[Webkit-unassigned] [Bug 165045] New: Crash in JSC::StructureIDTable::get

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Nov 23 07:41:29 PST 2016 

https://bugs.webkit.org/show_bug.cgi?id=165045

            Bug ID: 165045
           Summary: Crash in JSC::StructureIDTable::get
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com

Two reports (very few) of this crash with WebKitGTK+ 2.14.1:

Truncated backtrace:
Thread no. 0 (10 frames)
 #0 JSC::StructureIDTable::get(unsigned int) at /usr/src/debug/webkitgtk-2.14.1/Source/JavaScriptCore/runtime/StructureIDTable.h:86
 #1 JSC::JSCell::structure(JSC::VM&) const at /usr/src/debug/webkitgtk-2.14.1/Source/JavaScriptCore/runtime/JSCellInlines.h:107
 #2 JSC::JSCell::classInfo() const at /usr/src/debug/webkitgtk-2.14.1/Source/JavaScriptCore/runtime/JSCellInlines.h:245
 #3 JSC::isJSFinalObject(JSC::JSCell*) at /usr/src/debug/webkitgtk-2.14.1/Source/JavaScriptCore/runtime/JSObject.h:1097
 #4 JSC::isJSFinalObject(JSC::JSValue) at /usr/src/debug/webkitgtk-2.14.1/Source/JavaScriptCore/runtime/JSObject.h:1102
 #5 JSC::SlotVisitor::visitChildren(JSC::JSCell const*) at /usr/src/debug/webkitgtk-2.14.1/Source/JavaScriptCore/heap/SlotVisitor.cpp:308
 #6 JSC::SlotVisitor::drain() at /usr/src/debug/webkitgtk-2.14.1/Source/JavaScriptCore/heap/SlotVisitor.cpp:354
 #7 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) at /usr/src/debug/webkitgtk-2.14.1/Source/JavaScriptCore/heap/SlotVisitor.cpp:423
 #8 JSC::Heap::<lambda()>::operator() at /usr/src/debug/webkitgtk-2.14.1/Source/JavaScriptCore/heap/Heap.cpp:451
 #9 WTF::SharedTaskFunctor<void(), JSC::Heap::markRoots(double, void*, void*, __jmp_buf_tag (&)[1])::<lambda()> >::run(void) at /usr/src/debug/webkitgtk-2.14.1/Source/WTF/wtf/SharedTask.h:90

In the downstream bug (See Also) attached to comment #1 there is a full backtrace with stack variables, register dump, and assembler dump at the crash site.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161123/abec65f8/attachment.html>

More information about the webkit-unassigned mailing list