorWordOwner::numBits() in GC thread.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Nov 19 09:49:05 PST 2016 

https://bugs.webkit.org/show_bug.cgi?id=164989

            Bug ID: 164989
           Summary: Crash in WTF::FastBitVectorWordOwner::numBits() in GC
                    thread.
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mark.lam at apple.com

See https://build.webkit.org/results/Apple%20Sierra%20Debug%20WK2%20(Tests)/r208921%20(771)/fast/events/tab-focus-hidden-crash-log.txt

Relevant crash trace:

Crashed Thread:        11  WTF::AutomaticThread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000060
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [0]

Thread 11 Crashed:: WTF::AutomaticThread
0   com.apple.JavaScriptCore          0x00000001126cb8dc WTF::FastBitVectorWordOwner::numBits() const + 12 (FastBitVector.h:129)
1   com.apple.JavaScriptCore          0x00000001126cb2a5 WTF::FastBitVectorImpl<WTF::FastBitVectorWordOwner>::numBits() const + 21 (FastBitVector.h:271)
2   com.apple.JavaScriptCore          0x0000000112788668 WTF::FastBitVectorImpl<WTF::FastBitVectorWordOwner>::atImpl(unsigned long) const + 40 (FastBitVector.h:426)
3   com.apple.JavaScriptCore          0x0000000112788598 WTF::FastBitVector::operator[](unsigned long) const + 40 (FastBitVector.h:512)
4   com.apple.JavaScriptCore          0x000000011292295c JSC::MarkedAllocator::isAllocated(unsigned long) const + 44 (MarkedAllocator.h:181)
5   com.apple.JavaScriptCore          0x00000001129227c0 JSC::MarkedAllocator::isAllocated(JSC::MarkedBlock::Handle*) const + 48 (MarkedAllocator.h:181)
6   com.apple.JavaScriptCore          0x0000000113300525 JSC::MarkedBlock::aboutToMarkSlow(unsigned int) + 197 (MarkedBlock.cpp:385)
7   com.apple.JavaScriptCore          0x000000011353597c JSC::MarkedBlock::aboutToMark(unsigned int) + 60 (MarkedBlock.h:502)
8   com.apple.JavaScriptCore          0x0000000113533a6b void JSC::SlotVisitor::setMarkedAndAppendToMarkStack<JSC::MarkedBlock>(JSC::MarkedBlock&, JSC::JSCell*) + 43 (SlotVisitor.cpp:204)
9   com.apple.JavaScriptCore          0x000000011353370a JSC::SlotVisitor::setMarkedAndAppendToMarkStack(JSC::JSCell*) + 218 (SlotVisitor.cpp:197)
10  com.apple.JavaScriptCore          0x0000000113533622 JSC::SlotVisitor::append(JSC::JSValue) + 178 (SlotVisitor.cpp:171)
11  com.apple.JavaScriptCore          0x000000011289db65 void JSC::SlotVisitor::append<JSC::Unknown>(JSC::WriteBarrierBase<JSC::Unknown>*) + 53 (SlotVisitorInlines.h:69)
12  com.apple.JavaScriptCore          0x000000011356ac72 JSC::Structure::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) + 402 (Structure.cpp:1033)
13  com.apple.JavaScriptCore          0x000000011353441d JSC::SlotVisitor::visitChildren(JSC::JSCell const*) + 269 (SlotVisitor.cpp:335)
14  com.apple.JavaScriptCore          0x0000000113534228 JSC::SlotVisitor::drain(WTF::MonotonicTime) + 344 (SlotVisitor.cpp:381)
15  com.apple.JavaScriptCore          0x0000000113534c9e JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, WTF::MonotonicTime) + 1998 (SlotVisitor.cpp:408)
16  com.apple.JavaScriptCore          0x0000000112f62670 JSC::Heap::markToFixpoint(double)::$_1::operator()() const + 768 (Heap.cpp:529)
17  com.apple.JavaScriptCore          0x0000000112f622c9 WTF::SharedTaskFunctor<void (), JSC::Heap::markToFixpoint(double)::$_1>::run() + 25 (SharedTask.h:90)
18  com.apple.JavaScriptCore          0x000000011379aead WTF::ParallelHelperClient::runTask(WTF::RefPtr<WTF::SharedTask<void ()> >) + 173 (ParallelHelperPool.cpp:115)
19  com.apple.JavaScriptCore          0x000000011379bc1f WTF::ParallelHelperPool::Thread::work() + 63 (ParallelHelperPool.cpp:194)
20  com.apple.JavaScriptCore          0x00000001137c1248 WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0::operator()() const + 552 (AutomaticThread.cpp:194)
21  com.apple.JavaScriptCore          0x00000001137c100d void std::__1::__invoke_void_return_wrapper<void>::__call<WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0&>(WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0&&&) + 45 (__functional_base:469)
22  com.apple.JavaScriptCore          0x00000001137c0da9 std::__1::__function::__func<WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0, std::__1::allocator<WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0>, void ()>::operator()() + 41 (functional:1437)
23  com.apple.JavaScriptCore          0x0000000112cc5eca std::__1::function<void ()>::operator()() const + 26 (functional:1817)
24  com.apple.JavaScriptCore          0x00000001137d2087 WTF::threadEntryPoint(void*) + 151 (Threading.cpp:60)
25  com.apple.JavaScriptCore          0x00000001137d3a51 WTF::wtfThreadEntryPoint(void*) + 289 (ThreadingPthreads.cpp:164)
26  libsystem_pthread.dylib           0x00007fffbe5f3abb _pthread_body + 180
27  libsystem_pthread.dylib           0x00007fffbe5f3a07 _pthread_start + 286
28  libsystem_pthread.dylib           0x00007fffbe5f3231 thread_start + 13

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161119/10225aad/attachment-0001.html>

More information about the webkit-unassigned mailing list