[Webkit-unassigned] [Bug 192050] REGRESSION: [ MacOS ] Layout Test workers/bomb.html is crashing

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 27 16:57:56 PST 2018 

https://bugs.webkit.org/show_bug.cgi?id=192050

Chris Dumez <cdumez at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ggaren at apple.com,
                   |                            |keith_miller at apple.com,
                   |                            |mark.lam at apple.com,
                   |                            |sbarati at apple.com

--- Comment #3 from Chris Dumez <cdumez at apple.com> ---
Crashed Thread:        39  WebCore: Worker

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000159325
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [0]

Thread 39 Crashed:: WebCore: Worker
0   com.apple.JavaScriptCore            0x0000000110d59b65 JSC::speculationFromValue(JSC::JSValue) + 213 (SpeculatedType.cpp:477)
1   com.apple.JavaScriptCore            0x0000000110d2c356 JSC::CodeBlock::updateAllPredictionsAndCountLiveness(unsigned int&, unsigned int&) + 4950 (CodeBlock.cpp:2577)
2   com.apple.JavaScriptCore            0x0000000110d26386 JSC::CodeBlock::updateAllPredictions() + 22 (CodeBlock.cpp:2624)
3   com.apple.JavaScriptCore            0x000000011112869c operationOptimize + 348 (JITOperations.cpp:1422)
4   ???                                 0x000003fdbb2baff5 0 + 4388301811701
5   com.apple.JavaScriptCore            0x0000000110b382c8 llint_entry + 62053
6   com.apple.JavaScriptCore            0x0000000110b28ea9 vmEntryToJavaScript + 200
7   com.apple.JavaScriptCore            0x00000001110ba4e4 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) + 11172 (Interpreter.cpp:832)
8   com.apple.JavaScriptCore            0x00000001112f28a3 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 307 (Completion.cpp:106)
9   com.apple.WebCore                   0x000000010cf853c4 WebCore::JSExecState::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 84 (JSExecState.h:80)
10  com.apple.WebCore                   0x000000010cfcc19c WebCore::WorkerScriptController::evaluate(WebCore::ScriptSourceCode const&, WTF::NakedPtr<JSC::Exception>&, WTF::String*) + 156 (WorkerScriptController.cpp:148)
11  com.apple.WebCore                   0x000000010cfcc09c WebCore::WorkerScriptController::evaluate(WebCore::ScriptSourceCode const&, WTF::String*) + 44 (WorkerScriptController.cpp:131)
12  com.apple.WebCore                   0x000000010dba40ac WebCore::WorkerThread::workerThread() + 556 (RefPtr.h:69)
13  com.apple.JavaScriptCore            0x000000011096ac34 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 212 (Threading.cpp:137)
14  com.apple.JavaScriptCore            0x000000011096c7d9 WTF::wtfThreadEntryPoint(void*) + 9 (ThreadingPthreads.cpp:203)
15  libsystem_pthread.dylib             0x00007fff9e2db93b _pthread_body + 180
16  libsystem_pthread.dylib             0x00007fff9e2db887 _pthread_start + 286
17  libsystem_pthread.dylib             0x00007fff9e2db08d thread_start + 13

Definitely does not look related to https://trac.webkit.org/changeset/238525/webkit.

Adding a few JSC people in cc given where it crashes.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181128/2a94a691/attachment-0001.html>

More information about the webkit-unassigned mailing list