[Webkit-unassigned] [Bug 200863] New: Crash in JSC::SlotVisitor::visitChildren
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Aug 17 14:39:37 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=200863
Bug ID: 200863
Summary: Crash in JSC::SlotVisitor::visitChildren
Product: WebKit
Version: WebKit Nightly Build
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at gnome.org
CC: bugs-noreply at webkitgtk.org
Another random crash:
(gdb) bt
#0 0x00007fa6bf7c844b in JSC::SlotVisitor::visitChildren(JSC::JSCell const*)
(cell=0x7fa59fdb3300, this=0x7fa6b95cc1d0) at ../Source/JavaScriptCore/runtime/Structure.h:495
#1 0x00007fa6bf7c844b in JSC::SlotVisitor::<lambda(JSC::MarkStackArray&)>::operator()
(__closure=<optimized out>, stack=...) at ../Source/JavaScriptCore/heap/SlotVisitor.cpp:515
#2 0x00007fa6bf7c844b in JSC::SlotVisitor::forEachMarkStack<JSC::SlotVisitor::drain(WTF::MonotonicTime)::<lambda(JSC::MarkStackArray&)> > (func=..., this=0x7fa6b95cc1d0) at ../Source/JavaScriptCore/heap/SlotVisitorInlines.h:190
#3 0x00007fa6bf7c844b in JSC::SlotVisitor::drain(WTF::MonotonicTime) (this=0x7fa6b95cc1d0, timeout=...)
at ../Source/JavaScriptCore/heap/SlotVisitor.cpp:505
#4 0x00007fa6bf7c8d52 in JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, WTF::MonotonicTime)
(this=this at entry=0x7fa6b95cc1d0, sharedDrainMode=sharedDrainMode at entry=JSC::SlotVisitor::SlaveDrain, timeout=..., timeout at entry=...) at ../Source/JavaScriptCore/heap/SlotVisitor.cpp:705
#5 0x00007fa6bf7a396d in JSC::Heap::<lambda()>::operator() (__closure=0x7fa59f8956a0)
at ../Source/JavaScriptCore/heap/Heap.cpp:1319
#6 0x00007fa6bf7a396d in WTF::SharedTaskFunctor<void(), JSC::Heap::runBeginPhase(JSC::GCConductor)::<lambda()> >::run(void) (this=0x7fa59f895690) at DerivedSources/ForwardingHeaders/wtf/SharedTask.h:91
#7 0x00007fa6bfea974b in WTF::ParallelHelperClient::runTask(WTF::RefPtr<WTF::SharedTask<void ()>, WTF::DumbPtrTraits<WTF::SharedTask<void ()> > > const&) (this=0x7fa658400418, task=...) at ../Source/WTF/wtf/ParallelHelperPool.cpp:112
#8 0x00007fa6bfeaa555 in WTF::ParallelHelperPool::Thread::work() (this=0x7fa58ea70168)
at ../Source/WTF/wtf/ParallelHelperPool.cpp:200
#9 0x00007fa6bfe98882 in WTF::AutomaticThread::<lambda()>::operator() (__closure=<optimized out>)
at ../Source/WTF/wtf/AutomaticThread.cpp:223
#10 0x00007fa6bfe98882 in WTF::Detail::CallableWrapper<WTF::AutomaticThread::start(const WTF::AbstractLocker&)::<lambda()>, void>::call(void) (this=0x7fa58c9e9990) at ../Source/WTF/wtf/Function.h:52
#11 0x00007fa6bfeaf5b8 in WTF::Function<void ()>::operator()() const (this=<synthetic pointer>)
at ../Source/WTF/wtf/Function.h:76
#12 0x00007fa6bfeaf5b8 in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) (newThreadContext=0x7fa5846fd3f0)
at ../Source/WTF/wtf/Threading.cpp:148
#13 0x00007fa6bfefb7fd in WTF::wtfThreadEntryPoint(void*) (context=<optimized out>)
at ../Source/WTF/wtf/posix/ThreadingPOSIX.cpp:200
#14 0x00007fa6be0c45e2 in start_thread (arg=<optimized out>) at pthread_create.c:479
#15 0x00007fa6c14effe3 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Truncated full backtrace, this is as much as I can get before gdb crashes:
(gdb) bt full
#0 0x00007fa6bf7c844b in JSC::SlotVisitor::visitChildren(JSC::JSCell const*)
(cell=0x7fa59fdb3300, this=0x7fa6b95cc1d0) at ../Source/JavaScriptCore/runtime/Structure.h:495
countdown = 38
status = <optimized out>
locker = {<WTF::AbstractLocker> = {<No data fields>}, m_lockable = 0x7fa6b95cc25f}
#1 0x00007fa6bf7c844b in JSC::SlotVisitor::<lambda(JSC::MarkStackArray&)>::operator()
(__closure=<optimized out>, stack=...) at ../Source/JavaScriptCore/heap/SlotVisitor.cpp:515
countdown = 38
status = <optimized out>
locker = {<WTF::AbstractLocker> = {<No data fields>}, m_lockable = 0x7fa6b95cc25f}
#2 0x00007fa6bf7c844b in JSC::SlotVisitor::forEachMarkStack<JSC::SlotVisitor::drain(WTF::MonotonicTime)::<lambda(JSC::MarkStackArray&)> > (func=..., this=0x7fa6b95cc1d0) at ../Source/JavaScriptCore/heap/SlotVisitorInlines.h:190
status = <optimized out>
locker = {<WTF::AbstractLocker> = {<No data fields>}, m_lockable = 0x7fa6b95cc25f}
#3 0x00007fa6bf7c844b in JSC::SlotVisitor::drain(WTF::MonotonicTime) (this=0x7fa6b95cc1d0, timeout=...)
at ../Source/JavaScriptCore/heap/SlotVisitor.cpp:505
status = <optimized out>
locker = {<WTF::AbstractLocker> = {<No data fields>}, m_lockable = 0x7fa6b95cc25f}
#4 0x00007fa6bf7c8d52 in JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, WTF::MonotonicTime)
(this=this at entry=0x7fa6b95cc1d0, sharedDrainMode=sharedDrainMode at entry=JSC::SlotVisitor::SlaveDrain, timeout=..., timeout at entry=...) at ../Source/JavaScriptCore/heap/SlotVisitor.cpp:705
bonusTask = <optimized out>
isActive = <optimized out>
#5 0x00007fa6bf7a396d in JSC::Heap::<lambda()>::operator() (__closure=0x7fa59f8956a0)
at ../Source/JavaScriptCore/heap/Heap.cpp:1319
slotVisitor = 0x7fa6b95cc1d0
#6 0x00007fa6bf7a396d in WTF::SharedTaskFunctor<void(), JSC::Heap::runBeginPhase(JSC::GCConductor)::<lambda()> >::run(void) (this=0x7fa59f895690) at DerivedSources/ForwardingHeaders/wtf/SharedTask.h:91
#7 0x00007fa6bfea974b in WTF::ParallelHelperClient::runTask(WTF::RefPtr<WTF::SharedTask<void ()>, WTF::DumbPtrTraits<WTF::SharedTask<void ()> > > const&) (this=0x7fa658400418, task=...) at ../Source/WTF/wtf/ParallelHelperPool.cpp:112
#8 0x00007fa6bfeaa555 in WTF::ParallelHelperPool::Thread::work() (this=0x7fa58ea70168)
at ../Source/WTF/wtf/ParallelHelperPool.cpp:200
#9 0x00007fa6bfe98882 in WTF::AutomaticThread::<lambda()>::operator() (__closure=<optimized out>)
at ../Source/WTF/wtf/AutomaticThread.cpp:223
result = <optimized out>
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190817/a2e43a4f/attachment.html>
More information about the webkit-unassigned
mailing list